Archive for February 12, 2025

FortiOS Security Fabric Vulnerability Enabled Escalated Privileges to Super-Admin 

Posted in Commentary with tags on February 12, 2025 by itnerd

Well, this isn’t good. News is out via this link that An incorrect privilege assignment vulnerability [CWE-266] in the FortiOS security fabric may allow an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targeted FortiGate to a malicious upstream FortiGate they control.

Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:

“The  FortiOS Security Fabric Vulnerability that was patched is an excellent example of the value to a critical software provider in pen testing applications performed by an internal or external resource. In this case, a Fortinet employee, Justin Lum, discovered the vulnerability and initiated a process to produce the necessary patches to the impacted software versions. 

  • FortiOS 7.6.0
  • FortiOS 7.4.0–7.4.4
  • FortiOS 7.2.0–7.2.9
  • FortiOS 7.0.0–7.0.15
  • FortiOS 6.4 (all versions; requires migration)

The primary purpose of the FortiOS Security Fabric is to make it easier for enterprise administrators to configure the software for optimal usage across Fortinet software modules. Fortinet is a market leading (20%) provider of firewall technology for enterprises large and small. They also offer enterprises additional network management software like SD-WAN components. 

The potential for exploitability for a set of cyber security capabilities designed to protect enterprises reaches a critical threshold with “super admin” privileged access, once the vulnerability is exploited by a threat actor. Threat actors dream about and strive for obtaining “super admin” privilege especially for software designed to protect enterprises.”

The link above as well as this link has all the details to make sure that you don’t get pwned. Thus it is now time to patch all the things.

Leave a comment »

TELUS Private Wireless Network Announced For Calgary International Airport

Posted in Commentary with tags on February 12, 2025 by itnerd

TELUS and Calgary Airport Authority have joined forces in a groundbreaking 10-year partnership that will transform YYC Calgary International Airport into Canada’s first airport equipped with a high-performance 5G private wireless network. This ultra-fast, low-latency network will deliver consistent, enterprise-grade connectivity throughout the airport campus. As Canada’s leader in private wireless networks and the company behind the county’s largest private 5G network deployment, TELUS brings proven expertise to this ground-breaking initiative, which supports YYC’s position as one of Canada’s fastest-growing airports, establishing it as a pioneer in digital aviation infrastructure.

This first-of-its-kind deployment will create a cutting-edge wireless foundation, enhancing the passenger experience and streamlining airport operations while preparing for future technological innovations.

The innovative solution maximizes TELUS’ existing airport infrastructure while introducing new coverage enhancements both inside and outside the terminal, ensuring comprehensive wireless coverage for all airport users. 

The private wireless network will be deployed in phases, with initial operations beginning May 1, 2025. This landmark project sets a new benchmark for airport technology in Canada and creates a blueprint for digital transformation in critical infrastructure facilities.

Leave a comment »

Ericsson Private 5G to support JLR’s Digital Manufacturing Transformation

Posted in Commentary with tags on February 12, 2025 by itnerd

JLR is accelerating industrial connectivity at its plant in Solihull, England, with the implementation of Ericsson Private 5G. This cutting-edge networking technology is enhancing the production of Range Rover vehicles by supporting business-critical applications such as vision systems, IoT sensors, and production tools. Leveraging Ericsson’s high-speed, low-latency, and secure private 5G solution, JLR is setting new standards in modern automotive manufacturing. 

The deployment of Ericsson Private 5G is a pivotal step for JLR in embracing Industry 4.0. JLR is creating a more agile and innovative manufacturing environment to support IoT devices, artificial intelligence (AI), and automation with an eye toward automated guided vehicles (AGVs). The limitations of traditional wired networks drove JLR to “cut the copper” by replacing those networks with Ericsson’s robust 5G capabilities, allowing for seamless and real-time data transmission. This transformation ensures that JLR’s manufacturing processes are not only connected but also agile and efficient, leading to streamlined operations. 

Private 5G is driving greater workflow efficiency at JLR, with manufacturing teams already sharing positive feedback. Through enhanced connectivity, maintenance and production managers can now turn data insights and simulations into tangible operational efficiencies with DataOps platforms such as Litmus. Consolidating and analyzing data empowers JLR decision-makers on the factory floor to quickly innovate and optimize manufacturing processes. Additionally, private 5G enables JLR to quickly swap and provision new or broken connected tools, significantly reducing downtime and enabling quicker modifications to the production line. 

