Archive for September 24, 2024

HP Announces New AI Innovations and Experiences to Reshape the Future of Work

Posted in Commentary with tags on September 24, 2024 by itnerd

 Today at HP Imagine, HP Inc. revealed exciting new enhancements for its consumer portfolio to enable users to reimagine their experience via AI-powered innovations, whether it be for work or play. The announcements include next-gen AI PCs, AI-enabled video conferencing solutions, and a scalable GPU performance sharing solution for AI developers – all designed to transform the future of work.

Outlined below are a few highlights of the announcements:

  • For freelancers and creators, the HP OmniBook Ultra Flip 14-Inch, is the perfect device for those looking for AI-powered creative experiences, offering uncompromising style, performance, and flexibility.
  • For tech experts and business consultants, the HP EliteBook X 14-Inch is the first in HP’s Commercial PC lineup delivering performance, productivity and security for workflows both locally and in the cloud.
  • People work in different places throughout the workday, whether in a meeting room, at the desk, or on the go.  HP’s newest additions to the industry’s broadest portfolio of AI-enabled multi-camera capable video conferencing solutions include the Poly Studio X32 and Poly Studio X72 all-in-one video bars and Poly Studio V32 and Poly Studio V72 premium USB video bars.
  • The HyperX Cloud MIX™2 takes flexibility to the next level with personalized, HyperX Signature Sound. Its over-ear headset design featuring plush memory foam earcups and up to 110 hours of battery life via Bluetooth offer all-day comfort and power that’s perfect for gaming on the go, music, or work calls.

HP has an announcement on all of this which you can read here.

Leave a comment »

HP Wolf Security Uncovers Evidence of Attackers Using AI To Generate Malware  

Posted in Commentary with tags on September 24, 2024 by itnerd

At HP Imagine, HP Inc. today issued its latest Threat Insights Report revealing how attackers are using generative AI to help write malicious code. HP’s threat research team found a large and refined ChromeLoader campaign spread through malvertising that leads to professional-looking rogue PDF tools, and identified cybercriminals embedding malicious code in SVG images. 

The report provides an analysis of real-world cyberattacks, helping organizations to keep up with the latest techniques cybercriminals are using to evade detection and breach PCs in the fast-changing cybercrime landscape.  Based on data from millions of endpoints running HP Wolf Security, notable campaigns identified by HP threat researchers include: 

  • Generative AI assisting malware development in the wild: Cybercriminals are already using GenAI to create convincing phishing lures but to date there has been limited evidence of threat actors using GenAI tools to write code. The team identified a campaign targeting French-speakers using VBScript and JavaScript believed to have been written with the help of GenAI. The structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables are strong indications that the threat actor used GenAI to create the malware. The attack infects users with the freely available AsyncRAT malware, an easy-to-obtain infostealer which can record victim’s screens and keystrokes. The activity shows how GenAI is lowering the bar for cybercriminals to infect endpoints. 
  • Slick malvertising campaigns leading to rogue-but-functional PDF tools: ChromeLoader campaigns are becoming bigger and increasingly polished, relying on malvertising around popular search keywords to direct victims to well-designed websites offering functional tools like PDF readers and converters. These working applications hide malicious code in a MSI file, while valid code-signing certificates bypass Windows security policies and user warnings, increasing the chance of infection. Installing these fake applications allows attackers to take over the victim’s browsers and redirect searches to attacker-controlled sites.  
  • This logo is a no-go – hiding malware in Scalable Vector Graphics (SVG) images: some cybercriminals are bucking the trend by shifting from HTML files to vector images for smuggling malware. Vector images, widely used in graphic design, commonly use the XML-based SVG format. As SVGs open automatically in browsers, any embedded JavaScript code is executed as the image is viewed. While victims think they’re viewing an image, they are interacting with a complex file format that leads to multiple types of infostealer malware being installed. 

By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches.  

The report, which examines data from calendar Q2 2024, details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools, such as: 

  • At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanners, the same as the previous quarter. 
  • The top threat vectors were email attachments (61%), downloads from browsers (18%) and other infection vectors, such as removable storage – like USB thumb drives and file shares (21%). 
  • Archives were the most popular malware delivery type (39%), 26% of which were ZIP files.   

