Ascension Health Pwned Via A Malicious File Downloaded By An Employee

Posted in Commentary with tags on June 15, 2024 by itnerd

In an update on the recent Ascension Health care breach, officials say the breach was caused by an employee downloading “a malicious file.” 

“An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake.”

The breach caused Ascension’s EHR system to be taken offline, forcing staff to revert to manual, paper-based processes for recording patient information, ordering tests, and managing medications. Patient care was delayed for days.

In the Wednesday update, Ascension said that some services were still being impacted, more than a month after first detecting the breach on May 8th.

On an encouraging note, the provider said that the attackers were only able to steal data from seven of the approximately 25,000 servers in their network.

“At this point, we now have evidence that indicates that the attackers were able to take files from a small number of file servers used by our associates primarily for daily and routine tasks. These servers represent seven of the approximately 25,000 servers across our network.”

Brett Hansen, CGO, Cigent had this to say:

   “It is naive to presume that people are not going to make mistakes and detection and response will prevent incidents.  Employee education and EDR have long  proven to be insufficient – organizations need to augment to include proactive protection of data with technologies including zero-trust access controls.”

Emily Phelps, Director, Cyware follows with this:

   “Like with cybersecurity, in the healthcare industry, trust is everything. This increased transparency could stem the need and ability for healthcare entities to provide more transparency, more quickly. Regulatory requirements and the potential for severe penalties have undoubtedly played a role, but there is also a heightened awareness of the reputational damage that can arise from mishandled incidents.”

This is a prime example of your defences needing to be Muti-layered. As in having multiple layers of defence so that you are way less likely to be pwned by a threat actor. Because by not doing that, you get this exact result.

Leave a comment »

Calling all wellness enthusiasts… the Samsung Galaxy Watch FE is here

Posted in Commentary with tags on June 14, 2024 by itnerd

Yesterday Samsung announced the release of its new Galaxy Watch FE – the perfect watch for every health and wellness enthusiast.

Equipped with Samsung’s advanced BioActive Sensor, the Galaxy Watch FE provides an array of powerful fitness and wellness functions that deliver personalized and actionable tips around the clock. From supporting better sleep to tracking workouts to sending you motivational messages throughout your wellness journey, this watch is with you every step of the way.

Please see below some highlights of the Galaxy Watch FE’s capabilities:

  • Monitors sleep patterns and provides sleep coaching
  • Tracks over 100 different workouts
  • Provides advanced running analysis, helping users not only analyze overall running performance but provides insights and guidance to help prevent injuries and help users meet their goals

The Galaxy Watch FE is also highly customizable, offering a variety of new watch faces and a one-click band that makes it easy to mix and match bands to meet users’ style. It is also made from Sapphire Crystal glass, offering durability and helping protect against scratches during day-to-day use.

Beginning June 26th, the Galaxy Watch FE will becoming available in Canada in a variety of colours including Black, Pink, Gold and Silver. There will also be new watch bands available featuring distinct blue and orange stitching. 

Leave a comment »

Luma AI Launches Dream Machine

Posted in Commentary on June 14, 2024 by itnerd

There’s yet another new AI tool out there. It’s called Dream Machine and it’s made by a company called Luma AI. Here’s what the company promises:

It is a highly scalable and efficient transformer model trained directly on videos making it capable of generating physically accurate, consistent and eventful shots. Dream Machine is our first step towards building a universal imagination engine and it is available to everyone now!

I experimented with it briefly by typing in the following phrase:

“A Hacker dancing down the street celebrating his latest hack”

This is what I got:

This is kind of interesting. I’ll share my thoughts later. But right now I have a comment from Kevin Surace, Chair, Token & “Father of the Virtual Assistant” on this:

Right now the current group of video generators creates very cool very short videos (in this case 5 seconds). This isn’t storytelling and it’s not movie making nor even shorts, and they can’t talk. It’s just in the toy category. Fun to play with. But you cannot do much with a 5 second clip that’s valuable. Being a filmmaker and an applied AI leader for 25 years…my bar is high.

Of course anything A16Z backs gets attention. So it doesn’t hurt. But the question again is what is the current usefulness of this? And at this point the GPU cost of generation is high. And so is their service cost. They promise to generate 5 seconds of video in 2 minutes but for now it’s taking more than 20 minutes. The GPU costs and load are tremendous. I suspect 99% of users won’t renew given the limited usefulness.

