Archive for the Commentary Category

Raptic Launches Samsung Galaxy S21 Cases

Posted in Commentary on January 20, 2021 by itnerd

Raptic has launched their newest lineup of Raptic Shield cases for Samsung Galaxy S21 Series.

Raptic’s line of cases is tested to meet and exceed military drop test standards (MILSTD-810G) of up to 10 feet onto concrete and feature a raised front lip (1.2 mm) to help avoid the screen from being damaged or scratched. Raptic offers free shipping for all Galaxy S21 cases within the US and lifetime warranty.

The Raptic Shield ($29.99) for Samsung Galaxy S21Galaxy S21 Plus, and Galaxy S21 Ultra features: 

  • Enhanced machined aluminum exterior frame, coupled with a soft rubber bumper, for ultimate protection 
  • Antimicrobial solution infused in the frame & back to keep your phone hygienically clean
  • Honeycomb interior lining adds shock absorption for drops 
  • Anodized aluminum frame, available in Red, Black, or Iridescent, and user-friendly one-piece construction complements the premium quality of the Galaxy S21 while making the case even easier to put on/take off 
  • Compatible with all Qi Certified Wireless chargers

BSO Broadens Cloud Connect Offering With Oracle Cloud FastConnect

Posted in Commentary with tags on January 20, 2021 by itnerd

BSO, the leading global telecoms operator powering the digital age, today announced it will offer on-demand connectivity to Oracle Cloud as an official Oracle Cloud FastConnect partner.

The partnership between BSO and Oracle Cloud provides global enterprises with a dedicated, private and highly secure connection from their sites to their critical data and applications within Oracle’s Cloud, BSO will offer Oracle Cloud FastConnect services up to 10Gbps from any of its 240+ POPs.  

Built over BSO’s global and resilient core private Ethernet network, BSO Cloud Connect provides customers with seamless, on-demand connectivity from their data centers and networks, office or colocation environment to Cloud Services providers such as Amazon AWS, Microsoft Azure, or Google Cloud. 

Oracle Cloud Infrastructure FastConnect enables enterprise cloud connectivity to Oracle Cloud from trusted enterprise data centers. Connecting directly to the Oracle Cloud through Oracle FastConnect enables a fast, private connection to the industry’s broadest and most integrated cloud platform, with a complete range of services across Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS).

Features and benefits of connecting directly to Oracle FastConnect: 

  • A more consistent network experience with costs optimisation for data transfer compared to internet-based connections thanks to a dedicated fiber optic connection
  • Increased levels of security and predictability for latency-sensitive traffic allowing greater end-to-end control 
  • Variety of connection speed options: 100Mbps to 10Gbps over 1GE or 10GE ports 
  • More redundancy and disaster recovery of customers’ network infrastructure 
  • Connectivity uptime and performance are backed by an SLA

This collaboration between BSO and Oracle Cloud FastConnect will help customers drive business-process efficiency, improve customer engagement, and accelerate their digital transformation efforts.

New LinkedIn Data Reveals Which Canadian Cities Are Feeling Best About Work Prospects

Posted in Commentary with tags on January 20, 2021 by itnerd

Canada’s workforce is feeling the most confident since July – but that optimism isn’t shared equally across the country, with those in Montreal and Vancouver reporting a much brighter picture than others, according to new LinkedIn data.

LinkedIn’s overall Workforce Confidence Index score for Canada reached +33 at the end of last year, on a scale of -100 to +100. The figures reflect an aggregate of how Canadians feel about their short-term job security, financial wellbeing and one-year career outlook, based on a regular survey of members. (You can find previous editions here.)

How optimistic does the workforce feel across Canada?

  • Driving the improvement in sentiment in the most recent quarter, workers in Greater Montreal reported the highest confidence scores of all the Canadian cities we tracked, averaging +46 in the period covering October to December. That reflects a climb from average scores of +40 over the summer and +31 back in the spring. While it’s hard to pinpoint what prompted the improvement in sentiment in and around Montreal, their scores moved higher primarily in the financial and career confidence metrics. Meanwhile, the unemployment rate in Quebec fell to 6.7% in December, the lowest among provinces, according to Statistics Canada, as employment picked up in professional, scientific and technical services.
  • Workers in Metro Vancouver were the next most optimistic, and saw the biggest quarterly jump in optimism in the winter, with scores of +39, up from +30 in the summer. The three-month moving average unemployment rate in Vancouver was most recently a (comparatively) low 7.4%, official figures suggest, perhaps underscoring the relatively upbeat mood.
  • Those in Ottawa, Toronto, Winnipeg and their surrounding areas all fell somewhere in the middle of the pack, with scores of +32, +30 and +27 respectively, all inching down two points from the summer. Wider employment in the Toronto metropolitan area was unchanged in November and fell 1.5% in December after five months of gains as tougher public health restrictions were enacted to combat the spread of COVID-19, according to Statistics Canada.

