30M protected links exposed by ‘safe’ link-sharing provider

Posted in Commentary with tags on December 3, 2024 by itnerd

Cybernews research has shown that a safe linking service accidentally leaked millions of links that were meant to be private and exposed who created them. 

Researchers discovered that Safelinking.net, a platform designed to protect and manage links, had publicly leaked a tremendous amount of user data that was supposed to be protected.

Apart from making 30 million private links public, the platform also exposed the account data of over 156,000 users.

Safe linking services allow you to create protected links with various safety controls, such as passwords, PINs, IP address limitations, or real-time URL scanning, to secure access and protect users from malicious links. 

Microsoft and Google integrated safe linking to their products long ago. For those who do not subscribe to the tech giants’ solutions, there are platforms on the internet that provide similar services. However, using third-party services can pose risks, particularly when human error occurs.

What data was leaked?

  • Usernames
  • Emails
  • Encrypted password with salt and API hashes
  • Notification settings
  • Security settings associated with the links
  • Social media account IDs
  • Protected links

Malicious bots find the data

The leak was caused by a poorly configured and passwordless MongoDB database. After investigating the leak, the research team discovered traces of malicious bots that had already targeted the unprotected database. 

Misconfigured MongoDB databases are often targeted by automated bots, which insert README notes with a ransom demand. If the database owner does not pay the ransom, the bots destroy the database’s content by sending a “delete” command. 

Such a note was discovered in the leaked database belonging to Safelinking. The note demanded payment of 0.0057 BTC, which at the time of publishing, was nearly $660. “In 48 hours, your data will be publicly disclosed and deleted,” reads the ransom note.

Following the ransom demand, a malicious bot destroyed the open database, which is now not publicly available. Cybernews have contacted the company for a comment, but they have yet to receive a response.

To read the full research, please click here.

Leave a comment »

Wiz Defend Offering Debuts with Tamnoon as a Launch Partner

Posted in Commentary with tags on December 2, 2024 by itnerd

Tamnoon, a leader in Managed Cloud Security Remediation, today announced its status as a launch partner for Wiz Defend. The new solution from Wiz draws upon the power of Wiz Integration Network (WIN) partners to better detect and respond to cloud threats in real-time. Tamnoon was selected as a launch partner due to its leading Managed Cloud Security Remediation capabilities, seamlessly integrating with Wiz Defend to empower customers and their SOC/Incident Response teams.

The WIN platform enables bi-directional sharing of security findings across the cloud security ecosystem comprised of hundreds of industry-leading partners like Tamnoon that help mutual customers gain security insight and visibility. With the introduction of Wiz Defend, Wiz is now extending its value to SOC and IR teams for better preparation, investigation, detection, and response to cloud incidents. 

WIN enables mutual customers of Tamnoon and Wiz to receive the following benefits: 

  • Enhanced Cloud Visibility: Wiz’s agentless scanning gives teams immediate visibility into all workloads and cloud services, ensuring no security issues are missed across their infrastructure. Combining this visibility with AI-driven, human-verified managed cloud security from Tamnoon allows customers to bring down critical threats faster than ever.
  • Reduced Alert Fatigue: Wiz Issues combine toxic risk combinations that lead to open attack paths, helping teams identify what to prioritize and fix. Tamnoon enriches all Wiz Issues with proactive, human, and AI-driven investigation, correlating current and past alerts and factoring in information about critical assets, ownership, encryption, public exposure, and more. To enhance the collaboration between security and engineering, Tamnoon offers curated, highly relevant remediation playbooks that facilitate quick handover between teams, closing the loop on the original issues.
  • Cloud Exposure Remediation: The integration automates the remediation of Wiz issues by leveraging Tamnoon’s managed cloud remediation that allows for safe and scalable remediation and ongoing incident response monitoring, including exposure reduction SLAs and KPIs for continuous improvement — all driving critical cloud threats and exposures to zero within months. 

The combined value of these two offerings will streamline security for organizations seeking to eliminate blind spots and telemetry gaps in order to improve cloud incident response readiness, multi-cloud threat detection, investigation, and threat hunting.

Leave a comment »

Vancouver Canucks Announces Fortinet as Its Preferred Partner

Posted in Commentary with tags on December 2, 2024 by itnerd

Vancouver Canucks and Fortinet today announced that Fortinet has become the new Preferred Partner for the 2024–2025 season. Canucks Sports & Entertainment (CSE) has chosen Fortinet’s industry-leading Security Fabric platform to reduce complexity and streamline the identification and remediation of network and security issues across the group’s facilities.

