TELUS originals celebrates 10 years of powerful storytelling 

Posted in Commentary with tags on October 24, 2024 by itnerd

TELUS is celebrating the 10-year anniversary of TELUS originals and a decade of empowering independent Canadian and Indigenous filmmakers creating compelling, social-purpose driven documentaries and docuseries that inspire change and connect communities. Since 2014, TELUS originals has invested more than $27 million, bringing over 350 projects to screens across Canada and highlighting the diverse stories of British Columbia and Alberta. Viewers can watch these powerful TELUS original films on Optik TV channel 8, via TELUS Stream+ and for free at watch.telusoriginals.com

This fall alone, 10 TELUS original films, including Ari’s Theme, The Chef and the Daruma, Curl Power and Iniskim – Return of the Buffalo, were selected by top-tier Western Canadian film festivals in Vancouver, Calgary and Edmonton, underscoring the positive impact of the program for Canadian storytellers, local communities and the country’s film industry at large.

To celebrate the 10-year anniversary of TELUS originals, viewers are invited to explore the diverse range of new TELUS originals content including Aitamaako’tamisskapi Natosi: Before the SunThe Interceptors, and Handle With Care: The Legend of the Notic Streetball Crew available on TELUS Optik TV channel 8, via Stream+ and online at watch.telusoriginals.com

For more information about TELUS originals, visit watch.telusoriginals.com

Leave a comment »

Introducing Layer 7 Policy Routes and Outbound Rules in EnGenius Cloud

Posted in Commentary on October 24, 2024 by itnerd

EnGenius has announced the launch of two new powerful features in EnGenius Cloud and the VPN Router ESG series: Layer 7 Policy Routes and Outbound Rules. These enhancements offer a more granular level of control over your network traffic, allowing you to optimize performance, improve security, and streamline your management efforts.

Layer 7 Policy-based Route

You can create policy-based routing rules to direct specific applications to different WAN interfaces without specifying IP addresses or port ranges

The Benefits

  • Optimized Traffic Management: Direct critical applications to a primary WAN while routing less important traffic to a secondary WAN
  • Enhanced Network Performance: Improve network efficiency by balancing load between WAN interfaces based on application
  • Simplified Rule Management: No need to update routing rules for changing IP addresses or port ranges

Layer 7 Firewall Rules:

You can create firewall rules to block specific applications without specifying IP addresses or port ranges. This feature is particularly useful when applications frequently change their IP addresses or use multiple Ips

The Benefits

  • Flexible Traffic Management: Define custom rules to control outbound traffic, blocking or allowing specific destinations, applications, or protocols.
  • Improved Network Security: Prevent unauthorized data leakage and protect your network from external threats.
  • Enhanced Network Visibility: Gain deeper insights into outbound traffic patterns and identify potential security risks.

To learn more about these new features and how they can benefit your network, please click here.

Leave a comment »

Cyware, ECS enter design partnership to strengthen Gov’t & CI cybersecurity

Posted in Commentary with tags on October 24, 2024 by itnerd

Cyware, the leading provider of threat intelligence management, low-code/no-code automation, and cyber fusion solutions, and ECS, a leader in advanced technology solutions for U.S. public sector customers, including defense and intelligence organizations, today announce their design partnership which will serve to enhance Cyware’s Intel Exchange product enabling government entities to improve their security posture. This partnership aims to leverage ECS’s deep public-sector knowledge and cybersecurity expertise to tailor Cyware’s Intel Exchange to address the unique needs of government entities, with a focus on strengthening collective defense and securing the nation’s critical infrastructure.

To address the security challenges that impact federal entities, Cyware and ECS are working together to:

  • Enhance Intel Exchange’s automated Threat Intel Risk Score engine to bring flexibility and advancement in the algorithm to accommodate time sensitive government CTI operations and workflows. The new risk score is customizable based on the weightage given to the quality, credibility, relevance, and confidence level of the threat data sources, enrichment sources, and attributes of threat objects.
  • Introduce a custom scoring module in addition to the above Risk Score engine that will allow CTI teams to design scoring parameters tailored for government use cases for any threat data ingested into the platform and enable them to prioritize relevant threats for actioning.
  • Simplify triaging and operationalization of the large volume of threat data in the platform with automated rules leveraging the newly introduced scoring modules. CTI analysts can now create custom rules to score threat data depending on different priorities and perspectives.

The full range of enhanced capabilities for Intel Exchange are expected to be unveiled for the public sector in early November 2024. Cyware and ECS remain committed to supporting federal agencies through innovative and tailored cybersecurity solutions that promote collective defense and protect the nation’s most critical infrastructure.

Leave a comment »

Fortinet Has A Beyond Critical Vulnerability That You Need To Patch ASAP

Posted in Commentary with tags , on October 24, 2024 by itnerd

Fortinet has confirmed a critical vulnerability in FortiManager which is being tracked as CVE-2024-47575, and has a CVSS score 9.8 which is basically the worst score you can get, is being actively exploited. Mandiant has details about what this vulnerability is and how it is exploited.

But that’s not the bad part.

