Foxit Launches New eSignature Subscription Plans to Streamline Document Workflows

Posted in Commentary with tags on July 10, 2024 by itnerd

Foxit, a leading provider of innovative PDF and eSignature solutions, today announced the launch of two new eSignature subscription plans: Foxit eSign Essentials and Foxit eSign Business. These new offerings cater to the unique needs of individual users and enterprises, providing comprehensive solutions for efficient and legally binding document workflows.

Both plans include global compliance settings, simplified document tracking, robust automation, integrations with popular platforms, payment collection, notary services, and advanced workflow tools.

About Foxit eSign Essentials Plan

Foxit eSign Essentials offers a cost-effective solution for individuals needing streamlined document signing workflows. This plan includes reusable templates for collecting legally binding signatures and Foxit Pay, allowing signers to complete agreements and make payments seamlessly. It’s designed to simplify your signing process and keep your business moving forward efficiently.

About Foxit eSign Business Plan

Foxit eSign Business is an adaptable solution for organizations of all sizes, providing a robust, legally binding eSign platform that enhances typical document workflows. This plan features unlimited envelopes and templates, tracking, reminders, notary services, signature certificates, and Foxit Pay. It also includes global compliance features, API access, and advanced workflows, ensuring a comprehensive and flexible document management experience.

Noteworthy benefits of the Foxit eSign Business plan include:

  • Unlimited Envelopes and Templates: Never miss a deal with unlimited signing capabilities.
  • Foxit Pay: Simplified payment collection integrated into your agreements and quotes.
  • Implementation Support: Accelerate your eSign solution launch with expert help from Foxit.
  • Security & Compliance: Simplify complex compliances, including HIPAA, 21 CFR Part 11, FINRA, CCPA, FERPA, eIDAS, GDPR, SOC 2 Type 2, UETA, and more.
  • Integration Ecosystem: Experience seamless eSign integration with top platforms like Google Workspace, Microsoft Teams, and Salesforce using Foxit eSign. Enhance your document management with smooth workflows and increased productivity. Discover how their Google Workspace eSign integrationMicrosoft Teams eSign integration, and Salesforce eSign integration can streamline your processes and boost efficiency today.

Foxit’s new eSign pricing plans are designed to be simple and straightforward while enhancing and simplifying document workflows for both individuals and businesses, offering a robust and cost-effective solution for all eSignature needs.

To learn more about the new Foxit eSign Essentials and Foxit eSign Business plans, please visit: https://www.foxit.com/esign-pdf/

Leave a comment »

Samsung Announces A Number Of New Products Today

Posted in Products with tags on July 10, 2024 by itnerd

Samsung today is announcing a number of new products. But I got an advance look of them last week so I can speak to them in greater detail. Here’s the four items that really stood out to me.

Let’s start with the new Galaxy Z Flip6:

There’s a couple of variants of this phone with 256GB and 512GB of storage and both are powered by the Octa-core Snapdragon 8 Gen 3 for Galaxy. Both come with 12GB of RAM and come in four colours. The main display is 6.7” with a 1-120 Hz refresh rate and a resolution of 2640 x 1080 FHD+. The Flex Window is a 3.4”, 60 Hz, 720 x 748 display. The rear camera has a 12 MP f/2.2 ultra wide lens and 50 MP f/1.8 wide lens. There’s a fingerprint scanner on the Side. One of the cool things that I saw being demonstrated was this:


It has a live translation function powered by Samsung Galaxy AI that utilizes the Flex Window. You pick the language that you want to translate to and start speaking. The translation appears in the Flex Window. That was pretty cool and I can see it being useful for those who travel a lot.

Next up is this:

This is the Galaxy Z Fold6. Powered by the Octa-core Snapdragon 8 Gen 3 for Galaxy, you can get it in 256GB, 512GB, and 1TB variants in three colours. The main display is 7.6” with a 1-120 Hz refresh rate and a resolution of 2160 x 1856 QXGA+. The cover display is 6.3” with a resolution of 2376 x 968 HD+. In terms of cameras, there’s 12 MP f/2.2 Ultra Wide, 50 MP f/1.8 Wide, 10 MP f/2.4 3x/30x Telephoto. The front camera is a 10 MP f/2.2 4 MP f/1.8 under display camera, and there’s a 10 MP f/2.2 cover camera. And if you look a the side show above, this phone has a feature where you can draw something, and then Samsung Galaxy AI can take that drawing and upscale it in a number of ways.

