Archive for the Commentary Category

Infosec Institute Launches Free Holiday-Themed Resources To Help Organizations & Employees Stay Cyber-Safe

Posted in Commentary with tags on December 1, 2021 by itnerd

Infosec Institute, the leading cybersecurity education provider, today announced free cyber education resources and special offers to help organizations and employees stay cyber-safe during the holiday season and beyond. 

With online shopping fraud doubling in the first half of 2021 and nearly 90% of U.S. consumers planning to shop online this season, cybercrime and holiday scams are expected to reach record highs this year. From gift card scams to fake shipping notifications, hackers use the holidays as an opportunity to steal personal information, hack into organizations and scam individuals amidst holiday shopping. 

To help organizations and consumers avoid these holiday cyber risks, Infosec is providing free resources, including a comprehensive security awareness and training kit, an ethical hacking training webinar for security professionals and a hands-on cyber skills challenge hosted in Infosec Skills for current and aspiring cyber professionals. Additionally, Infosec will extend its Black Friday discounts on instructor-led boot camps throughout December, making certification more affordable.  

Holiday-exclusive offers and resources include: 

  • Free holiday-themed security awareness resource kit: The free toolkit makes sure organizations aren’t “Hacked for the Holidays” with seven resources to help employees identify and avoid the most common holiday scams like fake online storefronts and charity scams. Designed to make launching a successful holiday campaign easy, each toolkit comes with ready-to-use training modules, assessments, posters and more. Click here to download the free security awareness resource kit. 
  • Free ethical hacking training webinar: This free webinar teaches viewers how to think like a hacker and understand key skills and resources to help them land a penetration testing role. Attendees will have the opportunity to test their new skills hands-on and leave with actionable insights on how to use ethical hacking to protect their organizations. Click here to register.  
  • Free hands-on “Hack the Holidays” cyber skills training: Throughout December, current and aspiring cyber professionals will have the chance to test their skills with a hands-on cybersecurity training experience inside the Infosec Skills cyber range. Those who complete the “Hack the Holidays” challenge can enter to win a $100 Amazon gift card, Infosec hoodie and 1-year subscription to Infosec Skills. Click here to learn more and sign up. 
  • Discounted instructor-led certification boot camps: Infosec’s instructor-led boot camps help cybersecurity professionals earn certifications critical to advancing their careers, maximizing their earning potential and remaining up-to-date on the latest cyber skills. Those who enroll before the end of December will save up to 30% on eligible certification boot camps. Click here to learn more.  

These complimentary resources feature Infosec’s award-winning security education content hosted in Infosec IQ and Infosec SkillsInfosec IQ security awareness and training empowers employees with the knowledge and skills to stay cyber secure at work and home with over 2,000 awareness and training resources. Infosec Skills helps cyber professionals upskill and get certified with unlimited access to 1,200+ hands-on cybersecurity courses, labs and cyber ranges.

EnGenius Releases EnGenius Cloud PRO Network Management Platform

Posted in Commentary with tags on December 1, 2021 by itnerd

EnGenius Technologies Inc., a worldwide manufacturer of future-proof enterprise networking solutions, today announced the release of its EnGenius Cloud PRO network management platform. EnGenius is allowing end-users to test out free for one year the enhanced and never-seen-before features built to handle massive, high-density, demanding environments. 

But first things first. The basic version of EnGenius Cloud is free and always will be. IT pros and MSPs who are providing already feature-rich Cloud management to their customers can continue to do so free of charge.

And now, the EnGenius PRO version offers a suite of enhanced and brand new features that are perfect for enterprise-level networks with hundreds—even thousands—of devices, requiring an extra level of monitoring and protection. If you want to tap into the enterprise-level market and broaden your services for the big players, EnGenius Cloud PRO is just what you need.