Apparently according to Bleeping Computer, this was disclosed to customers a week ago and….:

The company privately warned FortiManager customers about the flaw starting October 13th in advanced notification emails seen by BleepingComputer that contained steps to mitigate the flaw until a security update was released.

However, news of the vulnerability began leaking online throughout the week by customers on Reddit and by cybersecurity researcher Kevin Beaumont on Mastodon, who calls this flaw “FortiJump.”

Fortinet device admins have also shared that this flaw has been exploited for a while, with a customer reporting being attacked weeks before the notifications were sent to customers.

“We got breached on this one weeks before it hit “advance notifications” – 0-day I guess,” reads a now-deleted comment on Reddit.  

That’s not good at all. Patches to FotiManager are either here or are coming. And I highly recommend that you install those patches ASAP. Having said that, Fortinet is going to have to answer some hard questions about how they handled this because their response seems a bit suspect to me.

Leave a comment »

45% of energy sector breaches linked to third-parties 

Posted in Commentary with tags , on October 24, 2024 by itnerd

According to new research (registration required) by SecurityScorecard and KPMG, the US energy sector is particularly vulnerable to supply chain attacks, with 45% of security breaches in the past year linked to third-parties.

This compares to a global average of 29% for supply chain breaches across all other industries, while 90% of attacks on energy companies breached more than once involved third parties.

Also notable, 67% of third-party related breaches involved external software and IT providers and 22% involved other energy companies.

The largest contributor to third-party breaches in the energy sector was the exploitation of the MOVEit file transfer software vulnerability in 2023, accounting for 39% of breaches.

“With geopolitical and technology-based threats on the rise, this complex system is facing an equally generational risk exposure that could harm citizens and businesses alike,” Prasanna Govindankutty, Principal, Cyber Security US Sector Leader at KPMG commented.

Emily Phelps, Director, Cyware had this to say:

“The rising threat to the energy sector, particularly from third-party vulnerabilities, underlines the urgent need for a collective defense approach. As cyberattacks increasingly exploit supply chain weaknesses, organizations can no longer afford to operate in silos. Collaboration between trusted companies and industries, alongside the operationalization of threat intelligence, is critical to staying ahead of attackers. By turning intelligence into actionable insights, organizations can identify risks earlier, coordinate defenses, and reduce the time it takes to respond. Proactivity is key – relying solely on reactive measures leaves critical infrastructure and businesses exposed to recurring threats. Only through shared intelligence and coordinated efforts can we address these complex, evolving risks effectively.”

We’re at a point now where every sector needs to ensure that they are taking steps to protect themselves. Because the threat landscape is only growing, which is a bad thing for all of us.

Leave a comment »

Testers Challenge 2024 announced 

Posted in Commentary with tags on October 24, 2024 by itnerd

The annual Testers Challenge by TestDevLab has been announced, inviting anyone around the world to compete in the multi-level challenge for valuable prizes and the glory of being named a top tester in the world. The competition will go live on November 7, and will last until November 18th. It is made up of 3 stages in 3 complexity levels, wherein participants will look for software bugs and solve them using logical thinking to advance to the next level. The first three to reach the finish line will be crowned winners.

The challenge is created for people who like to tinker with tech and break things. This can range from professional software testers to people who just like to play around with software and logic puzzles. Each level will have one problem that needs to be solved, ranging from functional, security, and accessibility topics to audiovisual bugs and challenges. Interested participants are invited to try out the warmup round on the Testers Challenge website to get a taste of what lies ahead.

The Testers Challenge has been hosted for four years. The previous Testers Challenge had over 3,000 participants worldwide, and the first-place winner was an IT student from the UK. 

TestDevLab organizes a variety of initiatives for the testers community. In addition to the Testers Challenge, they also organize TDL School – a set of courses to develop a career in the software testing industry. 

This year, first, second, and third-place winners will have the chance to select their prize from the prize pot made up of an Oura Ring, InMotion V10F Unicycle, and Sony WH-1000XM5/L Wireless Noise-Cancelling Headphones. 

Leave a comment »

AI repository Hugging Face loaded with malicious files to steal info

Posted in Commentary with tags on October 23, 2024 by itnerd

OODA Loop reports today that “Hackers Have Uploaded Thousands Of Malicious Files To Hugging Face Repository” based on input from Protect AI.  

The OODA Loop story reads in part: “The old Trojan horse computer viruses that tried to sneak malicious code onto your system have evolved for the AI era,” said Ian Swanson, Protect AI’s CEO and founder.

  “The Seattle, Washington-based startup found over 3,000 malicious files when it began scanning Hugging Face earlier this year. Some of these bad actors are even setting up fake Hugging Face profiles to pose as Meta or other technology companies to lure downloads from the unwary, according to Swanson. A scan of Hugging Face uncovered a number of fake accounts posing as companies like Facebook, Visa, SpaceX and Swedish telecoms giant Ericsson. One model, which falsely claimed to be from the genomics testing startup 23AndMe, had been downloaded thousands of times before it was spotted…”

Mali Gorantla, Chief Scientist at AppSOC had this to say:

  “It should surprise no one that Hugging Face has become a magnet for malware and bad actors. In the last year, the number of AI models available on Hugging Face has tripled, now topping 1 million. Data scientists and AI developers love experimenting with this vast amount of open-source data to build and train new AI applications. The problem is that most security teams have little visibility into what models or datasets have been downloaded or where they exist. I can’t think of a more obvious place to embed malware, infiltrate corporate defenses, and hide your tracks.”

