Kaspersky Deletes Itself And Installs UltraAV On Computers In The US…. WTF?

Posted in Commentary with tags on September 24, 2024 by itnerd

Kaspersky is pretty much banned in the US because of the fact that it’s a Russian company, and the US and Russia don’t have the best relationship. So it appears that due to that, anyone who runs Kaspersky might have this happen to them:

Starting Thursday, Russian cybersecurity company Kaspersky deleted its anti-malware software from customers’ computers across the United States and automatically replaced it with UltraAV’s antivirus solution.

This comes after Kaspersky decided to shut down its U.S. operations and lay off U.S.-based employees in response to the U.S. government adding Kaspersky to the Entity List, a catalog of “foreign individuals, companies, and organizations deemed a national security concern” in June.

And:

In early September, Kaspersky also emailed customers, assuring them they would continue receiving “reliable cybersecurity protection” from UltraAV (owned by Pango Group) after Kaspersky stopped selling software and updates for U.S. customers.

However, those emails failed to inform users that Kaspersky’s products would be abruptly deleted from their computers and replaced with UltraAV without warning.

If I woke up one morning and my anti virus software were just replaced randomly. I would be really freaked out by that. I can look at this both ways. On one hand, Kaspersky needed to do the right thing to make sure that their customers in the US are secure. But on the other hand, the way they did it doesn’t really sit right with me. So as a result, I really don’t know how to feel about this. But strangely, I’m not done yet:

To make things worse, while some users could uninstall UltraAV using the software’s uninstaller, those who tried removing it using uninstall apps saw it reinstalled after a reboot, causing further concerns about a potential malware infection.

Some also found UltraVPN installed, likely because they had a Kaspersky VPN subscription.

This doesn’t exactly inspire confidence. Neither does this:

Not much is known about UltraAV besides being part of Pango Group, which controls multiple VPN brands (e.g., Hotspot Shield, UltraVPN, and Betternet) and Comparitech (a VPN software review website).

This seems a bit suspect to me. Personally, if I were affected by this, I’d be removing this software as quickly as possible possible and replacing it with some other anti virus software that I could trust. Because to be honest, I am not sure that I can trust these guys.

Leave a comment »

Ford Wants To Target You With Ads By Listening In On Your Conversations…. WTF?

Posted in Commentary with tags , on September 24, 2024 by itnerd

My wife and I a few years ago said that we would drive our car into the ground because modern cars seem to want to invade your privacy in so many ways. And according to MalwareBytes Labs, Ford has taken this next level. Here’s how:

Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from several trip and driver characteristics. Among those characteristics—human conversations. 

In the abstract of the patent application publication Ford writes:

“An example method includes determining vehicle information for a trip, the vehicle information including any one or more of a current vehicle location, a vehicle speed, a drive mode, and/or traffic information, the user information including any one or more of a route prediction, a speed prediction for the trip, and/or a destination, determining user preferences for advertisements from any one or more of audio signals within the vehicle and/or historical user data, selecting a number of the advertisements to present to the user during the trip, and providing the advertisements to the user during the trip through a human-machine interface (HMI) of the vehicle.”

Further one it details that “the controller may monitor user dialogue to detect when individuals are in a conversation.”

Based on this info, the controller can decrease or increase the number of advertisements. And “the conversations can be parsed for keywords or phrases that may indicate where the occupants are travelling to.”

If Ford wanted to incentivize me to not ever consider buying their cars, this would be a great way to do it because I don’t want a third party listening in on my conversations…. Ever. Now to be clear, there’s no evidence that this has been implemented in any car that they sell. But the fact that they came up with this and are filing a patent for it is downright scary.

That’s not the only patent that they’ve filed lately:

Another controversial Ford patent filed in July described technology that would enable vehicles to monitor the speed of nearby cars, photograph them and send the information to police.

So based on that sentence, your car will snitch on other cars to the 5-0 as gangster rappers would say. While I will call the police if I see an impaired driver, or a dangerous driver, I am not at all comfortable with my car doing that by default.

So what does Ford have to say about that?

In a statement to Fortune, the company clarified that filing a patent is a standard practice to explore new ideas and doesn’t necessarily indicate immediate plans to release such a system.

