Archive for the Commentary Category

It Seems That Samsung May Have Another Battery Fiasco On Its Hands

Posted in Commentary with tags on September 27, 2022 by itnerd

Remember the Samsung Galaxy Note 7 fiasco? The one where phones were literally exploding all over the place due to swelling batteries and Samsung had to take every one of them back? Well, it might be happening again.

YouTuber Mrwhosetheboss has posted a video that shows that some Samsung smartphones are suffering from a swollen battery issue. He noted his S6 (2015), Note 8 (2017) and S10 (2019) all had swollen batteries. So he tweeted about it. Samsung saw that tweet and asked him to send the phones for examination. And that’s the last he heard from Samsung as they’ve gone silent for 50 days. Thus the need for him to make a video:

And it appears that he’s not the only one who’s noted this:

JerryRigEveryting offers this commentary:

This is not a good look for Samsung and it will be interesting to see how or if they respond to this. In the meantime, if you have a Samsung phone hiding in a desk drawer or a storage locker someplace, you might want to check on it. I say that because when lithium comes into contact with air, it creates a very violent reaction that can burn your house down. Thus this is a non-trivial situation that you might want to take seriously until all the facts are known.

Dove Partners With Epic Games’ Unreal Engine And Women In Games to launch Real Virtual Beauty

Posted in Commentary with tags , on September 27, 2022 by itnerd

Today, Dove is launching Real Virtual Beauty, a series of actions supported by partners across the gaming industry, including Epic Games’ Unreal Engine’s education team and Women in Games, to shatter beauty stereotypes and equip the next generation of young creators and players with the tools to build self-esteem and body confidence.

For over 60 years, Dove has been committed to creating a positive experience of beauty for women and girls – working to shatter the harmful beauty ideals that impact the body confidence and self-esteem of women and girls daily. The Dove Self-Esteem Project has reached more than 82M young people across 150 countries through its academically accredited programmes. Now, with a growing number of women and girls playing video games than ever before, Dove is bringing this commitment to create a more inclusive virtual world.

Dove is starting where intervention is most urgently needed with the launch of a Real Beauty in Games Training  a unique training and accreditation course developed in partnership with Centre for Appearance Research (CAR) and industry experts. Through the training, Dove is inviting game creators to help reflect the diversity we see in everyday life, and to avoid contributing to stereotypes and biases in design. Participants who have completed the course will have the opportunity to showcase their final works through the launch of an online “Real Virtual Beauty” character art collection – curated by Dove and available on Epic Games’ Art Station platform – helping raise the standard for the authentic, diverse and inclusive representation of women and girls across the games world.

In parallel, using a public health intervention model, the Dove Self-Esteem Project is equipping the next generation of creators and players with the tools to build self-esteem and body confidence through the launch of SuperU Story, the world’s first Roblox experience – in partnership with Toya – designed to deliver self-esteem education. 

Fun fact: 1.3 billion women and girls make up half of the global games community, with 65% playing video games before the age of 10. New research from Dove – co-published with Women in Games, an international organisation striving for equity and parity for all women and girls in games, and the Centre for Appearance Research (CAR) – reveals that the games industry still reflects narrow beauty standards, making many women and girls feel underrepresented, negatively impacting their self-esteem:

As part of Dove’s ongoing commitment to portraying inclusive beauty, the brand will offer a series of grants and awards to the best Real Virtual Beauty avatar designer, helping fund and expand their work with the opportunity to be featured in some of the industry’s biggest video games.

Part of Dove’s ambition to transform games into a positive space is to see more games experiences that not only entertain, but also inspire and educate the younger generation. 

Introducing SuperU Story, the world’s first experience on Roblox, developed by female founded and led games studio Toya, specifically designed to help young girls combat negative self-esteem and build body confidence through a first of its kind virtual experience that encourages users to be their true selves instead of aspiring to stereotypes and unrealistic beauty ideals. Entirely free and available to visit now, the experience is an extension of the Dove Self Esteem Project – the world’s largest provider of self-esteem education. SuperU Story was also incepted with the Dove Youth Board, and validated by psychological experts from the Centre for Appearance Research – an academic institution that focuses on the role appearance and body image plays in people’s lives.

Xero Partners With Procore Offering Cloud Construction Management Tools To Global Small Businesses

Posted in Commentary with tags on September 27, 2022 by itnerd

Xero, the global small business platform, has partnered with leading global provider of construction management software, Procore Technologies, Inc., to provide a new integration between Procore’s construction financial management solution and Xero’s cloud-based accounting platform.

