5000% VPN Demand Surge in Bangladesh During Internet Restrictions

Posted in Commentary with tags on July 29, 2024 by itnerd

VPN Mentor just published a research concerning a massive increase of VPN demand in Bangladesh.

Their research team conducted an analysis of user demand data in Bangladesh during the curfew and internet restrictions imposed by the government amid the violent protests, and they observed a surge of 5016% in VPN demand in the country. 

You will find all the details here: https://www.vpnmentor.com/news/vpn-demand-surge-bangladesh/

Leave a comment »

Rogers Apparently Now Has 2Gbps Internet Speeds

Posted in Commentary with tags on July 28, 2024 by itnerd

A reader tipped me off to the fact that Rogers seems to have rolled out 2Gbps downstream Internet speeds. To confirm this, I hopped over to the Rogers website, punched in my address and saw this:

Rogers now seems to have a “Pro 2G” tier to their Internet offering. Previously their top tier was 1.5 Gbps downstream. Also of note is that the upstream speed is now 200 Mbps which is up from 150 Mbps. And this upstream speed appears to be available on their 250 Mbps package and up. Now while this is an improvement for Rogers, it still doesn’t match the speeds of Bell who are capable of doing Gigabit or faster both ways via fibre. Which means that I am pretty sure that Bell isn’t losing any sleep over this move by Rogers.

In terms of availability, it seems to be pretty widespread in Toronto based on some random address lookups that I did. It may be widespread elsewhere as well. Drop a comment below if you’re actually able to get this where you live.

Leave a comment »

I Got Called To Investigate A Banking #Scam… Here’s What I Found Out

Posted in Commentary with tags on July 28, 2024 by itnerd

I get all sorts of emails and calls from people who have been scammed that are in need of my help. A lot of these scams are ones that I have seen before. But one that I came across recently was really different. And because of that, I want to tell you about it so that you’re aware that scam exists, and as a result you can protect yourself accordingly.

The client out of the blue got an Interac deposit into their bank account. The client had auto deposit turned on, meaning that there doesn’t need to be any human intervention to have the money go straight into someone’s bank account. Thus $700 in this case, just magically appeared in their bank account. The client didn’t recognize the email address that sent the money and found that to be odd. But things escalated from there when less than 24 hours later, the client gets a request for $700 to be withdrawn from her bank account from the same email address that sent the $700 in the first place. There was a note saying that there was a deposit the day before and that was a mistake. As a result the person who sent the money wanted the sender to send the money back to them. One thing that was interesting was that the sender claimed that they were 1 letter off in terms of the email address. Another thing that was interesting was that the sender claimed to have talked to a relative who is a CFO at TD Bank which is one of the “big five” banks in Canada and that CFO directed them to do this. The client was highly suspicious so they called me for help.

Now there’s a bunch of things that I immediately spotted as red flags. Here’s the list:

  • The client had this all happen by email. And the client had an email address that had no relation to their name or anything like that. In fact the email address is a Hebrew word that isn’t commonly known to most of you reading this unless you’re part of the Israeli or Jewish diaspora. And to be sure that the client isn’t a target for anything else, I won’t disclose what that word is. In any case, to be one letter off on this sort of email address would be impossible given the circumstances. What’s more likely to be the case is that they were targeted for this scam somehow.
  • I find it impossible to believe that the sender would happen to have a relative who is a CFO of TD Bank who would direct them to take this course of action. What’s more probable is that this was a means to gain the client’s confidence so that the scam would be more likely to succeed.

So, what is the actual scam? Based on some research, here’s what is likely going on:

  • Someone’s bank account either via phishing or some other means gets hacked.
  • Once inside that bank account, the threat actor uses Interac to transfer money from that hacked bank account to a victim that unwittingly accepts the money into their bank account.
  • Some time later the threat actor asks for the money back claiming that it was a mistake. And the victim sends the money believing that this was a mistake.
  • Unknown to the victim, there’s a fraud investigation going on in relation to the hacked bank account. And when the money is tracked down days, weeks, or months later to the victim’s bank account, the bank will withdraw the stolen money from the victim’s bank account to return it to the rightful owner. Except that the victim has already sent money to the threat actor under the assumption that this was a mistake. So the victim is out the money and the threat actor wins.

I advised the client to call their bank and explain the situation. The client instead asked me to join her at her local bank branch. After having a conversation with first a client service rep, followed by the branch manager, the bank opened a fraud investigation and froze the client’s bank account. The client then filled out a form that said that said that the client didn’t know who this person was who sent them this money. As I type this, the client’s bank account is still frozen. And at the same time, the threat actor keeps pestering them to return “their” money via email. I created a rule in their email client that automatically sent those emails to the trash. But not before telling the threat actor via email that there’s a fraud investigation open and the bank account had been frozen.

