New Chenlun/Sinkinto01 TTPs Development to Use Amazon & USPS Lures in Smishing Attacks

Posted in Commentary with tags on October 29, 2024 by itnerd

DomainTools has published new research on the development of phishing attacks to gather personal information attributed to the threat actor Chenlun/Sinkinto01, which continued after DomainTools’ original investigation in December 2023.

After analyzing related domains, DomainTools noticed interesting evolutions in their tactics, techniques, and procedures (TTPs). Chenlun has expanded to use Amazon and the previously identified United States Postal Office (USPS) lures.

DomainTools domain-related data allowed researchers to identify a preference for using subdomains with short life cycles on older apex-level domains. Both subdomains and apex-level domains indicate using a domain generation algorithm (DGA) as an obfuscation method. 

DomainTools identified redirect domains used after visiting the domain mentioned in the SMS message to further obfuscate the path traveled by the victim before being asked for personal information.

Last year, DomainTools published research on a phishing campaign that targeted individuals by using SMS messages to impersonate the USPS. The original article details the likely responsible threat actor, Chenlun/Sinkinto01. 

You can read the details here.

Leave a comment »

TELUS and Photonic join forces to build Canada’s quantum future

Posted in Commentary with tags on October 28, 2024 by itnerd

TELUS is has announced a collaboration with Photonic Inc., a pioneering BC-based company, to accelerate the development of next-generation quantum communications in Canada. TELUS will provide Photonic dedicated access to its advanced fibre-optic network, enabling the testing of groundbreaking quantum technologies and emerging solutions that promise to reshape Canada’s digital landscape, improve productivity and drive economic growth.

Over the past several years, quantum technology has moved beyond academic research and is entering the commercial realm, with companies like Photonic leading the charge. The collaboration with TELUS provides a path for industries such as finance, security and logistics to prepare for a quantum-secure future. With TELUS’ infrastructure enabling the testing of real-world applications, Photonic is helping accelerate the commercialization of quantum technologies, set to reshape how industries approach computing and secure communication, both in Canada and worldwide.

As part of this collaboration, TELUS is providing Photonic access to a 30-kilometre dedicated fibre network in British Columbia – configured to test increasingly complex quantum networking that leverage quantum encryption for ultra-secure, tamper-evident transfer of information over long distances. This state-of-the-art infrastructure will enable Photonic to advance critical capabilities in quantum computing (solving complex problems beyond the reach of today’s computers), quantum networking, and quantum key distribution (using quantum signals to create secure encryption) – technologies crucial for the future of digital security and innovation. 

This effort marks a major milestone for both companies as they work to lay the foundation for a quantum internet. The dedicated fibre network is connected to TELUS’ national infrastructure, offering potential for broader, nationwide testing and marking the first time a Canadian startup has been granted access to a major telecom operator’s network for the purpose of developing quantum communication capabilities. It follows impressive milestones recently achieved by Photonic,including a successful demonstration of entanglement distribution between independent systems in a commercial setting (entanglement allows particles to share quantum information across distances), an essential component of scaling quantum networks.

Quantum technology holds the potential to solve some of the world’s most complex computation problems, ranging from materials development to climate-friendly catalyst development. However, it also presents new challenges, including the ability to break existing encryption methods within the next decade. This collaboration between TELUS and Photonic helps position Canada as a global leader in the quantum race, ensuring everyday Canadians and businesses are prepared for a quantum-secure future. 

Leave a comment »

Cyber insurers bridge security gap in water sector with hands-on cyber-risk practices 

Posted in Commentary with tags on October 28, 2024 by itnerd

Today, Bloomberg posted recent findings pertaining to cyber insurers’ role in policyholders’ security posture, specifically those within the US water systems industry.

Unlike many other CNI entities, the water sector is extremely fragmented, with at least 150,000 utilities spread throughout the country with smaller systems serving as few as just dozens of customers, operating with low budgets that often don’t account for cybersecurity.