For the full results, including additional insights on how Canadians feel about their career growth, finding a new job, and employer outlook visit here. Research methodology is shared below. 

Methodology 

LinkedIn’s Workforce Confidence Index is based on a quantitative online survey that is distributed to members via email every two weeks. Roughly 1,000+ Canada-based members respond each wave. Members are randomly sampled and must be opted into research to participate. Students, stay-at-home partners & retirees are excluded from analysis so we’re able to get an accurate representation of those currently active in the workforce. We analyze data in aggregate and will always respect member privacy.

Data is weighted by engagement level, to ensure fair representation of various activity levels on the platform. The results represent the world as seen through the lens of LinkedIn’s membership; variances between LinkedIn’s membership & overall market population are not accounted for.

OVHcloud Teams With IBM & Atempo

Posted in Commentary with tags on January 20, 2021 by itnerd

To meet enterprises and public institutions security, sovereignty and resilience needs for the preservation of sensitive data, OVHcloud is collaborating with IBM and Atempo to develop a Storage-as-a-Service offering. This solution will be based on IBM enterprise tape technology and an Atempo software stack hosted and operated by OVHcloud in new data centres on the French territory.

With the ever-exponential growth of data produced by the Cloud, data storage optimization has become essential, both because of costs and compliance risks. As organizations look for ways to store, manage and leverage value for this ever-growing amount of data, Tape will play a strategic role in addressing storage infrastructure challenges.

Tape solutions offer the lowest cost per terabyte of storage available today; the technology provides the security, scalability and durability to safely store critical inactive and cold data over the long term. When stored properly, data on tape today will still be legible in 30 years’ time. Put simply, storing data on tape costs mere pennies per terabyte and when not in use, requires zero energy consumption unlike hard disks and flash drives. 

Tape meets Hybrid Cloud for a scalable, secure and affordable data strategy
OVHcloud will launch a cloud storage offering aimed at both public and private organizations, which will guarantee total security and resilience for the long-term preservation of their sensitive data. This long-term storage solution is based on the IBM Enterprise 3592 Enterprise Tape technology and orchestrated by Atempo’s technology platform, Miria. In addition OVHcloud will innovate through the in-between addition of erasure coding 9+3 technology, allowing smart replication and split of users’ data.

To address data localization concerns of professionals, the solution will be hosted and operated by OVHcloud in four new dedicated facilities, all located in France and each separated by several hundred kilometers. Security is a key priority for OVHcloud, who recently obtained the ANSSI Security Visa for the SecNumCloud which qualifies its Hosted Private Cloud solution and demonstrates the highest level of IT security, in line with recommendations from the French National Agency for Information System Security, for hosting sensitive and strategic data. 

The combined expertise of IBM, Atempo and OVHcloud will provide users with a unique solution that meets the regulatory requirements for data conservation, will be S3 compatible and feature ultra-competitive and predictable pricing for an unmatched price/performance ratio. 

About OVHcloud
OVHcloud is a global player and the leading European cloud provider operating 400,000 servers within its own 31 data centres across 4 continents. For 20 years, the Group has been leveraging an integrated model that provides full control of our value chain, from designing our servers to managing our data centres through to orchestrating our fibre-optic network. This unique approach enables OVHcloud to cover, independently, the full spectrum of use cases for our 1.6 million customers across 140 countries. OVHcloud now offers customers latest-generation solutions that combine high performance, predictable pricing and full data sovereignty to support their unfettered growth.

About Atempo
Atempo is a leading independent European-based software vendor with an established global presence providing solutions to protect, store, move and recover all mission-critical data sets for thousands of companies worldwide. With over 25 years’ experience in data protection, Atempo offers a complete range of proven solutions for physical and virtual servers’ backup, workstations, and migration between different storages of very large data volumes. Atempo’s three flagship solutions, Lina, Miria and Tina are labeled ‘As used by French Armed Forces’ and ‘France Cybersecurity’.
Selected to join the French Tech 120, a government program designed to nurture 25 unicorns by 2025, Atempo is headquartered in Paris and is present in Europe, the US and Asia with a partner network in excess of 100 partners, integrators and managed service providers.
For more information:  www.atempo.com.

