ASUS Announces the ExpertBook P5

Posted in Commentary with tags on October 21, 2024 by itnerd

 ASUS today announces that the ExpertBook P5 (P5405), a groundbreaking Copilot+ PC designed to empower modern professionals is now available in Canada, starting October 21st. Available through the ASUS StoreCostco, and select retailers, it comes in four configurations starting at CA$1,299.99.

Powered by up to the latest Intel® Core Ultra 7 processor (Series 2) with 47 NPU TOPS, the laptop delivers up to 3X the AI performance boost compared to the previous generation. Featuring ASUS AI ExpertMeet, this AI-driven powerhouse streamlines workflows and enhances collaboration. Its sleek, durable aluminum chassis houses a stunning 2.5K 144 Hz display, delivering exceptional visuals. With a 1.29 kg feather-light design, robust security features, and a focus on sustainability, ExpertBook P5 is the perfect companion for on-the-go professionals seeking peak performance and efficiency.

The future of work

Crafted with meticulous attention to detail, ExpertBook P5 boasts a premium aluminum design that seamlessly blends aesthetics and ergonomics. Despite its lightweight construction, at just 1.29 kg, P5 offers exceptional durability — meeting the exacting US MIL-STD 810H military standard. Its thoughtfully designed workspace, featuring conveniently placed function keys and a spacious mouse area, optimizes productivity and comfort during video conferences and multitasking. Engineered with the ASUS ExpertCool thermal structure, a newly-enhanced cooling design, the ExpertBook P5 ensures consistent, optimal cooling whether the lid is open or closed, guaranteeing peak performance even during extended usage. It is a productivity powerhouse designed to elevate professional performance, empowering users to achieve their full potential.

Forwarding the ASUS commitment to sustainability, ExpertBook P5 also represents a significant advancement in sustainable technology. This intelligent product has significantly enhanced its circularity by 10% to reach 50%, utilizing Circular Transition Indicators (CTI) for performance measurement. By incorporating recycled materials and a modular design, ExpertBook P5 directly addresses the pressing issue of e-waste.

Experience the power of AI in meetings

ASUS ExpertBook P5 benefits from the all-new ASUS AI ExpertMeet, an on-device AI assistant that transforms meetings into productive and engaging experiences, leverages advanced AI capabilities to enhance audio, video, and collaboration features, ensuring seamless communication and capturing every important detail.

AI ExpertMeet offers a comprehensive suite of AI-powered features to elevate every meeting experience. AI Meeting Minutes accurately captures and transcribe meetings, generating detailed summaries and identifying key points from multiple speakers. The AI Translated Subtitles feature provides translations, ensuring seamless communication across languages. Additionally, the Watermark function allows video calls to be personalized with customizable business card information and screen watermarks for added security and professionalism. All powered by on-device intelligence, personal data remains secure, allowing users to focus on ideas without privacy concerns – empower teams with the latest AI technology and unlocking the full potential of virtual collaborations.

ASUS ExpertGuardian: the ultimate guardian for confidential data

ASUS ExpertBook P5‘s robust security arsenal safeguards critical data. Engineered with a commercial-grade and NIST SP 800-155-compliant BIOS, it provides a foundational layer of protection against firmware attacks. Coupled with Windows 11 Secured-core PC technologies, the ExpertBook P5 creates a fortified defense against software vulnerabilities. To ensure long-term security, ASUS offers a comprehensive five-year support for BIOS and driver updates, safeguarding the system against emerging threats.

Complementing this robust hardware-based security, ExpertBook P5 includes a complimentary one-year McAfee+ Premium membership. This comprehensive security suite leverages McAfee Smart AI for advanced threat detection, including AI-powered deepfake detection to protect against sophisticated social engineering attacks. Additionally, email scam protection provides an extra layer of defense against phishing attempts.

ASUS Business Support

Understanding the critical needs of modern professionals, ASUS Business Support is not merely a warranty — it’s a comprehensive service package that includes on-site repairs, dedicated technical assistance and 24/7 customer support. This robust support framework ensures that every ExpertBook user experiences minimal downtime and receives personalized solutions to their technical issues.