Here’s a look at the Galaxy Watch Ultra next to my Apple Watch Ultra. It’s a similar size and the screen looks just as bright. It also has grade 4 titanium. In terms of connectivity, it has LTE, WiFi and Bluetooth 5.3. One thing that I really like about this watch is that unlike the Apple Watch, the Samsung Galaxy Watch Ultra has proper recovery metrics and coaching related to that. Being someone who does a lot of athletic activities, this is something that really matters to me as I want to know if I can put in a really hard training session or if I should take a rest day.

Finally, I am holding the Galaxy Buds3 Pro. It has Adaptive ANC & EQ and Auto Noise Adjustment among other features. With up to four hours of talk time and up to 7 hours of playback time, these would be a great match for any of the Galaxy products that I have previously mentioned.

The Galaxy Z Fold6, Z Flip6 and Galaxy Buds3 series will be available for pre-order starting today with general availability starting July 24.

1 Comment »

Cybersecurity Agencies Issue Warning About APT40

Posted in Commentary with tags on July 10, 2024 by itnerd

This is something that you should likely pay attention to.  Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about  China-linked cyber espionage group APT40 and its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release. Which is of course very bad for all of us.

Rogier Fischer, CEO, Hadrian had this comment:

“We know of its existence since 2009. For the past 15 years, this Chinese state-sponsored threat group has been targeting maritime, defense, aerospace, engineering, and research institutions across the United States, Europe, and Asia-Pacific,” observed Rogier Fischer, CEO of Dutch cybersecurity service Hadrian.

Although its modus operandi includes old-as-the-earth methods such as spear-phishing campaigns, exploitation of web vulnerabilities, deployment of custom malware, and credential harvesting, they stand apart by utilising advanced persistence mechanisms, robust command and control infrastructure, and obfuscation techniques to evade detection, he explained.

According to him, understanding APT40’s strategic targeting helps prioritise defenses around critical sectors and sensitive data.

“To protect against APT40, it is essential to implement advanced threat detection systems and maintain continuous network monitoring to identify and respond to suspicious activities,” he said.”Regularly update and patch software to close exploitable vulnerabilities. Segment networks to limit lateral movement and develop a robust incident response plan to quickly address and mitigate security incidents,” he added.

These sorts of warnings don’t come out every day. Thus they need to be heeded and action needs to be taken so that organizations don’t end up becoming the next victim of groups like APT40.

Leave a comment »

Datadobi Appoints Denise Natali, Vice President, Americas Sales 

Posted in Commentary with tags on July 10, 2024 by itnerd

Datadobi, a global leader in Hybrid Cloud Data Services, today announced the appointment of Denise Natali to the position of Vice President of Americas Sales. In this newly created position, Natali will report directly to CRO and Co-Founder Michael Jack and be responsible for developing and executing revenue growth strategies, growing and leading Datadobi’s high-performance sales team, and ensuring Datadobi customers remain the most highly satisfied across the industry. 

Natali comes to Datadobi with an enviable track record and expertise in organizational transformation and expansion, as well as cybersecurity, digital modernization, and cloud solutions. Before Datadobi, Natali served as Vice President at Cox Communications, Regional Director of Enterprise Sales at Lumen Technologies, and Vice President of Sales at FastPay. She is a military veteran, having served her country in the US Army as a Military Intelligence Officer. She is also an award-winning cartoonist and a published author. 

For more information about Datadobi please visit https://datadobi.com.

Leave a comment »

Cytactic Raises $16 Million Seed Funding Round Led by Evolution Equity Partners to Help Companies Prepare and Respond to a Cyber Crisis

Posted in Commentary with tags on July 10, 2024 by itnerd

Cytactic, the platform pioneering cyber crisis readiness and management, announced today a $16 million seed funding round led by Evolution Equity Partners, a renowned cybersecurity venture capital fund.

Businesses are scrambling to fortify their defenses against cyber threats, recognizing the widespread impact and complexity of such crises. However, studies show that most companies are not resilient in case of a cyber crisis. A new approach is crucial—one that integrates cyber crisis preparation, response management, and recoveryinto a unified, user-friendly platform accessible to all relevant roles and market sectors. This is where Cytactic comes in.