Security teams need to change their tactics so that they have visibility and are able to uncover this sort of thing. Because this is clearly the next “big thing” that threat actors are engaged in.

Leave a comment »

ESET Bulks Up its ESET HOME Security Offerings to Protect Against AI-Driven Threats

Posted in Commentary with tags on October 23, 2024 by itnerd

 ESET today announced its upgraded consumer offering, ESET HOME Security, with new features, such as ESET Folder Guard, Multithread Scanning, and Identity Protection featuring Dark Web Monitoring. These enhancements to ESET HOME Security, as an all-in-one solution for consumers, correspond to the increasing number of advanced, automated, and AI-driven threats targeting individuals and address growing concerns about data privacy, ransomware attacks, phishing, and scams.  

ESET HOME Security is available across all major operating systems—Windows, macOS, Android, iOS—and covers all typical smart home devices. Improvements have been made to enhance the existing layers of protection, including upgrades to the Link Scanner and Password Manager. Security for Mac users has been improved with a new unified Firewall offering both basic and advanced setup options in the main Graphical User Interface (GUI).  

Some of the top new and improved features include:  

New Dark Web Monitoring — ESET Identity Protection is now available in Canada, providing users with advanced tools to safeguard their personal information. This feature scours the dark web, black market chat rooms, blogs, and other data sources for the illegal trading and selling of personal data. ESET’s cutting-edge technology delivers prompt alerts, enabling users to take immediate action and mitigate potential identity theft risks. 

New ESET Folder Guard — This technology helps protect Windows users’ valuable data from malicious apps and threats, such as ransomware, worms, and wipers (malware that can damage users’ data). Users can create a list of protected folders — files in these folders can’t be modified or deleted by untrusted applications.   

New Multithread Scanning  Improves scanning performance for multi-core processor devices using Windows by distributing scanning requests among available CPU cores. There can be as many scanning threads as the machine has processor cores. 

Improved Gamer Mode — This feature is for users who demand uninterrupted usage of their software without pop-up windows and want to minimize CPU usage. The improved version allows users to create a list of apps automatically starting gamer mode. For cautious players, there is also a new option to display interactive alerts while gamer mode is running.  

This robust all-in-one security product is an ideal solution for all who have concerns beyond general cybersecurity, and it includes privacy protection, identity protection, performance optimization, device protection, and smart home protection. Because in a world of advanced cyberthreats, quality matters. 

More information about the consumer offering and subscription tiers can be found here

Leave a comment »

Unit 42 Research: Novel Jailbreaking Technique ‘Deceptive Delight’

Posted in Commentary with tags on October 23, 2024 by itnerd

Today, Palo Alto Networks Unit 42 shares that it has identified a new jailbreaking technique, ‘Deceptive Delight,’ which can bypass the safety guardrails of state-of-the-art LLMs to generate unsafe content. The findings highlight significant vulnerabilities in AI systems, revealing the urgent need for enhanced security measures to prevent the misuse of Gen AI technologies.

Key findings detail that Deceptive Delight:

  • Achieves a 65% attack success rate against open-source and proprietary AI models, significantly outperforming the 5.8% attack success rate achieved when sending unsafe topics directly to these models without using any jailbreak techniques.
  • Embeds unsafe topics within benign narratives, cleverly tricking LLMs into producing harmful content while focusing on seemingly harmless details.
  • Employs a multi-turn approach, where the model is prompted progressively across multiple interactions, enhancing both the relevance and severity of the unsafe output generated and increasing the likelihood of harmful content creation.

You can find the full blog here.

Leave a comment »

On Now! Nikon Pop-Up Experience at Yorkdale Mall

Posted in Commentary with tags on October 23, 2024 by itnerd

From now until October 24, Nikon Canada is hosting a Nikon Pop-Up Experience at Yorkdale Mall in Toronto!

Inspired by its heritage models, the Nikon Zfc and Zf cameras, the concept of Nikon’s Pop-Up is a retro diner with antique furniture and neon lights. It also has the opportunity to check out Nikon’s latest cameras.

At the ‘Nikon Diner’ there will be an ‘IG Worthy’ vintage-style photobooth where visitors will be able to take home physical photos.

Guests will be encouraged to share their photobooth image on social using the #NikonCreators and #NikonDiner hashtags for a chance to win a Zfc kit! Visitors will also be able to engage in “diner chats” with Nikon ambassadors and creators, who will share photo and video tips and tricks.

Visit the ‘Nikon Diner’ at Yorkdale during mall hours between Oct 17th-24th! It is located right next to Canada Goose near Entrance E.

Leave a comment »

« Older Entries
Newer Entries »