Now I am sure that there are many cases where there isn’t a positive ending and that people have lost money due to this scam. Which means that you need to protect yourself from being a victim. The best way to protect yourself is to make sure that you turn off autodeposit. It shouldn’t be on by default. But if you turned it on, I strongly suggest that you turn it off. That way it makes it more difficult for a threat actor to execute this scam as you would have to manually accept the deposit. That brings me to the second means to protect yourself. Which is that if you don’t know the person who is sending you money, you should become suspicious and not accept the deposit. And what will likely happen is that the deposit attempt will expire after a certain amount of time. The end result is that the scam will not be able to be executed and you will be safe. Finally, in the event that a situation like this is actually a mistake. The sender of the funds can escalate with their bank to get the transfer reversed. But to be clear, I am 99% sure that this is not a mistake but a scam.

I’m monitoring this situation as I want to see how this turns out, which is another way of saying that I want to see how long it takes for my client’s life to return to normal. I’ll post an update once I have one. But my advice is to be careful out there because scams are everywhere, and they can hit you at any time.

Leave a comment »

How Well Does PRESTO Support For Apple Watch And iPhone Work? Let’s Find Out!

Posted in Commentary with tags on July 28, 2024 by itnerd

After I wrote this how to guide that details how to add your PRESTO transit card to your Apple Watch and iPhone, I got a number of emails asking about how well things worked. So in the interest of science, I left my car at home on Saturday to visit two clients and pick up some items from a bike shop. With that out of the way, let’s get to it.

I started from my suburban Toronto home and walked over to the subway station. There, I used my Apple Watch to get into the station.

Now the PRESTO card readers in the stations are on the right side, which means that using an Apple Watch requires you to go across your body to tap your Apple Watch on the reader if you wear your watch on your left wrist. That’s likely a non issue for most. But coming from a guy that has broken both collarbones, it’s not exactly comfortable. One thing I need to note is that I have Express Transit Mode enabled so that all I have to do is tap my Apple Watch and go. I feel comfortable having Express Transit Mode enabled for the Apple Watch as someone would have to rip my Apple Watch off my wrist to use it to get onto transit. Conversely, because iPhone theft is a thing that can be snatched out of your hand, I do not have it enabled for my iPhone. That’s because I want to authenticate before I pay for transit.

I traveled to the north part of the city to visit one of my clients which took about an hour. About 30 minutes later I hopped onto the subway again. Because it was within two hours, I should be eligible for a free transfer. And when I tapped, that’s exactly what happened. But four stations into my journey to my next client, I had to go back to the first client to fix a new issue. That took another 30 minutes which required me to pay another fare. At that point I needed to refill the PRESTO card on my Apple Watch. The quickest way to do that is to use your iPhone to do it either via the PRESTO app or on the card itself via the Watch app on your iPhone. Which means that if you travel with only your Apple Watch, you need to preload the PRESTO card on your Apple Watch so that you can get to and from your destination. I chose the latter option.

One thing that is handy is that it keeps track of every time you tap the card.

That’s something that you would normally have to go into the PRESTO app to see if you have a physical PRESTO card. Which assumes that you have the PRESTO card added to the app. If you just have the card, or it’s not in the app, you’re out of luck. One thing that I noted is that the subway is called the “Metro”. Interesting.

In short, using the PRESTO card on my Apple Watch was a total non-event. Everything worked perfectly and it was as if I was using a physical PRESTO card. If you were on the fence in terms of going to using your PRESTO card on your iPhone or Apple Watch, I would say go right ahead. From what I can tell, everything seems to work fine.

Leave a comment »

ServiceNow Vulnerability Chain Disclosed By Assetnote

Posted in Commentary with tags on July 27, 2024 by itnerd

A company named Assetnote has published research on a series of vulnerabilities in ServiceNow which when chained together can create huge problems for those who rely on ServiceNow:

Through the course of three to four weeks, we were able to find a chain of vulnerabilities that allows full database access and full access to any MID servers configured.

The following CVEs were assigned for these issues:

CVE-2024-4879
CVE-2024-5178
CVE-2024-5217

Tom Siu, CISO, Inversion6 had this comment on this research:

The input validation flaw means that regular data entry fields, such as a user login window where a user would type a userid, does not check whether the data inputs are as expected. This means an attack, such as the well known “SQL Injection” attack could be used to gain access to the system’s backend data. The OWASP Top 10 Web vulnerabilities list this as A03:2021 – Injection, where 03 means it is the third most prevalent risk.