Cytactic, a market-leading SaaS platform is an innovation-forward, holistic, intuitive solution that consolidates crisis readiness, response, and recovery tailored to versatile business profiles and risk landscapes. It empowers organizations to handle the mounting threat to their business in case of a cyber crisis with a simplified, orchestrated, step-by-step methodology involving all relevant stakeholders and roles.

Cytactic’s platform emerged as a response to the devastating losses experienced by numerous organizations due to cyber incidents. Many of them are a direct result of poor synchronization among stakeholders, inadequate information flow, complex decision-making processes when rapid response is required, the involvement of numerous stakeholders, and more. Proper emphasis on readiness, coordinated management, and swift recovery can mitigate crisis impacts and potentially avert some threats altogether.

Recent numbers provide a clear picture. Leading research and consulting firm Gartner forecasts that by 2025, 75% of IT organizations will face ransomware attacks. With the average data breach costing $8.64 million last year, regulations are tightening in the US and EU. Consequently, CISO professional liability and insurance are becoming critical issues, underscoring the urgent need for robust cybersecurity resilience.

Gartner also recently published a cybersecurity study that places preparation and focus on synchronized readiness and management as a key factor to increasing the chances for a successful outcome when handling such complex cases: “Conducting incident response planning and having a formal third-party contingency plan increased Third-Party Cyber Risk Management effectiveness by 42% and 43% respectively”

Leave a comment »

New poll finds that half of Canadians are concerned about generative artificial intelligence and the spread of misinformation

Posted in Commentary with tags on July 10, 2024 by itnerd

A new poll commissioned by CIRA suggests that generative artificial intelligence (AI) and the spread of misinformation are top-of-mind for many internet users across the country. These results arrive months ahead of a U.S. presidential election and a Canadian election next year—a critical time for people to know what’s true online.

The annual survey found that Canadians’ concerns over AI outweigh their excitement for the tools. Half (51 per cent) say they’re concerned about the technology, while only one-in-five (17 per cent) say they’re excited about the development of AI. Among those concerned, most cite its contribution to the spread of fake images or videos (69 per cent), mis/disinformation (67 per cent) and insufficient regulations/controls on its use (65 per cent).

The spread of fake images and videos is also making an impact on Canadians’ online experiences. Two-in-ten Canadians say they have encountered deepfakes online in the past year and one quarter don’t know whether they have. Only half (51 per cent) of Canadians are confident in their ability to detect fraud and scams online—a drop of 16 per cent from 2023. Half (51 per cent) of Canadians believe that deepfakes are a threat to elections in Canada and other democratic countries.

As Canadians continue to navigate a messy information ecosystem, visiting specific news media sites online remains the top method for accessing news online (35 per cent), followed by Google searches about news events (33 per cent). Notably, since Meta’s decision to remove news content from its Canadian services, only 15 per cent of Canadians report accessing news online via Facebook, a decrease from 34 per cent in 2023.

The findings and more are outlined in CIRA’s 2024 Canada’s Internet Factbook.

Key findings

  • About one-in-six Canadians (16 per cent) say they have used a generative AI tool or platform in the past year.
  • Most Canadians (76 per cent) believe that posting or sharing deepfakes should not be allowed on social media.
  • The top methods for accessing news online are visiting specific news/media sites (35 per cent) and Google searches about news events (33 per cent).
  • Only half (51 per cent) of Canadians say they are confident in their ability to detect fraud/scams online, down from 67 per cent in 2023.
  • Half (53 per cent) of Canadians believe that having a website makes businesses look more credible. 

Canada’s Internet Factbook 2024 was developed by CIRA through an online survey conducted by the Strategic Counsel. A total of two thousand Canadian internet users (18+) were surveyed via an online panel in March 2024. Every year CIRA produces Canada’s Internet Factbook through this research to identify trends in Canadian internet access and use. This year CIRA will post a four-part blog series of the most salient findings from its annual survey. The full research results showcasing the latest Canadian internet trends and online user habits can be found here.

Leave a comment »

The Common Tactic Scammers Use To Try And Fool You… The Netstat Command

Posted in Tips with tags on July 10, 2024 by itnerd

Having worked on exposing scams as well as rescuing people from scams for the last number of years, I’ve noted the tactics that scammers use to get people to part with their hard earned money. One of the more popular tactics that scammers use is the nefarious use of the Netstat command. So, before I get into how scammers use this command, let me explain what this command is.

