Archive for the Commentary Category

An Experian Glitch Exposed ALL Consumer Credit Files For SEVEN WEEKS Was Only Brought To The Attention Of Consumers This Week… WTF?

Posted in Commentary with tags on January 26, 2023 by itnerd

Brian Krebs has a mind blowing story on his website that you simply must read. It revolves around consumer credit reporting bureau Experian and an issue that Krebs found and reported to the company. Here’s the TL:DR of what happened from the story:

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.

The implication of this is staggering as this information could be used to launch all sorts of identity theft campaigns. Which is not only bad, but the worst case scenario possible. And the fact that only this week Experian told consumers is an absolute #fail.

Jack Nichelson, CISO of Inversion6 added this commentary:

The fact that Experian waited over seven weeks before notifying customers of the security risk is a serious concern. This delay in notification put customers at risk of identity theft and financial loss. By waiting so long to notify customers, Experian gave identity thieves ample time to access and potentially misuse customer information.

Furthermore, the fact that the security vulnerability persisted for nearly a month is also a cause for concern. This indicates that Experian’s security systems were not effectively detecting or addressing the issue in a timely manner.

This incident highlights the importance of prompt and transparent notification in the event of a security breach. Customers have a right to know if their personal and financial information has been compromised so they can take steps to protect themselves. Additionally, this incident raises questions about the effectiveness of Experian’s security systems and the company’s overall commitment to data privacy and security.

What needs to happen here is there needs to be an investigation from the appropriate government agencies as to the behaviour of Experian in this case. Because quite frankly this is unacceptable and needs to be addressed in the strictest possible way.

BenQ Announces New High Performance Monitors

Posted in Commentary with tags on January 26, 2023 by itnerd

With many of us back to work, it’s likely that our screen time has increased significantly since the holidays. 

Veterans in the monitor industry, BenQ is constantly at the forefront of new technology features that only better the user experience for individuals reliant on their monitors, such as entrepreneurs, tech experts, graphic designers, and illustrators.

BenQ has developed eye-care technology, that puts eye-care safety at the forefront. Below is a round-up of BenQ’s monitors that offer brightness intelligence+, brightness intelligence, low blue light, low blue light+, and a flicker-free experience. This advanced technology acts as a safeguard for the eyes filtering out harmful lights that cause eye damage.

GW2485TC | 23.8″ 1080p Eye-Care IPS USB-C Monitor ($299.99 CAD)

  • Noise cancellation microphone minimizes distractions
  • USB-C & daisy chain 
  • Coding mode for easy readability and coding efficiency
  • Ergonomic design with slim bezel
  • Available online at amazon.ca

EX270QM | MOBIUZ 1ms 27″ IPS 240Hz QHD Gaming Monitor ($1,029.99 CAD)

  • 27-inch 2560 × 1440 16:9 IPS 240Hz Gaming display
  • HDRi and true sound audio by treVolo deliver immersion
  • 1ms GTG and AMD FreeSync™ Premium Pro for smooth gameplay
  • Available online at amazon.ca

PD3420Q34-inch 2K WQHD P3 USB-C Mac® Compatible Designer Monitor ($1,029.99 CAD)

  • 34-inch LED 21:9 ULTRAWIDE, 33% extra screen real estate for video editing
  • USB-C synchronizes images, videos and data seamlessly, and can charge your mobile devices with an all-in-one cable
  • Equipped with 98% Display P3 color space
  • Available online at amazon.ca

Geotab joins the United Nations Global Compact

Posted in Commentary with tags on January 26, 2023 by itnerd

Geotab Inc., a global leader in connected transportation solutions, today announced it has joined the United Nations Global Compact initiative (UN Global Compact) — a voluntary leadership platform for the development, implementation and disclosure of responsible human right, labor, environmental and anti-corruption business practices. 