The new app integration is now available on the Xero App Store in the United States, Canada, the United Kingdom, Australia and New Zealand. It helps solve some of the biggest challenges small and medium construction firms face by enabling them, and their advisors, to connect field and back office teams with real-time, accurate, financial data in the cloud. This in turn supports the delivery of multiple complex projects on time, and on budget.

According to McKinsey, the construction industry accounts for 13 per cent of global GDP, but productivity has grown by just one per cent annually over the past 20 years and digitalization is lower than in nearly any other industry.

You can try the new Procore app in the Xero App Store here.

Roku Announces Roku Ultra And Roku OS 11.5

Posted in Commentary with tags on September 27, 2022 by itnerd

Today, Roku, Inc. unveiled that its most powerful streaming player, Roku Ultra, is launching in Canada. Roku Ultra has a lightning-fast interface, Roku’s best Wi-Fi®, Dolby Vision®, Dolby Atmos®, HDR10+ compatibility, and channels that launch in a snap. Roku Ultra also includes the Roku Voice Remote Pro, whichfeatures hands-free voice controls, a rechargeable battery, a lost remote finder feature, and more.

Roku Ultra

Roku Ultra comes fully loaded with fast channel launch, Dolby Vision®, Dolby Atmos®, Bluetooth®, Apple AirPlay, and more.

  • Outrageously powerful: With a lightning-fast interface, smooth UI, and fast channel launch, users can get to streaming in a snap. Roku Ultra is the fastest and most powerful Roku player ever.
  • Best picture quality: Provides a stunningly sharp 4K picture with lifelike clarity supporting Dolby Vision ® and HDR10+.
  • Best audio quality with Dolby Atmos®Provides immersive entertainment with sound that moves all around with realism that provides a deeper connection to shows and movies. Plus, users can enjoy streaming and private listening via Bluetooth® connectivity.
  • Best connectivity: A strong, steady Wi-Fi ® connection is important for streaming the highest picture quality, especially in rooms farther from your router. Users can enjoy fast, seamless streaming anywhere in their home with Roku’s best Wi-Fi ® or choose to wire up over Ethernet.

Roku Voice Remote Pro

The Roku Voice Remote Pro offers a rechargeable battery, hands-free voice for easy actions (such as “Hey Roku, show me action movies”), personal shortcut buttons, and more.

  • Rechargeable battery: Works with any standard USB charger, so users can save money on batteries and keep them out of landfills. The rechargeable battery keeps the remote powered for up to two months on a single charge. 
  • Hands-free: Forget about reaching for the remote. Users can say “Hey Roku” and a command to turn the TV on, adjust the volume, control playback, and more without lifting a finger.
  • Lost remote finder:   Say “Hey Roku, find my remote” and listen for a little chime to locate; or use the button on the Roku Ultra player or by using the free Roku mobile app (available for iOS and Android).
  •  TV controls: Power up the TV, adjust the volume, mute, and control streaming—all with one remote.
  • Personal shortcuts: Users can set personal shortcuts for one-touch control to launch their go-to channel, pull up search results for their favourite movie, actor, and more.
  • Private listening: Allows users to watch and listen without disturbing anyone else around them. They simply plug the included headphones into the remote and turn up the volume to enjoy their favourite show.
  • Push-to-talk: Users who prefer to use Roku voice, can leverage the hardware switch to turn off the hands-free voice feature and use push-to-talk voice controls instead.

Roku OS 11.5 

The software updates include: 

Home Screen

  • Featured Free: Roku’s FREE content offering remains important to device users and now includes Featured Free, an improved experience for discovery and engagement. Featured Free is a content discovery feature on the Home Screen Menu, showcasing free unlocked content from local and global partners, all in one place.
  • Save List: Users can now easily save movies and TV shows from across the Roku platform to create a Save List of entertainment they want to stream later. Search is available as an item within the Home Screen Menu on the TV. Users can create their new Save List with the convenient “Save” option on the title’s details page, as well as manage and add to their list from anywhere with the Roku mobile app.

Audio 

  • Bluetooth ® Private Listening: Compatible with Roku Ultra users can simply head to the device settings to pair their wireless headphones to their supported Roku device. Once connected, they can enjoy sound from their TV through their wireless Bluetoothheadphones to their supported Roku device.

Voice Search

  • Roku Voice: Roku is adding new visual tools onscreen to help customers get to their desired channel destination while using Roku Voice. This feature makes it easy for users to find exactly what they’re looking for when searching with Roku Voice. In scenarios where there are multiple channel offerings for a voice search, a display will appear at the bottom of the screen with relevant options that make it easy for users to see and select their intended channel.
  • French Voice: In addition, Roku has added support of French-Canadian voice search and control to the platform. Users can set devices to French and use any voice remote to issue commands in French. 