Netstat is a command that is used to troubleshoot network issues by displaying what is connecting to a computer, and what the computer is connecting to, and how it is making those connections. But the thing is that this only gives you a tiny piece of the picture. You have to run other tools to confirm or deny your suspicions related to whatever problem you have. Wireshark is an example of such a tool. If you really want to get into the weeds on the usage of this command, this Wikipedia article can help you.

If I run this command on my Mac, here’s a partial list of what I get:

Now a lot of this is traffic connected to my web browser with seven tabs open, traffic connected to having Apple Mail open, along with whatever other applications that happened to be open on my Mac when I took this screenshot, and whatever macOS happens to be talking to at that moment. For example iCloud’s back end.

In other words, this is all perfectly normal.

But a scammer will tell you that all of this is due to hackers who are on your computer at that precise moment doing evil things to you. Thus you need the scammer’s help to get rid of these hackers. I’ll cut to the chase and just tell you that they’re lying through their teeth. If it were that easy to find an actual hacker who is on your computer, nobody would get pwned by them.

The thing is, for you to see something like this, it likely means that the scammer has connected to your computer using a remote access tool so that they could execute this command. That’s really bad. Your best course of action is to instantly turn off your computer, hang up on the scammer. Then call an actual computer professional to look at the computer to see what the scammer did to it. Chances are that they’ve installed other software to allow them to access it any time they please. Which is of course really, really bad and that software needs to be removed ASAP.

In the coming weeks, I’ll be exposing other tactics that scammers use to separate you from your money. Because if you know how they work, you’ll be less likely to fall for a scam. And if there’s something that you want me to cover, please drop me a comment and let me know.

Leave a comment »

Today Is Patch Tuesday…. And It’s Far From Trivial This Time Around

Posted in Commentary with tags on July 9, 2024 by itnerd

Today, Microsoft released security updates, addressing more than 142 flaws, 2 actively exploited, and 2 publicly disclosed zero-day vulnerabilities. Alongside the security updates, fixes were provided for 5 critical vulnerabilities in the category of remote code execution. If you want to go into the weeds on these fixes, Bleeping Computer has the details.

Tom Marsland, VP of Technology, Cloud Range, and Board Chairman of VetSec had this comment on today’s Patch Tuesday release:

This month’s patch Tuesday fixed five critical vulnerabilities, all of them being the more dangerous category of “remote code execution” vulnerabilities. These vulnerabilities exist in Microsoft SharePoint Server, Windows Imaging Component, and in three places within the Windows Remote Desktop Licensing Service, where an attacker could gain the ability to execute code on that server. Microsoft recommends disabling the Remote Desktop Licensing Service if it is not required in your environments and updating it as soon as possible. In SharePoint Server, a user with the Site Owner privileges could upload a file allowing them to execute the server’s code. This could be a very critical vector in the area of Insider Threats, where users with relatively low levels of access (in this case, a corporate intranet web editor) could gain system level access on a network infrastructure server. Lack of role separation and password reuse could then enable the threat actor to cause significant damage to the network.

As usually is the case at this time of the month, it’s time to patch all the things.

Leave a comment »

Security Pros Admit to Using Unauthorized SaaS and AI (Despite the Risk) – NextDLP

Posted in Commentary with tags on July 9, 2024 by itnerd

Next DLP today revealed that nearly three-quarters (73%) of security professionals admit to using SaaS applications that had not been provided by their company’s IT team in the past year. This is despite the fact that they are acutely aware of the risks, with respondents naming data loss (65%), lack of visibility and control (62%), and data breaches (52%) as the top risks of using unauthorized tools. Adding to this, one in ten admitted they were certain their organization had suffered a data breach or data loss as a result.

A survey of more than 250 global security professionals, conducted at RSA Conference 2024 and Infosecurity Europe 2024, also revealed that despite having a laissez-faire attitude towards Shadow SaaS, security professionals have taken a more cautious approach to GenAI usage. Half of the respondents highlighted that AI use had been restricted to certain job functions and roles in their organization, while 16% had banned the technology completely. Adding to this, 46% of organizations have implemented tools and policies to control employees’ use of GenAI.

