Posted in Commentary with tags Hacked on June 26, 2024 by itnerd
Yesterday, South Africa’s National Health Laboratory Service (NHLS) confirmed it is experiencing a ransomware attack that is affecting the dissemination of lab results amidst a monkeypox outbreak.
Saturday morning, hackers deleted sections of NHLS’s systems and backup servers, “rendering them inaccessible and blocking communication” from databases to and from users.
All the 265 laboratories the NHLS runs are still functional and continue to receive and process clinical samples, but lab reports are not automatically generated and sent to clinicians forcing more urgent test results to be communicated to doctors over the phone or printed and mailed.
The ransomware attack has caused concern in South Africa given the outbreak of monkeypox. As of Tuesday, three deaths and 16 laboratory-confirmed cases have been found.
Officials do not know when the systems will be restored.
“No one is immune from attack. The days of healthcare and children being off limits to attacks are over. Organizations need to be proactively protecting their data vs detect and respond. This requires embracing zero-trust access controls that assume device or credential compromise. Utilizing step-up authentication, a low-friction requirement that controls endpoint data access can prevent ransomware or other malware from accessing files even when the device has been compromised. Protected endpoint data can still be accessed during an attack, allowing continued operation through the crisis.”
This is yet another example of heathcare being a target of threat actors. While I never try to blame the victim so to speak, healthcare needs to do a better job of protecting themselves from threat actors. Some of that comes from better funding, and some of that comes from just putting in the work. Otherwise this will keep repeating itself.
Posted in Commentary with tags Bell on June 26, 2024 by itnerd
In January Bell announced a strategic partnership with Best Buy to introduce small-format consumer technology retail stores across Canada branded Best Buy Express. Fast forward to today, and Bell announced the grand opening of their first Best Buy Express store in Surrey, British Columbia.
The partnership with Best Buy brings together the best of both worlds, offering Canadians a one-stop shop for all their tech and connectivity needs. In total, Bell will open 167 Best Buy Express stores across Canada, offering a curated selection of consumer technology from Best Buy with over 100,000 products available through its world class fulfillment network, and exclusive telecommunications services from Bell, Virgin Plus and Lucky Mobile.
Today’s grand opening marks the beginning of a phased rollout over the next six months, with all stores expected to open by the end of 2024, following completion of renovations.
Appdome today announced the results of its 4th Annual Global Consumer Survey of Mobile App Security here at the OWASP Global AppSec conference. The survey reveals that mobile end users are keenly aware of the growing security, fraud, and privacy threats when they use mobile apps and demand that mobile brands and enterprises step forward to provide real defenses to these threats.
To create the 2024 survey, Appdome partnered with the Open Web Application Security Project (OWASP) and included survey questions that measures consumer alignment with the OWASP Mobile Application Security (MAS) standard, as well as anti-fraud and other cyber objectives. The voice of the global consumer was clear – not only do they demand the protections included in the OWASP MAS standard, but the survey data reveals a challenge to the entire mobile industry to improve the state of the art of mobile app protection, globally.
The 2024 survey data adds to the 120,000+ consumer voices gathered from 12 countries over the past four years, making the Appdome Global Consumer Survey the largest single collection of consumer data on mobile app security, privacy, anti-fraud, and other attack vectors. Mobile applications have taken center stage in consumers’ daily life. Mobile app protection – consisting of mobile app security, malware defense, fraud prevention, and privacy – is now critical to the way consumers choose and use mobile apps, and also critical in whether they choose to stay with and promote a brand.
Several upward trends are revealed in the 2024 data, including consumers’ use of mobile apps, their awareness of mobile attack vectors, the growing expectation of protection in apps and consumers’ willingness to be brand advocates if protected. Here are some of the cyber expectations in mobile apps that hit all-time highs in the 2024 Survey:
Mobile vs. Web: 55.3% — the highest level ever— of global consumers say they use mobile applications more than web, dwarfing preference for online/web at 22.5%. Furthermore, with 63.4% — the highest level ever— say that they use more than 6 mobile apps weekly.
Total Protection: 99.5% —the highest level ever— of global consumers demand total protection in mobile apps including mobile app data, account integrity, login, data storage, data in transit, and protection from malware and fraud.