Fujitsu has partnered with Ericsson to deliver the connectivity of this comprehensive, end-to-end private 5G-based operations at the Solihull plant. This collaboration paves the way for JLR to explore use cases at other sites in the future. 

Leave a comment »

Ericsson Cradlepoint X20 5G Router Announced

Posted in Commentary with tags on February 12, 2025 by itnerd

Ericsson today announced the launch of the Cradlepoint X20 5G Router, enabling enterprise-class fixed wireless access (FWA) connectivity for small- to medium-sized and home-based businesses, temporary sites, and remote workers. The Ericsson Cradlepoint X20 delivers powerful, plug-and-play FWA 5G connectivity with advanced network slicing and security capabilities. Featuring cutting-edge routing, switching, and Wi-Fi 7, the X20 ensures robust, easy-to-maintain connectivity essential for critical business operations. Now enterprises can quickly deploy high-bandwidth 5G connectivity, with unprecedented reliability enabled by dual-SIM failover capabilities and an eight-hour battery backup. 

Organizations are increasingly seeking agile, scalable connectivity to keep pace with evolving digital demands. IDC reports that by 2026, 75 per cent of enterprises will have assigned all deployment responsibility, operational control, and technology innovation for at least one major network domain to a trusted management partner. With the availability and cutting-edge capabilities of the Cradlepoint X20, service providers can offer managed services with tiered service packages catering to diverse customer needs and differentiate themselves in a rapidly expanding market. 

Capabilities of the Cradlepoint X20 Router span different types of business use cases including the following: 

  • Small-to-Medium Sized Businesses: The X20 5G Router provides SMBs, such as retail stores and small offices, with reliable, high-speed connectivity without traditional wired infrastructure. Easy installation and scalability allow businesses to enhance operations and adapt as they grow.
  • Temporary Sites: Perfect for pop-up stores, mobile clinics, and construction sites, the X20 ensures rapid deployment and flexibility. Its wireless design supports critical operations with high-speed 5G connectivity in dynamic environments. 
  • Remote Workers and Home-Based Businesses: Ideal for remote and hybrid workers, the X20 offers easy setup and portable, high-speed internet for seamless access to cloud applications, video calls, and collaborative tools. 

The Ericsson Cradlepoint X20 5G Router will be available in April 2025. For more information, visit https://cradlepoint.com/product/endpoints/x20/.  

Leave a comment »

2.7 Billion Records Exposed in IoT Devices Data Breach 

Posted in Commentary with tags on February 12, 2025 by itnerd

Cybersecurity researcher Jeremiah Fowler uncovered an unprotected database belonging to Mars Hydro, a China-based company offering IoT grow lights and software applications. It contained 2.7 Billion records with a total size of 1.17 TB exposing Wi-Fi SSID network names, passwords, IP addresses, device ID numbers, email addresses and some more.

The unprotected database contained WiFi network names, passwords, IP addresses, device IDs, and API details, posing serious security risks. Unauthorized access to devices or networks, phishing attacks, intercepting data, eavesdropping or impersonation via MITM (man in the middle attacks). 

You can read the report here: https://www.vpnmentor.com/news/report-marshydro-breach/

Leave a comment »

Valentine’s Day Fraud Prevention Tips From Visa Canada

Posted in Commentary with tags on February 12, 2025 by itnerd

Romance scams cost Canadians over $58.4M in 2024, with median losses exceeding $2,000 per victim. Visa is sharing expert insights to help consumers recognize red flags and protect themselves from romance scams this Valentine’s Day.

Red Flags 🚩 

  • Tragic backstories – Be cautious of early tragic stories, especially if they lead to requests for money. Scammers use emotional tales to elicit sympathy and financial aid. 
  • Too good to be true –  Scammers often create profiles with model-like photos and flawless backgrounds, while genuine profiles usually have a mix of candid and professional photos 
  • Too soon “I Love You” – Scammers use flattery and quick declarations of love to emotionally manipulate victims. If someone professes love too soon, be cautious. 
  • Avoiding video calls – If your match avoids video calls or meetings, they may be hiding something. Scammers dodge face-to-face interactions to sustain their deception. 

Read more tips from Visa here.  

