Tesla’s  “We, Robot” Event Appears To Have Impressed Nobody 

Posted in Commentary with tags on October 11, 2024 by itnerd

Last night, Elon Musk held an event called  “We, Robot” which introduced three things:

  • Tesla Cybercab: The Tesla Cybercab is a futuristic, fully autonomous robotaxi designed without a steering wheel or pedals, positioned to revolutionize mass transit with extremely low operating costs. It features a sleek design with upward-opening butterfly doors and a compact cabin that seats two passengers. Musk said the Cybercab uses inductive charging instead of a traditional plug-in. The vehicle is expected to cost under $30,000. Regulatory approval will be needed before it can go into production, which is projected to begin by 2026 or 2027. 
  • Tesla Robovan: The Tesla Robovan is a dustbuster-shaped electric passenger van featuring sliding glass doors, a bright interior, and carriage-style seating for up to 20 passengers. Pricing and release details were not disclosed. 
  • Tesla Optimus: The updated Tesla Optimus robot is a humanoid designed to handle everyday tasks, such as retrieving packages or serving drinks. Optimus walked on stage and interacted with attendees, though its current capabilities are still limited. Elon Musk envisions the robot as a transformative product, with plans to produce millions of units at a price of around $20,000.

The thing is, as much as Elon likes to think he’s the second coming of Steve Jobs, people aren’t buying his act anymore. He’s been promising self driving cars for years, but has never delivered. He has shown off the Optimus robot before, and it did absolutely nothing. The Cybertruck is a truck that fails at doing basic truck stuff. I could go on. Elon has been a vaporware machine for years. And this is reinforced by this text that was tossed onto the screen before the event started:

If you can’t read that, here’s the time stamp via YouTube. In short this whole block of text should be considered “forward looking statements” which is another way of saying don’t rely on anything that Elon says as being fact. That’s a way for Elon to cover his posterior because he’s been burned before for saying stuff that doesn’t happen at all or in the way that he says it will.

All of this isn’t helping the stock price of Tesla:

Clearly the markets are not impressed by this event. Nor should they be. The fact is that Elon Musk is nothing but a grifter. And if he wants to change that perception, he needs to announce products that actually and consistently ship on time and function exactly as promised. For example full self driving needs to happen. The Cybertruck needs to not be a joke. If he does that, maybe he has a shot at being the next Steve Jobs. But until that happens, he’s more akin to being the next Donald Trump. And that’s not good company to be in.

Leave a comment »

The Wayback Machine Has Been Pwned

Posted in Commentary with tags on October 10, 2024 by itnerd

Yesterday, Internet Archive’s “The Wayback Machine” suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records claimed by the pro-Palestinian hacktivist group Black Meta. Additionally, the internet archive suffered a DDoS attack today although it is not believed that the two attacks are connected. Here’s the details:

News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!,” reads a JavaScript alert shown on the compromised archive.org site.

The text “HIBP” refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

The most recent timestamp on the stolen records is September 28th, 2024, likely when the database was stolen.

Here’s some insights from Avishai Avivi, CISO, SafeBreach:

“The latest publicly disclosed breach of the Internet Archive, which could potentially disclose approximately 31 million usernames and passwords, has some cybersecurity veterans like myself scratching our grey beards and asking, “But why?” On the face of it, the Internet Archive doesn’t hold any money, nor does it collect any personal information. Other than nostalgia, there is very little motive for this. Except, there is a database with 31 million users and passwords.

It is unfortunate that despite repeated warnings and recommendations, people still reuse passwords across multiple sites and accounts. Also, despite numerous pleas, they do not activate multi-factor authentication where possible.

So, if you are a cyber-progressive end-user:

  • You use a password manager and a randomly generated password for each site you visit.
  • You don’t share passwords between different sites you visit.
  • You use multi-factor authentication where possible, but certainly on the more sensitive accounts (Bank, Healthcare, etc.)