AVAILABILITY & PRICING

The ASUS ExpertBook P5 is available in 4 different configurations starting from October 21st, 2024.

The 4 specifications are available on the ASUS Store, ranging from CA$1,299 to CA$1,799 both for B2B and B2C customers.

The ExpertBook P5 (P5404) with an Intel Core Ultra 5 processor 226V, 512 GB M.2 PCIe® 4.0 2280 SSD, an upgradeable M.2 2230 SSD slot, 16 GB LPDDR5X-8533 RAM and Windows 11 Home is now available starting from CA$1,299 on the ASUS Store and Costco.

An additional version with Windows 11 Pro is available on the ASUS Store and selected retailers for CA$1,399.

The ExpertBook P5 (P5404) with an Intel Core Ultra 7 processor 258V, 1 TB M.2 PCIe® 4.0 2280 SSD, an upgradeable M.2 2230 SSD slot, 32 GB LPDDR5X-8533 RAM and Windows 11 Pro is now available starting from CA$1,799 on the ASUS Store and selected retailers.

An additional version with Windows 11 Home will be available later starting from October 28th on the ASUS Store and selected retailers, starting from CA$1,699.

Leave a comment »

How Scammers Are Using Google Ads To Get You To Fall For Their Scams

Posted in Commentary with tags on October 21, 2024 by itnerd

One thing that I always cover when I speak to community groups about avoiding scams is to not trust the results that search engines provide. Simply put, scammers can use a variety of techniques to put themselves ahead of legitimate phones numbers and websites on Google. That in turn makes it far more likely that someone will engage with that ad and fall for a scam because they are leveraging the fact that humans tend to click on the first or second search result when they look for something.

Here’s an example of that that I found on Reddit yesterday:

Now I wasn’t able to replicate this search result with implies that the ad might have been taken down. You’ll note that I said ad in the previous sentence as this is an advertisement that is designed to pop up when certain keywords are used. In this case, “Bell Internet Customer Service”. This isn’t a new technique that scammers use to prey on the unsuspecting. But it is the first time I have seen it in association with a Canadian telco like Bell. Now you’re likely wondering how I know that this is an ad. For starters it says “sponsored” right above the words “5G mobile”. And if you see that word, that isn’t a search result that you can rely upon. Ever.

So what happens when you go to 5gmobilebell.ca? You go to this website:

In terms of look and feel, this isn’t even in the same star system as Bell’s website. So while it is possible that someone might get fooled and fall for this, I would imagine that their success rate would be pretty low. That’s further reinforced by this:

Clearly these losers used a template to build this website and couldn’t even fill out even the most basic details of the template. But again, that likely won’t stop someone from falling for it and calling the number.

As for calling the number to find out what the scam is, I tried calling but didn’t get an answer. But a few minutes later I got a call back from a US number which was clearly spoofed as Bell which is a Canadian telco would never call you from a US number. I couldn’t be bothered to answer the call as the effort level that was put in by these scammers is pathetically low. So I turned this information over to the scambait community to see if they can have some fun with these losers. Having said that, this could easily have been far more dangerous because they started this scam with the technique of buying ads to ensure that their scam pops up at the top of Google’s search results which is known for being successful at separating people from their money. That means that you need to be aware of this so that you don’t end up being one of those people who are separated from their money by a scammer.

Leave a comment »

TELUS Brings Pure Fibre To Ontario And Quebec…. Let’s Dig Into The Weeds

Posted in Commentary with tags on October 20, 2024 by itnerd

For most people in Ontario and Quebec, if you wanted to get an Internet connection that is end to end fibre as opposed to fibre to some box close to your home and coax copper cable the rest of the way, there was only one option. Bell. But that might be changing. In an odd move, and I say that because it wasn’t put out in any press release that I can find, TELUS is apparently expanding their Pure Fibre offering to Ontario and Quebec. If you go to this link and you live in either Ontario or Quebec, you will see this:

Now my first thoughts were as follows:

  • How much does this cost?
  • Are they setting up their own infrastructure or are they using Bell’s infrastructure seeing as TELUS and Bell already share cell towers in various parts of Canada.