A May EPA alert found over 70% of systems inspected since September 2023 violated the Safe Drinking Water Act’s requirements to develop risk assessments and emergency response plans.

Amidst meager cybersecurity regulations from federal agencies, many cyber insurers have moved on from a traditional, application-based underwriting model in favor of new, hands-on cyber risk practices to help spread the risk and improve resilience of the US water sector, including testing existing systems and helping policyholders address shortcomings.

Sezaneh Seymour, head of regulatory risk and policy at cyber carrier Coalition Inc. said Coalition was able to reduce vulnerabilities of water entities it covered by over 90% in six months through risk pooling.

Despite a growing appetite from insurers to cover cyber risk, many entities, especially in the water sector, still can’t obtain coverage due to lack of resources, knowledge, and dated operational systems that won’t meet the minimum qualifications to attain cyber insurance.

“It’s just a matter of time before a determined adversary bypasses the safety functions that have kept systems, people, and the environment safe thus far,” said Jennifer Lyn Walker, the director of infrastructure cyber defense at WaterISAC.

Stephen Gates, Principal Security SME, Horizon3.ai had this to say:

“Although there’s a strong desire for the water sector to adopt the latest IT technologies and security practices, this isn’t always practical. Autonomous risk assessment solutions provide a way to determine if older operating systems and unsupported software are truly exploitable based on their specific deployment scenarios. While a component of the infrastructure might be flagged as being “vulnerable”, that doesn’t necessarily mean it can be exploited from the outside in.”

Anything that is considered to be a critical sector needs to step up their game to manage cyber risk. That includes really getting onto the bandwagon of being up to date in terms of the threat landscape and taking the required steps to mitigate those threats. That needs to happen ASAP.

Leave a comment »

Introducing AI Overviews in Canada 

Posted in Commentary with tags on October 28, 2024 by itnerd

AI Overviews in Search are coming to Canada! Google is beginning the full rollout of AI Overviews in Canada — helping you search the web in a whole new way, no matter what questions are on your mind. This innovative AI-powered feature simplifies how users connect with web information. 

Key Benefits:

  • Connect to the best of the web: Helping people discover content from publishers, businesses and creators remains central to Google’s approach. Google has  introduced more prominent ways to show links to relevant websites within AI Overviews, with a right-hand link display on desktop and a similar experience on mobile, accessible by tapping the site icons in the upper right. 
  • Traffic increases: Earlier this month, Google launched in-line links that appear directly within the text of AI Overviews. In testing, both the right-hand link display and in-line links drove an increase in traffic to supporting websites compared to the previous designs, and the link display has made it easier for people to visit sites that interest them.
  • Expand your queries: AI Overviews are just one of the ways Google is building AI into Search, and dramatically expanding the kinds of questions you can ask on Google – which creates even more ways for people to explore content online. 

Please find the full blog post here. 

Leave a comment »

Canada Revenue Agency Taxpayer Accounts Pwned To Steal Money

Posted in Commentary with tags on October 28, 2024 by itnerd

The Canada Revenue Agency is once again the victim of being pwned. This time it looks like they got pwned via a supply chain attack. Here’s what went down:

At the height of this year’s tax season, the Canada Revenue Agency discovered that hackers had obtained confidential data used by one of the country’s largest tax preparation firms, H&R Block Canada.

Imposters used the company’s confidential credentials to get unauthorized access into hundreds of Canadians’ personal CRA accounts, change direct deposit information, submit false returns and pocket more than $6 million in bogus refunds from the public purse, an investigation by CBC’s The Fifth Estate and Radio-Canada has found.

In one case, the hackers filed a return with a legitimate postal code, but a fake address on a non-existent Tomato Street.

“Obviously the door is open and some people are infiltrating the system,” André Lareau, an associate tax professor at Laval University in Quebec City, said in an interview. “But the CRA does not seem to have found the key to lock the door.”

According to sources, the crisis prompted the CRA to contact the office of Revenue Minister Marie-Claude Bibeau.