Since many customers of ServiceNow include IT Help Desk functionality, a successful attack could reveal critical internal information about users (email, phone numbers), IT issues, and operational challenges the organization manages, permitting well-crafted social engineering attacks.  I could see an attack spoofing a Help Desk support call.

Of major importance for cybersecurity teams – some organizations use ServiceNow to track and manage security events and incidents. The disclosure of this highly sensitive operational security information would be disastrous to IT and cybersecurity teams. Cybersecurity teams should use this risk impact to amplify priority for patch implementation of ServiceNow utilities.

ServiceNow has released mitigations to this chain of vulnerabilities. Thus if you haven’t applied them, now would be a good time to do so. I’d also read the research on this as this clearly is a non trivial chain of vulnerabilities

Leave a comment »

Samsung Unveils Exclusive Galaxy Z Flip6 Olympic Edition, Powered by Galaxy AI, for Paris 2024 Athletes

Posted in Commentary with tags on July 26, 2024 by itnerd

Samsung , a Worldwide Olympic and Paralympic Partner, today revealed the Olympic Edition of its newly announced Galaxy Z Flip6, exclusively designed and customized for all athletes competing at the upcoming Olympic and Paralympic Games Paris 2024. The Galaxy Z Flip6 Olympic Edition continues Samsung’s over three-decade-long legacy of providing its cutting-edge technology and mobile innovations in support of the Games and represents a series of firsts.

The new Olympic Edition for Paris 2024 is the first-ever Olympic Edition to feature Galaxy AI. Designed to elevate the athletes’ Games-time experience from the moment they arrive in Paris, it is the first to come pre-loaded with a full suite of exclusive services and useful apps. In addition, it marks the first time Samsung’s newest product is being made available to athletes before its official market launch. The Galaxy Z Flip6 will also take center stage at the Olympic Games as the first Olympic Edition to play an integral role on the podium.

It boasts the new Galaxy Z Flip6’s compact and versatile design, in a striking yellow colorway adorned with the Olympic rings and Paralympic agitos in gold. To dress up the phone, Samsung partnered with the Parisian Men’s Luxury Maison, Berluti, who designed the Team France’s official outfits for the Paris 2024 Opening Ceremony, to create an exclusive Flipsuit Case that will accompany each device. Made from Venezia leather, each Flipsuit Case has a unique patina featuring a vibrant color mix inspired by the Olympic rings, celebrating the Olympic spirit and values of excellence and unity.

Enhancing the Athletes’ Experience at Paris 2024 with Devices Powered by Galaxy AI

Samsung’s decision to provide its latest addition to the Galaxy portfolio to Paris 2024 athletes before its official market launch stems from the crucial role Galaxy AI technology plays in accelerating a new era of communication, productivity, and creativity on a smartphone. The Galaxy Z Flip6 Olympic Edition includes a range of useful innovations to help athletes open up new experiences throughout the Games, including the following Galaxy AI communication features that will help athletes from around the world connect with ease while in Paris:

Composer – helps to draft emails and social media posts in apps by using simple keywords. For social media app specifically, it even analyzes the tone of past content, making it easier for athletes to express their excitement at some of the competition’s most thrilling or poignant moments.

Live translation – translates phone calls directly on the device in real-time into 16 different languages, making it easy for athletes to call the Olympic hotlines and local contacts in their native language, using Samsung native and select third-party apps.

Interpreter – instantly translates live conversations, allowing athletes to chat with other athletes and volunteers and receive a live translation of what they’re saying on screen – while still speaking face-to-face, thanks to the phone’s unique dual screen.

Athletes can also use Galaxy AI on the Olympic Edition phone to help prepare for competition, enhance their creativity, and capture lifelong memories at Paris 2024, with features including:

  • Instant Slow-mo – allows athletes to record, share and analyze their performances in slow motion, making it easier for them to refine their technique.
  • Photo Assist – enables athletes to get the perfect shot every time, by resizing, repositioning or even removing unwanted objects within photos.

Built-in Services and Apps Making the Olympic and Paralympic Experience Fun and Easy

To make it easier for athletes to use the phone while in Paris and beyond, each Galaxy Z Flip6 Olympic Edition will come with an eSIM of 100GB 5G data in partnership with Orange, and two years of Samsung’s global warranty. Additionally, to keep track of the latest Games-time schedules and travel around the Olympic venues with ease, several official International Olympic Committee (IOC) apps such as Athlete 365, Olympic Shop, Paris 2024, Transport Accred App, and IOC hotline will be pre-loaded. 

