Why Is LinkedIn Opting Me Into Training Its AI By Using My Data BY DEFAULT????

Posted in Commentary with tags on September 18, 2024 by itnerd

I have to admit that LinkedIn really screwed this up and trusting them going forward is going to be difficult. 404 Media is reporting the following:

LinkedIn is using its users’ data for improving the social network’s generative AI products, but has not yet updated its terms of service to reflect this data processing, according to posts from various LinkedIn users and a statement from the company to 404 Media. Instead, the company says it will update its terms “shortly.”

The rest of this is paywalled. But this one paragraph alone will make you say “WTF? Not only that, if you look on your LinkedIn app, you’re opted into this by default:

I got to this screen by going to my LinkedIn App and going to:

  • Account
  • Settings and Privacy
  • Data Privacy
  • Data for Generative AI Improvement

I don’t know which bothers me more. The fact that they want to use my data without having their terms of service reflect that, or that I’ve been opted into this which forces me to opt out rather than given the choice to opt in. The fact is clear that were it not for 404 Media, I would have had no clue and LinkedIn would have been using whatever data I have on LinkedIn forever. That seems wrong on so many levels, and needs to be called out. Or in my case, I need to push this out via this blog so that people see this and decide if this is LinkedIn being an honest broker, or if they were doing something that on the surface appears to be kind of shady.

Leave a comment »

HYAS Infosec Integrates With ConnectWise Through Invent Program

Posted in Commentary with tags on September 18, 2024 by itnerd

HYAS Infosec today announced the completion of all necessary security certifications as required by ConnectWise, the world’s leading software company dedicated to the success of Managed Service Providers (MSPs). To directly integrate with ConnectWise APIs and platform through Invent, integrators must pass an independent security review that ensures their integration is safe and secure. 

This collaboration through the ConnectWise Invent program will enable MSPs to address critical market challenges head-on with an award-winning and leading cyber-resiliency solution with proven correctness. Protective DNS is now recommended by CISA and the NSA and is becoming an integral part of multiple standards being deployed around the world to address the onslaught of continual new cyber-attacks that evade traditional detection. By embedding and integrating HYAS Protect into the ConnectWise ecosystem, MSPs will benefit from a more comprehensive and complete security posture, effectively mitigating cyber threats and operational risks.

The ConnectWise Invent program is a robust and secure integration program for MSPs seeking to merge their solutions with groundbreaking software from ConnectWise. The program strives to support MSPs globally in growing their businesses by harnessing the power of innovative technologies and by fostering mutual productivity, including Tier 1 integration support from ConnectWise. 

For more information on HYAS Infosec visit: https://marketplace.connectwise.com/vendors/hyas-infosec/hyas-protect/

Leave a comment »

TELUS Launches SmartEnergy To Help Canadians Manage Their Home Energy Use

Posted in Commentary with tags on September 18, 2024 by itnerd

TELUS is launching SmartEnergy, a global-first solution that helps customers save money on their energy bills and reduce their environmental footprint, all through one simple app with incredible incentives on smart devices. By connecting compatible smart devices like thermostats and plugs to TELUS’ intuitive SmartHome+ app, subscribers can:

  • Save up to 15 per cent on energy bills by automating home temperature settings, powering down unused devices, and creating personalized routines.
  • Monitor home energy consumption with daily, weekly, monthly or yearly insights, including tips to maximize savings. 
  • Participate in energy saving events to reduce strain on the energy grid during peak usage times by automatically powering down connected devices or temporarily adjusting the thermostat temperature, all while earning TELUS Rewards for contributing to a healthier planet. 

Looking ahead, TELUS will be connecting even more smart devices to the SmartHome+ app, including EV chargers and home solar, so that customers can unlock additional savings and manage all of their home automation, security and Internet services right from their fingertips. TELUS is also working with Canadian utilities to support grid demand response programs, which is critical during extreme cold or hot weather that drives up demand and can result in unplanned shortages or outages. 

To further benefit the environment, TELUS is planting four trees per year on behalf of each SmartEnergy subscriber. Over the past two decades, TELUS has planted 12.7 million trees and counting, and is committed to restoring our forests now, and for future generations. 