Guest Post: NordVPN Discusses The Top 10 Biggest Data Breaches Of 2020

Posted in Commentary with tags on January 20, 2021 by itnerd

 

Last year, hackers were as active as never before, taking advantage of users’ vulnerabilities and the economic disruption amid the global COVID-19 pandemic. 

The number of cyberattacks is growing steadily every year, and 2020 was again the year that saw a great peak in cybercrime. According to the Risk Based Security report, 2,953 breaches were publicly reported in the first three quarters of 2020 alone, bringing the number of exposed records to a staggering 36 billion. In comparison, there were 15.1 billion records breached throughout the entire year of 2019.

“The still ongoing pandemic has drastically altered the way people work, shop, communicate, and entertain themselves,” explains Daniel Markuson, a digital privacy expert at NordVPN. “Our lives had to move online, making us leave more digital footprint, which has been attracting all types of scammers, fraudsters, and hackers who look for security vulnerabilities to exploit.”

Out of the enormous number of data breaches that happened in 2020, NordVPN experts picked the top 10 biggest leaks in terms of the data volume. The list includes leaky databases that were not necessarily breached per se but exposed sensitive data to the public. Some of the data breaches outlined below might have happened some years ago but surfaced only in 2020.

10. Unknown (201 million). In January, security researchers found a database of more than 200 million sensitive personal records exposed online. The leaky database with an undetermined owner was hosted on a Google Cloud server and consisted of highly sensitive personal and demographic data about US residents and their properties with names, addresses, email addresses, credit ratings, income, net worth, property market value, investment preferences, and other explicit details. It remains unknown if any unauthorized parties accessed the dataset, which was considered to be a gold mine for cybercriminals. Google was alerted about the case, and, after more than a month, the exposed server was taken offline.

9. Microsoft (250 million). In January 2020, Microsoft disclosed a data breach on its servers storing customer support analytics. The breach took place in December of 2019. 250 million entries, including email addresses, IP addresses, and support case details were accidentally exposed online without password protection. The leaky database consisted of five ElasticSearch servers, which are used to simplify search operations. Misconfigured security rules were blamed for the accidental server exposure, which Microsoft swiftly fixed.

8. Wattpad (268 million). In June 2020, a database of more than 268 million records belonging to Wattpad, a Canada-based website and app for writers to publish new user-generated stories, was breached. The malicious actors compromised Wattpad’s SQL database containing user account credentials, email addresses, IP addresses, and other sensitive data. After the incident, the company reset its users’ passwords. 

7. Broadvoice (350 million). In October 2020, news surfaced that Broadvoice, the US VoIP provider to businesses, exposed more than 350 million customer records, such as names, phone numbers, and call transcripts, including voicemails left with medical outlets and financial services firms. 10 databases belonging to the company were easily accessible to security researchers due to a configuration error which left them open without any authentication required for access. Broadvoice patched the security flaw and notified the relevant legal authorities about the incident.

6. Estée Lauder (440 million). In January 2020, the US cosmetics giant Estée Lauder had its unprotected database containing 440 million internal records exposed online. Researchers who found the unencrypted database say the exposed information included email addresses, internal documents, IP addresses, and other information belonging to the company-owned education platform. Once made aware of the issue, the company closed the database off.

5. Sina Weibo (538 million). In March 2020, it was reported that the biggest Chinese social media platform called Weibo was breached, and personal details of more than 538 million users were up for sale on the dark web and other places online. The exact timing of the data breach is unclear, but there’s speculation that it might date back to 2019. The hacker claimed that the sensitive data, including 172 million users’ real names, gender, location, and even phone numbers, was obtained from an SQL database dump.

4. Whisper (900 million). In March 2020, news broke that a popular secret-sharing app Whisper left 900 million user records exposed online. Anonymous personal confessions and all the metadata related to those posts, including the location coordinates and other sensitive information, were publicly viewable on a non-password-protected database, which, if accessed by hackers, could result in user identification and blackmail. After the company was informed about the incident, access to the data was removed.

3. Keepnet Labs (5 billion). In March 2020, Keepnet Labs, a UK-based cybersecurity firm, experienced a cyber incident during which a contractor temporarily exposed a database containing 5 billion email addresses and passwords from previous data breaches. According to the threat intelligence company, which collects historic breach data to notify its business customers in case their data was compromised, it was migrating the ElasticSearch database and disabled the firewall for about 10 minutes to speed up the process. The risky decision enabled security researchers to access the data without a password via an unprotected port.