Answering the first question likely points towards what the answer might be for the second one. Here’s how much it costs:

So if you bundle Internet with getting access to a number of streaming services, it’s $109/month. But if you bundle up Internet with TELUS Mobility, it’s $10 cheaper. I for one would be interested in what the price is for those who don’t want to bundle anything. The fine print can help you with that.

So the regular price is $130 a month. Honestly that isn’t a good deal. Distributel which is a Bell company will serve up a 1GB connection to your home for just under $70 a month. Now some of you will say that TELUS is offering a 1.5Gbps connection. My response to that is that it doesn’t matter. As I said here, nobody needs more than 500 Mbps into their home as nobody can fully leverage that connection speed.

That brings me to the question of whether TELUS is rolling out its own infrastructure to support their Internet ambitions, or are they leveraging Bell’s infrastructure. I’m thinking that it’s the latter because if TELUS had its own infrastructure, they would price their offering to try and steal customers from Bell. That’s not happening here as their pricing is a bit higher than other companies that resell Bell’s services. For example Teksavvy who have this price for service to my address:

So is TELUS Pure Fibre an option for those who want Internet access via end to end fibre. I suppose it is. But Bell is going to be the cheapest option because they have their own infrastructure. Though you may have to deal with their rather problematic customer service to save some cash for a year or two until they hike the price on you. If you’re a Bell customer, this isn’t a better option if you have had your promo pricing expire and you can find lower prices elsewhere. Distributel as illustrated above is an example of that. What is a real alternative to Bell that gets you fibre is Beanfield as they do have their own infrastructure unlike TELUS. But only if you’re in an area that they serve. I say that because I have seen examples where Bell is hyper aggressive in terms of their pricing if Beanfield is an option for customers.

What this continues to illustrate is that there still is a need to have more players with their own infrastructure to create more competition in the telco landscape. Because while this move into Ontario and Quebec is mildly interesting, it doesn’t move the needle in terms of lower telco prices for Canadians.

1 Comment »

Why I Am Leaving Bell…. Again

Posted in Commentary with tags on October 19, 2024 by itnerd

If you’re a long time reader of this blog, you’ll know that I started out having Bell DSL Internet and home phone a very long time ago. And because of a rather negative experience when my phone went out of service, I dumped Bell for Teksavvy. This was in 2009. And only because Rogers took the entire country offline a couple of years ago did I return to Bell. And this was despite the fact that a previous attempt to return to Bell went off the rails. Though the process to do that was not exactly the best customer experience possible, and it as also full of attempts to upsell me. But at the end I got Bell Fibe installed and it worked well for our needs. Though that’s when I also confirmed that Bell’s customer service wasn’t that great at times. Other times it was brilliant.

So that brings me to today where I am dumping Bell for a second time. And it’s due to price. Now when I signed up for Bell, I was paying the following when I first signed up for Bell:

  • 1.5 Gbps down/940 Mbps up Internet service for $49.95 a month for 24 months. After that the price goes up to 84.95 a month.
  • A home phone package with North American calling and services like call waiting and caller ID for $56.56 a month.
  • TV, which I didn’t want but they slipped in for $10 a month to facilitate a bunch of discounts.

The bottom line is that I started out paying $116.51 a month with Bell including taxes. But fast forward to today and I am paying $192.10. That’s because of Bell’s seemingly random price increases and the expiration of various promotional credits added over $75 a month to my bill. That’s a non-starter in today’s economy. And asking Bell for a better deal is also a non-starter because like a lot of Canadian telcos these days, they won’t try to keep you as a customer. Instead, they would rather let you go to another telco and try to win you back. I spoke about this here, but in short Canadian telcos don’t care about retaining customers. They only care about making as much money as they possibly can before those customers leave for another telco. Then trying to win you back so that it looks like you’re a new customer. Knowing that, I am forced to switch providers if I want to lower my telco costs.

