Posted in Commentary with tags Scam on September 29, 2024 by itnerd
Here’s your second scam of the day. And this one is using Canadian airline Air Canada to make you more likely to fall for it. The scam starts via this email:
I find it extremely unlikely that any Canadian airline, never mind any airline period would just willingly hand over cash to anyone for deposit into their bank account or onto their credit card. On top of that, I haven’t flown Air Canada in over six years. So I know that there’s zero chance that this is real.
On top of all of that, this pretty much confirms that Air Canada didn’t send me this:
That’s not Aircanada.com so game over scammer. You lose and people should just delete this email. Except that I didn’t do that and clicked on the “Claim Now” link where I was pleasantly surprised with what I saw:
It looks like the hosting company that was hosting the threat actor’s scam website took it out. That’s good as I find that even when I report scams like this to hosting companies, they either take a long time to take out the website, or they never do. And that leaves people who fall for emails like this vulnerable to getting scammed. So kudos to Bluehost for nuking this website within 24 hours of this scam email hitting my inbox.
That doesn’t change the fact that you still need to be on your toes so that you don’t fall for a scam. Because you can’t depend on others to keep you safe. You have to take action by looking at the details of anything that you get to keep yourself safe.
Posted in Commentary with tags Scam on September 29, 2024 by itnerd
When it comes to finding out about the latest scams, readers of this blog or my clients will sometimes bring them to me. But sometimes they just drop into my lap. Take this one that popped into my inbox that uses Canadian bank CIBC to try and scam you:
Now this leverages a couple of methods to try and get you to fall for the scam. The first is that the mail claims that CIBC has a new “verification method”. That’s something that will get people’s attention because banks are trying to move away from text message based two factor authentication because of SIM swap attacks where a threat actor swaps your cell phone number onto a SIM that they control so that they can then take over your bank account and drain it. So people may assume that this email is legitimate based on that. The second reason why people might fall for this scam is that there’s a sense of urgency around it based on the fact that you have a deadline to do what the threat actor wants you to do. Because nobody wants to be separated from their money. But this of course isn’t coming from CIBC and there’s three ways to tell in this case:
The first is the fact that this email address in the from field isn’t from cibc.com. In fact it’s not even close. So CIBC didn’t send this email.
Looking at the to field shows the same email address. That indicates that this is an email that is being sent to thousands of people hoping that 1 or 2 percent of them fall for this. That’s further reinforced by the fact that the body of the email doesn’t reference me by name and only says “sir or madam.”
The final part are the words “Click To againe Access”. Clearly the threat actor wasn’t smart enough to spell check this before sending this out. #Fail.
So if you get this email, you should instantly delete it and not click on any links. But by now you know that this isn’t how I roll. So I clicked the link and got this:
This is a pretty basic replication of the CIBC website. And if you look at the address bar, it’s clearly not CIBC.com. Which should be two more things to send you screaming in the other direction. But what this website is after is pretty clear to me. The threat actors want your debit card number and your password so that they steal your money. I entered a fake card number and a password that told the threat actor where to go and how to get there, and I was then dumped to the actual CIBC website. Now I can only conclude two things based on that. Either the threat actors had code in the website that detected that I entered invalid information and punted me to the real CIBC website as a result. Or this is a very basic scam website that snatched what I entered so that the threat actors can potentially go to town at someone else’s expense.
So even though this is a very basic, bordering on primitive scam, it’s still a scam. Which means that you need to be on your toes so as to not fall victim to it. Because a scam doesn’t have to be well executed to be effective.
Posted in Commentary with tags CISA on September 28, 2024 by itnerd
The CISA put out an alert that caught my eye yesterday:
CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.
The City of Arkansas City revealed that its water treatment facility had been breached on September 22. The city notified relevant authorities and moved the water plant to manual control to ensure safe operations.
Evan Dornbush, former NSA cybersecurity expert had this comment:
“CISA’s guidance of recommended practices may be ideal for defenders who are well staffed or are perhaps building out new networks.
“In terms of overall practicality, changing default passwords and patching and moving HMI devices behind firewalls or hardened VNC can be laborious.