Enhanced Features

The basic version of the EnGenius Cloud management platform offers excellent features for SMBs and many larger businesses. However, the PRO version takes several of these features and cranks them up a notch:

  • EnGenius Cloud Basic allows up to 10 admins/team members, but PRO allows unlimited.
  • Basic produces simple heatmaps for proper placement of access points, but PRO allows you to add obstacles like drywall, wood, doors, and glass windows that may affect coverage.
  • Basic allows up to 100 radius and 100 voucher users, but PRO allows for 10,000.
  • Basic topology view allows you to see all EnGenius devices on the network, but PRO allows you to see third-party devices as well.
  • Basic AP diagnostics tool minimizes truck rolls, but PRO brings spectrum analysis too.

Brand New Features

The crown jewel of the EnGenius Cloud PRO platform is the suite of enterprise-level features that allow an unmatched level of control and visibility over extremely dense business networks.

AirGuard (WIDS/WIPS)  Security APs have dedicated radios that scan the environment non-stop for attacks—evil twins, rogue APs, flood detection, man-in-the-middle attacks, and radio frequency jammers—without degrading network performance at all.

Spectrum Analysis – Wi-Fi spectrum analysis is a professional grade analyzer used to determine the real-time strength of a Wi-Fi signal and what might be interfering with that signal strength.

Client Timeline – To get an intuitive and historical view of client devices, Client Timeline allows admins to easily see how clients associate, authenticate, and roam among access points. It is extremely useful when you need to debug or trace your wireless network.

MyPSK – MyPSK allows you to automatically assign a unique password to each client on a network. You can create up to 500 unique passwords for each network (SSID). If you have more than 500 users, you can create another SSID to handle the next set of users up to 1,000, and so on.

VLAN Pooling – To prevent broadcast traffic from flooding the network, the access point will randomly assign a VLAN (from a pool of user-defined VLANs) to each client device. The user will stay connected to the same VLAN even if they roam within range of other access points.

Customized Network Reports – For tracking the status of your network, you can get network reports customized to your needs. In just a few steps, you can quickly design the cover, select the content, and schedule the report to be delivered automatically to its recipient.

Exposure Analysis – Exposure analysis allows you to minimize risk to your guests and staff by adding alias markers to identify client devices and use contact tracing to help mitigate pandemics and other emergencies.

Try All Advanced Features Free for One Year

All devices will come with a one-year free PRO license. When your year is up, the cost is only MSRP $50 per device each year or $120 per device for three years. 

New LinkedIn Data Reveals The Top Canadian Roles, Industries & Locations To Get A Promotion In

Posted in Commentary with tags on November 30, 2021 by itnerd

Can the role a person holds influence their odds of getting a promotion? How about their industry or their address? It turns out all these factors can influence how likely Canadians are to be promoted, according to new data from LinkedIn’s latest Get Ahead Special Report.

LinkedIn investigated internal promotion rates compared to the national average over the past 12 months. Here are the key findings:

  • Top 3 roles where Canadians were most likely to be promoted:
    1. Product managers, internal promotion rate 120% higher than the national average
    2. Marketers, internal promotion rate 68% higher
    3. Accountants, internal promotion rate 51% higher
  • Top 3 industries where Canadians were most likely to be promoted:
    1. Finance, internal promotion rate 46% higher than the national average
    2. Media & Communications, internal promotion rate 39% higher
    3. Software & IT Services, internal promotion rate 39% higher
  • Top 3 locations where Canadians were most likely to be promoted:
    1. Greater Toronto Area, internal promotion rate 27% larger than the national average
    2. Greater Vancouver Metropolitan Area, internal promotion rate 11% higher
    3. Greater Kitchener-Cambridge-Waterloo Metropolitan Area, internal promotion rate 4% higher

The full report findings can be found here. Research methodology is shared below: 

For this report, LinkedIn’s Economic Graph team analyzed Canadian internal promotion data at companies with more than 10 employees between November 2020 and October 2021. We excluded internal promotions from internship positions and promotions from C-Suite roles to partner or owner roles from this analysis. The internal promotion rate reflects the number of LinkedIn members who added a new, higher seniority position at the same employer to their profile in a job function divided by the total number of members with an active position in that job function. Top regions are metropolitan areas with the higher promotion rates for that particular job function between the November 2020 to October 2021 period. Top skills are a selection of the most commonly listed skills on profiles of members who received internal promotions during the November 2020 to October 2021 period.