That’s likely true. But the fact that they are even thinking about stuff like this and trying to patent it is just creepy. And while I am picking on Ford in this story, it’s a safe bet that other car companies are doing something similar. So perhaps before you sign the lease or finance deal for your next car, perhaps you should read the car’s privacy policy in detail to make sure that this car isn’t doing something that you’re not comfortable with.

1 Comment »

Cisco & University of Ottawa Equip Engineering Students With Job-Ready IT & Cybersecurity Skills

Posted in Commentary with tags on September 24, 2024 by itnerd

Cisco and the University of Ottawa have announced a partnership to better prepare students for careers in the technology industry.

Funded by Cisco’s Country Digital Acceleration (CDA) program, Cisco will integrate industry-recognized Cisco Certified Network Associate (CCNA) certification into the university’s Computer and Software Engineering curriculum. The CCNA certification validates a broad range of fundamentals for all IT careers — from networking technologies, to security, to software development — proving that the holder has the skills businesses want and candidates need to meet market demands.

Building Canada’s Digital Skills Capacity
ICTC projections indicate a need for 250,000 additional jobs within the technology industry by 2025. Addressing a shortage of skilled talent is a strategic imperative for companies to innovate, sustain growth, and compete globally, and it requires collaboration between the public and private sector to build a robust pipeline of networking, AI and cybersecurity talent.

As part of this partnership, Cisco is also providing equipment to the university’s Cyber Range to support cyber-research initiatives. The Cyber Range is a unique training, learning and research facility where individuals and organizations can practice comprehensive cybersecurity crisis management in a realistic and immersive environment to learn how to anticipate, respond to, manage, contain and remediate cyber-attacks.

Students enrolled in the Computer and Software Engineering programs can expect to take the CCNA certification as part of their third-year courses starting in the Winter 2025 semester.

Digital Skills for All
Cisco is committed to inclusive access to digital skills training and supporting those who use technology to educate. Through programs like Cisco Networking Academy and CDA, Cisco leverages its technology and expertise to create opportunities for individuals to thrive and supports Canada’s digital leadership on the global stage. Since its inception in Canada, Networking Academy has trained over 340,000 Canadians with industry-recognized credentials and courses.

Leave a comment »

Top Indian Health Insurer Compromised By Telegram Chatbots

Posted in Commentary with tags on September 24, 2024 by itnerd

India’s largest health insurer Star Health has reportedly become the victim of a data breach, with sensitive information on more than 31 million customers leaked via chatbots on Telegram.

Reuters was alerted to the issue by a security researcher who is in communication with the creator of the chatbots. The chatbot creator claimed that the private details of millions of people, including medical reports, were for sale and that samples could be viewed by simply asking the chatbots.

Star Health said in a statement to Reuters that it reported suspected unauthorized data access to local authorities and that an initial assessment showed “no widespread compromise” and that “sensitive customer data remains secure”.

Unfortunately, using the chatbots, Reuters was able to download policy and claims documents which included: 

  • Names
  • Phone numbers
  • Addresses
  • Tax details
  • Copies of ID cards
  • Test results 
  • Medical diagnoses

The Star Health chatbots feature a welcome message stating they have been operational since at least Aug. 6, said UK-based security researcher Jason Parker.

This comes just weeks after Telegram’s founder and CEO Pavel Durov was accused of allowing the messenger app to facilitate crime. Durov and Telegram denied any wrongdoing.

Telegram is one of the world’s largest messenger apps with 900 million active monthly users.

Emily Phelps, VP, Cyware had this to say:

  “Healthcare is one of the most sensitive sectors when it comes to security, given the highly personal nature of the data it handles. Breaches like this one underscore the risks when sensitive health data is exposed. To effectively safeguard healthcare infrastructure, a collective defense approach is essential. Sharing threat intelligence across trusted organizations allows us to anticipate and neutralize threats before they cause widespread harm. Shifting from reactive security models to proactive and adopting collaborative strategies that prioritize both the privacy and safety of patients is paramount.”

I am kind of floored that you can get such sensitive information simply by asking the chatbot. In short, someone has a lot of explaining to do as this should simply not happen.

Leave a comment »

Scribenote Secures $8.2 Million In Seed Funding

Posted in Commentary with tags on September 23, 2024 by itnerd

The veterinary profession is facing a crisis of burnout, with 86% of veterinarians reporting severe stress levels. One of the compounding issues includes a frequently overlooked culprit: spending hours writing medical records. Scribenote, an AI-powered medical scribe for veterinarians, has raised $8.2M in seed funding to tackle this problem head-on. The company’s funding was led by Andreessen Horowitz (a16z), with additional participation from Inovia Capital, the Velocity Fund, and a line-up of angel investors.

