HealthEquity Data Breach Affects 4.3 Million 

Posted in Commentary with tags on July 30, 2024 by itnerd

HealthEquity, Inc., a company that provides health savings accounts (HSAs) and other health financial services, is notifying approximately 4.3 million individuals that their personal and health information was compromised due to a data breach at a third-party vendor. 

HealthEquity responded by taking immediate actions, including “disabling all potentially compromised vendor accounts and terminating all active sessions; blocking all IP addresses associated with threat actor activity; and implementing a global password reset for the impacted vendor.”

The breach was identified on March 25, as disclosed in a regulatory filing with the Maine Attorney General’s Office.

The compromised data may include names, addresses, phone numbers, Social Security numbers, employee IDs, employer details, dependent information, and payment card information. 

The company has not disclosed the identity of the affected vendor but will begin mailing notification letters to the impacted individuals starting August 9.

Ted Miracco, CEO, Approov had this to say:

   “The HealthEquity breach starkly illustrates the dangers of relying solely on passwords for API access within the supply chain. This incident, which compromised not only PHI and PII but also financial information, highlights the extensive potential damage such vulnerabilities can cause. Robust multi-factor authentication, threat analytics for rapid response, and the use of short-lived tokens for API protection are imperative to safeguard sensitive data from similar breaches.”

I will be very interested to see who this vendor is, because this is pretty bad. And it reinforces the fact that when you use third parties, you have to be able to trust those third parties. Because you’re exposed to whatever they haven’t done to protect themselves from getting pwned.

Leave a comment »

Uber Freight Drives Significant Growth in Canada with Innovative LTL Solutions

Posted in Commentary with tags on July 30, 2024 by itnerd

Uber Freight, the leading end-to-end enterprise suite powering intelligent logistics, today announced growth in the Canadian market, propelled by its innovative collaborative shipping model. Since 2021, Uber Freight’s engineered Less-Than-Truckload (LTL) network has expanded by 50%, contributing significantly to the company’s overall Canadian market growth. This translates to approximately $800M (CAD) in total freight under management (FUM).

Uber Freight’s multi-stop LTL network moves more than 10,000 pallets out of the Greater Toronto Area per week, with over 4,500 pallets transported southbound into the United States. By combining shipments from multiple shippers into optimized, multi-stop routes, Uber Freight reduces unnecessary stops and improves overall shipment performance.

Enhancing Cost-Efficiency and Reliability

Traditional LTL shipping often faces challenges such as rate increases and added terminal stops for load sorting and consolidation, impacting on-time performance and cost-effectiveness. Uber Freight’s approach eliminates these extra steps by leveraging its scale and marketplace technology to consolidate shipments based on load size, type, and destination. This streamlines pickup and drop-off processes, resulting in a 95-97% on-time performance (OTP) and saving shippers an average of 10-20% compared to traditional LTL methods.

Real-World Impact

Shippers can manage their LTL loads directly within the Uber Freight Transportation Management System (TMS) for best-in-class freight planning, visibility, and execution, and have access to an expansive pool of domestic and cross-border carriers. Furthermore, Uber Freight’s carrier network supports a variety of goods, including food-grade, chilled, ambient, and frozen LTL shipments.

Uber Freight carriers benefit from an optimal combination of shipments, advanced routing technology, and demand from Uber Freight’s extensive network of shippers. This ensures seamless coordination of backhaul loads, maximizing revenue in both directions.

Pioneering a New Standard in Logistics

Uber Freight is setting a new benchmark in supply chain technology and service, leveraging innovative logistics tools and domain expertise to meet the evolving needs of shippers and carriers. Today, major Canadian-based companies like Bimbo Bakehouse, Dr. Oetker, and Furlani Foods depend on Uber Freight’s collaborative shipping model to move goods across Canada and the United States. With more than $18 billion in global FUM, Uber Freight continues to expand its footprint across North America, committed to delivering industry-leading solutions to shippers and carriers of all sizes.

To get started with Uber Freight LTL, visit https://www.uberfreight.com/carrier-network/ltl-freight.

