RansomHub Leaks 175 GB of Data from Clinical Research Institute 

Posted in Commentary with tags on July 29, 2024 by itnerd

Safety Detectives just published a report regarding a ransomware attack and subsequent data leak affecting Boston’s Baim Institute for Clinical Research. 

Their cybersecurity team stumbled upon a post in which the ransomware group “RansomHub” stated that they acquired 175 GB of data from the Baim Institute, after the leakage of the data they reviewed a sample of it and could find: 

  • clinical trials programs; 
  • invoices tracking files showing lists of sponsors, projects, doctors’ names and rates; 
  • study access request forms, which display the employee’s full name, email address, and phone number and more. 

You will find all the details to their findings here: https://www.safetydetectives.com/news/biam-leak-report/

Leave a comment »

New Vital Controls to Achieve PCI DSS 4.0 Compliance Now Available in Fortra Managed WAF

Posted in Commentary with tags on July 29, 2024 by itnerd

Fortra today announced a significant update to its managed application firewall (WAF) solution that aims to reduce client-side risk and protect users from data-stealing attacks in the browser, as outlined in new requirements in PCI DSS 4.0.

Fortra Managed WAF now includes enhanced client-side protection controls to eliminate reflected and inline cross-site scripting (XSS) attacks. This additional security helps Fortra customers meet and exceed PCI DSS 4.0 XSS controls in requirements 6.4.3 and 11.6.1, protecting users’ payment information from in-browser data-stealing attacks like Magecart.

A WAF is an essential element of a security strategy for any organization with a web presence and APIs. Fortra solves the most significant challenge of optimizing the protection provided by a WAF through its managed services for SMEs to Fortune 500 customers.

Fortra Managed WAF is the only WAF solution that enforces the execution of active items in the browser, regardless of whether they are delivered via inline, first, or third-party scripts. With this release, Fortra Managed WAF closes a gap that still is prevalent in competitors’ WAFs where they are unable to comprehensively address inline script integrity enforcement, a delivery mechanism used by most websites. 

Learn more about the enhancements to Fortra Managed WAF through a free demo

Leave a comment »

5000% VPN Demand Surge in Bangladesh During Internet Restrictions

Posted in Commentary with tags on July 29, 2024 by itnerd

VPN Mentor just published a research concerning a massive increase of VPN demand in Bangladesh.

Their research team conducted an analysis of user demand data in Bangladesh during the curfew and internet restrictions imposed by the government amid the violent protests, and they observed a surge of 5016% in VPN demand in the country. 

You will find all the details here: https://www.vpnmentor.com/news/vpn-demand-surge-bangladesh/

Leave a comment »

Rogers Apparently Now Has 2Gbps Internet Speeds

Posted in Commentary with tags on July 28, 2024 by itnerd

A reader tipped me off to the fact that Rogers seems to have rolled out 2Gbps downstream Internet speeds. To confirm this, I hopped over to the Rogers website, punched in my address and saw this:

Rogers now seems to have a “Pro 2G” tier to their Internet offering. Previously their top tier was 1.5 Gbps downstream. Also of note is that the upstream speed is now 200 Mbps which is up from 150 Mbps. And this upstream speed appears to be available on their 250 Mbps package and up. Now while this is an improvement for Rogers, it still doesn’t match the speeds of Bell who are capable of doing Gigabit or faster both ways via fibre. Which means that I am pretty sure that Bell isn’t losing any sleep over this move by Rogers.

In terms of availability, it seems to be pretty widespread in Toronto based on some random address lookups that I did. It may be widespread elsewhere as well. Drop a comment below if you’re actually able to get this where you live.

Leave a comment »

I Got Called To Investigate A Banking #Scam… Here’s What I Found Out

Posted in Commentary with tags on July 28, 2024 by itnerd

I get all sorts of emails and calls from people who have been scammed that are in need of my help. A lot of these scams are ones that I have seen before. But one that I came across recently was really different. And because of that, I want to tell you about it so that you’re aware that scam exists, and as a result you can protect yourself accordingly.