Enter Distributel. They’re owned by Bell and use Bell’s infrastructure. But they for the most part don’t behave like Bell. And according to Reddit, they also seem to have decent customer service unlike Bell. But most importantly, they don’t cost nearly as much as Bell. So after looking at their website and giving them a call, I walked away with this:

  • Internet: 1 Gbps down / 750 Mbps up – $69.95 a month. A WiFi pod is included for free.
  • Home Phone: Free local calling and 500 minutes of North American Calling – $25 a month with the first month free.
  • They are waving my install and shipping fees (to ship their hardware to me).
  • They will work with Bell to cancel my Bell service. Which isn’t surprising as it’s technically the same company.

So with taxes my monthly bill should be just over $100 a month. Compared to what Bell is charging me, that’s a no brainer. Now I should point a couple of things out:

  • Distributel appears to use YAK for their telephone service. Which makes this a VoIP type system. That means that if the Internet is out or the power is out, I have no home phone. Which is fine as that is the situation that I have with Bell right now. And I mitigate some of that by having a UPS as described here.
  • Some of you will say that I am giving up speed on my Internet connection because I’m dropping from 1.5 Gbps down/940 Mbps up. The fact is that I am unlikely to notice a difference because of what I argue here. In short, nobody really needs anything over 500 Mbps up or down because you are highly unlikely to ever fully max out a 500Mbps connection, never mind anything faster.

I was on the phone with Distributel for about half an hour or so, and they had also committed to porting my home phone number, sending me their hardware, and booking a service appointment for the 25th of October in the afternoon subject to confirmation. During this time, I never felt pressured to get services that I didn’t need, and the rep explained everything to me in detail and answered any question that I had. This is the exact opposite experience that I had with Bell when I moved to them from Rogers. It’s shocking to believe that Distributel is owned by Bell.

So what happens now? Well I will wait for confirmation of my service appointment, and I will document how that appointment goes. I don’t expect it to be long as I already have Bell Fibe in my condo. And since they use Bell’s infrastructure, it shouldn’t hard to make the switch. The other thing that I expect is a phone call from Bell with a “winback” offer. For now I will ignore that as I want to give Distributel a fair shot as so far things seem positive with them.

As I said, I will be updating you on how the install goes along with anything else technical and non-technical that I encounter. Stay tuned for that.

1 Comment »

Bluesky Adds 500,000 New Users Because Of Elon Musk’s Stupidity

Posted in Commentary with tags , on October 18, 2024 by itnerd

I’ve used a term called FAAFO in stories related to the stupidity of Elon Musk and how he runs Twitter. And a few days ago I posted two stories related his latest stupid moves. And as a result of those stupid moves, Elon is now in the find out phase. According to this, Bluesky has had an influx of new users:

update: half a million new people in the last day 🤯welcome, いらっしゃいませ, 환영, bem-vindo! 🦋🎉

Bluesky (@bsky.app) 2024-10-17T17:00:19.693Z

You have to wonder if Elon is actually trying to turn Twitter into a profitable company anymore because driving away users from a platform that is dependent on users doesn’t seem like a winning strategy to me. Is Elon so focused on his goal of making Twitter the world’s town square shaped to match his personal views that nothing else matters? Regardless, Elon’s latest stupid idea has now resulted in him finding out how stupid his ideas are.

Leave a comment »

Boston Children’s Hospital’s BHCP Pwned In Cyberattack

Posted in Commentary with tags on October 18, 2024 by itnerd

Boston Children’s Health Physicians (BHCP), part of the Boston Children’s Hospital network of care, announced that a cyberattack on its IT vendor occurred on September 6, resulting in exfiltrated files after unauthorized activity on its network. Those impacted include patients, current and former employees, and guarantors. Exposed data includes full names, SSNs, Addresses, DOBs, driver’s license numbers, MRNs, health insurance data, billing and treatment information. BHCP confirmed that the attack did not impact its electronic medical record systems, as they are hosted on a separate network. The BianLian ransomware gang claimed the cyberattack earlier this week and said that unless a ransom is paid, they will leak stolen files that allegedly include finance and HR data, email correspondence, health and insurance records, and data related to children.