HP Wolf Security runs risky tasks in isolated, hardware-enforced virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that can slip past other security tools and provides unique insights into intrusion techniques and threat actor behavior.  

About the Data

This data was gathered from consenting HP Wolf Security customers from April-June 2024

Leave a comment »

Kaspersky Deletes Itself And Installs UltraAV On Computers In The US…. WTF?

Posted in Commentary with tags on September 24, 2024 by itnerd

Kaspersky is pretty much banned in the US because of the fact that it’s a Russian company, and the US and Russia don’t have the best relationship. So it appears that due to that, anyone who runs Kaspersky might have this happen to them:

Starting Thursday, Russian cybersecurity company Kaspersky deleted its anti-malware software from customers’ computers across the United States and automatically replaced it with UltraAV’s antivirus solution.

This comes after Kaspersky decided to shut down its U.S. operations and lay off U.S.-based employees in response to the U.S. government adding Kaspersky to the Entity List, a catalog of “foreign individuals, companies, and organizations deemed a national security concern” in June.

And:

In early September, Kaspersky also emailed customers, assuring them they would continue receiving “reliable cybersecurity protection” from UltraAV (owned by Pango Group) after Kaspersky stopped selling software and updates for U.S. customers.

However, those emails failed to inform users that Kaspersky’s products would be abruptly deleted from their computers and replaced with UltraAV without warning.

If I woke up one morning and my anti virus software were just replaced randomly. I would be really freaked out by that. I can look at this both ways. On one hand, Kaspersky needed to do the right thing to make sure that their customers in the US are secure. But on the other hand, the way they did it doesn’t really sit right with me. So as a result, I really don’t know how to feel about this. But strangely, I’m not done yet:

To make things worse, while some users could uninstall UltraAV using the software’s uninstaller, those who tried removing it using uninstall apps saw it reinstalled after a reboot, causing further concerns about a potential malware infection.

Some also found UltraVPN installed, likely because they had a Kaspersky VPN subscription.

This doesn’t exactly inspire confidence. Neither does this:

Not much is known about UltraAV besides being part of Pango Group, which controls multiple VPN brands (e.g., Hotspot Shield, UltraVPN, and Betternet) and Comparitech (a VPN software review website).

This seems a bit suspect to me. Personally, if I were affected by this, I’d be removing this software as quickly as possible possible and replacing it with some other anti virus software that I could trust. Because to be honest, I am not sure that I can trust these guys.

Leave a comment »

Ford Wants To Target You With Ads By Listening In On Your Conversations…. WTF?

Posted in Commentary with tags , on September 24, 2024 by itnerd

My wife and I a few years ago said that we would drive our car into the ground because modern cars seem to want to invade your privacy in so many ways. And according to MalwareBytes Labs, Ford has taken this next level. Here’s how:

Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from several trip and driver characteristics. Among those characteristics—human conversations. 

In the abstract of the patent application publication Ford writes:

“An example method includes determining vehicle information for a trip, the vehicle information including any one or more of a current vehicle location, a vehicle speed, a drive mode, and/or traffic information, the user information including any one or more of a route prediction, a speed prediction for the trip, and/or a destination, determining user preferences for advertisements from any one or more of audio signals within the vehicle and/or historical user data, selecting a number of the advertisements to present to the user during the trip, and providing the advertisements to the user during the trip through a human-machine interface (HMI) of the vehicle.”

Further one it details that “the controller may monitor user dialogue to detect when individuals are in a conversation.”

Based on this info, the controller can decrease or increase the number of advertisements. And “the conversations can be parsed for keywords or phrases that may indicate where the occupants are travelling to.”

If Ford wanted to incentivize me to not ever consider buying their cars, this would be a great way to do it because I don’t want a third party listening in on my conversations…. Ever. Now to be clear, there’s no evidence that this has been implemented in any car that they sell. But the fact that they came up with this and are filing a patent for it is downright scary.

That’s not the only patent that they’ve filed lately:

Another controversial Ford patent filed in July described technology that would enable vehicles to monitor the speed of nearby cars, photograph them and send the information to police.

So based on that sentence, your car will snitch on other cars to the 5-0 as gangster rappers would say. While I will call the police if I see an impaired driver, or a dangerous driver, I am not at all comfortable with my car doing that by default.

So what does Ford have to say about that?