The client out of the blue got an Interac deposit into their bank account. The client had auto deposit turned on, meaning that there doesn’t need to be any human intervention to have the money go straight into someone’s bank account. Thus $700 in this case, just magically appeared in their bank account. The client didn’t recognize the email address that sent the money and found that to be odd. But things escalated from there when less than 24 hours later, the client gets a request for $700 to be withdrawn from her bank account from the same email address that sent the $700 in the first place. There was a note saying that there was a deposit the day before and that was a mistake. As a result the person who sent the money wanted the sender to send the money back to them. One thing that was interesting was that the sender claimed that they were 1 letter off in terms of the email address. Another thing that was interesting was that the sender claimed to have talked to a relative who is a CFO at TD Bank which is one of the “big five” banks in Canada and that CFO directed them to do this. The client was highly suspicious so they called me for help.

Now there’s a bunch of things that I immediately spotted as red flags. Here’s the list:

  • The client had this all happen by email. And the client had an email address that had no relation to their name or anything like that. In fact the email address is a Hebrew word that isn’t commonly known to most of you reading this unless you’re part of the Israeli or Jewish diaspora. And to be sure that the client isn’t a target for anything else, I won’t disclose what that word is. In any case, to be one letter off on this sort of email address would be impossible given the circumstances. What’s more likely to be the case is that they were targeted for this scam somehow.
  • I find it impossible to believe that the sender would happen to have a relative who is a CFO of TD Bank who would direct them to take this course of action. What’s more probable is that this was a means to gain the client’s confidence so that the scam would be more likely to succeed.

So, what is the actual scam? Based on some research, here’s what is likely going on:

  • Someone’s bank account either via phishing or some other means gets hacked.
  • Once inside that bank account, the threat actor uses Interac to transfer money from that hacked bank account to a victim that unwittingly accepts the money into their bank account.
  • Some time later the threat actor asks for the money back claiming that it was a mistake. And the victim sends the money believing that this was a mistake.
  • Unknown to the victim, there’s a fraud investigation going on in relation to the hacked bank account. And when the money is tracked down days, weeks, or months later to the victim’s bank account, the bank will withdraw the stolen money from the victim’s bank account to return it to the rightful owner. Except that the victim has already sent money to the threat actor under the assumption that this was a mistake. So the victim is out the money and the threat actor wins.

I advised the client to call their bank and explain the situation. The client instead asked me to join her at her local bank branch. After having a conversation with first a client service rep, followed by the branch manager, the bank opened a fraud investigation and froze the client’s bank account. The client then filled out a form that said that said that the client didn’t know who this person was who sent them this money. As I type this, the client’s bank account is still frozen. And at the same time, the threat actor keeps pestering them to return “their” money via email. I created a rule in their email client that automatically sent those emails to the trash. But not before telling the threat actor via email that there’s a fraud investigation open and the bank account had been frozen.

Now I am sure that there are many cases where there isn’t a positive ending and that people have lost money due to this scam. Which means that you need to protect yourself from being a victim. The best way to protect yourself is to make sure that you turn off autodeposit. It shouldn’t be on by default. But if you turned it on, I strongly suggest that you turn it off. That way it makes it more difficult for a threat actor to execute this scam as you would have to manually accept the deposit. That brings me to the second means to protect yourself. Which is that if you don’t know the person who is sending you money, you should become suspicious and not accept the deposit. And what will likely happen is that the deposit attempt will expire after a certain amount of time. The end result is that the scam will not be able to be executed and you will be safe. Finally, in the event that a situation like this is actually a mistake. The sender of the funds can escalate with their bank to get the transfer reversed. But to be clear, I am 99% sure that this is not a mistake but a scam.

I’m monitoring this situation as I want to see how this turns out, which is another way of saying that I want to see how long it takes for my client’s life to return to normal. I’ll post an update once I have one. But my advice is to be careful out there because scams are everywhere, and they can hit you at any time.

Leave a comment »

How Well Does PRESTO Support For Apple Watch And iPhone Work? Let’s Find Out!

Posted in Commentary with tags on July 28, 2024 by itnerd

After I wrote this how to guide that details how to add your PRESTO transit card to your Apple Watch and iPhone, I got a number of emails asking about how well things worked. So in the interest of science, I left my car at home on Saturday to visit two clients and pick up some items from a bike shop. With that out of the way, let’s get to it.

