Archive for May 1, 2025

Harrods Is Dealing With A Cyberattack

Posted in Commentary with tags on May 1, 2025 by itnerd

The uber famous department store Harrods is apparently facing some sort of cyberattack. Here’s what the BBC said:

A statement from Harrods read: “We recently experienced attempts to gain unauthorised access to some of our systems.

“Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.

“Currently all sites including our Knightsbridge store, H beauty stores and airport stores remain open to welcome customers. Customers can also continue to shop via harrods.com.

“We are not asking our customers to do anything differently at this point and we will continue to provide updates as necessary.”

So it sounds like this is going to be another story worth watching. I say that because new developments will likely come to light in the coming hours and days.

Leave a comment »

Front Row Insurance Brokers launches new online portal for drone liability insurance in Canada

Posted in Commentary with tags on May 1, 2025 by itnerd

Front Row Insurance Brokers has announced the launch of its new online portal dedicated to drone liability insurance. This new portal offers instant quotes and same-day coverage, making it easier than ever for drone operators and businesses to get insured and stay compliant.  

By launching this new portal, Front Row Insurance Brokers aims to address the evolving and unique needs of its clients and respond to the rapid growth of drone usage across various sectors such as film production, real estate, and surveying in Canada. This portal is designed to meet the increasing demand for streamlined, accessible, and reliable insurance solutions, ensuring that drone operators and businesses can obtain comprehensive coverage swiftly and effortlessly. 

Clients looking for drone liability insurance in Canada will find several key features in the portal, including: 

  • Fast, online access to liability insurance tailored for drone operators
  • Coverage options starting at just $225 per year
  • Issue unlimited certificates of insurance at no additional cost 
  • Options to cover multiple drones and operators under one policy
  • Available limits up to $4,000,000 of aerial liability 

The introduction of the new portal reinforces Front Row Insurance Brokers’ commitment to helping business in the film and entertainment industry navigate the complexities of liability insurance with ease and confidence. 

Learn more about drone liability insurance and explore the various options available by visiting https://drones.frontrowinsurance.com  

Leave a comment »

New Microsoft Email Sender Requirements Go Into Effect On May 5th

Posted in Commentary with tags on May 1, 2025 by itnerd

Microsoft recently announced updated email sender requirements, raising the bar to help better protect email inboxes by making email authentication a prerequisite for successful email delivery to Outlook.com.

On May 5, Microsoft will start rejecting non-compliant emails and you can read more about it here. Which is something that anyone who runs an email server should do. But here’s the TL:DR:

  • Sending domains must have a published DMARC policy, with a policy setting of p=none or better, and there must be proper alignment with either SPF or DKIM authentication settings (Microsoft’s guidelines recommend both be aligned whenever possible).
  • If your domains do not meet these requirements, your non-compliant emails will be rejected as of May 5.

Please note: If your domains are at enforcement (p=reject or p=quarantine), congratulations your domain is protected. However, if your DMARC policy is at p=none, your domain is not protected and is open to phishing and spoofing.

I’ll be checking my email servers over the weekend to ensure that they are compliant. You should do the same so that you have no issues on May 5th.

Leave a comment »

TELUS marks 20th anniversary of TELUS Days of Giving

Posted in Commentary with tags on May 1, 2025 by itnerd

Today, TELUS announced its 20th annual TELUS Days of Giving kicks off on May 1, uniting TELUS team members, retirees, and partners around the world to volunteer and give back in their local communities. Throughout the month of May, TELUS team members, retirees, families, and partners around the world will participate in thousands of volunteer activities for TELUS Days of Giving. This global movement, which began as a single day of service two decades ago, now encompasses a diverse range of initiatives including environmental cleanups, food bank support, youth mentorship, and technology-focused efforts like device recycling. TELUS Days of Giving not only addresses immediate community needs but also fosters a year-round culture of volunteerism. This signature program runs from May 1-31 and last year alone, 83,000 volunteers gave back in 33 countries, contributing to 1.5 million volunteer hours in 2024, for the second consecutive year, more than any other company in the world. 

With recent studies highlighting that one in five Canadians now rely on charitable services to meet essential needs, and more than half of charities unable to keep pace with current demand, TELUS’ longstanding commitment to giving back has never been more vital. 