This breach doesn’t matter to you. At worst, go to Internet Archive site and change your password (if you had one). If you don’t follow one or more of the above, we recommend that you check all other sites where you may have possibly used the same username and password if you did have a user on the Internet Archive.”

This advice is good advice that everyone should follow. Because that would make you far less likely to be a victim of some sort of pwnage.

Leave a comment »

TrackMan Data Breach Exposes 31 Million Records

Posted in Commentary with tags on October 10, 2024 by itnerd

There’s been a significant data breach involving TrackMan, a well known sports tech provider offering swing and shot analysis for golf, baseball, and tennis players. 

What happened: 

A database with 31 million records was left unprotected, exposing personal information such as names, emails, IP addresses, and more. 

Why it matters: 

This breach could lead to targeted spam, malware distribution or phishing attempts. Professional athletes are at higher risk due to their status. 

For more details on the breach and potential risks, please read this report: https://www.websiteplanet.com/news/trackman-breach-report/

Leave a comment »

Mobile Klinik and Apkudo partner to raise the standard for reliability, sustainability and quality in device repair and refurbishment in Canada

Posted in Commentary with tags on October 10, 2024 by itnerd

Today, Mobile Klinik and Apkudo announced a trailblazing collaboration, making Mobile Klinik the first major Canadian retailer to integrate Apkudo’s cutting-edge Circular Industry Platform, which will transform its device repair and refurbishment processes. Apkudo’s automation technology will allow Mobile Klinik to streamline device testing and grading, reduce operational risks, scale operations, and ensure that every refurbished certified pre-owned device meets the company’s rigorous standards. This means customers will now benefit from greater transparency around the lifecycle of their devices, along with a wider selection of certified pre-owned options available at Mobile Klinik and TELUS store locations nationwide.

Mobile Klinik is committed to delivering consistent customer experiences, and offering more powerful, data-driven device repair and refurbishment services than ever before. With Apkudo’s automation technology, customers will benefit from an added layer of confidence, knowing that every certified pre-owned device has been thoroughly tested – from functionality to connectivity – and optimized for performance and the highest quality as part of Mobile Klinik’s new and improved process.

With more than 130 locations nationwide, customers can conveniently buy, sell, connect, and repair their devices online and in-store at any Mobile Klinik location from coast to coast. Canadians have access to a wide selection of certified pre-owned devices from major brands, including iPhones and Androids, as well as expert repairs performed by certified technicians who have completed over 1 million repairs using only premium parts.

For more information and to find your nearest Mobile Klinik store, visit mobileklinik.ca.

Leave a comment »

AHEAD Achieves AWS Healthcare Competency Status

Posted in Commentary with tags on October 9, 2024 by itnerd

AHEAD, an AWS Premier Tier Services Partner and leading national provider of cloud, data and digital engineering solutions, announced today that it has achieved the Amazon Web Services (AWS) Healthcare Competency.

Achieving this competency differentiates AHEAD as an AWS Partner that provides specialized services that help healthcare organizations adopt, develop and deploy complex projects on AWS. To receive the designation, AWS Partner Network (APN) members must possess deep AWS expertise and deliver solutions seamlessly on AWS.

AHEAD has developed a comprehensive approach that empowers healthcare providers to accelerate digital initiatives, streamline operations, improve data accessibility and deliver more effective and personalized care.

AHEAD offers solutions within electronic health record (EHR) modernization, including Epic migration, and EHR-integrated imaging accessibility. By leveraging AHEAD’s Data & AI solutions, healthcare organizations can make data-driven decisions that directly impact patient care. AHEAD secures healthcare organizations through the construction of scalable, multi-site networks that adhere to AWS best practices and comply with HIPAA, HITRUST and NIST.

AWS is enabling scalable, flexible and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify Consulting and Technology APN Partners with deep industry experience and expertise.

For more information on AHEAD’s partnership with AWS, visit https://ahead.com/partner/aws/.