Guest Post: Hackers Targeting Small Business During Covid

Posted in Commentary with tags on November 30, 2021 by itnerd

Canada is one of the world’s most targeted countries for cyber-attacks which have already wreaked havoc on universities, city transit systems such as in Montreal and Toronto, and most recently the provincial healthcare system of Newfoundland and Labrador. But according to Julian Fernandez of Motto, a web agency that specializes in developing custom sites, small business is the most vulnerable.

“These attackers target smaller businesses and individuals who are less likely to practice secure online habits,” Fernandez says. “And the pandemic is the perfect storm. Everyone had to become adept at using their computers and the Internet at home. Unfortunately, not everyone is a cyber-security expert and the attackers have jumped on this opportunity.”

Fernandez says a typical ransomware payout is demanded in cryptocurrency, with the average amount $980 US.

According to the Canadian Anti-Fraud Centre, which collects information on fraud and identity theft, more than 62,000 incidents of fraud have been reported this year involving more than 43,000 victims. The total amount reported lost so far this year is over $200 million, which is about twice as much in all of 2020.

“People and businesses should educate themselves on what to do,” Fernandez says. “Invest in security. Have firm policies so your staff is on board. And report any scams and cyberattacks to the governing bodies for your industry. A lot of fraud isn’t reported so the total damage is even higher.”

Fernandez offered five basic tips on how to protect against cyber and ransomware attacks:

  1. Avoid visiting websites that don’t appear credible, and if you do learn how to use a VPN (Virtual Private Network). 
  2. Use a password manager. 
  3. Never release important and sensitive information over the phone or through email. 
  4. Never open emails or attachments from strangers. 
  5. Protect and secure all your devices, including access points to your data.

About Motto
Motto started over 20 years ago as a creative web agency building custom websites and web apps. In the past five years it has adapted WordPress software to become an expert in producing custom WordPress sites for clients that range from small and mid-size businesses (over $5 million) to large organizations. Motto also has an agency agreement with KINSTA, a web-hosting company with more than 20,000 customers.

Infographic: OTRS Spotlight: Workflows In The Pandemic

Posted in Commentary on November 30, 2021 by itnerd

Source: OTRS

Guest Post: 86% Of Hacks In Google Cloud Were Used For Illegal Crypto Mining Says Atlas VPN

Posted in Commentary with tags on November 30, 2021 by itnerd

Many successful attacks on the cloud infrastructure are due to poor cybersecurity measures and a lack of control implementations.

According to the data presented by the Atlas VPN team, 86% of hacked Google Cloud accounts are used for illegal crypto mining. In addition, most instances of compromise in Google Cloud are due to weak or no password for the user account.

Hackers conducted cryptocurrency mining 86% of the time after gaining access to a Google Cloud account. Cryptocurrency mining is a for-profit activity, which consumes a large amount of GPU and CPU resources.

Conducting port scanning of other targets on the Internet occurred 10% of the time after Google Cloud compromised instance. Port scanning enables cybercriminals to identify weak spots in the network and exploit found vulnerabilities.

Hackers launched attacks against other targets on the internet 8% of the time following a Google Cloud account hack. Hosting malware on the cloud was the goal of 6% of cybercriminals.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on attacks against cloud services:

“The advantages of cloud-hosted resources include high availability and access at any time. While this simplifies workforce operations, hackers may exploit the cloud’s pervasive nature for their benefit. Despite the increased interest in cybersecurity, spear-phishing and social engineering attacks are still very effective.”

Most exploited vulnerabilities

While trying to deliver a cyberattack, cybercriminals always search for the simplest way to compromise their target.

Weak or no password for a user account or no authentication for APIs caused 48% of the Google Cloud hacks. It indicates that users could have avoided compromising their accounts if they had set up a stronger password.

Hackers exploited a vulnerability in third-party software in the Cloud instance in 26% of cases. If the hacks exploited a zero-day vulnerability, the fault could be attributed to the software developers not releasing an update. However, if a patch was released, responsibility for the compromise falls to the user not updating the software in time.

Misconfiguration of Cloud instance or in third-party software allowed 12% of hacks in Google Cloud. Any mistakes, malfunctions, or gaps in your infrastructure that put you at risk are known as misconfiguration.