Social Engineering: 70.6% —the highest level ever— of global consumers have themselves, or know someone who has, been a victim of social engineering or other fraud attacks.
Fraud Prevention: 83.5% —the highest level ever— of global consumers demand brands proactively prevent mobile fraud from happening rather than reimburse them post-fraud.
Features vs. Security: 87.4% —the highest level ever— of global consumers say that mobile app protection is equally or more important than mobile app features in their decision to use a mobile app, with 90.6% saying they evaluate the security claims of the brand before downloading a mobile app.
Fear Inaction: The number of global consumers who fear “developers don’t care” about protecting the mobile app has increased by 258%, topping the four-year survey at 1 in 4 of all respondents.
Consumers maintained strong perspectives on these top trends in the 2024 survey:
Rewarding Secure Brands: 94.6% —the highest level ever— of respondents state they will become brand advocates for mobile brands that protect their apps and use. More than half (53.6%) said they would use the highest forms of advocacy, such as app store reviews or social media endorsements.
Consequences for Insecure Apps: 96.7% —the highest level ever— of respondents state they would abandon a mobile brand for failing to protect their app and use, and 73.9% saying they would encourage others to abandon the mobile brand too.
To obtain Appdome’s 4th Annual “Global Consumer Expectations of Mobile App Security Survey,” please visit Appdome Survey.
To learn more about the OWASP Mobile App Security (MAS) standard and join the OWASP community, please visit OWASP MAS.
Posted in Commentary with tags Apple on June 26, 2024 by itnerd
From the “I didn’t have this on my BINGO card” department comes this Apple note that details that there’s new firmware available for AirPods. And when I say AirPods, I mean the following AirPod models:
AirPods (2nd generation and later)
AirPods Pro (all models)
AirPods Max
Powerbeats Pro
Beats Fit Pro
This update fixes a security issue with your AirPods that seems to be pretty pervasive given that it covers most of the AirPods that Apple has made along with the Beats Fit Pro and Powerbeats Pro which clearly must have some AirPods tech in them. The issue is that there seems to have been a bug that allowed an attacker within Bluetooth range to spoof the details of a device you’ve previously connected your headphones to, allowing the attacker to gain access to your headphones. This new firmware fixes that bug.
In terms of updating your AirPods, Apple doesn’t provide a way to do that easily. Apple says that they will eventually update themselves when in range of your iPhone. But I have had success force updating using this method that YouTube creator Zollotech describes in this video:
My advice would be that you should update them as that now that this is out there, someone will try to replicate this.
Posted in Commentary with tags Imply on June 26, 2024 by itnerd
Imply, the company founded by the original creators of Apache Druid®, today announced the availability of Imply Polaris on Microsoft Azure. As a cloud database service for Apache Druid, Polaris provides a simple developer experience for building real-time analytics applications.
Polaris on Azure allows customers to enhance application alignment and support hybrid and multi-cloud strategies from a single platform.
Imply Polaris provides a true database-as-a-service for Apache Druid, one of the leading real-time analytics databases used by developers at thousands of organizations, including Confluent, Netflix, Target, and Salesforce to power real-time analytics applications.
Developers choose Apache Druid when they need to serve sub-second queries on terabytes to petabytes of streaming and batch data at hundreds to thousands of queries per second. When deciding on a Druid deployment model, developers choose Imply Polaris for its ability to decrease time to market, increase developer productivity, and lower the overall cost of running Druid.
Imply Polaris on Azure is now generally available. For more information about Polaris on Azure, please read this blog post.
Abnormal Security has released a new blog revealing how attackers attempt to steal payment information by posing as UPS and FedEx and sending false shipment notifications about an upcoming delivery. Mike Britton, the CISO of Abnormal Security, will walk you through both UPS and FedEx impersonation attacks, why this phishing attack is noteworthy, and what makes these attacks challenging to detect.
Within their investigations, Abnormal Security found that shipping service providers were the third most imitated types of attacks. This attack used a remarkable level of detail and impersonation, which made the emails and the accompanying phishing sites especially convincing.
The emails sent out to victims, impersonating UPS, claimed that the package has an unclear transit status and that the recipient must verify info using the provided link. The fake FedEx notification uses a similar tactic stating that delivery was attempted but failed and the recipient must confirm their address through the provided link. In both cases, victims are encouraged to click on a link that unknowingly leads to a detailed, multi-step phishing site.