In a statement to Fortune, the company clarified that filing a patent is a standard practice to explore new ideas and doesn’t necessarily indicate immediate plans to release such a system.

That’s likely true. But the fact that they are even thinking about stuff like this and trying to patent it is just creepy. And while I am picking on Ford in this story, it’s a safe bet that other car companies are doing something similar. So perhaps before you sign the lease or finance deal for your next car, perhaps you should read the car’s privacy policy in detail to make sure that this car isn’t doing something that you’re not comfortable with.

1 Comment »

Cisco & University of Ottawa Equip Engineering Students With Job-Ready IT & Cybersecurity Skills

Posted in Commentary with tags on September 24, 2024 by itnerd

Cisco and the University of Ottawa have announced a partnership to better prepare students for careers in the technology industry.

Funded by Cisco’s Country Digital Acceleration (CDA) program, Cisco will integrate industry-recognized Cisco Certified Network Associate (CCNA) certification into the university’s Computer and Software Engineering curriculum. The CCNA certification validates a broad range of fundamentals for all IT careers — from networking technologies, to security, to software development — proving that the holder has the skills businesses want and candidates need to meet market demands.

Building Canada’s Digital Skills Capacity
ICTC projections indicate a need for 250,000 additional jobs within the technology industry by 2025. Addressing a shortage of skilled talent is a strategic imperative for companies to innovate, sustain growth, and compete globally, and it requires collaboration between the public and private sector to build a robust pipeline of networking, AI and cybersecurity talent.

As part of this partnership, Cisco is also providing equipment to the university’s Cyber Range to support cyber-research initiatives. The Cyber Range is a unique training, learning and research facility where individuals and organizations can practice comprehensive cybersecurity crisis management in a realistic and immersive environment to learn how to anticipate, respond to, manage, contain and remediate cyber-attacks.

Students enrolled in the Computer and Software Engineering programs can expect to take the CCNA certification as part of their third-year courses starting in the Winter 2025 semester.

Digital Skills for All
Cisco is committed to inclusive access to digital skills training and supporting those who use technology to educate. Through programs like Cisco Networking Academy and CDA, Cisco leverages its technology and expertise to create opportunities for individuals to thrive and supports Canada’s digital leadership on the global stage. Since its inception in Canada, Networking Academy has trained over 340,000 Canadians with industry-recognized credentials and courses.

Leave a comment »

Top Indian Health Insurer Compromised By Telegram Chatbots

Posted in Commentary with tags on September 24, 2024 by itnerd

India’s largest health insurer Star Health has reportedly become the victim of a data breach, with sensitive information on more than 31 million customers leaked via chatbots on Telegram.

Reuters was alerted to the issue by a security researcher who is in communication with the creator of the chatbots. The chatbot creator claimed that the private details of millions of people, including medical reports, were for sale and that samples could be viewed by simply asking the chatbots.

Star Health said in a statement to Reuters that it reported suspected unauthorized data access to local authorities and that an initial assessment showed “no widespread compromise” and that “sensitive customer data remains secure”.

Unfortunately, using the chatbots, Reuters was able to download policy and claims documents which included: 

  • Names
  • Phone numbers
  • Addresses
  • Tax details
  • Copies of ID cards
  • Test results 
  • Medical diagnoses

The Star Health chatbots feature a welcome message stating they have been operational since at least Aug. 6, said UK-based security researcher Jason Parker.

This comes just weeks after Telegram’s founder and CEO Pavel Durov was accused of allowing the messenger app to facilitate crime. Durov and Telegram denied any wrongdoing.

Telegram is one of the world’s largest messenger apps with 900 million active monthly users.

Emily Phelps, VP, Cyware had this to say:

  “Healthcare is one of the most sensitive sectors when it comes to security, given the highly personal nature of the data it handles. Breaches like this one underscore the risks when sensitive health data is exposed. To effectively safeguard healthcare infrastructure, a collective defense approach is essential. Sharing threat intelligence across trusted organizations allows us to anticipate and neutralize threats before they cause widespread harm. Shifting from reactive security models to proactive and adopting collaborative strategies that prioritize both the privacy and safety of patients is paramount.”

I am kind of floored that you can get such sensitive information simply by asking the chatbot. In short, someone has a lot of explaining to do as this should simply not happen.

Leave a comment »