How many Canada Revenue Agency accounts could we be talking about? How about this:

In answers to questions from The Fifth Estate/Radio-Canada, the CRA admitted it has been hit with more than 31,468 “material” privacy breaches from March 2020 to December 2023, affecting 62,000 individual Canadian taxpayers.

This is pretty bad. And given that the Canada Revenue Agency has been pwned so many times over the years, which has led to a lawsuit over their last round of getting pwned, you’d think that they would up their game. But clearly that’s not the case. And Canadians should expect not only answers about why getting pwned is still a problem with the Canada Revenue Agency, but concrete steps on how they are going to stop getting pwned. In the meantime, I would encourage all Canadians to check their Canada Revenue Agency accounts to make sure that they are not victims of this. And I would do that ASAP.

Leave a comment »

Guest Post: Unlocking Global Connectivity: The Benefits of eSIM Data Plans for International Travel

Posted in Commentary with tags on October 28, 2024 by itnerd

By: Mike Stanford, Founder & President, AlwaysMobile

In today’s digital age, staying connected while traveling internationally is essential. Whether you’re sharing memories on social media, navigating unfamiliar cities, or keeping in touch with loved ones, having reliable internet access can make all the difference. Most international travelers use their mobile carrier’s roaming feature, but this can be expensive as the daily roaming fees can really add up. Alternatively, travelers can purchase physical SIM cards allowing access to local networks when abroad – a cheaper option than roaming but with the hassle of finding and managing multiple SIM cards. Enter the eSIM—an innovative solution that revolutionizes how we connect abroad. 

Always Mobile, a Canadian-based eSIM provider, launched in the Spring of 2024 offering eSIM-enabled mobile data plans to over 170 destinations worldwide. When talking to Canadians about this new technology, the most frequent question we get is “What is an eSIM?” So lets dive in.

What is an eSIM?

An eSIM, or embedded SIM, is a digital SIM that can be downloaded directly into your device. Unlike traditional SIM cards that require physical swapping, an eSIM allows you to activate a cellular plan without needing to insert a physical card. This cutting-edge technology is supported by most modern smartphones, tablets, and other connected devices, making it easier than ever to manage your connectivity needs and save on expensive roaming fees while traveling.

How to Use an eSIM

Using an eSIM is incredibly straightforward. Here’s how you can get started with Always Mobile’s eSIM data plans:

  1. Purchase Your Plan: Visit Always Mobile and select an eSIM data plan that suits your travel needs. Whether you’re planning a short getaway or a longer adventure, there are various options available.
  2. Activate Your eSIM: Once you’ve purchased your plan, you’ll receive a QR code via email. Simply scan this code with your device’s camera and follow the prompts to activate your eSIM.
  3. Stay Connected: After activation, your device will be ready to access local data networks in your destination. You can now enjoy seamless internet access without the fuss of changing SIM cards or searching for Wi-Fi hotspots.

The Benefits of eSIM Data Plans for International Travel

  1. Convenience: One of the most significant advantages of eSIM technology is its convenience. With an eSIM, you can switch between carriers and plans with just a few taps on your device. No more searching for a local SIM card upon arrival or worrying about losing your physical card.
  2. Cost-Effectiveness: Always Mobile offers competitive pricing for its eSIM data plans, allowing you to choose the best option that fits your budget. Avoid high roaming charges by opting for a local plan tailored to your destination.
  3. Flexibility: Traveling through multiple countries? With Always Mobile’s eSIM, you can also buy regional plans which cover multiple countries on one eSIM. This flexibility is super convenient for that European vacation or the power business traveler covering multiple stops in Asia for example.
  4. Enhanced Security: eSIMs are often more secure than local Wi-Fi networks; offering a higher level of protection to sensitive personal and corporate information.

In a world where staying connected is vital, eSIM data plans stand out as the perfect solution for international travelers. With their ease of use, cost savings, flexibility, and security, eSIMs are changing the way we travel. Don’t let connectivity issues hold you back—embrace the future of mobile communication with an eSIM data plan on your next trip abroad.