Veterinarians have a legal responsibility to document every aspect of their interactions with clients, necessitating accurate and complete medical records. Unfortunately, with various types of appointments every 20 to 30 minutes of the day, documentation can be challenging and pile up quickly. Some veterinarians may see up to 30 patients in one day and there is rarely time to document between visits. This results in veterinarians working overtime during lunch and at the end of the day to type records. 

Scribenote was started in December 2019 when CEO Ryan Gallagher noticed his sister Katie, a small animal veterinarian, consistently working late to catch up on medical records. After shadowing her at the clinic, he realized that detailed discussions that occurred during veterinary appointments could potentially be captured in real time to eliminate additional workload.  When he noticed other veterinarians at the clinic shared the same problem, Gallagher, a University of Waterloo engineering student at the time, saw an opportunity for automation and promised his sister he would build a solution that would allow her to get home from the clinic on time. 

Three years later, Ryan’s promise came true. Co-founded by Dr. Katie Gallagher, Alina Pavel, and Emily Merry, Scribenote records conversations between veterinarians and clients, and uses AI to automatically generate accurate medical records in just minutes. In addition to medical records and dental charts, various forms of client communication are also automated, allowing veterinary professionals to fully focus on patient care and building relationships with clients. By providing complete and detailed records of what was discussed, documentation struggles are reduced for an already overburdened Profession. 

The platform’s user-friendly design allows veterinarians to start a note on their phone and add to it later from any device logged into their account. Even with poor internet connectivity, users can create offline recordings and sync them later. Scribenote runs in the background to capture audio while veterinarians focus on their patients. At the end of the day, Scribenote’s desktop widget, playfully dubbed “Draggy-Droppy,” allows users to copy their completed Scribenote records into any Practice Information Management System (PIMS) in just seconds.

Scribenote is serving hundreds of clinics – both independently owned and through enterprise wide deals – across North America. In less than a year, its AI Scribe product has already automated over 1.5 million medical records, saving veterinarians up to two hours per day. This has been achieved with just $250K pre-seed funding. The company’s AI scribe is designed for general practitioners and specialist veterinarians alike, with users ranging from recent graduates to those with 35 years of experience in the field. The impact on veterinarians’ lives has been significant. Customers report finally being able to take lunch breaks, spending more time with family, and focusing more on their patients. Some users have even shared that Scribenote has been invaluable when they were injured or losing mobility in their hands, allowing them to continue their work without physically writing notes.

The veterinary industry has seen significant changes in recent years, driven by an influx of private equity capital and the effects of the pandemic. These shifts have intensified pressure on veterinary professionals to see more patients and generate more revenue. 

With this new funding, Scribenote plans to further develop its AI technology and expand its platform. The company aims to create personalized AI scribes for each veterinarian and build an efficient, intelligent platform for editing and finalizing records. Long-term, all four co-founders and their growing team of Scribenauts envision using AI scribing as a foundation to eliminate every unnecessary click and keystroke from a veterinarian’s day.

As Scribenote continues to grow, Gallagher frequently reflects on his last few months caring for his childhood Golden Retriever, Cali, who lived to the ripe old age of 16. She received the best possible care from Katie who was there for her every time she accidentally swallowed a sock or needed a nail trim. Scribenote wants to help a million other pets like Cali get the care they deserve, and give thousands of veterinarians like Katie the ability to deliver that care more efficiently.

Leave a comment »

The End Might Be Near For 23andMe

Posted in Commentary with tags on September 23, 2024 by itnerd

You might recall the recent troubles of DNA testing service 23andMe. The company got pwned in epic fashion. That led to them quietly trying to alter their terms of service to avoid getting sued. But when that didn’t work, they blamed their users for getting pwned. Ultimately, they are now trying to to pay their way out of trouble. Now they have some new trouble:

On Tuesday, the independent directors of the Board of 23andMe Holding Co. (NASDAQ:ME) sent a letter to Anne Wojcicki, Chief Executive Officer, Co-Founder, and Chair of the Board of Directors of 23andMe, providing their resignation, effective immediately.