CSE is one of the premier sports and entertainment companies in North America. In support of their goal to create inspiring moments and unforgettable experiences for their fans, CSE has deployed several Fortinet solutions at its central data center to help secure the Rogers Arena, home to NHL Vancouver Canucks and its fans, the Canucks Training Camp facilities, and the eSports team Vancouver Surge.

The Fortinet Security Fabric Wins Over Vancouver Canucks 
The Fortinet Security Fabric platform and Fortinet’s unique ability to converge networking and security help organizations like CSE reduce management complexity by consolidating siloed security tools, increasing visibility, improving performance, and decreasing the mean time to detect and respond to security incidents.

The Canucks’s implementation includes a central FortiGate Next-Generation Firewall (NGFW) cluster at its data center to protect and segment its network and build a Secure SD-WAN platform to simplify, accelerate, and secure communications between locations. Supported by the Fortinet Security Fabric platform, CSE has a single pane of glass to help consolidate management, visibility, analytics, and control for the entire environment.

Fortinet Leads the Cybersecurity Evolution in Canada
Fortinet has a long history of investing in Canada over the last 20 years. With more than 2,600 employees and over $200 million in infrastructure investments across Canada, including a regional data center, offices, a security operations center, and center of research and development excellence, Fortinet has been dedicated to protecting Canadian enterprises, nonprofits, educational institutions, and government agencies. 

Fortinet also remains steadfast in its commitment to close the cybersecurity skills gap and has pledged to train 1 million people globally by 2026 through its award-winning Training Institute program. As part of this, with more than 30 Canadian academic partners, no-cost training to all K-12 school boards in Canada, and an emphasis on helping military members, veterans, and spouses transition into the cyber field, Fortinet is helping grow cybersecurity awareness and resilience across the nation.

Leave a comment »

DMZ’s Women Innovation Summit returns for year three

Posted in Commentary with tags on December 2, 2024 by itnerd

 DMZ, a global startup ecosystem, announced its third annual Women Innovation Summit, set to take place on March 6, 2025. Hosted at DMZ’s headquarters in downtown Toronto, the Summit will bring together women-led startups, innovators, investors, corporate partners, allies and policymakers for a full day event in honour of International Women’s Day. 

Committed to celebrating women entrepreneurs and serving as a catalyst for women’s innovation, the 2025 Summit will unite attendees through intimate roundtable discussions, a pitch competition providing women-led startups with funding opportunities and the official unveiling of DMZ’s 2025 Women of the Year honourees.

Applications for the Women Innovation Pitch Competition and nominations for DMZ’s Women of the Year are now open at dmz.to/WIS. The deadline to apply or nominate is January 19, 2025.

For the third consecutive year, The Firehood—a national network dedicated to advancing women in technology—will join DMZ as an investment partner, committing $100,000 in cash investments for the Women Innovation Pitch Competition. The Firehood has awarded $330,000 in funding to women-led startups through DMZ’s Women Innovation Summit, which has welcomed more than 600 attendees over its first two years.

Women Innovation Pitch Competition

Open to women founders across Canada, the pitch competition provides a unique opportunity to secure funding and accelerate business growth. From the applicants, 25 women founders will be chosen to receive personalized pitch advisory sessions, participate in curated roundtable discussions and gain valuable marketing and PR exposure. Of these, 10 finalists will pitch live at the Summit to angel investors from The Firehood. In 2024, three remarkable women-led startups—LyfeMDRoga and Granularity—secured funding through the Women Innovation Summit, showcasing the incredible talent driving Canada’s innovation ecosystem. 

Women of the Year Awards

DMZ’s Women of the Year Awards honours outstanding women who are driving meaningful change in Canada’s tech and business sectors. Honourees represent trailblazers who are disrupting their industries, leading multi-million dollar companies, revolutionizing technology and inspiring the next generation of women in innovation. Previous awardees include Sylvia Ng, CEO of ReturnBear; Fatima Zaidi, CEO and Founder of Quill; and Mirela Pirlea, Lead Partnerships Innovation and Entrepreneurship for Ontario – Atlantic – West Canada at Desjardins. 2025 award recipients will be revealed at the Women Innovation Summit on March 6, 2025. 

Applications for the Women Innovation Pitch Competition and nominations for Women of the Year are open until January 19, 2025. Learn more and apply at dmz.to/WIS.

DMZ’s Women Innovation Summit was funded in part by the Government of Canada’s Women Entrepreneurship Strategy.

Leave a comment »

Canadian Black Friday Data From Salesforce Is Now In

Posted in Commentary with tags on December 1, 2024 by itnerd

Salesforce has followed up with their results from Black Friday. If you missed the first part of this, you can view it here.