Steve Hahn, VP of Americas, BullWall had this to say:

   “There is a reason HIPPA has strict compliance guidelines and cyber security is supremely important to the security of hospital records. Ransomware attacks on hospitals continue to rise, and are a serious threat to public health and safety. These attacks not only disrupt the delivery of essential medical services, but always compromise the security of sensitive patient information.

  “The impact of these attacks can be devastating. They can leave patients and their families open to new harms at what is likely the most vulnerable point in their lives, and can leave institutions struggling to preserve patient care, protect their data and regain control of their systems. Whether a ransom is paid or not, the costs in terms of potential patient and caregiver impacts (as well as dollars) can severely impact these already struggling patients and their caregiving institutions. It’s particularly egregious that this attack focuses on clinicians serving the youngest, most vulnerable of patients.

   “Healthcare providers MUST expand beyond mere alerting, and institute actual ransomware resilience that can immediately contain an attack and proactively prevent server intrusion. They need MFA to every server, every session, working towards a zero-trust environment and, most importantly, they need containment and recovery strategies in place. In the same way that defense experts ‘war game’ physical attacks, knowing that solely focusing on preventing them isn’t viable, our major healthcare institutions must move to protect their critical infrastructure the patients and caregivers in their charge. This means operating from the vantage point that ransomware attacks are not a case of “if” but “when” – and implement resilience against ransomware to immediately thwart attacks and attempts at propagation, encryption and exfiltration.”

Once again healthcare is the target of a cyberattack. We keep talking about the fact that this is a sector that needs to put more focus on making sure that this isn’t something that keeps being repeated. I’m personally wondering when we will see that actually start to happen.

Leave a comment »

EnGenius Unveils SecuPoint Triad

Posted in Commentary with tags on October 18, 2024 by itnerd

EnGenius Technologies has announced the launch of the SecuPoint Triad (ESP100) a premium networking solution designed specifically for small and medium-sized businesses (SMBs). The SecuPoint Triad is priced at an MSRP of $799, representing a significant savings of 42% compared to purchasing these items individually for $1,382. This competitive pricing, paired with the product’s advanced features available through a unified interface, provides a compelling reason for small and medium-sized businesses and system integrators to transition from off-the-shelf, consumer-grade networks to a professional-grade system. 

This intuitive out-of-the-box solution is perfect for SMBs looking for high-performance hardware, easy cloud management, cost-effective connectivity, and enhanced security features. Unlike other solutions, the SecuPoint Triad provides a low barrier to entry and flexibility to scale as the business grows. 

SecuPoint Triad includes a comprehensive lineup of user-friendly hardware that is simple to set up and install and can be easily managed via the EnGenius Cloud. It features a VPN router that can be managed with automatic firmware and security updates, control over usage limits, and peace of mind. The EnGenius Cloud management system offers comprehensive network management. With included (2) Wi-Fi 6 access points and 24-port switch, you can control business devices, monitor switch port usage, and access troubleshooting tools remotely

Secure, Simple, and Sustainable Networking 

1. Robust Security: The SecuPoint Triad provides the highest level of protection for your business data with the VPN router. This router offers multi-gigabit performance, a high-efficiency layer 7 firewall, and L7 policy-based routing capabilities. Its user-friendly Site-to-Site VPN and Client VPN features ensure seamless, encrypted communication, giving users the confidence to connect safely to their business resources while maintaining optimal network performance.

  2.Simple Management: SecuPoint Triad simplifies network management with its integrated cloud management. The system allows centralized control, deployment, troubleshooting, and real-time monitoring and analytics. This is ideal for professional offices with limited or outsourced IT resources. SecuPoint Triad ensures that customers can focus on their business rather than complex IT issues. 