Posted in Commentary with tags Nikon on June 26, 2024 by itnerd
Nikon Canada Inc. announced the release of the NIKKOR Z 35mm f/1.4, a wide-angle prime lens that is compatible with Z mount full-frame/FX format mirrorless cameras. This fast, versatile lens offers a natural angle of view, popular among street and portrait photographers, with the creative freedom provided by a bright maximum aperture of f/1.4 – all at an affordable price.
Not only does the NIKKOR Z 35mm f/1.4 allow users to enjoy beautiful soft bokeh and three-dimensional rendering at wide apertures, its versatile 35mm focal length and short minimum focus distance of 10.6 in. (0.27 m) also makes it ideal for capturing a wide variety of scenes and subjects. From landscapes and street photography to portraits and photos of flowers and pets, photographers and filmmakers will enjoy outstanding sharpness, beautifully blurred backgrounds, and exceptional versatility in low light.
Despite its large f/1.4 maximum aperture the NIKKOR Z 35mm f/1.4 is a great “carry everywhere” lens for day-to-day shooting, weighing just 14.6 oz (415 g) and measuring only 3.4 in. (86.5mm) in length.
The superior optical performance unique to NIKKOR Z lenses allows for clear images with outstanding clarity including close-up portraits that emphasize the subject with a pleasant background blur. Stopping down the aperture when photographing landscapes realizes incredible sharpness. As a wide-angle prime lens with superior cost performance, the NIKKOR Z 35mm f/1.4 supports the capture of a great range of scenes and subjects, and will appeal to a wide variety of enthusiast creators.
Primary features of the Nikon NIKKOR Z 35mm f/1.4:
Beautiful bokeh: Max aperture of f/1.4 allows photographers and filmmakers to achieve smooth, creamy out-of-focus backgrounds while precisely controlling depth-of-field for ideal subject and background separation.
Versatile focal length: The 35mm focal length is close to that of human vision, making it ideal for capturing a wide range of scenes and subjects. On DX format Z cameras, the NIKKOR Z 35mm f/1.4 becomes a 52mm equivalent prime lens, close to the classic “standard” 50mm.
Close minimum focus: Close focus of just 10.6 in (0.27 m) is ideal for capturing details in food and flowers with a beautifully blurred background.
Compact and well-balanced: The NIKKOR Z 35mm f/1.4 weighs just 14.6 oz (415 g), making it is easy to carry and comfortable to use for hand-held shooting.
Fast and quiet autofocus: The use of a stepping motor (STM) for autofocus ensures fast and quiet autofocus for both stills and video.
Clickless control ring: Easily control key exposure settings including aperture, ISO sensitivity and exposure compensation.
Suppressed focus breathing: Advanced optical design means the NIKKOR Z 35mm f/1.4’s focal length stays consistent during focusing, which is ideal when recording video.
Dust and drip-resistant: Seals throughout the design help prevent dust and water droplets from entering the lens.
Price and Availability The new Nikon NIKKOR Z 35mm f/1.4 lens will be available in late July 2024 for a manufacturers suggested retail price (MSRP) of $819.95. For more information about the latest Nikon products, including the extensive lineup of NIKKOR Z lenses and the entire range of Z series cameras, please visit www.nikon.ca.
Posted in Commentary with tags HP on June 26, 2024 by itnerd
I’ll get right into it. HP via their Omen Transcend 16 laptop has a slim laptop which allows you to take your gaming experience anywhere. That’s important because gaming laptops tend to be big, bulky, and heavy. But slimmer doesn’t necessarily mean you’re giving up power. Here’s why, starting with the specs:
HP IR Camera Which Is Windows Hello Compatible and has a manual privacy shield
NVIDIA GeForce RTX 4070 with 8GB of VRAM
Intel Wi-Fi 7 BE200 (2×2) and Bluetooth 5.4
Gigabit Ethernet
That on paper is a pretty powerful gaming computer. I’ll get to the performance in a bit. But let’s go over the laptop itself.