Other issues caused 12% of compromises in the Google Cloud. While leaked credentials, such as keys published in GitHub projects, were exploited in 4% of attacks.

To read the full article, head over to:

TELUS Becomes The First Tech Company In Canada To Publicly Commit To An Indigenous Reconciliation Action Plan

Posted in Commentary with tags on November 29, 2021 by itnerd

Today, TELUS released its 2021 Reconciliation and Indigenous Connectivity Report, an evolution from the annual connectivity report that shares inspiring stories of the transformative benefits that connectivity brings to newly connected Indigenous communities. This year’s report also includes TELUS’ first-ever Indigenous reconciliation action plan. Guided by Indigenous voices and Indigenous-led frameworks of reconciliation, TELUS has proudly formalized our commitment to reconciliation, becoming the first technology company in Canada to develop and launch a public Indigenous reconciliation action plan. 

In 2021, TELUS connected 48 Indigenous lands to our advanced broadband networks and 382 Indigenous lands to the transformative power of 5G. In support of their continued efforts to connect Indigenous communities to the life-changing power of high speed internet and mobility solutions, TELUS developed its Indigenous reconciliation strategy and Indigenous reconciliation action plan through an inclusive, culturally relevant process. The plan was guided by Indigenous voices and frameworks of reconciliation, and leverages their core competencies with an emphasis on meeting the needs of the diverse Indigenous communities in the areas they serve. TELUS hosted two rounds of engagement over 18 sessions with Indigenous leaders, Elders, subject matter experts, and Indigenous team members from across their serving areas, and they are committed to having this manner of engagement as a cornerstone of TELUS’ actions moving forward. 

TELUS’ Indigenous reconciliation action plan identifies four pillars where they believe they can drive meaningful change and includes measurable targets and timelines for each. Their short-term action plan targets include:

  • Connectivity: Connecting an additional 20 communities to broadband by 2023
  • Enabling social outcomes: Launching the $1 million TELUS Indigenous Communities Fund, which provides grants of up to $50,000 to Indigenous-led organizations focused on mental health and well-being, language and cultural revitalization, access to education, and/or community building 
  • Cultural responsiveness & relationships: Working with Indigenous educators to develop and deliver e-learning material and ensuring learning opportunities and resources are available and accessible to TELUS team members
  • Economic reconciliation: Achieving Bronze Progressive Aboriginal Relations status by demonstrating sustained leadership in their commitment to working with Indigenous businesses and prosperity in Indigenous communities by 2024

In 2022, an Indigenous advisory council consisting of Indigenous leaders, subject matter experts, and Elders within their serving areas will be established to provide ongoing advice and guidance on the implementation of TELUS’ reconciliation actions. To ensure Indigenous ways of knowing are implemented throughout the organization, the advisory council will monitor the progress of TELUS’ Indigenous strategies and provide guidance for effective implementation of TELUS’ commitments and targets outlined in the annual Indigenous reconciliation and connectivity report and internal Indigenous reconciliation action plans. Every year, the Indigenous reconciliation action plan will be evaluated and refreshed in collaboration with the Indigenous advisory council.

To further their commitments, TELUS has embarked on the Canadian Council for Aboriginal Business’ Progressive Aboriginal Relations certification program, the premier corporate social responsibility program with an emphasis on Indigenous relations. 

In addition to the Indigenous reconciliation action plan, the report shares stories of connectivity from Indigenous communities and the projects and benefits that have been made possible by reliable connectivity. Stories vary from utilizing modern technology to maintaining culture through language classes, to supporting wetland rehabilitation to local, community based job creation and training opportunities. The report also highlights TELUS’ collaborations with communities and Indigenous organizations with an emphasis on supporting, developing, and expanding programs that look beyond connectivity to enable social outcomes for communities for longer-term prosperity and success.