I started from my suburban Toronto home and walked over to the subway station. There, I used my Apple Watch to get into the station.

Now the PRESTO card readers in the stations are on the right side, which means that using an Apple Watch requires you to go across your body to tap your Apple Watch on the reader if you wear your watch on your left wrist. That’s likely a non issue for most. But coming from a guy that has broken both collarbones, it’s not exactly comfortable. One thing I need to note is that I have Express Transit Mode enabled so that all I have to do is tap my Apple Watch and go. I feel comfortable having Express Transit Mode enabled for the Apple Watch as someone would have to rip my Apple Watch off my wrist to use it to get onto transit. Conversely, because iPhone theft is a thing that can be snatched out of your hand, I do not have it enabled for my iPhone. That’s because I want to authenticate before I pay for transit.

I traveled to the north part of the city to visit one of my clients which took about an hour. About 30 minutes later I hopped onto the subway again. Because it was within two hours, I should be eligible for a free transfer. And when I tapped, that’s exactly what happened. But four stations into my journey to my next client, I had to go back to the first client to fix a new issue. That took another 30 minutes which required me to pay another fare. At that point I needed to refill the PRESTO card on my Apple Watch. The quickest way to do that is to use your iPhone to do it either via the PRESTO app or on the card itself via the Watch app on your iPhone. Which means that if you travel with only your Apple Watch, you need to preload the PRESTO card on your Apple Watch so that you can get to and from your destination. I chose the latter option.

One thing that is handy is that it keeps track of every time you tap the card.

That’s something that you would normally have to go into the PRESTO app to see if you have a physical PRESTO card. Which assumes that you have the PRESTO card added to the app. If you just have the card, or it’s not in the app, you’re out of luck. One thing that I noted is that the subway is called the “Metro”. Interesting.

In short, using the PRESTO card on my Apple Watch was a total non-event. Everything worked perfectly and it was as if I was using a physical PRESTO card. If you were on the fence in terms of going to using your PRESTO card on your iPhone or Apple Watch, I would say go right ahead. From what I can tell, everything seems to work fine.

Leave a comment »

ServiceNow Vulnerability Chain Disclosed By Assetnote

Posted in Commentary with tags on July 27, 2024 by itnerd

A company named Assetnote has published research on a series of vulnerabilities in ServiceNow which when chained together can create huge problems for those who rely on ServiceNow:

Through the course of three to four weeks, we were able to find a chain of vulnerabilities that allows full database access and full access to any MID servers configured.

The following CVEs were assigned for these issues:

CVE-2024-4879
CVE-2024-5178
CVE-2024-5217

Tom Siu, CISO, Inversion6 had this comment on this research:

The input validation flaw means that regular data entry fields, such as a user login window where a user would type a userid, does not check whether the data inputs are as expected. This means an attack, such as the well known “SQL Injection” attack could be used to gain access to the system’s backend data. The OWASP Top 10 Web vulnerabilities list this as A03:2021 – Injection, where 03 means it is the third most prevalent risk.

Since many customers of ServiceNow include IT Help Desk functionality, a successful attack could reveal critical internal information about users (email, phone numbers), IT issues, and operational challenges the organization manages, permitting well-crafted social engineering attacks.  I could see an attack spoofing a Help Desk support call.

Of major importance for cybersecurity teams – some organizations use ServiceNow to track and manage security events and incidents. The disclosure of this highly sensitive operational security information would be disastrous to IT and cybersecurity teams. Cybersecurity teams should use this risk impact to amplify priority for patch implementation of ServiceNow utilities.

ServiceNow has released mitigations to this chain of vulnerabilities. Thus if you haven’t applied them, now would be a good time to do so. I’d also read the research on this as this clearly is a non trivial chain of vulnerabilities

Leave a comment »

Samsung Unveils Exclusive Galaxy Z Flip6 Olympic Edition, Powered by Galaxy AI, for Paris 2024 Athletes

Posted in Commentary with tags on July 26, 2024 by itnerd

Samsung , a Worldwide Olympic and Paralympic Partner, today revealed the Olympic Edition of its newly announced Galaxy Z Flip6, exclusively designed and customized for all athletes competing at the upcoming Olympic and Paralympic Games Paris 2024. The Galaxy Z Flip6 Olympic Edition continues Samsung’s over three-decade-long legacy of providing its cutting-edge technology and mobile innovations in support of the Games and represents a series of firsts.