“Keeping with defense in depth philosophy, it may be more efficient for established OT/ICS operators to add a network detection capability to their existing infrastructure. Using modern advancements in computation, the market is full of quality options for those looking to glean intelligence from their network data.
“Subscribing to a cyber threat intelligence platform is another low-friction avenue. Those purport to increase awareness of known exploited vulnerabilities (KEV) which can help steer defenders towards highest priority infrastructure.”
I truly hope that organizations take these warnings seriously. There’s enough evidence out there that should suggest that not doing so will end badly for all concerned.
Posted in Commentary with tags Hacked on September 28, 2024 by itnerd
A malicious app impersonating the legitimate ‘WalletConnect’ project was available on Google Play for five months, amassing over 10,000 downloads. The fraudulent app, designed to drain cryptocurrency from unsuspecting web3 users, managed to steal approximately $70,000 from victims before being taken down.
The app posed as an official WalletConnect application, despite no such app existing on the Play Store. WalletConnect, a widely-used protocol that allows users to connect decentralized applications to their crypto wallets, does not offer a dedicated app.
George McGregor, VP, Approov Mobile Security had this to say:
“This is an example of a massive issue. Both iOS and Android are affected by fake apps. HarmonyOS and the Samsung Galaxy Store are not immune to the issue. The problem is significant enough that it impacts users of all major mobile operating systems. Despite security measures, and claims to the contrary, fake apps can slip through on all mobile platforms. Official app stores like Google Play and the Apple App Store are overwhelmed struggling to address this issue, despite having extensive app review processes in place.
“Some scammers have found ways to exploit the Apple App Store process by initially submitting apps in specific languages for certain countries, then gradually expanding to other markets.
“So, fake and unauthorized apps are a significant and growing problem. Common advice is that USERS should protect themselves: remain vigilant, carefully review app permissions, be wary of suspicious reviews or download numbers. But the reality is that all platforms face challenges with fake reviews and artificially inflated app rankings, which can make it difficult for users to identify legitimate apps. It is unrealistic to expect users to protect themselves from fake apps.
“In fact it is critical that app developers must put solid security in place – this means a zero trust runtime security solution that immediately identifies and blocks fake apps before they even try to access an API. “
This highlights the fact that users need to be vigilant about what they download. And that’s on top of app marketplaces needing to tighten up on their security to avoid this scenario from happening.
Posted in Commentary with tags Kia on September 27, 2024 by itnerd
This is the second time in a week that I am going to say this. My wife and I are keeping our current car until it dies. But instead of potential privacy issues, it’s due to the fact that cars these days are connected to the Internet. Which means that they could be pwned. Here’s an example of that:
Today, a group of independent security researchers revealed that they’d found a flaw in a web portal operated by the carmaker Kia that let the researchers reassign control of the internet-connected features of most modern Kia vehicles—dozens of models representing millions of cars on the road—from the smartphone of a car’s owner to the hackers’ own phone or computer. By exploiting that vulnerability and building their own custom app to send commands to target cars, they were able to scan virtually any internet-connected Kia vehicle’s license plate and within seconds gain the ability to track that car’s location, unlock the car, honk its horn, or start its ignition at will.
After the researchers alerted Kia to the problem in June, Kia appears to have fixed the vulnerability in its web portal, though it told WIRED at the time that it was still investigating the group’s findings and hasn’t responded to WIRED’s emails since then. But Kia’s patch is far from the end of the car industry’s web-based security problems, the researchers say. The web bug they used to hack Kias is, in fact, the second of its kind that they’ve reported to the Hyundai-owned company; they found a similar technique for hijacking Kias’ digital systems last year. And those bugs are just two among a slew of similar web-based vulnerabilities they’ve discovered within the last two years that have affected cars sold by Acura, Genesis, Honda, Hyundai, Infiniti, Toyota, and more.
“The more we’ve looked into this, the more it became very obvious that web security for vehicles is very poor,” says Neiko “specters” Rivera, one of the researchers who both found the latest Kia vulnerability and worked with a larger group responsible for the previous collection of web-based car security issues revealed in January of last year.