The service is now available to all Canadians outside of Quebec, where SmartEnergy is expected to launch in the near future. Canadians don’t need to be an existing TELUS customer to sign-up for SmartEnergy. Subscribe today for just $12 per month, plus for a limited time, new subscribers can receive a smart thermostat and two smart plugs for a one-time charge of $25, which represents more than $250 in savings.  

For more information about SmartEnergy and to subscribe, visit telus.com/smartenergy.

Leave a comment »

Salesforce Announces $50 Million Initiative to Address Urgent AI Skills Gap

Posted in Commentary with tags on September 18, 2024 by itnerd

As well, in response to a critical skills gap in the workforce, Salesforce is launching a $50 million initiative to provide free AI training and certifications through its Trailhead platform – including pop-up AI centres for in-person community AI training – until the end of 2025.

Why This Matters:

Recent research from Slack reveals that the urgency for incorporating AI into business operations has surged 7x in the past six months, surpassing concerns about inflation and the broader economy. Yet, over two-thirds of workers still lack experience with AI technology, and only 15% feel adequately trained to use it effectively. Accessibility of impactful training is needed to ensure all workers are able to harness the power of AI.

Salesforce’s Response:

  • Free AI Training: Salesforce is offering its premium AI courses and certifications at no cost to help bridge this skills gap.
  • New Learning Centers: A pop-up AI Center will debut at Salesforce’s San Francisco headquarters, with additional centers planned for global cities including London, Chicago, Tokyo, and Sydney.
  • Employee Upskilling: The company will also introduce global AI learning days and establish the AI Knowledge Center in San Francisco to enhance the skills of its 72,000 employees.

This initiative is designed to ensure that individuals and businesses are prepared for the rapidly evolving AI landscape. For more details please find the full announcement here.

Leave a comment »

Chrome Extension Hides Malware To Steal Cryptocurrency

Posted in Commentary with tags on September 18, 2024 by itnerd

The Cybernews research team discovered a threat actor defrauding hundreds of people per month through a simple information-stealing browser extension on the Chrome Web Store, called SpiderX

Despite obvious malicious intent, it has not yet been detected by antivirus software.

SpiderX can gather plaintext login information, take screenshots, and track browsing history. The threat actor created an infrastructure containing dozens of malicious internet addresses and WhatsApp accounts to lure victims into downloading the extension. 

“Despite amateurish execution and carelessness, the threat actor is sending tens of thousands of spam emails per month and has an infection rate of 1%. At the time of discovery, there were over 500 infected victims, and the campaign is still ongoing,” Cybernews researchers said.

The campaign targets crypto users

The scheme starts by sending spam from domains impersonating cryptocurrency recovery agencies, trading platforms, wallets, or even the Financial Conduct Authority.

Some variations of the spam messages and websites used in the malicious campaign directed users to contact the threat actor via WhatsApp, while others directed them to download Chrome extensions and install them manually. 

Once installed, it takes screenshots of the victim’s screen, gathers plaintext login information from forms on various websites, and exfiltrates the browsing history.

Poor operational security exposes the hacker

The malicious campaign was identified due to the lack of operational security measures and software misconfigurations.  

“It appears that before launching the campaign, the threat actor set up and tested the infrastructure using their email, IP address, and other personal information,” Cybernews researchers said. “This data leads to a person in Israel.”

To access the full research, visit: https://cybernews.com/security/chrome-extension-hides-new-malware-to-steal-crypto/

Leave a comment »

DMZ Launches Advisory Council

Posted in Commentary with tags on September 18, 2024 by itnerd

DMZ, a global startup ecosystem, announced its new Advisory Council. This dynamic group of visionary leaders will guide DMZ through an ambitious phase of growth and innovation, enhancing support for startups and reinforcing DMZ’s role as a leading incubator in both national and global entrepreneurial ecosystems. 

Officially announced yesterday at DMZ’s headquarters in Toronto, the new Advisory Council will unlock new opportunities, forge strategic partnerships and solidify DMZ as an ecosystem developer. Renowned for its world-leading Incubator, unparalleled community, an investment arm and a global network of strategic joint ventures, DMZ equips founders to build, validate and scale impactful startups while also producing skilled professionals for the innovation economy through expert-led courses. 