Black Friday Results | Key Findings for Canada + Global: 

  • Canadian online Black Friday sales were down 6% YoY.
  • Globally, online Black Friday sales grew 5% YoY, garnering $74.4 billion in online sales. 
  • Discounts in Canada fell 11% YoY, down to 21% average discount.
  • In contrast, global discounts fell 3% YoY, at 27%. 
  • Salesforce estimates Cyber Week sales in Canada will be down 6% YoY in total growth.
  • Global sales are expected to drive $51 billion, up from $48.4 billion globally in 2023.

Stay tuned for a follow up for Cyber Monday.

Leave a comment »

Answering Your Questions About The M4 Mac Mini

Posted in Tips with tags on November 30, 2024 by itnerd

Something that has generated a lot of email in my inbox is which M4 Mac mini should people buy. It seems that there is a fair amount of confusion around this computer. And this hasn’t been helped by people noticing that depending on the upgrades that you choose, you can easily spend the price of two Mac mini’s without trying too hard. That prompted me to write this post to try and answer these questions as best as I can.

  • M4 or M4 Pro?: To be honest, most people should go for the M4 model. The only reason why anyone should go for the M4 Pro model is that you need the performance for 4K (or higher) video editing, 3D rendering, or anything that will take advantage of the extra graphics and performance cores that the M4 Pro has. If that’s not you, save your money and go for the M4 model.
  • Does Thunderbolt 5 matter?: I wrote an article on Thunderbolt 5, which by the way is only available on the M4 Pro model, here, but the short answer is that it doesn’t matter for anyone with the exception of the three people on planet Earth who have Thunderbolt 5 accessories. It will matter in a year or two when more accessories such as drives, docks and monitors appear that leverage Thunderbolt 5. I should also point out that the people who would care about Thunderbolt 5 are the same ones who would be in the target market for the M4 Pro model.
  • About that power button: To me, the whole discussion about the power button is a total non issue. Modern Macs are incredibly power efficient that leaving it on would not make any noticeable difference in your power bill. Besides, when was the last time you turned off your computer? Rarely if ever I suspect.
  • Should I Upgrade The RAM and Storage?: Here’s some random thoughts on this before I get to my recommendations. Upgrades from Apple are expensive, largely because you cannot upgrade after the fact. And before anyone mentions it, the fact that the storage in the Mac mini is removable does not mean you can upgrade it for less by going aftermarket. In fact, no aftermarket upgrade options exist as far as I am aware. Apple knows that so they get you for as much as they can get away with. The flip side of that is that Apple’s storage is way faster than it has any right to be. Ditto for their RAM because it’s basically packaged up with the CPU. That makes it very difficult to compare against say a garden variety PC with upgradable RAM and storage where neither is as fast. Now having said that, here’s my recommendations:
    • 16GB of RAM is fine for most people. Unless you are doing something really RAM intensive, there’s no logical reason for most people to upgrade the RAM.
    • Storage is another matter. The fact is that 256 GB of storage isn’t enough in my opinion. So, besides giving Apple your money to upgrade to 512GB, you might want to consider external storage such as a Thunderbolt 4 or USB 4 drive as that’s going to be way cheaper per gigabyte versus what Apple charges.
    • If you really must upgrade both because you have a use case that demands more RAM and more storage, the M4 Pro variant is what you should be considering.

Hopefully I’ve answered all of your questions regarding the M4 Mac mini. If I missed something, please leave a comment below and I will help you as best as I can. Or if you’re still not sure which Mac mini you should get, leave a comment below with your specific use case and I will help you as best as I can.

Leave a comment »

Canadian Black Friday Data From Salesforce Including Early Results & Predictions

Posted in Commentary with tags on November 29, 2024 by itnerd

Here’s Salesforce’s latest holiday findings, based on the global shopping data from more than 1.5 billion consumers across Commerce Cloud, Marketing Cloud, and Service Cloud, as well as a link to their holiday insights hub.

Key Findings (Canada, US and Global):

  • Early Cyber Week data shows that consumers planned and waited for Cyber Week deals.
  • US Thanksgiving finished strong with global online sales growing 6% YoY to $33.6B.
  • 30% of all Thursday sales in Canada were captured between the hours of 6pm and 10pm eastern
  • Global discounts remain steady globally on US Thanksgiving, but down in Canada:
  • The average global discount rate was 26% (flat% YoY), 28% in the US (flat YoY), and 21% in Canada (-11% YoY).
  • Social shopping grows:
  • Social channels referred 12% of all ecommerce traffic in Canada
  • Mobile traffic and orders peaked for the week:
  • Yesterday, mobile drove 72% of global online orders (up 3% YoY) and 80% of all online traffic (up 1% YoY).
  • 59% of online orders in Canada were from mobile (up 2% YoY).
  • AI makes an impact for global retailers:
  • Early holiday shopping season data showed that 1 in 5 holiday purchases are being influenced by consumers engaging with AI and agents.