“Over and over again, these one-off issues keep popping up,” says Sam Curry, another member of the car hacking group, who works as a security engineer for Web3 firm Yuga Labs but says he did this research independently. “It’s been two years, there’s been a lot of good work to fix this problem, but it still feels really broken.”
This isn’t just a bad look for Kia. It’s a bad look for the entire car industry. George McGregor, VP, Approov Mobile Security had this to say:
“This shows how mobile app security and backend API security must be considered together. The attacker was able to copy the apps behavior and the backend checks were not sufficient to distinguish these requests from those from a valid app.
“In fact the API needs contextual information about what is going on in the device and the app to be able to prevent this kind of vulnerability being exploited. And the assessment of device and app needs to be thorough and happen continuously so that every request is validated as being legitimate.
“An effective app attestation solution such as the one from Approov can easily stop unauthorized apps, bots, cloned mobile apps or scripts from accessing your APIs and provide a Zero Trust approach that prevents this kind of exploit. “
The car industry simply needs to do better when it comes to security. Because at present, it looks like they as a whole don’t take security very seriously. Though they are free to prove me wrong at any time by describing how they are going to do better on this front and how long that will take.
The UAC prompt is essential for preventing unauthorized actions by providing a security checkpoint for administrators. However, this exploit removes that safeguard, enabling attackers to execute high-level tasks without detection or administrative approval. This could have significant consequences, particularly in environments where elevated permissions are tightly controlled, such as corporate networks or government systems.
Impact: Allows unauthorized escalation to high integrity without UAC, introducing serious post-compromise risks
Affected Systems: Windows 10, Windows 11, Windows Server 2019/2022 (with all updates applied)
Current Status: Microsoft has not classified this as a vulnerability according to their security criteria, but Fortra urges organizations to be aware of the risks, as this exploit can be used for privilege escalation post-compromise.
Fortra has developed a full working proof of concept and provided detailed insights into the vulnerability’s two-stage process, all of which can be found on theirSecurity and Trust Center page: https://www.fortra.com/security/advisories/research/fr-2024-002.
Posted in Commentary with tags Samsung on September 26, 2024 by itnerd
Samsung today unveiled the Galaxy Tab S10 Ultra and Galaxy Tab S10+, Samsung’s first tablets purpose-built for AI. The premium hardware includes 14.6-inch and 12.4-inch Dynamic AMOLED 2X displays — the ideal canvas for the intuitive S Pen bundled with both models. Performance upgrades for the Galaxy Tab S10 Ultra include an 18% increase in CPU, 28% increase in GPU, and 14% increase in NPU compared to the Galaxy Tab S9 Ultra.
This improved processing power enables faster and more responsive Galaxy AI features, which are now easily accessible with written prompts using the new Galaxy AI Key on the Book Cover Keyboards to customize the AI assistant. Innovative software includes features such as Note Assist and Drawing Assist, optimized for the tablet form factor. The Galaxy Tab S10 series also acts as a home AI device, with a 3D Map View available through SmartThings that gives a visual overview of the home and all connected devices to streamline device management across the SmartThings ecosystem. Robust Samsung Knox security also provides data privacy and control.
Built on Samsung’s legacy of providing powerful experiences, the Galaxy Tab S10 Ultra and Galaxy Tab S10+ harness significant leaps in AI processing power to deliver a supercharged experience. The Galaxy Tab S10 Ultra includes an 18% increase in CPU, 28% increase in GPU, and 14% increase in NPU compared to the Galaxy Tab S9 Ultra. Coupled with a long-lasting battery life and Super-Fast Charging, the Galaxy Tab S10 series can be used for longer, with less time spent waiting for it to charge.
The Galaxy Tab S10 Ultra’s 14.6-inch display and Galaxy Tab S10+’s 12.4-inch display both feature innovative Dynamic AMOLED 2X technology and offer a vibrant yet natural viewing experience, even outdoors. Details are clear with its advanced anti-reflective technology, minimizing distracting glare and reducing reflection. The series’ quad speaker setup is further enhanced with AI-powered Dialogue Boost, which amplifies voices over unwanted noise to create ultra-clear audio. And for use on the go, the Galaxy Tab S10 series offers an IP68 rating further protected by enhanced Armour Aluminium.