The new Olympic Edition for Paris 2024 is the first-ever Olympic Edition to feature Galaxy AI. Designed to elevate the athletes’ Games-time experience from the moment they arrive in Paris, it is the first to come pre-loaded with a full suite of exclusive services and useful apps. In addition, it marks the first time Samsung’s newest product is being made available to athletes before its official market launch. The Galaxy Z Flip6 will also take center stage at the Olympic Games as the first Olympic Edition to play an integral role on the podium.

It boasts the new Galaxy Z Flip6’s compact and versatile design, in a striking yellow colorway adorned with the Olympic rings and Paralympic agitos in gold. To dress up the phone, Samsung partnered with the Parisian Men’s Luxury Maison, Berluti, who designed the Team France’s official outfits for the Paris 2024 Opening Ceremony, to create an exclusive Flipsuit Case that will accompany each device. Made from Venezia leather, each Flipsuit Case has a unique patina featuring a vibrant color mix inspired by the Olympic rings, celebrating the Olympic spirit and values of excellence and unity.

Enhancing the Athletes’ Experience at Paris 2024 with Devices Powered by Galaxy AI

Samsung’s decision to provide its latest addition to the Galaxy portfolio to Paris 2024 athletes before its official market launch stems from the crucial role Galaxy AI technology plays in accelerating a new era of communication, productivity, and creativity on a smartphone. The Galaxy Z Flip6 Olympic Edition includes a range of useful innovations to help athletes open up new experiences throughout the Games, including the following Galaxy AI communication features that will help athletes from around the world connect with ease while in Paris:

Composer – helps to draft emails and social media posts in apps by using simple keywords. For social media app specifically, it even analyzes the tone of past content, making it easier for athletes to express their excitement at some of the competition’s most thrilling or poignant moments.

Live translation – translates phone calls directly on the device in real-time into 16 different languages, making it easy for athletes to call the Olympic hotlines and local contacts in their native language, using Samsung native and select third-party apps.

Interpreter – instantly translates live conversations, allowing athletes to chat with other athletes and volunteers and receive a live translation of what they’re saying on screen – while still speaking face-to-face, thanks to the phone’s unique dual screen.

Athletes can also use Galaxy AI on the Olympic Edition phone to help prepare for competition, enhance their creativity, and capture lifelong memories at Paris 2024, with features including:

  • Instant Slow-mo – allows athletes to record, share and analyze their performances in slow motion, making it easier for them to refine their technique.
  • Photo Assist – enables athletes to get the perfect shot every time, by resizing, repositioning or even removing unwanted objects within photos.

Built-in Services and Apps Making the Olympic and Paralympic Experience Fun and Easy

To make it easier for athletes to use the phone while in Paris and beyond, each Galaxy Z Flip6 Olympic Edition will come with an eSIM of 100GB 5G data in partnership with Orange, and two years of Samsung’s global warranty. Additionally, to keep track of the latest Games-time schedules and travel around the Olympic venues with ease, several official International Olympic Committee (IOC) apps such as Athlete 365, Olympic Shop, Paris 2024, Transport Accred App, and IOC hotline will be pre-loaded. 

Via Samsung Wallet,  it also will come pre-loaded with an in-app pass for free beverages in vending machines located throughout the Olympic and Paralympic Village in partnership with fellow Worldwide Partner, The Coca-Cola Company, and an unlimited complimentary public transport access card, in partnership with Île-de-France Mobilités (IDFM), so they can enjoy touring the city of Paris and its region.

To bring some fun and personalization to the athlete experience, each Galaxy Z Flip6 Olympic Edition will feature a suite of interactive, Paris 2024-themed apps, as well. These include PinQuest and Galaxy Experience for collecting and exchanging real and digital pins during Games-time, Olympic Go!, the official Olympic Game, and Galaxy Skateboard, a new game featuring the Phryges, the Paris 2024 mascots.