To learn more about TELUS’ commitment to creating positive change in communities where team members live, work, and serve, and to join in building a friendlier future for all, visit telus.com/purpose.

Leave a comment »

CIRA XDR brings cutting-edge cybersecurity technology to Canadian organizations

Posted in Commentary with tags on May 1, 2025 by itnerd

As the cybersecurity landscape continues to evolve, organizations require more sophisticated tools to protect themselves. CIRA, the national non-profit that protects over eight million Canadians with its cybersecurity products, is responding to this challenge by launching a new enterprise-grade service, CIRA XDR, that leverages an open-source codebase to protect organizations in Canada for which other solutions may be out of reach.

CIRA XDR is an affordable, professional-grade extended detection and response solution tailored specifically for Canadian organizations. Cybersecurity tools can generate overwhelming amounts of data leading to alert fatigue, long manual investigations and ad hoc mitigations from security teams. The struggle to keep up with the volume of “noise” produced by these traditional tools can hamper the ability to detect genuine threats. CIRA XDR leverages advanced analytics to reduce false positives, providing organizations with an easy and fast single-pane-of-glass view of potential threats with built-in automated response capabilities. The service can be integrated across multiple security domains—such as endpoints, identities, cloud applications, email and data stores.

Hosted in Canada by the team managing Canada’s internet top-level domain .CA, XDR ensures organizations’ data remains in the country. CIRA puts control back into the hands of Canadian organizations to manage threats and mitigate risks, all while contributing to the community making Canada’s cybersecurity posture stronger.

Key features

  • CIRA XDR equips organizations with optional endpoint client software for log collection, threat detection and active response intervention.
  • For organizations struggling to scale XDR solutions that require on-premise software or hardware appliance deployments, CIRA’s service runs with a lightweight agent and 100 per cent cloud data management and storage systems.
  • XDR provides Canadian cloud-hosted SIEM & SOAR services for a robust, secure and scalable infrastructure with worry-free external management.
  • XDR is pre-integrated into hundreds of security and application stacks to allow for rapid visibility and action across all IT infrastructure.

For more information about the service, visit cira.ca/xdr and learn more about CIRA Cybersecurity services by clicking on this link.

Leave a comment »

Atlassian Williams Racing Partners With Airia

Posted in Commentary with tags on May 1, 2025 by itnerd

Ahead of this weekend’s 2025 FIA Formula 1 Miami Grand Prix, Atlassian Williams Racing is pleased to announce a new multi-year partnership with Airia, an innovative enterprise platform that enables organisations to orchestrate, deploy and manage AI solutions securely and at scale.

Atlanta-headquartered Airia will become Official AI Orchestration Partner to Atlassian Williams Racing, the iconic British-based F1 team with nine Constructors’ World Championships and seven Drivers’ Championships. 

The partnership brings together two innovation-led companies driven by precision, performance and cutting-edge technology. Williams will use the Airia platform to safely connect teams across the organisation to AI capabilities, enabling faster access to knowledge and insights in pursuit of future World Championship success. It will also allow the team to build intelligent workflows and automate complex tasks, improving decision-making across technical and operational groups with robust security and governance guardrails in place.

Airia has chosen Atlassian Williams Racing for its first partnership in Formula 1, joining forces with one of the sport’s most iconic names to expand its reach across global markets. The partnership reflects Airia’s commitment to real-time decision-making, speed and reliability under pressure – values central to success both on and off track. In addition to Williams’ position as an icon of the sport, Airia was also attracted by the team’s dedication to inspiring the next generation through initiatives like F1 Academy and its pioneering schools outreach programme which will bring 10,000 children to the team’s Grove HQ this year free of charge to learn about STEM careers.

Airia’s branding will debut this weekend at the Miami Grand Prix, appearing on the front wing endplates and halos of the FW47 race cars driven by Alex Albon and Carlos Sainz, as well as on the side of the F1 Academy car driven by emerging US star Lia Block. Reflecting Airia’s passion for education, the company also plans to integrate into the team’s STEM programme. 

Airia becomes the third major technology company to partner with Williams in 2025, reinforcing the team’s long-standing position as a pioneering innovator in the world’s most technologically-advanced sport. Atlassian became the team’s title partner in January, followed by Brillio in March, strengthening the team’s growing roster of world-class partners.