The Galaxy Tab S10 series offers an efficient experience — enhancing productivity —and serves as the ideal canvas to let out your creative side.
With Note Assist and the intuitive S Pen, notetaking is a breeze on the tablet’s large display. Schoolwork, note-taking, and personal journaling become more efficient with automated transcriptions and summaries provided by AI.
With PDF Overlay Translation, the Galaxy Tab S10 series can also seamlessly translate PDFs via an on-screen overlay.
Handwriting Help cleans up untidy handwritten notes, too.
Galaxy AI’s Sketch to Image makes the Galaxy Tab S10 Ultra great for turning imagination into reality, acting as a creative assistant for overcoming mental roadblocks.
With Circle to Search with Google on the Galaxy Tab S10 series, you can Circle to search anything without switching apps. Instantly translate anything you see on your tablet with Google. Without switching apps, you can translate any image, video or text in two taps. Quickly get the info you need, then get right back to what you’re doing. Circle to Search can even recognize and outline steps for solving physics and math problems.
The Galaxy S Pen’s Air Command provides instant access to your AI Assistant features without toggling between menus. These AI Assistant apps can also be easily launched by the Galaxy AI Key on the Book Cover Keyboard with written prompts, making it easier for users to choose between Samsung’s Bixby and Google’s Gemini for a customized AI experience.
I had a look at these new tablets earlier this week and here’s my first impressions:
This is a picture of the S10 Ultra with the optional keyboard case. But the S10+ version has an option for the keyboard case as well.
And what’s cool about the case is that you can hide the S Pen underneath a flap on the case so that you don’t lose it.
Posted in Commentary with tags Samsung on September 26, 2024 by itnerd
Samsung today announced the Galaxy S24 FE in addition to the Canadian retail availability of the Galaxy Ring, the latest expansion to the Galaxy AI ecosystem that delivers new premium mobile and wearable experiences to users.
I had a look at both items recently and here’s a few shots that I took:
The big thing that gets my attention is the fact that it comes with a 120Hz screen. That’s something that the equivalent iPhone doesn’t offer.
It has the look and feel of Samsung’s other premium phones. So there’s no FOMO for buyers.
And there’s some fun case options for buyers to choose from.
Powered by the AI-based ProVisual Engine and Galaxy AI’s Photo Assist features, Galaxy S24 FE showcases an enhanced camera setup that empowers users to be more creative. It’s a great device for gaming on the go with a 6.7-inch Dynamic AMOLED 2X display, a long-lasting 4,700mAh battery, and a powerful Exynos 2400 series chipset. Galaxy S24 FE offers premium Galaxy AI tools and ecosystem connectivity to enhance communication, productivity and creativity, all housed in an iconic design and protected by robust Samsung Knox security.
Galaxy S24 FE makes it easy for anyone to take stunning photos and videos. Its premium camera setup features a 50MP wide lens and 8MP telephoto lens with 3X optical zoom, both supported by optical image stabilization (OIS), plus a 12MP ultra-wide lens and a 10MP selfie camera.
The camera system’s capabilities are further elevated by Samsung’s dynamic ProVisual Engine, an AI-driven camera engine that takes visual quality to incredible heights. A new feature to the FE series, ProVisual Engine’s technology leverages advanced AI algorithms to deliver breathtaking detail and remarkably subtle textures:
Nightography with AI image signal processing (ISP) to improve low light performance, enabling beautiful night portraits
Works with the 50MP Adaptive Pixel Sensor of wide camera, to enable optical-quality performance at zoom levels from 2x, in addition to the optical 3x zoom. AI Zoom also enhances image quality at distances between digital zoom lengths.
Object-Aware Engine recognizes scenes and optimizes colours in SuperHigh Dynamic Range (HDR), providing vibrant and lifelike photos and videos.