Global Findings: 

  • Global sales are expected to reach $71.5B globally today.
  • For Black Friday, the majority of consumers will turn to online shopping during the hours 9 AM and 3 PM EST, with 42% of all online Black Friday shopping happening during this timeframe.
  • Global average selling price increased by only 2% YoY on US Thanksgiving, marking one of the smallest increases we’ve seen since 2022.
  • Social shopping grows:
  • For retailers that have adopted in-app social buying capabilities such as TikTok Shop or checkout via Instagram, about 19% of their US Thanksgiving day sales globally came from these social commerce apps.
  • Global top performing verticals by sales growth:
  • Home Dining, Art, and Decor (+39%)
  • Makeup (+22%)
  • Health & beauty (+21%)
  • Top global categories by average discount rate are currently:
  • Makeup (40%)
  • Home Dining, Art, and Decor (36%)
  • Skincare (35%)

2 Comments »

Samsung Black Friday Deals available only at TELUS and Koodo

Posted in Commentary with tags on November 29, 2024 by itnerd

Here’s some exclusive Samsung Black Friday deals available only at TELUS and Koodo, running from Black Friday through Cyber Monday.

Samsung Galaxy Ring  $549.99 $384.99 (30% off)

This Black Friday, TELUS is offering a 30% discount on the revolutionary Samsung Galaxy Ring, bringing the price down from $549.99 to just $384.99.

Some key Features of the Samsung Galaxy Ring include:

  • Sleek Elegance: Boasting a concave design and lightweight titanium frame, the Galaxy Ring is so comfortable you’ll forget you’re wearing it.
  • Advanced Health Tracking: Equipped with three-sensor technology, including an Optical Bio-signal Sensor, Skin Temperature Sensor, and Accelerometer, for comprehensive health and activity monitoring.
  • Impressive Battery Life: Enjoy up to 7 days of use on a single charge, perfect for non-stop lifestyle tracking.

Samsung Galaxy S24 FE $0 upfront $0 monthly

Koodo has a special Black Friday promotion available for all existing customers! For a limited time, customers can get the Samsung Galaxy S24 FE for $0 upfront and $0 monthly on qualifying Tab plans, starting as low as $39/month, while supplies last!

For more Black Friday deals, check out www.telus.com/deals and koodomobile.com.

Leave a comment »

Key Predictions for Cybersecurity in 2025 From Panaseer

Posted in Commentary with tags on November 28, 2024 by itnerd

Here’s some forward-looking predictions for cybersecurity in 2025 from Dr. Leila Powell, Head of Data at Panaseer. These insights highlight emerging trends that will shape the cybersecurity landscape in the coming year.

1. The Regulatory Sphere of Influence Will Expand in 2025

Leila predicts that in 2025, more organizations will face increased pressure to measure and demonstrate their security posture, especially as regulatory requirements expand. With new regulations like NIS2, which extends oversight to more sectors and businesses, companies will need to prove they have the necessary security controls in place to avoid penalties. This shift is expected to place significant pressure on organizations that haven’t yet developed trusted data to manage risk effectively.

2. Hybrid Roles Merging Cybersecurity and Data Analysis Will Surge

Demand for data scientists and data analysts in cybersecurity will skyrocket in 2025. As cyberattacks become more widespread, businesses of all sizes will need to understand their security posture. Leila forecasts a growing demand for hybrid roles that combine data analysis with cybersecurity expertise, with companies looking to hire in-house talent and vendors seeking professionals who can help them navigate the increasing complexity of the cybersecurity landscape.

3. GenAI’s Security Challenges Will Emerge in 2025

As AI and Large Language Models (LLMs) become more integrated into business operations, the focus in 2025 will shift from safe usage to securing these models and their underlying training data. Leila highlights how organizations building their own AI capabilities will face new attack vectors targeting the training data and the models themselves. Companies must begin securing these assets to protect sensitive data and prevent manipulation of their AI systems.

Leave a comment »

Vehicle & Property Records Exposed In Data Breach

Posted in Commentary with tags on November 27, 2024 by itnerd

A data breach involving SL Data Services/Propertyrec — an Information Research Provider — was discovered and reported to WebsitePlanet by cybersecurity researcher Jeremiah Fowler. 

What happened: 

A non-password-protected database containing more than 600K records was exposed. The leaked data includes PII, real estate data, court records, vehicle records (license plate and VIN), background check documents and more. 

Why it matters: 

A potential concern is targeted phishing or social engineering attacks, where a criminal could impersonate an individual whose personal information was exposed in a background check document. 

Read their detailed report here: https://www.websiteplanet.com/news/propertyrecs-breach-report/

Leave a comment »

« Older Entries
Newer Entries »