Via Samsung Wallet,  it also will come pre-loaded with an in-app pass for free beverages in vending machines located throughout the Olympic and Paralympic Village in partnership with fellow Worldwide Partner, The Coca-Cola Company, and an unlimited complimentary public transport access card, in partnership with Île-de-France Mobilités (IDFM), so they can enjoy touring the city of Paris and its region.

To bring some fun and personalization to the athlete experience, each Galaxy Z Flip6 Olympic Edition will feature a suite of interactive, Paris 2024-themed apps, as well. These include PinQuest and Galaxy Experience for collecting and exchanging real and digital pins during Games-time, Olympic Go!, the official Olympic Game, and Galaxy Skateboard, a new game featuring the Phryges, the Paris 2024 mascots.

Sharing Moments of Victory from the Podium Firsthand

Standing atop the Olympic and Paralympic podium during the medal ceremony and realizing a lifelong dream is one of the most emotional and memorable moments an athlete can experience. Traditionally photographed by accredited media only because athletes have been prohibited from bringing personal belongings — including their mobile phones — to the ceremony, the view has always been captured from a distance and not through an athlete’s own lens.

For the first time in Olympic and Paralympic Games history, Samsung will provide the Galaxy Z Flip6 Olympic Edition for use on the podium at Paris 2024, so athletes can create their own memories and emotions via a new, victory selfie. Samsung’s customized technology will map and sort the athletes’ selfies by sport and upload them to Athlete365 in real-time, which will allow athletes to save and share their iconic moments with family and fans.

The Galaxy Z Flip6 Olympic Edition will be displayed at Olympic rendezvous @ Samsung showcases, including the one at Champs-Elysees 125, starting July 12. In collaboration with the IOC and International Paralympic Committee (IPC), athletes will receive their Galaxy Z Flip6 Olympic Edition from Samsung starting July 18.

Leave a comment »

Aptum and 186Kloud Announce Strategic Partnership 

Posted in Commentary with tags on July 26, 2024 by itnerd

Aptum, a global infrastructure and cloud solutions provider specializing in technology consulting and managed services, today announced a strategic partnership with 186Kloud, a technology services distributor, to deliver innovative cloud services across the UK. 

This partnership combines Aptum’s unique ability to deliver dedicated infrastructure and Azure, AWS and Google Cloud Platform (GCP) managed solutions with 186Kloud’s deep industry knowledge to provide highly customized solutions to UK customers across various industries — including financial services, healthcare, retail and manufacturing.

Empowering Businesses with Advanced Cloud Solutions

With more than 10 years of expertise in cloud transformation and managed services, 186Kloud is a leading UK-based technology provider specializing in advanced cloud offerings and disaster recovery. Through its cloud migration solutions, the company achieves a seamless transition of business operations and data to cloud environments, providing enhanced flexibility, reduced IT costs, and robust protection against data loss. 

With this partnership, 186Kloud will offer Aptum’s modern infrastructurecloud platform and cloud-native solutions to provide customers with the right platform for the right workloads, accelerating enterprise transformation, performance, and growth. Aptum’s expertise with cloud-native platform engineering and operations will also be leveraged.

The agreement between the two organizations is effective immediately.

Leave a comment »

Acadian Ambulance Confirms Cybercriminals Threaten To Leak Data Of 10 Million Patients

Posted in Commentary with tags on July 26, 2024 by itnerd

On Wednesday, Acadian confirmed that it was the victim of a cyberattack in late June that disrupted operations of certain computer systems, and, while the extent of the data theft has yet to be confirmed, ransomware group Daixin is threatening to leak sensitive medical information of 10 million patients on the dark web.

“Upon discovering the activity, our team responded quickly and strategically to lock down systems to prevent any further unauthorized activity and activated backup and redundancy systems to prevent disruption to patient care,” Acadian said.

Acadian was able to continue operating without disrupting patient care, but the investigation into the incident determined that threat actors did access a server containing patients’ protected health information, the company said.

Based on tables that appeared on Daixin’s leak site on Wednesday, the stolen database contains more than 11 million rows of patient records, including patient histories and cases involving suspected drug use, as well as more than 28,000 rows of employee information.

The group claims to have demanded a $7 million ransom but after weeks of negotiating, Acadian claimed it could only pay $173,000 while it attempts to raise more funds.