2. Advanced Info Service (8.3 billion). In May 2020, Advanced Info Service, Thailand’s largest GSM mobile phone operator, had to take down one of its databases following an alleged data breach. A security researcher found an open ElasticSearch database online containing 4TB of internet usage data, or 8.3 billion records. The sitting-to-be-found information, such as DNS queries and Netflow data, could be used to map a user’s internet activity. The leaky database is secure now.

1. CAM4 (10.88 billion). In March 2020, researchers found an unprotected ElasticSearch server of the adult video streaming website CAM4, which was leaking 7TB of data, or nearly 11 billion records. The exposed records included user sensitive information, such as full names, email addresses, sexual orientation, chat and email correspondence transcripts, password hashes, IP addresses, and payment logs. The database error was fixed, however it remains unknown if any hackers accessed the highly sensitive information of members of the adult site, who usually prefer to stay anonymous.

 

Parler Takes The Next Step In Making A Comeback

Posted in Commentary with tags on January 19, 2021 by itnerd

Right-wing social media platform Parler, which has been offline since Amazon Web Services Thanos snapped it off the Internet last week, has reappeared on the Web with a promise to return as a fully functional service “soon“:

Although the platform’s Android and iOS apps are still defunct, this weekend its URL once again began to resolve to an actual website, instead of an error notice. The site at the moment consists solely of the homepage, which has a message from company CEO John Matze. “Now seems like the right time to remind you all — both lovers and haters — why we started this platform,” the message reads. “We believe privacy is paramount and free speech essential, especially on social media. Our aim has always been to provide a nonpartisan public square where individuals can enjoy and exercise their rights to both. We will resolve any challenge before us and plan to welcome all of you back soon. We will not let civil discourse perish!” 

And:

Parler, however, was deplatformed in the first place explicitly because the content it allowed to flourish was anything but “civil,” and as multiple reports have made clear, the service backend was designed with basically no thought given to privacy. Meanwhile, the path Parler appears to be taking to rejoin the Internet is a shady one paved for it by other explicitly extremist, white nationalist platforms that lost access to more mainstream services after being tied to terrorism.

And there’s the fact that getting a service online that allegedly millions of people used minus the resources of a company like Amazon Web Services is going to be a sketchy proposition at best. Personally, I can’t see it happening. And if it does happen, it will likely be a very unstable platform to be on. But I guess we will see what happens.

Trend Micro Announces Advanced Cloud-Native Container Security Solutions To Cloud One Platform

Posted in Commentary with tags on January 19, 2021 by itnerd

Trend Micro Incorporated today announced its advanced container security solution Cloud One – Container Security. Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimize application downtime across their Kubernetes environments, from a single tool.

This new service is an important addition to Trend Micro’s Cloud One services platform that was introduced last year. As IDC stated, “Trend Micro launched Cloud One, its integrated cloud security services (SaaS) platform that addresses customers’ security challenges around datacenter servers and virtual machines, IaaS workloads, containers and containers services, cloud security posture management, cloud file and object storage services, and serverless.” 

Global organizations are increasingly leveraging containers to accelerate cloud migration, rearchitect monolithic applications and build and integrate seamless cloud native applications. This can create security gaps that traditional network and endpoint tools are not capable of addressing.

Trend Micro Cloud One Container Security offers three main elements:

Container image scanning

This scans at build time for the earliest possible detection and lowest cost remediation. In addition, through partnership with Snyk there is a scan against the market leading open source vulnerability database. This provides early detection and mitigation of vulnerabilities in third-party code dependencies. Cloud One – Container Security will:

  • Look for vulnerabilities in the packages included in the container
  • Detect malware using signatures and advanced machine learning techniques
  • Find embedded secrets such as passwords, API tokens, or license keys
  • Sweep for IoCs using industry-standard Yara rules

Policy-based deployment control

Container security enables you to create policies that allow or block deployments based on set rules. Native integration with Kubernetes ensures that all deployments run in a production environment are safe.

Cloud-native runtime security

Once an image has been deemed safe and is deployed into production, Cloud One Container Security will protect the container in the runtime environment. This offers ongoing vulnerability detection for the containerized application and provides relevant feedback to security and DevOps teams in case further action is needed.