By joining the UN Global Compact, Geotab is committed to taking accountable business action and supporting universal sustainability principles. The UN Global Compact is a call to companies everywhere to align business operations and strategies with ten universally accepted principles, and to take accountable action in support of UN goals and issues embodied in the Sustainable Development Goals (SDGs). Launched in 2000, the UN Global Compact is the largest corporate sustainability initiative in the world, with more than 15,000 companies and 3,000 non-business signatories based in over 160 countries, and more than 70 local networks. 

Geotab is committed to social sustainable governance, and has invested in initiatives to ensure the company and its customers can attain high reaching goals in corporate responsibility. A signatory of the Climate Pledge and with its carbon emissions reduction targets validated by the Science Based Targets initiative (SBTi), Geotab published its inaugural Sustainability Report in 2021, and published its 2021 GHG Emissions Report in October of 2022, showing climate action and moving the company toward a more sustainable future.

Geotab is a global leader in connected transportation solutions. We provide telematics – vehicle and asset tracking – solutions to over forty thousand customers in 150 countries. For more than 20 years, we have invested in ground-breaking data research and innovation to enable partners and customers, including Fortune 500 and public sector organizations, to transform their fleets and operations. We connect to over 3.2 million vehicles and process more than 55 billion data points a day so that customers can make better decisions, increase productivity, have safer fleets, and achieve their sustainability goals. Geotab’s open platform and Marketplace, offers hundreds of third-party solution options. Backed by a team of industry leading data scientists and AI experts, Geotab is unlocking the power of data to understand real-time and predictive analytics – solving for today’s challenges and tomorrow’s world. To learn more, visit www.geotab.com.

#PSA : You Should Avoid Buying Samsung 990 Pro SSDs As They Appear To Die Far Faster Than Normal

Posted in Commentary with tags on January 26, 2023 by itnerd

If you’re an owner of the new Samsung 990 Pro SSD, or you’re thinking of buying one, you might want to pay attention to this Neowin story that seems to indicate that these drives have a problem. They die far quicker than they should:

When you buy the fastest flagship SSD on the market, you expect a certain level of reliability and confidence from its performance, but things can and do go wrong sometimes, and customer support is paramount at instilling continued confidence in the brand. This has typically been the case for past Samsung drives, actually, even the non-flagship models have been highly reliable and perform excellently with very few that I have seen needing an RMA.

Colour me with sadness when within just a couple of days of buying the 990 Pro 2TB, I noticed that the drive health according to SMART data from both Samsung Magician and third party tools had dropped to 99%. For the record I have other Samsung SSDs with over 40TB written and still at 99% health 1.5 years later, so I knew this was not normal.

Within another day or so it had dropped to 98%, by this point I’d not even written 2TB to the drive. Fast forward a couple more days and the drive health was sitting at 95%.

To reiterate, what is being described here is not in the same universe as normal. So the writer of this story sent the drive back to Samsung, only to have the drive returned to him claiming that there was no defect found. Which if this was an isolated incident, you could say that might be the case, even though it’s clearly not. But it’s not an isolated case:

Around the same time I posted to OcUK and reddit to see if others had seen the same problem, as it turns out, they had, and there is a lengthy thread over at Overclock.net about it.

And:

More owners of the 990 Pro have come forward reporting degraded health reporting in another reddit thread, this time in the r/hardware subreddit.

So this isn’t an isolated problem. And once this story got out there, Samsung changed course:

Samsung’s RMA division, Hanaro, have reached out and offered to A) Replace this SSD, and B) Try to replicate the problem. Quite why both of these options were not on the table before the issue became public is a mystery. We still request that readers continue to share their 990 Pro drive health stats and what region of the world they are in so that a better overall picture can be drawn of what appears to be a potentially developing situation.