Leave a comment »

Sage Strengthens Partnership with Microsoft

Posted in Commentary with tags on July 29, 2024 by itnerd

 Sage, a leader in accounting, financial, HR and payroll technology for small and mid-sized businesses (SMBs), today announces new developments in their ongoing partnership with Microsoft. The advancements in Sage Instant Analysis, Sage Active and Sage Network are set to enhance operational efficiency and innovation for SMBs through integrated solutions and cutting-edge technologies.

Enhanced Financial Analysis with Sage Instant Analysis:

As part of Sage Copilot’s reporting and analytics capabilities, Sage Instant Analysis integrates Microsoft Azure OpenAI Service to empower SMBs by unlocking their data. Embedded within Sage Active, this tool can swiftly access financial data from various in-product forms, enabling customers to glean financial insights that might have otherwise been overlooked. With just a click, users receive actionable insights about their company’s financial health, including detailed assessments of strengths, weaknesses, and critical areas such as the balance sheet, cash flow, working capital, and gross profit. This integration makes it easier to manage business activities, boosting productivity and streamlining routine tasks.

Unlike simple automation that uses a template requiring new data input by the customer, Sage Instant Analysis can delve into the details of a company’s year-to-date financial performance by using accounting data already in the system. The service dives beneath the surface of financial reports, using advanced large language model (LLM) engineering through Azure OpenAI Service that not only reads numbers but truly understands them – calculating key ratios and providing rich context for decision-making.

Sage Instant Analysis uses sophisticated prompt engineering models and chaining techniques for easy data ingestion and processing through Azure OpenAI Service. Intelligent cache remembers past calculations, eliminating unnecessary LLM calls. Additionally, detailed logging and analytics provide visibility into how and when the service is being used.

Output from Instant Analysis can be set to a user’s native language – French, Spanish, German or English – based on preferences stored in the user profile.

Built on Microsoft Azure App Service, Cosmos DB and Blob Storage, Instant Analysis, a feature of Sage Active, is available in France, Spain and Germany and is tailored to the evolving needs of European small businesses, allowing them to automate accounting, manage sales and cash flow, and navigate the complexities of European legislation. Helping to create and manage products, optimize sales flows, and generate professional invoices and quotes efficiently, Sage Active streamlines processes so customers can drive growth and innovation across their businesses.

Sage Network – Connected Accounting
Sage Network is transforming the way businesses interact, by automating workflows and synchronizing financial transactions across entities, even those outside the Sage accounting software ecosystem. Sage Network integrates seamlessly into the broader Microsoft ecosystem with connectors to Microsoft Dynamics 365 and Microsoft  365. These integrations enable Dynamics users, along with users of other third-party accounting products and the Sage portfolio, to create an integrated global network. This enhances efficiency by reducing manual data entry and speeding up financial processes.

Sage Connect, the user interface that enables the Sage Network business interconnectivity, offers a simplified, secure platform for managing financial transactions and automating accounts receivable (AR) and accounts payable (AP) workflows, leading to faster payments and improved compliance, including e-invoicing.

For SMBs and Sage’s partner ecosystem, this means accessing a unified platform that not only streamlines financial operations and AR and AP digital workflows, but also opens up new opportunities for collaboration, efficiency, and growth within the Microsoft ecosystem.

HR and Payroll – Enhancing Workforce Management

Sage continues to work with Microsoft on enhanced HR and payroll capabilities, aiming to provide SMBs with advanced tools for more efficient workforce management. 

Enhancements include integrating HR tasks within the flow of work through Microsoft Teams, starting with the highly utilised absence and time off feature of Sage People. Employees can now request various types of leave directly via a chatbot in Microsoft Teams, with approvals managed through the platform and synchronised with Microsoft Outlook calendars to streamline processes.

Additionally, a new interview scheduling feature integrated with Microsoft Outlook , enables recruiters to swiftly coordinate interviews, addressing the fast-paced demands of today’s competitive job market.

Benefits for SMBs and Partners

Sage’s integration with Microsoft brings significant advantages to SMBs and Sage’s partner ecosystem, including:

  • Streamlined Operations: The integration of Sage and Microsoft services simplifies complex workflows, enhancing productivity and efficiency across business functions.
  • Security and Reliability: Sage products hosted on Azure benefit from Microsoft’s dedication to Responsible AI by offering enhanced security, scalability, and reliability, ultimately allowing businesses to operate with confidence in a secure digital environment.
  • Innovative Connectivity: Driving business efficiency through connectivity, enabling a seamless flow of information and financial transactions.