2 Comments »

Deepgram Introduces Nova-3

Posted in Commentary with tags on February 12, 2025 by itnerd

 Deepgram, the leading voice AI platform for enterprise use cases, today announced the launch of Nova-3, its most advanced speech-to-text (STT) model to date. Nova-3 pushes the boundaries of AI-driven transcription, offering unmatched accuracy in challenging audio environments while offering flexible, self-service customization to tailor results for industry-specific needs. Trusted by industry leaders like Twilioand Jack in the Box, Deepgram’s infrastructure also includes powerful text-to-speech (TTS) and full speech-to-speech (STS) capabilities, offering a comprehensive suite of cloud or self-hosted APIs for seamless voice AI integration. Its full-featured platform and high-performance runtime include powerful automation and data capabilities – such as synthetic data generation and model curation – along with model hot-swapping and robust integrations, empowering developers to efficiently build and scale voice-enabled applications. With over 450 enterprise customers, Deepgram is powering the fast-growing enterprise voice AI market.

Nova-3 Expands Voice AI for a Broader Range of Enterprise Use Cases

Leapfrogging the success of its predecessor, Nova-3 is engineered for real-time use cases, delivering unparalleled accuracy and performance in dynamic environments where traditional solutions often fall short. Unlike generalized models that lack domain-specific precision, Nova-3 leverages an advanced latent space architecture to encode complex speech patterns into a highly efficient representation. This enables superior transcription accuracy, even in noisy or specialized settings, driving improved productivity, customer satisfaction, and cost efficiency. With its expanded capabilities, Nova-3 now delivers enhanced accuracy for real-world enterprise challenges such as:

  • Adverse acoustic conditions – Accurately transcribes speech in distant, noisy, and multi-speaker scenarios, making it ideal for air traffic control, drive-thrus, and call centers.
  • Real-Time Multilingual Support – Enables real-time transcription across multiple languages – the first model of its kind to do so – making it ideal for emergency response, global customer service, and multilingual operations.
  • Industry-Specific Accuracy – Recognizes domain-specific terminology for specialized fields like medical and legal transcription.
  • Precision Data Handling – Ensures accurate numeric recognition for retail, banking, and finance while supporting real-time redaction of sensitive information for compliance and data privacy.

Personalize Voice AI with Self-Service Customization

Nova-3 is the industry’s first voice AI model to enable self-serve customization, allowing users to fine-tune the model for specialized domains without requiring deep expertise in machine learning. Many conventional models require expensive and time-consuming expert-led customization, delaying deployment and increasing costs. With the addition of Keyterm Prompting, developers can instantly improve transcription accuracy by optimizing up to 100 key phrases without waiting for extensive model retraining or customization cycles. This flexibility accelerates deployment, enhances accuracy, and reduces costs—allowing businesses to rapidly unlock value from their voice AI solutions.

Benchmarking Excellence – Deepgram Extends Its Lead

Nova-3 continues to set a new standard for transcription accuracy, significantly widening the gap between itself and competing voice AI providers. Nova-3 outperforms competitors in both batch and streaming use cases, with consistently lower Word Error Rates (WER) that drive superior performance in real-world audio environments, including multilingual scenarios.

Batch WER Comparison

Nova-3 achieves a WER of 5.26%, extending its lead over the next-best competitor by 47.4% (10% WER). This reduced error rate translates to more accurate transcriptions for industries that require high precision, such as healthcare, legal, and finance.

Streaming WER Comparison

In streaming WER, Nova-3 leads with a WER of 6.84%, extending its advantage over the next-best competitor by 54.2% (14.92% WER). This improved accuracy ensures real-time, reliable transcription for applications such as call centers and virtual assistants, enhancing overall customer experience.

Multilingual Performance

In multilingual testing, Nova-3 outperforms OpenAI’s Whisper across seven languages, delivering up to 8:1 preference ratios in some languages. Nova-3’s advanced real-time multilingual conversation transcription empowers enterprises to scale globally, delivering reliable, accurate results across multiple languages and enhancing international customer engagement.

These benchmark results underscore Deepgram’s continued lead in transcription accuracy, driving superior outcomes for businesses that rely on speech-to-text and voice AI technologies.

Nova-3 Marks a Major Advancement

Nova-3 represents a breakthrough in AI-driven speech-to-text technology, cementing Deepgram’s position at the forefront of voice AI innovation and empowering businesses and developers to build the next generation of enterprise voice AI applications. Deepgram’s focus on continuous model and platform improvements ensures users always have access to the latest advancements, maximizing long-term value. Built with low customer COGS, the platform offers cost-efficiency and seamless updates, helping businesses stay competitive and future-proofed as they scale.

For more information about Nova-3 and Deepgram’s suite of voice AI infrastructure, please visit www.deepgram.com.

Leave a comment »