The research also provided a snapshot of how security professionals view their organization’s training and overall understanding of the risks of Shadow SaaS:

  • 40% of security professionals do not think employees properly understand the data security risks associated with Shadow SaaS and AI.
  • Yet, they are doing little to combat this risk. Only 37% of security professionals had developed clear policies and consequences for using these tools, with even less (28%) promoting approved alternatives to combat usage.
  • Only half had received guidance and updated policies on Shadow SaaS and AI in the past six months, with one in five admitting to never receiving this.
  • Additionally, nearly one-fifth of security professionals were unaware of whether their company had updated policies or provided training on these risks, indicating a need for further awareness and education.

For further insights into the survey results, please see the full results report linked here. Or, for more information about Shadow SaaS and AI, and the possible defenses, visit the Next DLP website.

Methodology

The survey of more than 250 global security professionals was conducted at RSA Conference 2024 and Infosecurity Europe 2024. Each respondent was asked the same ten questions surrounding Shadow SaaS and Shadow AI usage within their organization, the implied security risks, and the policies and security tools their company has in place.

Leave a comment »

Bank CEO’s To Testify On Capitol Hill About Fraudulent Zelle Transfers Connected To Scams

Posted in Commentary with tags on July 9, 2024 by itnerd

People get hit by scammers all too frequently these days. I know this because I am often tasked with trying to rescue them from said scams. And the number one way that Americans lose money to scams is via Zelle transfers. For those who haven’t heard of Zelle, here’s what Wikipedia says:

Zelle is a United States–based digital payments network run by a private financial services company owned by the banks Bank of America, Truist, Capital One, JPMorgan Chase, PNC Bank, U.S. Bank, and Wells Fargo. The Zelle service enables individuals to electronically transfer money from their bank account to another registered user’s bank account using a mobile device or the website of a participating banking institution. There is no fee or charge on the transaction. 

Now the banks above have been under pressure to refund money to consumers who have been defrauded in this manner via scammers who use Zelle to send money from consumers to themselves. But they’ve pushed back on this to some degree:

JPMorgan Chase, Bank of America and Wells Fargo have reportedly agreed to testify at a US Senate hearing over hundreds of millions of dollars in fraud on the payments network Zelle.

Executives involved in the banks’ payment operations are expected to appear on July 23rd, reports Politico, citing sources who were allowed to speak anonymously about the plan.

The hearing will be held by the Permanent Subcommittee on Investigations, which says the banking giants’ customers reported $456 million in fraudulent transactions on Zelle in 2022 – with the banks refusing to reimburse $115 million in claims.

That’s where The Electronic Fund Transfer Act comes in. This is meant to protect consumers from this sort of thing. Here’s what John Gunn, CEO, Token had to say:

Consumers are very well protected in the United States, much more so than other Western Countries. Because the cybercriminals are most frequently based in enemy states, criminal prosecutions are very few and far between.

The ETPA has been remarkably effective in protecting consumers. It is likely that consumers have received billions of dollars of reimbursements over the years. But you also have to look at the level of involvement of the consumer and their actions. The ETPA was not enacted to absolve consumers for any responsibility in safeguarding their accounts. This is the digital age, when someone is a victim of fraud it invariably involves funds being transferred electronically from a victim to a criminal. Banks cannot possibly take on responsibility for every instance of fraud involving electronic funds transfers.

Banks and the media invest considerable time and effort in training consumers to spot scams and fraud. Consumers need to invest more time in learning how to spot fraud and to follow basic rules about not clicking on unknown links and not trusting unknown individuals who claim to work for their bank.

Banks do a lot of work to educate their customers. If you have used Zelle, you have seen, and hopefully read, the obvious warnings. Collectively, banks invest billions in fighting fraud and protecting their customers. Cybercriminals are now using generative AI and other advanced tools that pull the victim’s information from social media to attack consumers and this requires a higher level of care and diligence by consumers.

The regulatory framework is already very strong and should not be changed to protect consumers from their own negligent behavior. If we subscribe to this way of thinking then every customer has to pay for this. Why should those who are careful to avoid scams and fraud pay for the carelessness of those who are not?

Because I deal with scams, I would argue that there are all sorts of areas where improvements could be made. Education is one as there isn’t enough of that. But regulation is another as that needs to always evolve to meet new and emerging threats. I for one will be really interested to see what comes of these hearings, and what these CEO’s have to say.

Leave a comment »

« Older Entries
Newer Entries »