Looking Ahead

Sage is continuously exploring new ways to support SMBs and the wider partner ecosystem to boost operational efficiency and resiliency in a dynamic economic landscape.

Leave a comment »

RansomHub Leaks 175 GB of Data from Clinical Research Institute 

Posted in Commentary with tags on July 29, 2024 by itnerd

Safety Detectives just published a report regarding a ransomware attack and subsequent data leak affecting Boston’s Baim Institute for Clinical Research. 

Their cybersecurity team stumbled upon a post in which the ransomware group “RansomHub” stated that they acquired 175 GB of data from the Baim Institute, after the leakage of the data they reviewed a sample of it and could find: 

  • clinical trials programs; 
  • invoices tracking files showing lists of sponsors, projects, doctors’ names and rates; 
  • study access request forms, which display the employee’s full name, email address, and phone number and more. 

You will find all the details to their findings here: https://www.safetydetectives.com/news/biam-leak-report/

Leave a comment »

New Vital Controls to Achieve PCI DSS 4.0 Compliance Now Available in Fortra Managed WAF

Posted in Commentary with tags on July 29, 2024 by itnerd

Fortra today announced a significant update to its managed application firewall (WAF) solution that aims to reduce client-side risk and protect users from data-stealing attacks in the browser, as outlined in new requirements in PCI DSS 4.0.

Fortra Managed WAF now includes enhanced client-side protection controls to eliminate reflected and inline cross-site scripting (XSS) attacks. This additional security helps Fortra customers meet and exceed PCI DSS 4.0 XSS controls in requirements 6.4.3 and 11.6.1, protecting users’ payment information from in-browser data-stealing attacks like Magecart.

A WAF is an essential element of a security strategy for any organization with a web presence and APIs. Fortra solves the most significant challenge of optimizing the protection provided by a WAF through its managed services for SMEs to Fortune 500 customers.

Fortra Managed WAF is the only WAF solution that enforces the execution of active items in the browser, regardless of whether they are delivered via inline, first, or third-party scripts. With this release, Fortra Managed WAF closes a gap that still is prevalent in competitors’ WAFs where they are unable to comprehensively address inline script integrity enforcement, a delivery mechanism used by most websites. 

Learn more about the enhancements to Fortra Managed WAF through a free demo

Leave a comment »

5000% VPN Demand Surge in Bangladesh During Internet Restrictions

Posted in Commentary with tags on July 29, 2024 by itnerd

VPN Mentor just published a research concerning a massive increase of VPN demand in Bangladesh.

Their research team conducted an analysis of user demand data in Bangladesh during the curfew and internet restrictions imposed by the government amid the violent protests, and they observed a surge of 5016% in VPN demand in the country. 

You will find all the details here: https://www.vpnmentor.com/news/vpn-demand-surge-bangladesh/

Leave a comment »

Rogers Apparently Now Has 2Gbps Internet Speeds

Posted in Commentary with tags on July 28, 2024 by itnerd

A reader tipped me off to the fact that Rogers seems to have rolled out 2Gbps downstream Internet speeds. To confirm this, I hopped over to the Rogers website, punched in my address and saw this:

Rogers now seems to have a “Pro 2G” tier to their Internet offering. Previously their top tier was 1.5 Gbps downstream. Also of note is that the upstream speed is now 200 Mbps which is up from 150 Mbps. And this upstream speed appears to be available on their 250 Mbps package and up. Now while this is an improvement for Rogers, it still doesn’t match the speeds of Bell who are capable of doing Gigabit or faster both ways via fibre. Which means that I am pretty sure that Bell isn’t losing any sleep over this move by Rogers.

In terms of availability, it seems to be pretty widespread in Toronto based on some random address lookups that I did. It may be widespread elsewhere as well. Drop a comment below if you’re actually able to get this where you live.