The board said, “After months of work, we have yet to receive from you a fully financed, fully diligenced, actionable proposal that is in the best interests of the non-affiliated shareholders. We believe the Special Committee and the Board have provided ample time for you to submit such a proposal. That we have not seen any notable progress over the last 5 months leads us to believe no such proposal is forthcoming. The Special Committee is therefore unwilling to consider further extensions…”

That’s bad, but it gets worse:

On Wednesday, 23andMe Holding Co., a company specializing in biotechnology and personal genomics, disclosed a notification of non-compliance from Nasdaq’s Listing Qualifications Department. The notice, dated September 18, 2024, indicated that 23andMe does not currently meet Nasdaq’s corporate governance requirements due to a shortfall in the number of independent directors on its board and the composition of its key committees.

And:

23andMe must now submit a plan by October 3, 2024, to regain compliance. If Nasdaq accepts this plan, the company may be granted up to 180 days to demonstrate full compliance. However, if the plan is rejected, 23andMe will have the option to appeal before a Nasdaq Hearings Panel.

Seeing as this company has been trying to sort itself out for months, I don’t see a scenario where they get themselves sorted in weeks. Thus I am pretty sure that they are going to get delisted from NASDAQ, and then they are likely going to cease to exist. This shows what happens when you have one catastrophic event, in this case getting pwned, and you can’t recover. Other businesses should see this as a cautionary tale.

1 Comment »

Elon Musk Is About To Find Out Why Defying The SEC Is A Bad Idea

Posted in Commentary with tags on September 22, 2024 by itnerd

Elon Musk has been in a running battle to avoid having to provide evidence to the SEC in relation to Elon purchasing Twitter stock prior to purchasing Twitter. Which the SEC finds to be suspect at best. Elon was supposed to testify on September 10… But:

In a filing today, the U.S. Securities and Exchange Commission (SEC) said that it intended to seek sanctions against Musk after Musk skipped a court-ordered appearance in a Los Angeles courthouse on September 10. Per the filing, Musk didn’t notify the SEC that he wouldn’t be appearing until just three hours before his testimony was set to begin.

“The Court must make clear that Musk’s gamesmanship and delay tactics must cease,” the filing reads. 

Musk instead spent September 10 overseeing the launch of Polaris Dawn, a spacecraft made by his space exploration company, SpaceX, according to the filing. 

The SEC’s legal counsel offered to reschedule Musk’s hearing to the following day, September 11. But Musk’s attorney declined, agreeing only to court dates in October.

And this is what the SEC wants in terms of punishment:

The SEC is seeking “meaningful conditional relief” if Musk doesn’t appear in court in October. The agency also signaled that it plans to file a sanctions motion against Musk to recoup its travel costs for the canceled testimony and other relief. (In the filing, the SEC said that it spent “thousands of dollars” to fly three attorneys to Los Angeles for the September 10 hearing.)

Hey Elon! Top tip. Pi$$ing off three letter government agencies is a really bad idea. Sooner or later they are going to get fed up with your antics and punish you. It looks like punishment is coming. Elon may shortly wish that he didn’t play a game of FAAFO with the SES because he’s not going to win against them.

Leave a comment »

Has iOS 18/iPadOS 18 Broken Rogers/Yahoo Email Or The Other Way Around?

Posted in Commentary with tags , on September 22, 2024 by itnerd

Over the last week, I’ve gotten four calls that seem to have the same pattern:

  • The client uses the built in Mail app on their iPhone or iPad
  • The client also gets email from Rogers/Yahoo
  • After updating to iOS 18/iPadOS 18, they can no longer send or receive email

Now one of these calls is a fluke. But I’ve gotten four so there’s something clearly going on here. This could be a bug in iOS 18/iPadOS 18. But what makes me think that this is a Rogers problem is that if you try to delete the account and re-add it, that doesn’t work. When you get to the section that requires you to enter the Rogers credentials for your email account, which is a redirect to rogersmembercentre.com, nothing ever loads. Thus leaving you stuck. It gets interesting as I’ve been able to get all the affected clients working by using Yahoo Mail from the Apple App Store. So if you’re in this situation, you could try that as it has worked for me so far.