When it is time to edit, Photo Assist features breathe life into ideas. Since its introduction with the Galaxy S24 series devices, Galaxy AI has become invaluable for editing images and expressing creativity:
Generative Edit reassembles the world through object moving and removal capabilities, allowing more creative freedom
Portrait Studio reimagines selfies as cartoons, comics, watercolour paintings, or sketches to add flair to online profiles
Edit Suggestions quickly remove pesky flaws, such as reflections, with the press of a button
Instant Slow-mo captures every second of life’s important moments in a snap
The powerful Exynos 2400 series chipset enables a gaming experience compatible with innovative features such as Ray Tracing. In a world where every bit of speed and efficiency counts, Galaxy S24 FE utilizes several key features:
An 1x larger vapor chamber improves cooling to maintain peak performance for longer durations.
The bigger 4,700mAh battery allows for longer use.
A 7-inch adaptive Dynamic AMOLED 2X display – the largest display used yet in the FE series – with a up to 120Hz refresh rate provides a smooth and stunning viewing expereince.
Vision Booster optimizes colour and contrast to game even in sunlight.
Galaxy S24 FE incorporates the same advanced AI experience as the Galaxy S24 series. Designed to enhance work, simplify communication, and increase connectivity, Galaxy AI on the S24 FE offers tools that unlock new possibilities:
Circle to Search with Google satisfies curiosity with unprecedented ease
Interpreter instantly translates in-person conversations, even when offline
Live Translate breaks down communication barriers on phone calls
Chat Assist easily adjusts tone, grammar, and vocabulary in messages
Note Assist streamlines the note-taking process and automates formatting and translation. In Samsung Notes, you can get transcription, translation, and summarizing of voice recordings directly. Texts in PDF files also can be translated and overlaid through PDF overlay translation
Browsing Assist on Samsung Internet creates summaries or translates entire webpages
The Galaxy S24 FE will be available for order starting October 3, 2024, in the Blue, Graphite, Gray, and Mint colours.
Now over to the Galaxy Ring. Galaxy Ring offers a simple approach to everyday wellness, featuring Samsung’s proprietary sensor technology in a small unobtrusive form, and provides insights that help you understand yourself easily. Designed for 24/7 wellness monitoring, with Galaxy Ring, you can enjoy around-the-clock customized insights and becomes more intelligent over time thanks to the advanced technology of Galaxy AI. The data and insights are integrated into Samsung Health[16] for seamless access within one cohesive platform. Starting with sleep, the Galaxy Ring features Samsung’s sleep analysis and a sleep AI algorithm to help you easily understand your sleep patterns and build better habits. With Cycle Tracking, you can track your menstrual cycle through overnight skin temperature monitoring.
Holistic insights and motivational encouragement provided by Galaxy Ring empower you to wake up refreshed and ready to take on your day.
Here’s the inside of the Galaxy Ring where you can see the sensors that the Galaxy Ring users.
Here’s the Galaxy Ring in its charging case. There’s a button in the middle that if you press it, you can get the level of charge of the case.
The charging case charges via USB-C.
If you go into the store, you will have to use this kit to find your ring size. It should be snug but not tight. If you however order online….
You will get this kit on the right to do the same thing. Then Samsung will send you your ring on the left.
The Galaxy Ring will be available for purchase in Canada starting October 3, 2024. Visit your nearest Samsung Experience Store to try out the new Galaxy Ring with hands-on experiences and use the sizing kit to find your comfortable fit before purchasing your Galaxy Ring. Galaxy Ring will be Device available for order at samsung.com/ca, Samsung Experience Stores, and participating authorized Canadian retailers.
Posted in Commentary with tags Redbird on September 26, 2024 by itnerd
Despite general advances in AI and LLMs in recent years, enterprise organizations have largely struggled to successfully use chat-based approaches for business intelligence in a way that is accurate, secure, and customized to their business. While consumer-centric tools like ChatGPT have shown great promise for more surface-level tasks rooted in general information from the internet, there has been a gap when it comes to applying the same technology to the deeper data analytics that enterprises need to run on their complex data ecosystems.
With the launch of its AI chat platform, Redbird is filling this void through AI agents designed to perform advanced data analytics on top of tooling that securely integrates with an organization’s data ecosystem. Users can engage these AI agents in natural language through chat interactions that don’t require technical knowhow. This enables the true self-serve analytics that legacy dashboarding tools like Tableau, Looker and PowerBI have promised but ultimately failed to deliver on given the limitations of a more rigid dashboarding approach.