Leave a comment »

I Got Called To Investigate A Banking #Scam… Here’s What I Found Out

Posted in Commentary with tags on July 28, 2024 by itnerd

I get all sorts of emails and calls from people who have been scammed that are in need of my help. A lot of these scams are ones that I have seen before. But one that I came across recently was really different. And because of that, I want to tell you about it so that you’re aware that scam exists, and as a result you can protect yourself accordingly.

The client out of the blue got an Interac deposit into their bank account. The client had auto deposit turned on, meaning that there doesn’t need to be any human intervention to have the money go straight into someone’s bank account. Thus $700 in this case, just magically appeared in their bank account. The client didn’t recognize the email address that sent the money and found that to be odd. But things escalated from there when less than 24 hours later, the client gets a request for $700 to be withdrawn from her bank account from the same email address that sent the $700 in the first place. There was a note saying that there was a deposit the day before and that was a mistake. As a result the person who sent the money wanted the sender to send the money back to them. One thing that was interesting was that the sender claimed that they were 1 letter off in terms of the email address. Another thing that was interesting was that the sender claimed to have talked to a relative who is a CFO at TD Bank which is one of the “big five” banks in Canada and that CFO directed them to do this. The client was highly suspicious so they called me for help.

Now there’s a bunch of things that I immediately spotted as red flags. Here’s the list:

  • The client had this all happen by email. And the client had an email address that had no relation to their name or anything like that. In fact the email address is a Hebrew word that isn’t commonly known to most of you reading this unless you’re part of the Israeli or Jewish diaspora. And to be sure that the client isn’t a target for anything else, I won’t disclose what that word is. In any case, to be one letter off on this sort of email address would be impossible given the circumstances. What’s more likely to be the case is that they were targeted for this scam somehow.
  • I find it impossible to believe that the sender would happen to have a relative who is a CFO of TD Bank who would direct them to take this course of action. What’s more probable is that this was a means to gain the client’s confidence so that the scam would be more likely to succeed.

So, what is the actual scam? Based on some research, here’s what is likely going on:

  • Someone’s bank account either via phishing or some other means gets hacked.
  • Once inside that bank account, the threat actor uses Interac to transfer money from that hacked bank account to a victim that unwittingly accepts the money into their bank account.
  • Some time later the threat actor asks for the money back claiming that it was a mistake. And the victim sends the money believing that this was a mistake.
  • Unknown to the victim, there’s a fraud investigation going on in relation to the hacked bank account. And when the money is tracked down days, weeks, or months later to the victim’s bank account, the bank will withdraw the stolen money from the victim’s bank account to return it to the rightful owner. Except that the victim has already sent money to the threat actor under the assumption that this was a mistake. So the victim is out the money and the threat actor wins.

I advised the client to call their bank and explain the situation. The client instead asked me to join her at her local bank branch. After having a conversation with first a client service rep, followed by the branch manager, the bank opened a fraud investigation and froze the client’s bank account. The client then filled out a form that said that said that the client didn’t know who this person was who sent them this money. As I type this, the client’s bank account is still frozen. And at the same time, the threat actor keeps pestering them to return “their” money via email. I created a rule in their email client that automatically sent those emails to the trash. But not before telling the threat actor via email that there’s a fraud investigation open and the bank account had been frozen.

Now I am sure that there are many cases where there isn’t a positive ending and that people have lost money due to this scam. Which means that you need to protect yourself from being a victim. The best way to protect yourself is to make sure that you turn off autodeposit. It shouldn’t be on by default. But if you turned it on, I strongly suggest that you turn it off. That way it makes it more difficult for a threat actor to execute this scam as you would have to manually accept the deposit. That brings me to the second means to protect yourself. Which is that if you don’t know the person who is sending you money, you should become suspicious and not accept the deposit. And what will likely happen is that the deposit attempt will expire after a certain amount of time. The end result is that the scam will not be able to be executed and you will be safe. Finally, in the event that a situation like this is actually a mistake. The sender of the funds can escalate with their bank to get the transfer reversed. But to be clear, I am 99% sure that this is not a mistake but a scam.

I’m monitoring this situation as I want to see how this turns out, which is another way of saying that I want to see how long it takes for my client’s life to return to normal. I’ll post an update once I have one. But my advice is to be careful out there because scams are everywhere, and they can hit you at any time.