And what doesn’t help the situation is that Rogers and their co branded Rogers/Yahoo email service has been a train wreck next to a dumpster fire for a while now. You can get the details here on that. But what that does is cloud the issue because you can make valid arguments that either Apple or Rogers could be at fault here. Regardless, I’m going to reiterate my official advice for any issues related to Rogers email. Abandon it. Details as to why I feel that way can be found here. But it’s pretty clear that you cannot rely on Rogers to provide their users with reliable email. And that’s independent of who’s at fault when it comes to this specific issue. Thus you need to do what you need to do to get reliable email that works for you.

If I find out any additional details or fixes for this, I’ll be sure to post an update.

2 Comments »

A Rogers Email #Scam Using The iPhone 16 Is Making The Rounds

Posted in Commentary with tags , on September 22, 2024 by itnerd

If you get an email saying that you’re going to get something for free, it might be a scam. Case in point is this email using the Rogers brand and riding on the coat tails of the iPhone 16:

Let me get one thing out of the way right up front. No Canadian telco is going to give you a phone for free. That affects their bottom line. So it’s not going to happen. EVER. Thus knowing that, this is clearly a scam. And you should delete this. But if that’s not convincing enough, this might be:

The email address that sent this is not coming from “Rogers.com” so this is another sign of it being a scam. So not that you should ever do this, let’s see what these threat actors are up to:

When I tried to click on “Share Your Thoughts”, I got this on Firefox and Opera. This only worked on Google Chrome which shows that the threat actors behind this aren’t too bright as they are limiting the audience of this scam to just Chrome users.

Well, this is another one of those fake surveys to supposedly get an iPhone 16. Okay. Let’s go down the rabbit hole and see where this goes:

Ten fake questions. Oh Joy.

Great. I supposedly now get an iPhone 16. And if you look at some of the specs, they’re wrong as Apple for example doesn’t have a 200MP camera. But you know, facts.

And look at the fake comments here. The threat actors clearly didn’t spend a whole lot of time coming up with these as they seriously don’t sound authentic.

So this is the part of the scam where I assume that the threat actors would collect your personal information and your credit card details so the can commit fraud and identity theft. But the website crashed and went to Google’s home page before I got that far. I don’t know why. The scam targets Rogers customers and maybe because I am on Bell it didn’t like me? I don’t know. But this scam is something that I can see many falling for as humans gravitate towards something that is perceived as free, and let their guard down as a result. Don’t be one of those people and delete this email if it hits your inbox.

Leave a comment »

Elon Musk MIGHT Be Caving In To Brazil’s Demands

Posted in Commentary with tags on September 21, 2024 by itnerd

You might recall that Elon Musk has been in a bit of a fight with Brazilian authorities over the fact that he won’t ban certain content within the country. That led to Twitter being banned in the country. Now Elon has been pretty defiant about this. And even going as far as antagonizing the Brazilian officials who were behind the Twitter ban. But that might be changing:

After defying court orders in Brazil for three weeks, Mr. Musk’s social network, X, has capitulated. In a court filing on Friday night, the company’s lawyers said that X had complied with orders from Brazil’s Supreme Court in the hopes that the court would lift a block on its site.

The decision was a surprise move by Mr. Musk, who owns and controls X, after he said he had refused to obey what he called illegal orders to censor voices on his social network. Mr. Musk had dismissed local employees and refused to pay fines. The court responded by blocking X across Brazil last month.

Now, X’s lawyers said the company had done exactly what Mr. Musk vowed not to: take down accounts that a Brazilian justice ordered removed because the judge said they threatened Brazil’s democracy. X also complied with the justice’s other demands, including paying fines and naming a new formal representative in the country, the lawyers said.

Brazil’s Supreme Court confirmed X’s moves in a filing on Saturday, but said the company had not filed the proper paperwork. It gave X five days to send further documentation.

Now why would Elon fold up like a cheap suit? The fines that he was dealing with may be hurting him. Or it might be that the fact that Brazilians were signing up for Bluesky and Tumblr in record numbers was something that he could not ignore. But I am going to put this out there. This isn’t over. I think that Elon may comply for a short amount of time. But he’ll go back to playing FAAFO with Brazil. I say that because Elon isn’t an honest broker and I have no reason to believe that he’s being honest now. Thus if I were the Brazilians, I would keep that in mind before considering any lifting of the ban on Twitter.

2 Comments »

« Older Entries
Newer Entries »