Keyfactor Announces Strategic DevSecOps Partnership With Infinite Ranges

Posted in Commentary with tags on January 19, 2021 by itnerd

Keyfactor, the leader in PKI as-a-Service and crypto-agility solutions, today announced a strategic partnership with digital transformation solutions provider Infinite Ranges. The collaboration enables enterprise teams to overcome the DevSecOps gap through the implementation of best practices and automated solutions.

recent survey of more than 600 IT and security professionals identified likely occurrences of code signing and key misuse in enterprise environments over the next two years; 73% of respondents experienced unplanned downtime and outages due to mismanaged digital certificates. Many enterprises employ Public Key Infrastructure (PKI) and digital certificates in DevOps workflows to secure code through its lifetime. However, traditional PKI relies on manual processes, making it ill-equipped for agile process requirements.

Infinite Ranges’ specialization as an implementation partner for both Keyfactor and Hashicorp Vault provides a unique offering within the market.

Keyfactor provides cloud-hosted PKI-as-a-Service infrastructure through integrated certificate and key management, secure signing and secure IoT device design. The platform provides discovery, integration and orchestration capabilities, enabling teams to gain complete crypto-agility, extensibility and visibility.

01 Communique Announces Bounty Contest 2021

Posted in Commentary with tags on January 19, 2021 by itnerd

01 Communique Laboratory Inc. one of the first-to-market, enterprise level cybersecurity providers for the quantum computing era, has announced a Bounty Contest. You are invited to join the Bounty Contest 2021 (February 22 – March 22) for the chance to win a grand prize of CAD100,000 in cash. This Bounty Contest is exclusively sponsored by PwC China.

As the race for quantum supremacy intensifies, so is the concern over cyber security. Quantum computers could very well crack traditional encryption earlier than we expect. Canadian Company 01 Communique claims that its cryptography technology, IronCAP™ can be deployed on existing computers in order to protect them against the quantum threat. It is prepared to put IronCAP™ to the test in the Bounty Contest.

The Company expects participants from around the world to test its quantum-safe encryption. Beginning on Monday, February 22 at 12am EST, participants will be given 30 days to explore IronCAP™ encryption. A cash prize of CAD100,000 will be awarded to the first person that is able to break the encryption. The result will be announced on Monday, March 22 where the outcome of the Bounty Contest will be revealed!

You can register for the event beginning February 8th online at https://ironcap.ca/ironcap-bountycontest

Despite Security Driving Cloud Adoption, Aptum Study Reveals It’s Also The Main Barrier To Cloud Transformation

Posted in Commentary with tags on January 18, 2021 by itnerd

While 91 per cent of organizations were successful in increasing security as a result of adopting cloud services, it remains a top concern for many. This finding comes from part two of the four-part Cloud Impact Study from Aptum, the global hybrid multi-cloud managed service provider. The report, titled The Security and Compliance Barricade, identifies common security, compliance and governance challenges impacting organizations undergoing cloud transformation. 

The independent research reveals that more than half of survey respondents (51%) see security as the main driver behind cloud adoption. However, 38 per cent cite security and data protection as the primary barrier to cloud transformation. 

Security and compliance play a critical role

Part one of the Cloud Impact Study, Bridging the Cloud Gap, found most survey respondents plan to take a hybridized approach to their cloud infrastructure, with more than half (59%) of respondents saying they will reduce their on-premises infrastructure to some degree and increase public cloud deployments within the next 18-24 months. A further 66 per cent intend to expand their private cloud workloads. 
According to data found in today’s report, this expansion and diversification of infrastructure raises security and compliance issues among senior IT professionals, including: 

  • Control and governance (82%) 
  • Visibility through a single portal (81%) 
  • Ability to meet requirements of compliancy audits (80%) 

Together, Aptum and Alert Logic partner to safeguard business critical data across the infrastructure and application stack, merging security technology, threat intelligence and 24/7 security experts to deliver security outcomes to businesses in an as-a-service model. 

The study’s results reinforce the importance of incorporating security into cloud architectures from design through to implementation and transformation. The results call for organizations to take a holistic approach to cloud architectures, with security principles embedded in the design. By doing this, businesses can mitigate threats and minimize risks as they arise to create an environment safer than any on-premise or legacy alternatives. 

The full findings of part two of the Cloud Impact Study, The Security and Compliance Barricade, can be found here.

Aptum’s Cloud Impact Study was created from the opinions of 400 senior IT professionals in Canada, the U.S. and U.K. across industries in financial services, IT, technology, telecommunications, manufacturing, retail, public and commercial sectors. The final two reports will focus on Costs and Budgets and Modernization Opportunities. 

For part one of the report, Bridging the Cloud Gap, please visit here