Redbird’s AI platform leverages proprietary AI agents trained to do specific analytical tasks equivalent to what specialized human resources currently do. For example, Redbird has developed AI agents that can do data collection, data engineering, SQL analysis, data science, reporting, and domain-specific data analytics. These AI agents have access to Redbird analytical tools and can orchestrate as well as execute multi-step analytical tasks to answer user questions. Redbird AI has access to an admin layer where domain experts within an organization can load business logic, definitions, data ontologies, and existing assets like presentations or documents that provide the context needed for the AI to produce accurate results.
Redbird also solves for the infrastructure and security challenges involved with enterprise AI implementations through turnkey on-prem deployments that can run LLMs within contained environments on the enterprise’s own cloud. This means that all enterprise data is securely contained within that enterprise’s AI ecosystem and never used to train an LLM for use by other enterprises.
Throughout 2023, many enterprises watched developments in the LLM space from the sidelines wondering how the technology could be used within their organization. In 2024, they have started to test different approaches and allocate budget in search of an AI solution that actually works for them. Unfortunately, efforts to build solutions in house have proven costly and ineffective given the complexity of fusing LLM technology with unique, messy enterprise data ecosystems. 3rd party AI products like Microsoft Copilot have also failed to deliver the depth needed and instead opted for more of a surface level assistant approach. Redbird’s AI product is quickly gaining traction with some of the largest enterprise brands as an alternative to complicated in-house builds or surface-level 3rd party options.
Since raising its seed round in 2022, Redbird has increased its customer count 7X, tripled its team size, and built out an extensive AI ecosystem on top of its core data analytics automation platform, which it is now making accessible to enterprises more broadly. Redbird is now working with 8 of the Fortune 50 brands and also in the process of onboarding some of the largest government organizations in the US.
Founded by Erin Tavgac and Deren Tavgac, data analytics and AI experts with deep enterprise experience across the world’s largest brands, Redbird works with enterprise customers across diverse verticals. Since its founding, the Redbird team has expanded rapidly to include key AI engineering hires to help accelerate the development of Redbird’s AI product.
Redbird is excited to bring its AI product to the market to help enterprises unlock the potential of conversational BI for their organization, and recognizes this as a huge leap forward in its mission of democratizing data analytics.
A recent discovery by cybersecurity researcher Jeremiah Fowler revealed a concerning data breach at ChoiceDNA, a genetic DNA testing and DNA Face Matching service provider. The breach exposed over 8,000 biometric images for facial recognition, along with sensitive metadata such as names, email addresses, phone numbers, and order details.
This breach poses serious risks including non-consensual exposure of facial images, identity theft, targeted phishing attacks, and potential extortion. The unprotected database was easily accessible through a non-secure WordPress folder and contained personal information like racial or ethnic identity and reasons for facial DNA analysis.
An AirCanada Email Scam Is Making The Rounds…. But There Is Good News In Regards To This Scam
Posted in Commentary with tags Scam on September 29, 2024 by itnerdHere’s your second scam of the day. And this one is using Canadian airline Air Canada to make you more likely to fall for it. The scam starts via this email:
I find it extremely unlikely that any Canadian airline, never mind any airline period would just willingly hand over cash to anyone for deposit into their bank account or onto their credit card. On top of that, I haven’t flown Air Canada in over six years. So I know that there’s zero chance that this is real.
On top of all of that, this pretty much confirms that Air Canada didn’t send me this:
That’s not Aircanada.com so game over scammer. You lose and people should just delete this email. Except that I didn’t do that and clicked on the “Claim Now” link where I was pleasantly surprised with what I saw:
It looks like the hosting company that was hosting the threat actor’s scam website took it out. That’s good as I find that even when I report scams like this to hosting companies, they either take a long time to take out the website, or they never do. And that leaves people who fall for emails like this vulnerable to getting scammed. So kudos to Bluehost for nuking this website within 24 hours of this scam email hitting my inbox.
That doesn’t change the fact that you still need to be on your toes so that you don’t fall for a scam. Because you can’t depend on others to keep you safe. You have to take action by looking at the details of anything that you get to keep yourself safe.
Leave a comment »