DMZ’s new Advisory Council members bring exceptional expertise and represent diverse industry backgrounds, including sports, financial services, entertainment and notable Canadian startup successes. Their collective experience and networks will create new opportunities for DMZ and its startups. DMZ welcomes the following new members to its Advisory Council: 

  • Brett Mooney, President & CEO, Amex Canada 
  • Carole Saab, CEO, Federation of Canadian Municipalities 
  • Donette Chin-Loy Chang, Incoming Chancellor, Toronto Metropolitan University 
  • Keshia Chanté, Award-Winning Singer & TV Host, NACO Ambassador 
  • Mat Mehrotra, Chief Digital Officer & Head of Canadian Products, North American Personal & Business Banking, BMO Financial Group 
  • Michael Bartlett, President & CEO, Canada Basketball 
  • Michael Tamblyn, CEO, Rakuten Kobo 
  • Mike Murchison, CEO & Co-Founder, Ada 
  • Nabeela Elsayed, HR & Operations Executive, Advisor & Coach, The Marshall Goldsmith Group 
  • Noura Sakkijha, CEO, Mejuri 
  • Pierre Boutin, CEO & Group Managing Director, Volkswagen Group Ireland 
  • Ritu Khanna, Vice President, Global Partnerships, Shopify 

DMZ welcomes the following returning members to its Advisory Council:

  • Agnes Hilkene, Executive Director, The George & Helen Vari Foundation 
  • David Walmsley, Editor in Chief, The Globe and Mail 
  • Mohamed Lachemi, President and Vice Chancellor, Toronto Metropolitan University 
  • Peter Bowie, Independent Director  

DMZ’s inaugural Advisory Council was first launched in September 2016 with 18 members, who all played a pivotal role in making DMZ the national benchmark for incubating tech startups and expanding operations globally.    

DMZ’s new Advisory Council members were selected from an open invitation last fall by Arlington Partners, a management consulting firm that specializes in board advisory services. For more information on DMZ’s Advisory Council head to dmz.to/Advisory-Council 

Leave a comment »

Cyber Threat Researcher Uncovers Expansive UK/EMEA Quishing Parking Scam

Posted in Commentary with tags on September 18, 2024 by itnerd

Earlier this month, RAC issued an alert warning UK motorists to be wary of threat actors utilizing QR code stickers luring them to malicious websites. These sites are designed to impersonate parking payment providers to exfiltrate personal data and payment information.

Netcraft has released its latest research diving into the recent surge in QR code parking scams in the UK and through Europe. The research provides insight into the criminals behind the attack while their behaviours and characteristics reveal the scale and strategic approach being used. 

Insights include: 

  • At least two threat groups identified, one of which Netcraft can link to customs tax and postal scams carried out earlier this year. 
  • Up to 10,000 potential victims identified visiting this group’s phishing websites 
  • At least 2,000 form submissions, indicating how much personal data has been extracted from victims, including payment information. 
  • Evidence suggesting the group is running activity across Europe, including France, Germany, Italy, and Switzerland.

You can get more details here.

Leave a comment »

Abstract Security Expands Multi-Cloud Security Operations Platform Deployments By Adding Google Cloud Platform

Posted in Commentary with tags on September 18, 2024 by itnerd

Abstract Security today announced it has added support for deployments within Google Cloud Platform (GCP). 

The support for GCP follows Abstract Security’s existing support for AWS and Azure. Abstract enables multi-cloud deployments of its SOC platform, deploying multiple instances of Abstract Security around the world to support data localization requirements and eliminate data transfer costs. Additionally, Abstract supports transactions through both AWS and Azure marketplaces with GCP coming soon.

Abstract Security’s SOC platform offers:

  • Seamless integration with local GCP services – Ensuring strong security coverage and visibility into GCP services. 
  • Abstract Intel Gallery – As part of Abstract’s data fabric, organizations can leverage no-code ETL to enrich events with real-time threat intelligence, enhancing detection accuracy and relevancy. 
  • Real-time streaming threat detection – Security analytics are powered by AI, enabling enterprises to stay ahead of rapidly evolving cyber threats. 
  • Compliance and data sovereignty – Providing a single search and reporting view across regional deployments, enabling compliance with data localization requirements.