I would agree with that and go one step further. If you’re looking to put an SSD into your latest PC build, avoiding this drive entirely would be my advice as clearly it has issues that Samsung either hasn’t gotten to the bottom of, or is looking the other way until they’re forced to deal with it. And this is happening after the previous generation drive the 980 Pro had issues as well. Clearly something is wrong over at Samsung as consumers should not be Samsung’s QA department. And until Samsung comes out with a root cause analysis along with detailing how they are going to ensure that stuff like this isn’t going to happen in the future so that consumers can trust their SSDs, I’d be steering clear of all of their SSDs to be safe. After all, it’s your data on those SSDs and your data is vaulable.

Hackers Offering Fake Jobs To Students In A Credential Harvesting Campaign: Avanan

Posted in Commentary with tags on January 26, 2023 by itnerd

Researchers at Avanan, a Check Point Software Company, have taken a deep dive into their latest analysis on how hackers dangle fake money-making opportunities at students in exchange for harvested credentials. 

In the newest phishing campaign, emails from legitimate accounts that hackers took over were sent to students offering a remote, part-time job with an enticing salary. Students were encouraged to click on the provided link, which ultimately redirected them to a credential-harvesting page.

You can read this research here. And I’d be passing this along to anyone within the hackers target group so that they can protect themselves.

Threat Analyst Finds 91% Increase in Counterfeit Currency On Underground Markets

Posted in Commentary with tags on January 26, 2023 by itnerd

With increasing sanctions against cryptocurrencies, deflating value and increased attention from law enforcement, cryptocurrency is still the top vehicle for cybercriminals to launder money. Surprisingly, the Dark Web is swarming with counterfeit currency/banknotes impacting individuals and businesses on a large scale.

According to a new report from Dov Lerner, Head of Threat Research at Cybersixgill, there was a 91% increase in the number of deep and dark web market listings advertising counterfeit banknotes, with the top 10% of cybercriminals posting on it dominating 80% of the conversation.

You can read the full report here.

Next DLP Accelerates Business Momentum With Record-Breaking Revenue Growth 

Posted in Commentary with tags on January 26, 2023 by itnerd

Next DLP, a leader in data loss prevention (DLP), announced today the company’s unprecedented 2022 growth reaching a dramatic 200 percent increase in revenue as the company continues to innovate ahead of the data loss protection and insider risk solutions market. Next’s significant achievements reflect a banner year of momentum with market entrance into North America, expansion of the U.S. executive team, and record customer and employee growth. 

Next welcomed the appointments of Connie Stack, Chief Executive Officer (CEO); Troy Gabel, Chief Revenue Officer (CRO); and Fergal Glynn, Chief Marketing Officer (CMO). Hiring Connie Stack as the company’s new CEO is integral to Next’s forward progress. Under Stack’s strong vision, the new executives will play a critical role in the company’s growth acceleration and strengthen Next’s expansion into the U.S. market. 

Next’s Reveal SaaS Platform: Key Innovations

  • Next-gen endpoint agent: Next Reveal is the first DLP agent to deliver Machine Learning on the endpoint. Next’s smart agent identifies and categorizes data at the point of risk. It begins baselining activity at deployment and uses multiple behavioral analytics algorithms to define typical vs. anomalous behavior, delivering data protection that doesn’t rely on a connection to a separate analysis engine while all personal data remains on the device.
  • Built with today’s technology: Next’s high performance agent combined with a cloud-native, multi-tenant platform provides organizations with speedy deployments, flexibility and immediate visibility. The non-intrusive, system-aware, self-auditing agent works seamlessly within customer ecosystems respecting existing business processes.
  • User training at the point of risk: Next enables a positive security culture by empowering employees and building a dynamic “human firewall.” Adaptable security measures and real-time training increase productivity and reduce risk of data loss. 

Additional major company milestones include:

  • Gartner included Reveal in both its 2021 Market Guide for Data Risk Prevention and its 2022 Market Guide for Insider Risk Management Solutions for its industry-leading, user-centric DLP solution that enables organizations to uncover risk, educate employees, and fulfill security, compliance, and regulatory needs. 
  • SC Awards Europe recognized Next’s platform Reveal as one of the Best Data Leakage Prevention (DLP) Solution in the Excellence Awards Threat Solutions shortlist for 2022. 
  • Next grew its US based employee base by 250%. 
  • The British Standards Institution accredited Next with the ISO/IEC 27001:2013 certification for the design, development, sales, implementation and support of software for its cyber security solution.