Leave a comment »

Palo Alto Expedition: From N-Day to ATO, Full Compromise Says Horizon3.ai

Posted in Commentary with tags on October 9, 2024 by itnerd

Horizon3.ai Chief Attack Engineer Zach Hanley has just published “Palo Alto Expedition: From N-Day to Full Compromise.”

 Zach notes: “On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition application before, it’s advertised as:

The purpose of this tool is to help reduce the time and efforts of migrating a configuration from a supported vendor to Palo Alto Networks. By using Expedition, everyone can convert a configuration from Checkpoint, Cisco, or any other vendor to a PAN-OS and give you more time to improve the results.

“Further reading the documentation, it became clear that this application might have more attacker value than initially expected. The Expedition application is deployed on Ubuntu server, interacted with via a web service, and users remotely integrate vendor devices by adding each system’s credentials.”

Today’s blog details finding CVE-2024-5910, and also how Zach and his team discovered three additional vulnerabilities which they reported to Palo Alto:

  • CVE-2024-9464: Authenticated Command Injection
  • CVE-2024-9465: Unauthenticated SQL Injection
  • CVE-2024-9466: Cleartext Credentials in Logs

The blog post also includes indicators of compromise (IoCs) for the vulnerabilities.

Horizon3.ai adheres strictly to responsible disclosure of its research, and the disclosure timeline is noted in today’s blog, which you can read here.

Leave a comment »

Nikon Releases New STABILIZED Binoculars Series

Posted in Commentary with tags on October 9, 2024 by itnerd

Today, Nikon Canada Inc. announced the release of the new STABILIZED binocular series with two new models that feature a compact, portable design while incorporating an original STABILIZED function to provide a clear and stable image. This original stabilization system1 in the new 10x and 12x models reduces vibrations caused by hand movement by approx. 80%, letting users view distant objects such as birds and other wildlife, sporting events, concerts and landmarks clearly and comfortably.

These new STABILIZED binoculars weigh only 13.9 oz (STABILIZED 12×25 S model), making it comfortable and easy to track and view subjects for long periods with minimal fatigue of the eyes or arms. For extended viewing, they are powered by 2xAA batteries, providing up to an impressive 12 hours of battery life. 

Primary features of the Nikon STABILIZED Binocular Series:

  • Stylish, compact and comfortable design is extremely small and lightweight, while also having the ability to fold for maximum portability and easy packing.
  • Uses 2x convenient and readily available AA-size batteries, for approx. 12 hours of battery life
  • STABILIZED Technology reduces vibrations caused by hand movement by approx. 80%, making it easy to track and view subjects.
  • Bright and clear field of view, with a Multilayer Coating applied to all lenses and prisms while high-reflectivity silver-alloy mirror coating is applied on the reflective surface of the auxiliary prism for maximum brightness. 
  • Auto-power shut-off function prevents unnecessary battery consumption if left powered on. This function is engaged after approximately 60 minutes, letting the user focus on the view, while minimizing the need to press a button repeatedly to activate the stabilization. 
  • Ergonomic design fits comfortably in the hand, with a large focusing ring that enables quick focusing. 
  • Turn-and-slide rubber eyecups with multi-click facilitate easy positioning of the eyes at the correct eyepoint.

Price and Availability
The new Nikon STABILIZED 10×25 S and STABILIZED 12×25 S models will be available starting in early November, with an MSRP of $849.95 and $859.95 respectively.  For more information about Nikon Sport optics and other models, please visit www.nikon.ca

Leave a comment »

North Korean Hackers Target Tech Job Seekers in New Malware Campaign

Posted in Commentary with tags on October 9, 2024 by itnerd

Unit 42’s latest research was published today on a North Korean cyber campaign targeting tech job seekers. The campaign, known as CL-STA-240 Contagious Interview, involves fake recruiters on platforms like LinkedIn, tricking users into malware infections that steal sensitive data such as, browser passwords and cryptocurrency wallets. Since its initial report in November 2023, Unit 42 has continued to monitor new online activity and code updates to two pieces of malware tied to the campaign. 