Abstract has seen growing demand since emerging from stealth and announcing its Seed funding in March 2024. In April, Abstract announced the opening of its first Middle East office. In May, the company announced the addition of Christopher Key to its Board of Directors and was selected as a “Pioneering Cybersecurity Startup” winner, as part of the 2024 Global Infosec Awards.

Leave a comment »

That Free Gift Offer That You Just Got In Your Email Inbox Is Likely A #Scam

Posted in Commentary with tags on September 18, 2024 by itnerd

Here’s a different type of scam that I would like to tell you about. You might have gotten an email like this in your inbox recently:

So I happen to be a CAA (Canadian Automobile Association) member. Thus I might have been enticed to click that “Get It Now” button. Even if I am not a member of CAA, the fact that I might get something for free might entice me to click the same button. But you shouldn’t do that. Instead, you should take a good hard look at this email to see if it’s from CAA. And that’s best done by looking at the email address that it came from:

Well, that’s a quick #fail right there as this clearly didn’t come from caa.ca. So we know that this is a scam from that alone. But the other hint that this is a scam is that there is nothing in this email that identifies me. Not my name, or account number or anything like that. That’s because this is being mass mailed out to thousands of people hoping that 1% will fall into the trap.

But what is the scam? Well, when I clicked on the link, which to be clear you shouldn’t ever do, I got taken to this website:

This is a decent replication of a website that CAA might have created. But the address bar makes it clear that it’s not CAA. Nor does CAA ask you to show notifications from a third party site. On top of that, I noted that it used geolocation to allow the site to target specific people in a specific geography. Canada in this case. It also didn’t like the VPN that I employ to cover up where I am investigating from. So that says to me that the threat actors behind this have some level of skill.

You then get walked through a fake survey. And at the end of it you get this:

Oh cool. A free car emergency kit with a fake testimonial to make it more convincing. When in reality it isn’t real. So let me claim my reward.

Well, this is interesting. I am now “today’s winner”. That’s odd. And if you blow up this picture and look at the address bar, the address has changed. That’s also odd. So is the fact that when I look at the bottom left corner, “Susan from Chicago IL” ordered one of these. Why would anyone from the United States have anything to do with CAA? But the key point is that you have to pay $9.95 for shipping. But what the threat actors are actually after is your personal information and credit card details. That way at the very least, they can go to town using your credit card. Or at worst, they can steal your identity.

So, what’s the take home message here? If you get something in your inbox that offers something to you for free, take a good hard look at it as it may be a scam. And if you don’t have any products or services from the company who is claiming that they want to give you something for free, then you should absolutely run in the other direction. And never, ever share any personal information with any random website. Because once you lose control of your personal information, it’s next to impossible to get control of it again.

Leave a comment »

The People Behind The JP Morgan Chase Email #Scam Try Again…. And Fail Miserably

Posted in Commentary with tags on September 18, 2024 by itnerd

Yesterday I brought you the story of a half baked JP Morgan Chase email scam that was making the rounds. Today, it looks like the threat actors have given it another shot as I got this email in my inbox:

Well, they tried harder this time by adding my email address to the body of the email. But the quality of the email in terms of graphics and formatting took a bit of a dive. If it’s the same threat actors, which they are as I will prove in a second, they seriously need to do better. And almost everything that I wrote yesterday still applies here. Though the quality of the English is better this time around. But this wasn’t sent by JP Morgan Chase as evidenced here:

If that email address looks familiar, that’s because it’s the same threat actors that sent the last email. Some of the text has also been recycled from the previous email as well.

And if you click on “Review Account” which you should never do, it takes you to the same website that still doesn’t work. What’s clear here is that whomever is behind this are amateurs. I investigate a lot of these scams and this is pretty poorly executed. And the threat actors behind this have had two cracks at this. At this point, I just have to laugh at how bad this is. But that doesn’t mean you should let your guard down as there are lots of threat actors out there that have scams that actually work. Which means that you need to be on your guard at all times.

Leave a comment »

« Older Entries
Newer Entries »