Here’s the HP Omen Transcend with one of the bigger power supplies that I have seen lately. It uses a barrel connector that connects to the back of the laptop to power it. While the keyboard with the A, S, D, and W keys highlighted is a nice touch (I should not that the keyboard is also capable of RGB backlighting), the real star of the show is the 16.0″ WQXGA mini-LED Display which does 1180 nits, with a 240Hz refresh rate. With such a fast refresh rate and the sort of advantages that a mini-LED display brings in terms of deeper blacks and brighter colours, the graphics that this laptop can produce should make you a better player as you’ll be able to spot or react to enemies much easier. Especially in games where enemies may be hiding in the shadows.
Or put another way. If you buy this laptop and you still suck at Call Of Duty, it’s not the laptop’s fault.
On one side you get a 5Gbps USB 3.1 Type-A port.
On the other side you get a pair of Thunderbolt 4 ports and a headphone jack.
On the back you get gigabit Ethernet, HDMI 2.1, and another 5Gbps USB 3.1 Type-A port. Thus the port selection is quite good. There’s also a ton of ventilation along the sides and the bottom. Plus the laptop’s design raises the back end to put the keyboard at a good angle. That makes typing on the keyboard a bit more comfortable. I should also mention that I like the feel of the keyboard as well as it has really good feedback. The large trackpad is a diving board design and is best used from the bottom of the trackpad.
Now this laptop comes with BANG & OLUFSEN audio. I have to admit that it was just okay but not spectacular. But I don’t think that this will matter to most people as in the box were a pair of HyperX Cloud II Wireless headphones which is a $189.99 CAD value. Having recently reviewed the HyperX Cloud Stinger 2 Wireless Headphones, I feel safe in saying that this might be a better option for audio for competitive gamers rather than using the speakers. Besides, every gamer that I know uses headphones so the built in speakers are surplus to requirements so to speak.
In terms of weight and build quality, the laptop weighs just under 5 pounds. That makes it as heavy as my 16″ MacBook Pro. And as far as I am concerned, that’s impressive as a lot of gaming laptops that I have seen lately are heavier than that. In terms of build quality, the laptop is made of metal and it feels solid. Nothing creaked of moved during my testing. So I would say that the Omen Transcend 16 is going to survive long gaming sessions. The other thing that I will say is that it fit into my backpack and I didn’t find it to heavy to lug around as long as I didn’t take the power supply with me.
Let’s get to the good stuff as I am sure you’re reading this review to see how it performs. Much like the HyperX Cloud Stinger 2 Wireless Headphones, I decided to subject this to a Zwift team time trial race. If you read the headphone review, you can get a better understanding of what a team time trial is all about. But the reason why I chose this as a performance test is that I have an M2 Pro Mac mini that is capable of doing around 120 frames per second on Zwift. Thus I had something that I can do a direct comparison to. So I set up the Omen Transcend 16 to do a 30 KM team time trial to see what it was capable of. This is what I found out:
This laptop is capable of running Swift’s “Ultra” graphics setting which gives you the best visual detail possible. That’s something that the Mac mini, or any Mac isn’t capable of for reasons that only Zwift or maybe Apple can explain to me. The net result is that Zwift simply looks better on this laptop. Not that you notice when you’re suffering like a dog from going all out in a team time trial.
At 4K, I managed to get 160 FPS as a maximum. And I averaged 145 FPS. Both beating the Mac mini easily.
The one thing that I did notice is that 10 minutes into this team time trial that lasted 53:42 and put our team third in our time zone and category, the fans spun up significantly. Which wasn’t a surprise to me as gaming laptops have less thermal headroom when compared to desktops. Which means that a long gaming session will result in you hearing a fair amount of fan noise.
The second last area that I want to cover is the 1080P webcam. It will do if you need to use a webcam for a Zoom or Microsoft Teams meeting. But I have to admit that you need to have good lighting to get decent results out of it. Thus my recommendation would be to get a dedicated camera if you plan on live-streaming your gameplay on Twitch. Having said that, the fact that it includes a privacy shield is a very nice touch. And the fact that this supports Windows Hello is cool as well as I found it fast to recognize my face and log me in.