 3. Leading-Edge Features: This comprehensive package offers advanced AVXpress technology integrated with enterprise-grade devices, providing exceptional performance for business applications. With minimal IT setup, reliable VPN, and high-quality audio/video solutions, you can seamlessly conduct business calls, live recordings, and AI-powered tasks, even in remote work environments

4. Flexible Scalability: The SecuPoint Triad is designed to facilitate growth, allowing businesses to expand their network as they evolve. With support for future upgrades and integrations, SMBs can confidently invest in a solution that adapts to their changing needs.

5. Cost-Saving Solution: This solution was designed to reduce downtime, increase uptime, and provide a healthier bottom line with a cost-effective solution that delivers sustainable performance and savings.

Components of the SecuPoint Triad:

  • VPN-Router: Delivers robust security, streamlined VPN and VLAN configuration, and dependable connectivity.
  • 24-Port Switch: Enables lightning-quick and dependable network access for all your office devices. 
  • Wi-Fi 6 2×2 Access Points (2 units): Provides expansive, up to 2500 sq ft. and high-speed wireless coverage.
  • PoE+ Injectors (2 units): Offers energy-efficient power delivery to your network devices.

 The SecuPoint Triad is available to purchase through EnGenius’s online store, resellers, and distributors. For more information about this solution, visit https://store.engeniustech.com/pages/secupoint-triad

Leave a comment »

CISA warns of Iranian initial access brokers targeting critical infrastructure 

Posted in Commentary with tags on October 17, 2024 by itnerd

Yesterday, CISA published a joint advisory stating that Iranian hackers are acting as initial access brokers to gain access to critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks by other threat actors. 

The government agencies warn that since October 2023, Iranian actors have used brute force, such as password spraying, and MFA ‘push bombing’ or fatigue to compromise user accounts and obtain access to organizations.

Once threat actors obtain persistent access, they typically register their own devices with the organization’s MFA system, collect more credentials, escalate privileges, and learn about the breached systems and the network, allowing them to move laterally and identify other points of access and exploitation.

The agencies made numerous recommendations including but not limited to:

  • Reviewing authentication logs for failed logins
  • Looking for MFA registrations with MFA in unexpected locales/devices
  • Checking for suspicious privileged account use after resetting passwords 
  • Applying user account mitigations after password resets
  • Investigating unusual activity in typically dormant accounts
  • Scanning for unusual user agent strings

The alert is co-authored by the FBI, NSA, the Communications Security Establishment Canada, the Australian Federal Police, and the Australian Signals Directorate’s Australian Cyber Security Centre.

Evan Dornbush, former NSA cybersecurity expert has some perspective on this:

   “Google released a report noting 70% of exploited flaws disclosed in 2023 were zero-days. Mandiant released a report noting attackers have incredibly decreased the time it takes to convert a disclosed flaw into an easily-available exploit product. Microsoft released a report noting that 78% of nation state activity is against the private sector, often in the form of for-profit actions. And CISA in collaboration with the UK and Australia are noting that criminals and governments are working together, sharing tools and access.

“The essential insight here is the necessity to evolve from purely reactive posturing, and shift to take proactive measures as part of one’s applied cybersecurity strategy. The amount of money criminals can earn is getting too little attention. It is too costly to defend, and too cheap to attack, and until we can affect a paradigm shift, things will continue to escalate.”

This is another one of those documents that’s required reading if your job is to keep your organization from getting pwned. Something that is getting harder to do these days.

UPDATE: I have two more comments on this. Starting with Avishai Avivi, CISO, SafeBreach:

“The CISA alert of Iranian cyber actors’ brute force and credential access activity is a good reminder – especially during cybersecurity awareness month – that these malicious actors are working to abuse ‘Multifactor Authentication (MFA) Exhaustion.’ If, as a good cyber-aware person, you’ve enabled MFA on your social networking, WhatsApp or other messaging apps, and bank accounts, you may have grown used to getting and approving MFA requests. The malicious actors hope you won’t pay attention and approve any MFA push notification you may receive. So, as a reminder, when you are prompted to authorize a session, please take a quick second to verify that you are the one who made that request. Malicious actors are constantly testing credentials they’ve obtained through breaches. They hope that the combination of these credentials and MFA exhaustion will let them take over your account. While the CISA alert specifically mentions critical infrastructure as the target of these malicious actors, this diligence is important to prevent access to your work and personal accounts.”