Next DLP is a leading provider of data protection solutions for organizations with valuable data that must uncover risk, educate employees and fulfill security, compliance, and regulatory needs. Next’s mission is to reinvent data protection for today’s distributed organization. It is disrupting the legacy data loss prevention market with a user-centric, flexible, cloud-native, AI/ML-powered solution built for today’s threat landscape. The company’s leadership brings decades of cyber and technology experience from HelpSystems, DigitalGuardian, Forcepoint, Mimecast, IBM, Cisco, and Shopify. Next is trusted by organizations big and small, from Fortune 100 finance and retailers to fast-growing healthcare and technology companies. For more information, visit www.nextdlp.com.

IBM Axes Nearly 4000 Jobs

Posted in Commentary with tags on January 26, 2023 by itnerd

The tech layoffs continue with IBM being the latest company to lay staff off. They announced yesterday that nearly 4000 had gotten the axe:

Chief Financial Officer James Kavanaugh told Reuters that the company was still “committed to hiring for client-facing research and development”.

The layoffs — related to the spinoff of its Kyndryl business and a part of AI unit Watson Health — will cause a $300 million charge in the January-March period, IBM said.

But here’s the really bad part about this. Investors don’t think the cuts went far enough:

Shares of the company fell 2% in extended trading, erasing earlier gains on the largely upbeat results. Analysts said news of the job cuts and free cash flow miss was behind the drop.

“It seems as if the market is disappointed by the size of its announced job cuts, which only amounted to 1.5% of its workforce,” said Jesse Cohen, senior analyst at Investing.com.

“Investors were hoping for deeper cost-cutting measures.”

If that is true it really is a sad commentary on the times that we live in. Having people lose their jobs shouldn’t be seen as a sport where the biggest job cuts announced by a company wins. But clearly that’s how Wall Street sees things. And that’s sad.

BREAKING: Trump Gets His Facebook And Instagram Account Back

Posted in Commentary with tags on January 25, 2023 by itnerd

First Donald Trump got his Twitter account back. And now Facebook and Instagram are doing the same thing:

Nick Clegg, president of global affairs at Meta, which owns Facebook and Instagram, said Trump’s accounts will be reinstated “in the coming weeks” and come with “new guardrails in place to deter repeat offenses.”

Those guardrails will include “heightened penalties for repeat offenses — penalties which will apply to other public figures whose accounts are reinstated from suspensions related to civil unrest under our updated protocol. In the event that Mr. Trump posts further violating content, the content will be removed and he will be suspended for between one month and two years, depending on the severity of the violation,” Clegg said on the company’s website.

A spokesperson for Trump did not immediately respond to a request for comment.

It will be interesting to see if whatever “guardrails” Meta has will actually moderate Trump’s behaviour. And that assumes that his agreement with his own social media platform Truth Social doesn’t get in the way of this. This might be interesting to watch and see how Trump plays this.

Torq Announces 800% Revenue Growth And More

Posted in Commentary with tags on January 25, 2023 by itnerd

Torq, the security automation leader, today announced 800% revenue growth and 10X customer growth in its second year of operation in 2022, and  hitting the milestone of 1,000,000+ daily security automations. Torq also announced the Torq Advisory Board featuring global cybersecurity visionaries, and the appointment of Paulo Veloso, Vice President of Sales, Americas. Recently, Torq has also released critical industry-leading capabilities with the introduction of Parallel Execution and Torq Insights. In addition, Torq won myriad accolades across 2022, including being named to Forbes Israel’s Next Billion Dollar Startups list and being recognized as Global InfoSec Cybersecurity’s Startup of the Year.