Emily Phelps, Director, Cyware had this to say:

   “This incident underscores the critical need to protect sensitive health information. Healthcare organizations need to be enabled to adopt continuous monitoring, threat intelligence, and proactive security measures to safeguard against potential threats. Investing in advanced security technologies and fostering industry-wide collaboration are essential steps in enhancing the resilience of healthcare entities.”

Once again a healthcare organization has been pwned by threat actors, and the general public will suffer as a result. This should send a clear message that this is a sector that needs to double down on cyber defences to stop being a soft target for threat actors.

Leave a comment »

Freedom Mobile Rolls Out New Plans That Will Get The Attention Of The Big Three Telcos

Posted in Commentary with tags on July 26, 2024 by itnerd

Freedom Mobile seems to be playing hardball to grab marketshare any way it can. The latest example of that is that the company dropped a bunch of new plans that are sure to get the attention of Rogers, TELUS and Bell.

Let’s start with the plans that went up on their website yesterday:

Some random thoughts:

  • The first thing that I notice is that all three of these plans have Canada, US, and Mexico usage. The Mexico part is new. I am assuming that Freedom is catering to those who travel to Mexico.
  • The second thing that I notice is that the $5 a month credit on all plans that used to be forever is now for 18 months. That’s a bit of a downgrade. But I am guessing that Freedom is going to stop using long term discounts to attract business.
  • Next is the fact that the 75GB and 100GB plans have Roam Beyond access. Meaning that you can affordably travel with your phone without having to buy a local SIM card (which until Freedom came along was the cheapest way to avoid the insanely high roaming prices of the big three telcos). In the case of the 75GB plan, you get 10GB of data and unlimited talk and text. In the case of the 100GB plan, you get 20GB of data and unlimited talk and text.
  • Finally, the 100GB plan adds the option to add a smart watch or tablet to the plan.
  • All these plans are BYOD (Bring Your Own Device)
  • There’s 5G access in Canada, U.S., and Mexico 

In general, I think that all of these plans are a better value than their previous plans. That has my wife and I seriously considering switching to these new plans as a result. Specifically the 100GB plan as that has Apple Watch support. The only question would be if switching would incur the $45 fee that Freedom has when adding devices or switching plans. We’ll have to investigate that and do some math before we pull the trigger.

What these plans do is put pressure on Rogers, TELUS, and Bell as they don’t offer anything this good. And as Freedom’s 5G coverage improves (for example I have seen a speed bump recently on 5G via my iPhone 14 Pro), that’s going to make Freedom a viable option for those who are paying too much elsewhere. I am sure that the big three know this, so it will be interesting to see how they respond to this move by Freedom.

Leave a comment »

PKFail Compromises Secure Boot In The UEFI Ecosystem

Posted in Commentary with tags on July 26, 2024 by itnerd

Binarly, a global firmware and software supply chain security company, released research news on a critical firmware supply-chain security issue affecting devices in the UEFI ecosystem.

The research details on what is know as PKFail calls attention to significant flaws in the Secure Boot process due to untrusted Platform Keys generated by Independent BIOS Vendors (IBVs). This issue undermines the fundamental security mechanisms that protect devices from malicious code and the widespread impact is substantial. This research not only highlights a pervasive problem that has persisted for over a decade but also reveals the alarming scope and potential impact of PKfail on both x86 and ARM devices.

Here’s a link to the Blog and FAQ on PKFail:  http://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem

UPDATE: Rogier Fischer, CEO, Hadrian had this comment:

The PKfail issue is a big deal because it makes it easy for hackers to bypass Secure Boot, like having a master key that unlocks many houses. Since the same keys are used across different devices, one breach can affect many systems, making the problem widespread. This vulnerability has been around for over a decade, affecting hundreds of devices, so it’s not a new issue but a persistent one. Compromised keys mean that malicious software can run as your computer starts up, leading to severe security breaches that are hard to detect and remove. Major manufacturers like Dell, Lenovo, and HP are affected, putting both personal and enterprise systems at risk of data leaks and malware infections.

Cigent CGO Brett Hansen follows with this comment:

  “This is the latest example of the vulnerability of endpoint devices and the continuing focus and innovation of threat actors. The undermining of the secure boot on UEFI ecosystem is a significant vulnerability that can be used to undermine other security capabilities. This vulnerability is addressable – organizations need to place greater emphasis on ensuring the integrity of endpoints and the sensitive data that inevitably resides on them.”

Leave a comment »

« Older Entries
Newer Entries »