Followed by James Winebrenner, Chief Executive Officer, Elisity:

“On October 16, 2024, FBI, CISA, NSA, and other global government agencies published an advisory about how Iranian cyber actors recently compromised critical infrastructure organizations using brute force attacks and MFA bombing, then performed network discovery and lateral movement. This is just one more example of a nation-state cyber attack that used lateral movement. Also in 2024, China’s Volt Typhoon group compromised IT networks of multiple critical infrastructure organizations in the U.S., using lateral movement to access operational technology assets for potential disruptive attacks. North Korean hackers targeted aerospace and defense organizations with a new ransomware variant called FakePenny, using lateral movement for intelligence gathering. A modern identity-based microsegmentation platform would detect and prevent such unauthorized lateral movement attempts, preventing attackers from accessing sensitive systems even if initial credentials are compromised. CISOs and security architects want to look for a platform that provides comprehensive asset discovery and visibility and enables identity-based policies that enforce least-privilege access across users, devices, and applications, significantly reducing the attack surface and stopping threat actors from moving laterally within the network.”

Finally Ryan Patrick, VP of Adoption, HITRUST:

“In response to the recent joint advisory issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and their international counterparts, HITRUST acknowledges the escalating threat posed by Iranian cyber actors who are actively targeting critical infrastructure sectors, including healthcare and public health (HPH).

We recognize the critical importance of safeguarding sensitive data and systems in these highly targeted industries. The advisory highlights the need for organizations across healthcare, government, energy, and information technology to reinforce their defenses against advanced tactics, including brute force credential attacks. Cybercriminals are increasingly sophisticated in their efforts to exploit vulnerabilities and sell access to compromised networks, putting critical infrastructure at risk. A key aspect of preventing these attacks lies in integrating threat intelligence into cybersecurity strategies. HITRUST emphasizes that assessments and controls informed by up-to-date threat intelligence are crucial in identifying and mitigating emerging risks. By embedding intelligence-driven controls into their operational security, organizations can proactively defend against evolving tactics used by cybercriminals, including brute force attacks. This continuous monitoring and refinement process allows for stronger protection of sensitive data and critical infrastructure.

We encourage all organizations, especially those in the healthcare and public health sectors, to review the joint cybersecurity advisory and ensure that appropriate safeguards are in place, including the use of strong authentication methods, continuous monitoring, and proactive threat intelligence. HITRUST will continue to support these efforts by delivering the tools and resources necessary to meet the highest standards of information protection and compliance.”

Leave a comment »

New Q3 Report From GuidePoint Highlights Rise in Social Engineered Ransomware Attacks

Posted in Commentary with tags on October 17, 2024 by itnerd

Today, GuidePoint Security published its quarterly GRIT Ransomware report, diving into the evolving ransomware ecosystem and the top tactics and procedures threat actors are leveraging. Additionally, research unveils a rise in social engineering tactics by an emerging Ransomware-as-a-Service (RaaS) “middle class.”  

Highlights of the report:

  • Ransomware remains a threat, with 49 active groups impacting more than 1,000 publicly posted victims in Q3 2024.
  • A strong “middle class” has surfaced in the RaaS ecosystem, distributing ransomware victims across a greater number of diverse groups.
  • The industries most impacted by ransomware in Q3 2024 were manufacturing, technology and healthcare, respectively. Manufacturing remains the most impacted industry.