You can visit Always Mobile today and explore the freedom of global connectivity at your fingertips!

1 Comment »

DH2i to Showcase DxEnterprise Smart High Availability Software and Its SQL Server Operator for Kubernetes at PASS Data Community Summit 2024

Posted in Commentary with tags on October 28, 2024 by itnerd

DH2i today announced it will be showcasing its DxEnterprise Microsoft SQL Server high availability software for instances and containers at this year’s PASS Data Community Summit. PASS Summit 2024 will bring thousands of data platform professionals together for an in-person event in Seattle, WA, from November 4-8, 2024.

DH2i Booth #204:

Attendees will have the opportunity to experience DH2i’s industry-leading DxEnterprise software firsthand and learn how to drive Microsoft SQL Server downtime and data loss to near-zero across on-prem, remote, cloud, and hybrid environments – all while eliminating management complexity. DH2i will also show how to easily set up multi-site clusters for disaster recovery (DR), manage Windows and Linux SQL Server side-by-side in the same cluster, and easily and securely usher in the era of containers with DxOperator by DH2i, the industry’s preferred SQL Server Operator for Kubernetes (K8s). 

In-Booth Demos & Raffles, DH2i Booth #204:

  • Wednesday, November 6: 10:50 am 
  • Thursday, November 7: 3:10 pm 
  • Friday, November 8: 10:00 am 

Don’t Miss:

General Session: “Harness the Power of Kubernetes to Achieve Truly Cloud-Agnostic SQL Server

  • Wednesday, November 6: 3:30 pm – 4:30 pm in Room 345-346
  • DH2i’s CTO and Co-Founder, OJ Ngo, to join Microsoft’s Principal Product Manager, Amit Khandelwal, to discuss how organizations can cost-effectively maintain “5-nines” SQL Server uptime while eliminating the risk of cloud vendor lock-in. While Kubernetes and containers offer infrastructure autonomy, they also introduce complexity and downtime risks. Ngo and Khandelwal will present a solution to these concerns by demonstrating a cloud-agnostic SQL Server environment using Kubernetes, allowing multi-cloud deployments and automatic failover across platforms. This approach accelerates digital transformation, enabling unified HA management for SQL Server across Windows, Linux, and Kubernetes in a single framework.

10-Minute Lightning Talk: “Deploy Highly Available SQL Server Containers in AKS in 3 Easy Steps

  • Thursday, November 7 at 11:15 am in room 343-344
  • DH2i’s CTO and Co-Founder, OJ Ngo, will present a 10-minute lightning talk to demonstrate how easy SQL Server container deployment and HA can be with the industry’s preferred SQL Server Operator for Kubernetes. Whether you’re an expert or just curious about the benefits of database containers, this session will show an easy-to-execute, 3-step approach to deploy a customizable, Always-On Availability Group in an Azure Kubernetes Service (AKS) cluster.

20-Minute Session at AWS Booth: “Deploy a SQL Server Availability Group on Amazon EKS with Ease using DH2i”

  • Wednesday, November 6 at 1:00 pm at the AWS Booth
  • DH2i’s CTO and Co-Founder, OJ Ngo, will present alongside Yogi Barot from AWS as they demonstrate an easy, operator-driven approach to deploy highly available SQL Server on Amazon Elastic Kubernetes Service and the combined ability of this solution stack to ensure the industry’s lowest downtime for SQL Server containers.

1 Comment »

PIXM Security Launches AI-Driven Zero-Day Phishing Protection for MSP Community

Posted in Commentary with tags on October 28, 2024 by itnerd

PIXM Security, the leader in AI-driven computer vision cybersecurity, announced today the launch of its new Managed Service Provider (MSP) program for zero-day phishing protection. With over 500,000 end users already protected, PIXM shields MSPs and their customers from credential theft and zero-day phishing attacks that can lead to malware and other exploits on their laptops, desktops and mobile platforms.