Availability

Roku OS 11.5 will begin rolling out to Roku devices in the coming weeks. The Roku Ultra will be available for $129.99 MSRP at major retailers in Canada in October.

New Research Shows Attackers Moving To Destroying Data

Posted in Commentary with tags on September 26, 2022 by itnerd

New research from Cyderes on Exmatter shows new data extortion techniques which destroy rather than encrypt data. The Cyderes Special Operations and Stairwell Threat Research teams found a new sample of malware whose exfiltration behavior ‘aligns closely with previous reports of Exmatter, a .NET exfiltration tool’. The sample was found during a recent incident response following a BlackCat ransomware attack.

Cyderes Special Operations and Stairwell Threat Research teams discovered a sample of malware whose exfiltration behavior aligns closely with previous reports of Exmatter, a .NET exfiltration tool. This sample was observed in conjunction with the deployment of BlackCat/ALPHV ransomware, which is allegedly run by affiliates of numerous ransomware groups, including BlackMatter.

Exmatter is designed to take specific file types from selected directories and upload them to attacker-controlled servers before the ransomware itself is executed on the compromised systems. In this particular sample, the attacker attempts to corrupt files within the victim’s environment rather than encrypting them and stages the files for destruction.

First, the malware iterates over the drives of the victim machine, generating a queue of files that match a hardcoded list of designated extensions. Files matching those file extensions are added to the queue for exfiltration, which are then written to a folder with the same name as the victim machine’s hostname on the actor-controlled server.

As files upload to the actor-controlled server, the files that have been successfully copied to the remote server are queued to be processed by a class named Eraser. A randomly sized segment starting at the beginning of the second file is read into a buffer and then written into the beginning of the first file, overwriting it and corrupting the file.

The development of capabilities to corrupt exfiltrated files within the victim environment marks a shift in data ransom and extortion tactics. Using legitimate file data from the victim machine to corrupt other files may be a technique to avoid heuristic-based detection for ransomware and wipers. Additionally, copying file data from one file to another is a much more benign functionality than sequentially overwriting files with random data or encrypting them.

This is an interesting plot twist in terms of how cybercrime gangs like these operate. Dr. Darren Williams, CEO and Founder of BlackFog has this to say:

     “These days, few ransomware variants bother with encryption and almost exclusively rely on data exfiltration as a means to extort users and corporations. Data is the most valuable asset an organization has, as trade secrets, confidential customer and employee data that is subject to significant regulatory reporting. The disclosure alone can trigger some significant costs from a legal perspective in addition to the direct costs of recovery and remediation.”

This research is very much worth reading as I suspect other cybercrime gangs will copy and paste this.

Infosys Bringing 1,000 Jobs To Calgary And Doubling Its Canadian Workforce

Posted in Commentary with tags on September 26, 2022 by itnerd

Infosys today has inaugurated the Infosys Digital Centre in Calgary, Alberta, Canada. Infosys also announced it would bring 1,000 jobs to Calgary over the next two years, doubling its original commitment from when the company first expanded into the region in 2021. This will support the company’s growth across Canada as it also plans to double its total workforce commitment in the country to 8,000 employees by 2024.

The Calgary Centre, located in Gulf Canada Square in the city’s downtown commercial district, will help Infosys work more closely with clients in the region to develop cross-industry solutions to pressing business challenges in such areas as intelligent automation, green technology, user experience and advanced digital technologies, including big data and cloud. The Centre will train, upskill and reskill Infosys and client employees in the technologies required to help Canadian businesses accelerate their digital transformation.

Infosys’ collaborative relationships with academic institutions in the province, including the University of Alberta, will provide recent graduates and experienced professionals with exposure to the latest training, research and career mentorship. Infosys’ academic collaboration augment the company’s dedicated learning facilities within the Centre, which will deliver continuous learning across the employee lifecycle.

Infosys has recently been certified as a Great Place to Work® in Canada for 2022. The certification emphasizes Infosys’ strategic commitment to its localization strategy in Canada. The certification also highlights Infosys’ efforts to power digitalization in Canada by doubling its Canadian workforce and shrinking the IT skills gap in the country through sustained investments in training.

For more information, please visit: Infosys – Powering Digital Canada.

Access To Tens Of Thousands Of Chinese Made Cameras Available For Sale By Hackers…. Yikes!

Posted in Commentary with tags on September 25, 2022 by itnerd

This is not only bad, it’s also a textbook example of why you need to stay on top of patching your IoT gear.

Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260. The exploit was given a “critical” 9.8 out of 10 rating by NIST. The higher the number, the worse it is and in this case, this is as close to worst case scenario as you can get without hitting 10.

Now here’s the problem. New research indicates that a year later, 80,000 or so cameras are out there in the world unpatched. And what’s worse, access to these cameras are for sale by hackers:

Specifically in the Russian forums, we have observed leaked credentials of Hikvision camera products available for sale. These can be leveraged by hackers to gain access to the devices and exploit further the path of attack to target an organization’s environment.

That’s bad. Really Bad. The vendor did put out alerts for this along with firmware updates. But because people have a tendency to what I call “install and forget” about IoT gear, here we are talking about it. Thus my advice to anyone who owns one of these cameras is to drop what you’re doing and update them now. And my advice to anyone who has IoT gear of any sort is to make sure you stay on top of your firmware updates so that way nobody tries to use your IoT gear to pwn you.

Adversary Tactics Intel Group Finds Gootloader Threat Actors Use SEO Poison Technique to Exploit Gov, Legal, Real Estate, Med, Ed Victims with Highly Targeted Content

Posted in Commentary with tags on September 23, 2022 by itnerd

Deepwatch has published a new report uncovering Gootloader threat actors using the search engine optimization (SEO) poisoning technique. In the latest report from its Adversary Tactics and Intelligence (ATI) group, Deepwatch looks at a technique where threat actors are compromising legitimate websites, creating fake blog posts, and using overlays to display a fake forum page over blog posts–all to snare government, legal, real estate, medical, and education victims with highly-targeted content.

This is a very sophisticated attack and the report is well worth your time to read.

Google Analytics Declared Unlawful In Denmark

Posted in Commentary with tags , on September 22, 2022 by itnerd

Denmark yesterday declared the use of Google Analytics unlawful. The Danish Data Protection Agency concluded that the tool would require the ‘implementation of supplementary measures in addition to the settings provided by Google’. The Agency stated that the decision represents a common European position among the citizens whose personal data is protected. Here are the key details:

The Danish Data Protection Agency has looked into the tool Google Analytics, its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.

In sort, if you’re in Denmark you can’t use Google Analytics. Full stop.

Mark Bower, VP of Product Management of Anjuna Security:

     “The ever-expanding bulk collection of consumer data and its handling will continue to land under the EU regulatory microscope, especially with the recent expansion of GDPR scope around inferred data following recent rulings in Lithuania that propagate across the union. Under this new extension, data that is derived from personal data is considered in scope. If breached, it has the same consequence as primary personal identifiers including massive fines. This has sweeping impact and risk for organizations: traditional approaches to compliance that often assume the personal data can be identified in advance of collection and then protected it may no longer work or be fit for purpose, especially with machine learning models where new derived outcomes and inference are coveted by data processors across industry, especially ad-tech, payments, financial services and retail. Organizations handling personal data must therefore look at more thorough and innovative protection strategies in addition to carefully analyze the risk of bulk collection itself. It’s no surprise then that the top of the data food chain is the first to be put in the spotlight – but they will not be the last”

You have to assume that a bunch of people at Google are not happy about this as gathering data and making money off of it is their core business. And I would not be surprised if other places on the planet start to do similar things.

Sucks to be Google.

Optus Pwned By Hackers… Personal Info Stolen

Posted in Commentary with tags on September 22, 2022 by itnerd

Australian telco Optus has disclosed that they suffered a cyber attack which resulted in the personal info of customers including names, DOBs, addresses and contact details being stolen. The attack occurred after hackers broke through the company’s firewall, accessing sensitive information of Optus’ 9.7 million subscribers. The company has confirmed the breach and exposed information but has stated that payment details and account passwords have not been compromised, and that services including mobile phones and home internet were not affected. The thing is, what was stolen is enough to start identity theft campaigns. Which makes this a non trivial event.

Mark Bower, VP of Product Management, Anjuna Security had this to say:

     “Too often we see large scale breaches where payment details and passwords were the only things protected, largely due to regulations like PCI DSS, yet massive amounts of personal data are not. That’s no longer good enough for maintaining customer trust. The types of data breached in this attack put millions of Australians at risk from phishing, social attack and phone scams which can have huge personal anxiety and financial consequences. Modern enterprises can certainly avoid this with a more holistic approach to data security given the availability of tools that can dramatically reduce impact of insiders or advanced attackers even in a total breach situation which is an inevitable and expected scenario for today’s CISO.”

Australia has been very good at investigating stuff like this. Thus I have to assume that the authorities are all over this. Which means we’ll find out how bad this is soon enough.