The last area that I will touch on is battery life. I used this as my daily driver for a week and found that I got about 5 to 6 hours of battery life. This isn’t a surprise to me as gaming laptops tend not to have the best battery life specs. But this would have been something that would have been easier for me to live with if the power adapter (which by the way is a 280W charger which explains why it is so big) were lighter. If I could give HP one piece of advice, maybe in the next version of this laptop they could use a GaN charger to reduce the size and weight. Because by doing that, this laptop would be perfect for those who want a powerful laptop for productivity as well as gaming as the power adapter wouldn’t be a size and weight penalty to those who need to plug in to charge it when required. Bonus points if that power adapter abandoned the barrel connector at the back and used USB-C/Thunderbolt 4 for charging instead as that would open things up to third party chargers as well.
So to conclude, the ideal user of this laptop would be someone who not only plays games, but does a lot of productivity work that needs a fair amount of horsepower. The HP Omen Transcend 16 is a very capable laptop that you won’t be disappointed by. HP has models with screen sizes from 14″ to 17″ and start from $1699 CAD. That gives you a fair amount of room to find a laptop that works for you needs. My Transcend 16 is available at Best Buy $2,799.95. Which I think is a good price given what you get in the box. If you’re the target user of this laptop, I’d be making a point to check it out today.
Posted in Commentary with tags Hacked on June 26, 2024 by itnerd
Over 72,000 Levi’s customers have had their accounts compromised in a credential stuffing attack, according to a notice published by the Maine Office of the Attorney General (OAG). The incident was detected on June 13.
A breach notice detailed an “unusual spike in activity” on Levi’s website that day. Levi’s subsequent investigation indicated it was a credential stuffing attack, where attackers used compromised credentials obtained from third-party data breaches to access accounts on www.levis.com. Levi’s clarified that they were not the source of the compromised credentials.
In response, Levi’s forced a password reset on June 13 for all user accounts accessed during the attack. The notice emphasized that attackers could have viewed order history, names, emails, stored addresses, and partial payment information (last four digits of card numbers, card types, and expiration dates). However, the company stated that no fraudulent purchases appeared to have been initiated using this information due to the secondary authentication required for transactions.
Levi’s advised affected customers to change their passwords for other online accounts, recommending the use of strong and unique passwords as a defense against credential stuffing threats.
“The sensitive nature of customer data and the potential risks associated with its compromise underscores the critical need for robust cybersecurity measures in the retail industry. Modernizing security operations and operationalizing threat intelligence sharing are pivotal in defending against such threats. Ensuring the security of customer information is paramount, and adopting advanced cybersecurity practices is essential in safeguarding trust and maintaining resilience against evolving cyber adversaries.”
While companies need to do better to protect customer data, I have to point out that credential stuffing attacks only work because people use the same passwords on different sites. Thus user education needs to be part of the solution so that this is an attack vector that disappears.
South Africa’s health lab down after ransomware attack
Posted in Commentary with tags Hacked on June 26, 2024 by itnerdYesterday, South Africa’s National Health Laboratory Service (NHLS) confirmed it is experiencing a ransomware attack that is affecting the dissemination of lab results amidst a monkeypox outbreak.
Saturday morning, hackers deleted sections of NHLS’s systems and backup servers, “rendering them inaccessible and blocking communication” from databases to and from users.
All the 265 laboratories the NHLS runs are still functional and continue to receive and process clinical samples, but lab reports are not automatically generated and sent to clinicians forcing more urgent test results to be communicated to doctors over the phone or printed and mailed.
The ransomware attack has caused concern in South Africa given the outbreak of monkeypox. As of Tuesday, three deaths and 16 laboratory-confirmed cases have been found.
Officials do not know when the systems will be restored.
Cigent CGO Brett Hansen had this to say:
“No one is immune from attack. The days of healthcare and children being off limits to attacks are over. Organizations need to be proactively protecting their data vs detect and respond. This requires embracing zero-trust access controls that assume device or credential compromise. Utilizing step-up authentication, a low-friction requirement that controls endpoint data access can prevent ransomware or other malware from accessing files even when the device has been compromised. Protected endpoint data can still be accessed during an attack, allowing continued operation through the crisis.”
This is yet another example of heathcare being a target of threat actors. While I never try to blame the victim so to speak, healthcare needs to do a better job of protecting themselves from threat actors. Some of that comes from better funding, and some of that comes from just putting in the work. Otherwise this will keep repeating itself.
Leave a comment »