Highlights include: 

  • New malware variant, BeaverTail, targets both macOS and Windows, capable of stealing data and cryptocurrency from 13 different wallets
  • Social Engineering: Attackers pose as recruiters on platforms like LinkedIn and set up fake interviews, convincing victims to download malware disguised as legitimate software like MiroTalk and FreeConference 
  • InvisibleFerret Backdoor: Written in Python, this malware now includes new features like downloading additional remote-control software (AnyDesk) and stealing browser credentials and credit card information 
  • Financial Motive: North Korea threat actors likely have a financial motive given the malware’s focus on stealing cryptocurrency from a growing number of wallets

You can read the research here.

Leave a comment »

New Report From BforeAI Highlights Growing Threat On US Banking Industry

Posted in Commentary with tags on October 9, 2024 by itnerd

Today, BforeAI released the firm’s latest report, “Financial Domain Spoofing Trends of 2024, ” highlighting the growing concern on targeted spoofing and impersonation attacks using high-profile financial organization’s brands, such as BVA, HSBC, and PayPal, as a vector for malicious activity. 

The US banking industry has seen a significant uptick in cyberattacks, particularly in phishing and spoofing. The industry is becoming more of a persistent threat and phishing tactics are becoming increasingly advanced due to AI.

Researchers at BforeAI analyzed 62,074 domains with finance-related keywords. 62% of those observed domains were involved in phishing attacks targeting legitimate institutions through spoofing websites. 

You can read the full report here: https://bfore.ai/financial-domain-spoofing-trends-of-2024/

Leave a comment »

CIRA and Commissionaires join forces to close cybersecurity gaps for Canadian small businesses

Posted in Commentary with tags on October 9, 2024 by itnerd

As malicious actors wreak havoc on organizations of all sizes across the country, Canadian businesses are struggling to improve their cybersecurity posture leading to an increased risk of losing customers. Today, CIRA and Commissionaires announce a partnership that will help make cybersecurity training and protection readily available to small businesses regardless of their budget so they can keep their data, networks and customers safe.

With over 120 years of combined expertise in physical and online security, and a common goal to keep Canadians safe, both not-for-profit organizations have been working together to offer affordable, easy-to-deploy cybersecurity solutions tailored to the Canadian market to a wider range of businesses.

Commissionaires, Canada’s largest private sector employer of veterans and the only national not-for-profit security company, is responding to the increased sophistication and frequency of human engineering attacks by reinforcing businesses’ human cybersecurity layer: employees. This ensures employees receive the regular training they need to stay engaged while teaching them to view digital content critically.

This partnership with CIRA will kick off with two flagship solutions:

  • CIRA Cybersecurity Awareness Training: designed to reduce human cybersecurity risks, this all-in-one platform leverages end-user gamification to include Canadian stories, privacy laws and institutions while providing risk assessment tools and bilingual courses. Over 200,000 Canadians at more than 400 organizations already trust the platform to affect positive behavioural changes.
  • CIRA DNS Firewall: the cost-effective, low-maintenance layer of protection analyzes the DNS traffic of enterprises while also blocking users’ devices and applications from accessing malicious domains, preventing phishing attacks and stopping malware in its tracks. Located in Canadian data centres and peered to Canadian internet exchange points, CIRA DNS Firewall is powered by world-class threat intelligence. 

By leveraging CIRA’s solutions, Commissionaires plans to train thousands of Canadian workers on good security hygiene starting later this month and hopes to reach many more in the coming years.

CIRA and Commissionaires will attend the Colloque Cybersécurité et protection des données personnelles in Québec City on October 10 to discuss the partnership with local ministries, public, parapublic and private organizations.

Additional resources

Leave a comment »

« Older Entries
Newer Entries »