By the numbers:

  • 240 Indigenous communities serviced by TELUS
  • 80,000+ people living in Indigenous communities with access to the TELUS PureFibre network 
  • 91 Indigenous communities and 151 Indigenous Lands connected to TELUS PureFibre/Coax
  • 382 Indigenous lands connected to 5G in 2021
  • 48 Indigenous lands expanded or connected to in 2021 to support social, economic, and education outcomes 

Quotes from community leaders featured in the report: 

To learn more about the commitment by TELUS to reconciliation and to read the 2021 Reconciliation and Indigenous Connectivity Report visit

Panasonic Pwned…. Full Extent Of Data Breach Unknown

Posted in Commentary with tags on November 29, 2021 by itnerd

Happy Monday. Unless you’re with Panasonic.

I say that because Panasonic has disclosed a data breach after threat actors gained access to servers on its network. Panasonic Corporation confirmed that the network was illegally accessed by a third party on November 11, 2021. Panasonic reported the incident to the relevant authorities and has taken measures to prevent access to its network from external servers, including hiring a third party to investigate the attack and find if any of the data access during the intrusion includes customer personal information. In short, they don’t know the full extent of the data breach. That’s bad.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this comment on this data breach:

 “It’s crucial to encrypt data at rest to prevent exactly those kinds of incidents. Solutions such as full-disk encryption might not be enough when attackers have gained access to the systems, but luckily there are alternatives that enable protecting data at the level of the application such that the files themselves are always encrypted.”

Hopefully Panasonic does a follow up to advise on the full extent of the data breach so that those affected can protect themselves accordingly.

UPDATE: I have additional commentary from Eddy Bobritsky, CEO, Minerva Labs:

“This attack, much like ransomware attacks, are becoming all too common. An attacker uses evasive malware techniques to gain a foothold in the company to either steal proprietary data or encrypt or even destroy important information. Although their investigation hasn’t been completed yet, Panasonic seem to be lucky here as they were able to detect the breach relatively quickly. According to the IBM “Cost of Data Breach 2021” report, on average it took 287 days to identify and contain a data breach. This increase in sophistication of evasive techniques is simply making it much more difficult for regular EDR antivirus solutions to cope.”

BREAKING: TELUS And Koodo Have An Outage In Montreal [UPDATE: Alberta Fixed… Montreal Fixed]

Posted in Commentary with tags on November 29, 2021 by itnerd

It has come to light that TELUS and Koodo customers in Montreal may be having issues due to an outage. Both brands took to Twitter to alert their customers. I have the Tweet from TELUS below:

Cable cuts aren’t exactly trivial to fix. But here’s hoping that TELUS and Koodo customers in Montreal get back online soon as we all rely on our mobile phones these days.

Stay tuned for updates as they come.

UPDATE: There’s apparently another outage in progress based on what I see on the TELUS Outage Site. This one is in Alberta:

Hopefully this too gets resolved quickly.

UPDATE #2: The outage in Alberta has been resolved. But as of 9:55PM the one in Montreal has not been resolved. Because this is a cable cut, I expect that outage in Montreal to go on for quite a while yet.

UPDATE #3: The TELUS Outage Site says that the Montreal outage is resolved.

IKEA Email Systems Hit By Ongoing Cyberattack

Posted in Commentary with tags on November 28, 2021 by itnerd

IKEA is apparently under a cyberattack that is affecting it’s email systems. Bleeping Computer has the details:

In internal emails seen by BleepingComputer, IKEA is warning employees of an ongoing reply-chain phishing cyber-attack targeting internal mailboxes. These emails are also being sent from other compromised IKEA organizations and business partners.

“There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA,” explained an internal email sent to IKEA employees and seen by BleepingComputer.

“This means that the attack can come via email from someone that you work with, from any external organisation, and as a reply to an already ongoing conversations. It is therefore difficult to detect, for which we ask you to be extra cautious.”

IKEA IT teams warn employees that the reply-chain emails contain links with seven digits at the end and shared an example email, as shown below. In addition, employees are told not to open the emails, regardless of who sent them, and to report them to the IT department immediately.

Recipients are also told to tell the sender of the emails via Microsoft Teams chat to report the emails.

Attacks like this are crippling and difficult to resolve. The best advice that I can give is to stop attacks like these before they start. That means having a layered set of defences from software to user training to make sure that you don’t become the next IKEA.