Major Customer Momentum

In 2022, Torq’s customer base expanded to include Agoda, Armis, Chipotle, Fiverr, HashiCorp, IronSource, Lemonade, Riskified, and Wiz, as well as Fortune 100 consumer packaged goods, fashion, financial, hospitality, and sports apparel companies. This growth reflects significant enterprise traction across the United States, Europe, and Asia Pacific. 

Torq Users Surpasses 1,000,000 Daily Security Automations

Torq users are now executing more than 1,000,000 daily security automations with its platform – a major milestone that underlines its customer velocity. The exponentially-expanding usage of Torq also reflects how its security automation approach uniquely enables teams of any size to quickly create, deploy, and iterate on automated responses to unpredictable security events.

Torq Advisory Board

Torq announced the formation of the Torq Advisory Board, a group of some of the world’s most respected cybersecurity professionals. The board is helping guide the company as it further expands its security automation offerings and capabilities, serves more and more global enterprises, and continues to integrate the majority of cybersecurity systems into its platform.

Members of the Torq Advisory Board include:

  • Jason Chan, Former VP of Information Security, Netflix
  • Talha Tariq, CISO, HashiCorp
  • Yaron Slutzky, CISO, Agoda
  • Bill McKinley, CISO, SigFig and former Head of Information Security at The New York Times

New Sales Leadership

Paulo Veloso, Vice President of Sales, Americas, is Torq’s latest executive team addition. Prior to Torq, Veloso led America Sales at Splunk, helmed strategic accounts for HP Enterprise, was responsible for LATAM sales at Thales E-Security, and served as executive Sales manager at Cipher. Veloso is focused on expanding Torq’s Americas customer and prospect bases, with an emphasis on enterprise deployments.

Torq Insights Drives Industry-Leading Analytics

In late 2022, Torq delivered its latest platform innovation with Torq Insights, a comprehensive reporting and analytics overlay that provides the operational data needed to consistently manage, monitor, and iteratively evolve the security automation stack, to ensure it’s providing maximum protection while driving optimal efficiency.

“Torq Insights shows me how actively my team is using the platform to improve our overall security posture and makes everyone’s lives easier and more productive,” said Phillip Tarrant, SOC Technical Manager, CompuQuip. “It allows me to see my teammates’ progress with Torq by showing the value they’re getting out of it. The ‘total runs’ analytics capability is huge. It’s amazing to see that Torq is handling 80,000+ runs a week for CompuQuip without a single hiccup.”

Torq Delivers on the Promise of Parallel Execution

Torq’s recently-introduced Parallel Execution capability is a significant evolution for no-code security automation that enables users to instantly create multiple branches within an automatic workflow, and handle each concurrently before seamlessly merging back into a single flow. While some SOAR platforms claim to support parallel processing, these solutions require massive engineering efforts to deploy. 

Torq now offers true no-code parallel computing, to provide easier workflow design, adaptable iterating, and more powerful execution, which security teams have long asked for. Now, teams can focus on actual security responses without sacrificing precious time and resources to develop the workflows that deliver them.

New Tel Aviv Office Presence

In 2022, Torq opened a three-floor, state-of-the-art office in the heart of Tel Aviv, Israel. The office is designed to expand as Torq’s staff and operations continue scaling during the next several years. It includes a customer visitor center, comprehensive R&D facilities, and extensive collaborative environments designed to harness and channel the company’s collective energy as it solves critical customer security challenges.

Torq Racks Up Industry Awards

Torq is proud to have won many prestigious awards across 2022, including being named one of the top-10 most innovative startup companies by the RSA Conference; the Cybersecurity Excellence gold award for No-Code Security Automation; the BIG Fortress Cybersecurity Award for Incident Response; Duns 100 Best Start-Up Companies to Work for Over 100 Employees Award; and Global Infosec’s Cybersecurity Startup of the Year award. Torq was also named to Forbes Israel’s Next Billion Dollar Startups list and Qumra Capital’s Tomorrow’s Growth Companies list.