Over 50 percent of phishing links are clicked outside corporate email. While phishing security is often associated solely with email protection, cybercriminals are adapting and increasingly exploiting other channels such as SMS, social media platforms (such as Facebook), SaaS work apps (such as Slack and Google Docs), and even QR codes to deliver phishing attacks. This shift leaves many organizations vulnerable, as legacy email security solutions do not cover these expanding attack vectors.

PIXM uses AI Computer Vision to protect users right in the browser the moment they click on a link. This real-time approach acts as a “second set of eyes,” instantly and accurately analyzing web pages and on screen content to determine its legitimacy and promptly alerting users to potential threats and phishing attempts. This approach provides unmatched protection across all digital touchpoints and all types of phishing attacks. 

PIXM also prevents threats from stealthy spear phishing links that users click in their email box, which evade even the most sophisticated email protection because hackers can mask credential harvesting phishing links until the moment they are clicked by a targeted user.

The PIXM MSP program includes these and other benefits: 

  • High Value, Low Cost: $1 per user, per month with unlimited devices.
  • High Margin: Aggressive margins for new partners.
  • High Impact, Low Friction: Stops targeted phishing attacks at the click and deploys in minutes as a browser-based plugin, supporting IOS, Windows and Mac, with no training required.
  • Free NFR Licenses: While securing clients, MSPs can also protect their own teams with no-cost Not For Resale (NFR) licenses.

PIXM will launch the MSP program and present its award winning technology at Kaseya DattoCon 2024 in Miami on October 28 – 30 at Booth B14 and at IT Nation Connect 2024 in Orlando on November 6 – 8 at Booth 20.

Sign up for a personalized demo of PIXM here

Leave a comment »

Landmark Admin Pwned…. Over 800K People Affected

Posted in Commentary with tags on October 27, 2024 by itnerd

Another day, another big data breach. This time it’s Landmark Admin which is an Insurance administrative services company. According to a filing with  the Main Attorney General’s office, the company said that it was the victim of a cyberattack back in May and over 800,000 people have had the following information stolen:

“Based on the investigation, the following information related to potentially impacted individuals may have been subject to unauthorized access: first name/initial and last name; address; Social Security number; tax identification number; driver’s license number/state-issued identification card; passport number; financial account number; medical information; date of birth; health insurance policy number; and life and annuity policy information,”

Well that sucks. Though what sucks more is the fact that we’re in late October and the public is only finding out about this company being pwned back in May. In any case, the company goes on to say that impacted people should monitor their credit reports and bank accounts for suspicious activity. How do you know if you’re impacted, well the company will reach out to you to let you know if you’ve been affected.

Personally, if I were affected by this, I’d want to know why it took so long to make this information public. I’m hoping that somebody is going to ask that question. As in someone in government that has the power to compel the company to serve up the answer to that question.

Leave a comment »

New Research: Exploiting Windows Downdate to Revive Critical Kernel Vulnerabilities

Posted in Commentary with tags on October 26, 2024 by itnerd

In August of 2024, SafeBreach labs security researcher Alon Leviev discovered Windows Downdate, which was first presented at Black Hat USA 2024 and DEF CON 32 (2024), where he developed a tool to take over the Windows Update process to craft custom downgrades on critical OS components to expose previously fixed vulnerabilities. Using this downgrade ability, he discovered CVE-2024-21302, a privilege escalation vulnerability affecting the entire Windows virtualization stack.

While CVE-2024-21302 was patched because it crossed a defined security boundary, the Windows Update takeover, which was also reported to Microsoft, has remained unpatched because it did not cross a defined security boundary. Alon’s follow-up research exposes a severe flaw in Windows Update that allows the reactivation of the “ItsNotASecurityBoundary” Driver Signature Enforcement (DSE) bypass, permitting the loading of unsigned kernel drivers. This can be exploited to deploy custom rootkits, disable security features, and compromise system integrity.

You can read more here.

Leave a comment »

« Older Entries
Newer Entries »