Leave a comment »

Guest Post: When Wellness and Security Apps Betray Your Trust

Posted in Commentary with tags on May 1, 2025 by itnerd

By Aras Nazarovas

Apps designed to protect our peace of mind are increasingly becoming sources of anxiety. Take 7 Minute Chi – Meditate & Move, a meditation app marketed to reduce stress, and Robo Spam Text & Call Blocker, an iOS tool meant to shield users from robocalls and phishing. Both promised safety – one for mental well-being, the other for digital security. Instead, they exposed sensitive user data through security failures, revealing a worrying truth: the apps we trust to guard our privacy are often the weakest links in our digital lives.

The Irony of Leaky Safe Spaces

The 7 Minute Chi breach laid bare the personal details of over 100,000 users-names, emails, and app secrets like API keys and Facebook credentials – due to a misconfigured Firebase database. This is a betrayal. Users sought calm and focus, only to have their data potentially weaponized for phishing or identity theft. 

Also, Robo Spam Text & Call Blocker, downloaded 93,000 times, leaked 339,000 reported spam numbers, customer support tickets with real names and emails, and critical app secrets. Criminals now know which numbers users block and which keywords to avoid, and this enables them to craft scams that slip past filters.

These leaks aren’t accidents but symptoms of systemic negligence. Firebase misconfigurations, which leave databases publicly accessible, and hardcoded secrets embedded in app code are shockingly common. Our research shows 71% of 156,080 sampled iOS apps leak at least one secret, with an average of 5.2 per app. When developers cut corners, apps designed to protect become tools for exploitation.

The Human Cost of Broken Promises

For users, the fallout is deeply personal. Just imagine receiving a phishing email that references your meditation habits, perhaps even mentioning the specific app you use or the routines you follow – details you thought were private. 

Or picture answering a spam call that not only gets past your trusted blocker, but uses language and tactics tailored to your reported preferences and blocked keywords, making the scam far more convincing. 

In both cases, the sense of violation is profound: information you shared in the pursuit of calm or safety is now being used to target and manipulate you, turning trusted digital spaces into sources of new anxiety.

A Failure of Accountability

Neither Apple’s App Store reviews nor developer due diligence prevented these breaches. 7 Minute Chi’s Firebase instance sat exposed for weeks, while Robo Spam Text & Call Blocker’s parent company, Brantley Media Group, has a history of leaks, including an AI app that exposed users’ intimate stories. Yet, Apple’s ecosystem, often perceived as a “walled garden,” lacks mechanisms to scan for hardcoded secrets or enforce secure cloud configurations.

What’s Next?

To restore trust, the industry must prioritize:

  • Expand app store reviews to include backend security checks: Apple and other platform owners should incorporate automated scans for misconfigured databases, hardcoded credentials, and other backend vulnerabilities before approving apps.
  • Developers must follow secure coding standards, conduct regular code reviews, and leverage automated security testing tools to catch vulnerabilities early.
  • Provide real-time privacy visualizations and alerts: empower users with dashboards or notifications that reveal how their data is used, and immediately alert them to potential leaks or suspicious activity.
  • Offer post-breach support and transparency, and quickly notify users in the event of a breach, provide guidance on protective actions, as well as offer services such as personal data scans to help users recover.
  • Regularly update and patch apps

As the lead researcher on these investigations, I urge users to demand better. Change passwords exposed in breaches, limit data shared with apps, vet apps before installing them, as much as you can, and pressure platforms to enforce stricter standards. Until then, the very tools marketed to protect us will continue to leave us exposed.

ABOUT THE EXPERT

Aras Nazarovas is an Information Security Researcher at Cybernews, a research-driven online publication. Aras specializes in cybersecurity and threat analysis. He investigates online services, malicious campaigns, and hardware security while compiling data on the most prevalent cybersecurity threats. Aras along with the Cybernews research team have uncovered significant online privacy and security issues impacting organizations and platforms such as NASA, Google Play, App Store, and PayPal. The Cybernews research team conducts over 7,000 investigations and publishes more than 600 studies annually, helping consumers and businesses better understand and mitigate data security risks.

Leave a comment »