Leave a comment »

How Well Does PRESTO Support For Apple Watch And iPhone Work? Let’s Find Out!

Posted in Commentary with tags on July 28, 2024 by itnerd

After I wrote this how to guide that details how to add your PRESTO transit card to your Apple Watch and iPhone, I got a number of emails asking about how well things worked. So in the interest of science, I left my car at home on Saturday to visit two clients and pick up some items from a bike shop. With that out of the way, let’s get to it.

I started from my suburban Toronto home and walked over to the subway station. There, I used my Apple Watch to get into the station.

Now the PRESTO card readers in the stations are on the right side, which means that using an Apple Watch requires you to go across your body to tap your Apple Watch on the reader if you wear your watch on your left wrist. That’s likely a non issue for most. But coming from a guy that has broken both collarbones, it’s not exactly comfortable. One thing I need to note is that I have Express Transit Mode enabled so that all I have to do is tap my Apple Watch and go. I feel comfortable having Express Transit Mode enabled for the Apple Watch as someone would have to rip my Apple Watch off my wrist to use it to get onto transit. Conversely, because iPhone theft is a thing that can be snatched out of your hand, I do not have it enabled for my iPhone. That’s because I want to authenticate before I pay for transit.

I traveled to the north part of the city to visit one of my clients which took about an hour. About 30 minutes later I hopped onto the subway again. Because it was within two hours, I should be eligible for a free transfer. And when I tapped, that’s exactly what happened. But four stations into my journey to my next client, I had to go back to the first client to fix a new issue. That took another 30 minutes which required me to pay another fare. At that point I needed to refill the PRESTO card on my Apple Watch. The quickest way to do that is to use your iPhone to do it either via the PRESTO app or on the card itself via the Watch app on your iPhone. Which means that if you travel with only your Apple Watch, you need to preload the PRESTO card on your Apple Watch so that you can get to and from your destination. I chose the latter option.

One thing that is handy is that it keeps track of every time you tap the card.

That’s something that you would normally have to go into the PRESTO app to see if you have a physical PRESTO card. Which assumes that you have the PRESTO card added to the app. If you just have the card, or it’s not in the app, you’re out of luck. One thing that I noted is that the subway is called the “Metro”. Interesting.

In short, using the PRESTO card on my Apple Watch was a total non-event. Everything worked perfectly and it was as if I was using a physical PRESTO card. If you were on the fence in terms of going to using your PRESTO card on your iPhone or Apple Watch, I would say go right ahead. From what I can tell, everything seems to work fine.

Leave a comment »

ServiceNow Vulnerability Chain Disclosed By Assetnote

Posted in Commentary with tags on July 27, 2024 by itnerd

A company named Assetnote has published research on a series of vulnerabilities in ServiceNow which when chained together can create huge problems for those who rely on ServiceNow:

Through the course of three to four weeks, we were able to find a chain of vulnerabilities that allows full database access and full access to any MID servers configured.

The following CVEs were assigned for these issues:

CVE-2024-4879
CVE-2024-5178
CVE-2024-5217

Tom Siu, CISO, Inversion6 had this comment on this research:

The input validation flaw means that regular data entry fields, such as a user login window where a user would type a userid, does not check whether the data inputs are as expected. This means an attack, such as the well known “SQL Injection” attack could be used to gain access to the system’s backend data. The OWASP Top 10 Web vulnerabilities list this as A03:2021 – Injection, where 03 means it is the third most prevalent risk.

Since many customers of ServiceNow include IT Help Desk functionality, a successful attack could reveal critical internal information about users (email, phone numbers), IT issues, and operational challenges the organization manages, permitting well-crafted social engineering attacks.  I could see an attack spoofing a Help Desk support call.

Of major importance for cybersecurity teams – some organizations use ServiceNow to track and manage security events and incidents. The disclosure of this highly sensitive operational security information would be disastrous to IT and cybersecurity teams. Cybersecurity teams should use this risk impact to amplify priority for patch implementation of ServiceNow utilities.

ServiceNow has released mitigations to this chain of vulnerabilities. Thus if you haven’t applied them, now would be a good time to do so. I’d also read the research on this as this clearly is a non trivial chain of vulnerabilities

Leave a comment »

« Older Entries
Newer Entries »