Sharing Moments of Victory from the Podium Firsthand

Standing atop the Olympic and Paralympic podium during the medal ceremony and realizing a lifelong dream is one of the most emotional and memorable moments an athlete can experience. Traditionally photographed by accredited media only because athletes have been prohibited from bringing personal belongings — including their mobile phones — to the ceremony, the view has always been captured from a distance and not through an athlete’s own lens.

For the first time in Olympic and Paralympic Games history, Samsung will provide the Galaxy Z Flip6 Olympic Edition for use on the podium at Paris 2024, so athletes can create their own memories and emotions via a new, victory selfie. Samsung’s customized technology will map and sort the athletes’ selfies by sport and upload them to Athlete365 in real-time, which will allow athletes to save and share their iconic moments with family and fans.

The Galaxy Z Flip6 Olympic Edition will be displayed at Olympic rendezvous @ Samsung showcases, including the one at Champs-Elysees 125, starting July 12. In collaboration with the IOC and International Paralympic Committee (IPC), athletes will receive their Galaxy Z Flip6 Olympic Edition from Samsung starting July 18.

Leave a comment »

Aptum and 186Kloud Announce Strategic Partnership 

Posted in Commentary with tags on July 26, 2024 by itnerd

Aptum, a global infrastructure and cloud solutions provider specializing in technology consulting and managed services, today announced a strategic partnership with 186Kloud, a technology services distributor, to deliver innovative cloud services across the UK. 

This partnership combines Aptum’s unique ability to deliver dedicated infrastructure and Azure, AWS and Google Cloud Platform (GCP) managed solutions with 186Kloud’s deep industry knowledge to provide highly customized solutions to UK customers across various industries — including financial services, healthcare, retail and manufacturing.

Empowering Businesses with Advanced Cloud Solutions

With more than 10 years of expertise in cloud transformation and managed services, 186Kloud is a leading UK-based technology provider specializing in advanced cloud offerings and disaster recovery. Through its cloud migration solutions, the company achieves a seamless transition of business operations and data to cloud environments, providing enhanced flexibility, reduced IT costs, and robust protection against data loss. 

With this partnership, 186Kloud will offer Aptum’s modern infrastructurecloud platform and cloud-native solutions to provide customers with the right platform for the right workloads, accelerating enterprise transformation, performance, and growth. Aptum’s expertise with cloud-native platform engineering and operations will also be leveraged.

The agreement between the two organizations is effective immediately.

Leave a comment »

Acadian Ambulance Confirms Cybercriminals Threaten To Leak Data Of 10 Million Patients

Posted in Commentary with tags on July 26, 2024 by itnerd

On Wednesday, Acadian confirmed that it was the victim of a cyberattack in late June that disrupted operations of certain computer systems, and, while the extent of the data theft has yet to be confirmed, ransomware group Daixin is threatening to leak sensitive medical information of 10 million patients on the dark web.

“Upon discovering the activity, our team responded quickly and strategically to lock down systems to prevent any further unauthorized activity and activated backup and redundancy systems to prevent disruption to patient care,” Acadian said.

Acadian was able to continue operating without disrupting patient care, but the investigation into the incident determined that threat actors did access a server containing patients’ protected health information, the company said.

Based on tables that appeared on Daixin’s leak site on Wednesday, the stolen database contains more than 11 million rows of patient records, including patient histories and cases involving suspected drug use, as well as more than 28,000 rows of employee information.

The group claims to have demanded a $7 million ransom but after weeks of negotiating, Acadian claimed it could only pay $173,000 while it attempts to raise more funds.

Emily Phelps, Director, Cyware had this to say:

   “This incident underscores the critical need to protect sensitive health information. Healthcare organizations need to be enabled to adopt continuous monitoring, threat intelligence, and proactive security measures to safeguard against potential threats. Investing in advanced security technologies and fostering industry-wide collaboration are essential steps in enhancing the resilience of healthcare entities.”

Once again a healthcare organization has been pwned by threat actors, and the general public will suffer as a result. This should send a clear message that this is a sector that needs to double down on cyber defences to stop being a soft target for threat actors.

Leave a comment »

« Older Entries
Newer Entries »