You can download the report here: https://www.guidepointsecurity.com/resources/ransomware-cyber-threat-insights-the-rise-of-ransomwares-middle-class/

Leave a comment »

Foxit to Showcase PDF Accessibility Innovations At EDUCAUSE 2024

Posted in Commentary with tags on October 17, 2024 by itnerd

Foxit, a leading provider of innovative PDF and eSignature products and services, helping knowledge workers to increase their productivity and do more with documents, today announced it will be showcasing its cutting-edge PDF accessibility features at EDUCAUSE 2024 in San Antonio, Texas. Foxit will be highlighting its newly enhanced Accessible Math capabilities, which leverage the latest PDF 2.0 standards to make complex mathematical formulas accessible to individuals with disabilities, including those who are blind, visually impaired, or have learning disabilities.

WHEN:

October 22, 2024 | 9:00 a.m. – 5:15 p.m.

October 23, 2024 | 9:00 a.m. – 4:45 p.m.

WHERE:

San Antonio, TX – EDUCAUSE 2024 Exhibit Hall

Henry B. Gonzalez Convention Center

Booth #10068 (across from Dell) 

BOOTH HIGHLIGHTS:

Accessible Math Capabilities:

  • Discover how Foxit is pioneering the future of Accessible Math. With the implementation of PDF 2.0 and MathML, Foxit is enabling complex mathematical formulas to be accurately navigated and read aloud by screen readers, making it easier for students and professionals to access and engage with scientific and technical content. To learn more about Foxit’s Accessible Math advancements, read its blog titled, “Foxit’s Role in the Future of Accessible Math” here: https://www.foxit.com/blog/foxits-role-in-the-future-of-accessible-math/ 

Foxit AI Assistant Live Demos:

  • See Foxit’s AI Assistant in action! Live laptop demos will be available for attendees to try out Foxit’s AI features firsthand.

Learn About PDF Accessibility Initiatives:

  • Sign up at the booth for an exclusive upcoming webinar on PDF Accessibility, hosted by The Accessibility Guy.

“6x Student” Promotion:

  • Learn more about Foxit’s “6x Student” promotion, where purchasing licenses for at least half of your campus employees gets you six times that amount in free licenses for students. Limited time offer!

Giveaways:

  • Let Foxit scan your badge to enter a drawing for Raycon Everyday Earbuds.
  • Participate in a 60-second on-camera interview to share your experiences with digital documents, and you’ll be entered to win a $500 Amazon Gift Card! (Signing a digital waiver is required.)

FOXIT PDF EDITOR+ FOR EDUCATION – SPECIAL DISCOUNTED RATE:

Learn more about Foxit PDF Editor+ for education; as well as how colleges, universities, and K-12 schools can get it for faculty, staff, and students at a special discounted rate, here: https://www.foxit.com/edu/.

DIGITAL ACCESSIBILITY COMPLIANCE:

Foxit solutions adhere to major digital accessibility standards, including (but not limited to): Section 508, PDF/UA, and WCAG 2.0 and WCAG 2.1 Standards. 

JOIN FOXIT’S PDF ACCESSIBILITY WORKSHOP WITH THE ACCESSIBILITY GUY:

Tue, Oct 29, 2024 2:00 PM – 3:00 PM EDT

Are your PDFs truly accessible? Don’t miss out on this opportunity to learn the ins and outs of creating inclusive, compliant, and user-friendly PDFs that everyone can access. In this hands-on workshop, Shawn Jordison, aka The Accessibility Guy, will guide you through the essentials of PDF accessibility, including legal requirements, best practices for document properties, tagging, and using Foxit’s built-in tools to ensure your PDFs are optimized for all users. Key takeaways: 

  • Understand the importance of PDF accessibility for inclusivity and compliance 
  • Learn how to set up your workstation for efficient accessibility workflows 
  • Master the use of tags, reading order, alt text, and more 
  • Discover how Foxit’s tools can streamline your accessibility tasks

Whether you’re new to accessibility or looking to sharpen your skills, this workshop is for you. Sign up today and take your PDFs to the next level! https://register.gotowebinar.com/register/2900939826726438749 

Leave a comment »

« Older Entries
Newer Entries »