A 5 second deep fake is unlikely to convince anyone. And it’s hard to get these models to utilize an ACTUAL living human in them. If someone can jailbreak them, perhaps a 5 second clip might convince someone…but these also all have built-in technology to ID they were AI-generated. I think the risk here is very low.

Deep fakes can hurt company and exec reputations. The biggest concern is around live deep fakes on Zoom and we will all be using wearable biometric check-ins to be sure that whomever we are talking to is the real deal.

This is a valid point. At some point these gimmicky tools will become useful and dangerous. And we need guardrails in place before that happens. Or this will not end well.

Leave a comment »

Horizon3.ai Has A Deep Dive & POC For Ivanti Endpoint Mgr. SQL Injection RCE Vulnerability

Posted in Commentary with tags on June 13, 2024 by itnerd

Horizon3ai Chief Attack Engineer Zach Hanley and the Horizon3.ai Attack Team have just published “CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability.” Their POC can be found here

Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that enables centralized management of devices within an organization. Ivanti is a widely deployed secure access solution across enterprise functions and divisions to reduce costs, optimize service performance, and help support a secure and  agile environment. 

On May 24, 2024, the Zero Day Initiative (ZDI) and Ivanti released the advisory  “Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability” describing a SQL injection resulting in remote code execution with a CVSS score of 9.8.

Leave a comment »

For The Second Day In A Row, Elon Musk Gets Trolled On Twitter

Posted in Commentary with tags on June 13, 2024 by itnerd

Hot on the heels of Elon Musk getting community noted and trolled on Twitter over his rants about the Apple Intelligence/OpenAI partnership, he’s getting trolled again on Twitter. This time it’s about hiding likes so that you can’t see what Twitter posts a particular user liked. I wrote about this here. Well that went into effect in the last 24 hours or so. And the backlash is epic.

You have to believe that in some corner of a Tesla or Twitter office, Elon must bewildered by this response. But to be frank, you can’t be surprised that this is happening. Elon has once again done something that has opened himself up to this sort of response. And most normal people after the first or maybe second time that this happens to them would reconsider their life choices and course correct. But Elon isn’t normal and seems to relish this attention. Why I don’t know because I’m a computer nerd and not a mental health professional. But I will be curious to see if and how Elon reacts to this because that will be interesting to watch.

Leave a comment »

AHEAD Signs Enterprise Services Master Agreement With LA County

Posted in Commentary with tags on June 13, 2024 by itnerd

AHEAD announced today that it has entered Los Angeles County’s Enterprise Systems Management Architecture (ESMA) program, a framework that helps manage and integrate various software applications and systems within the LA County government.

This agreement means that AHEAD meets the required criteria and has been chosen to contribute Information Management, IT Transformation Services, and Privacy Consulting Services to the ESMA program in LA County.

AHEAD can now help drive LA County initiatives in key areas, including infrastructure upgrades, cloud adoption, digital transformation, data management and analytics, cybersecurity enhancement, collaborative tooling and communication, mobile and remote access, and open data initiatives.

Pending approval within additional Privacy Compliance Consulting categories, AHEAD’s service offerings will also include breach and incident management, privacy audits and assessments, data inventory, classification and mapping services, and privacy rights and consent management services.

Leave a comment »

Review: HyperX Cloud Stinger 2 Wireless Headphones

Posted in Products with tags on June 13, 2024 by itnerd

When you speak to competitive gamers, they will all likely say the same thing. Wired is better for winning. Wired mice, wired keyboards, wired all the things. The same is true for headsets. However HyperX is trying to change the game on that front with their HyperX Cloud Stinger 2 Wireless Headphones. Here’s what you get in the box:

Let’s start with the headphones. They are light and comfortable. They didn’t put any real pressure on my head or ears. That means that I can wear them for an extended period of time comfortably. More on that in a bit. There are adjustable and removable memory foam ear cups as part of the deal. Meaning that you can not only dial in your fit, but replace the ear cups when they become too gross to wear. The headband in the middle portion has the same memory foam as well which means that it also provides a fair amount of comfort. The headphones are made of plastic which is fine as I am not expecting AirPods Max type of materials for a gaming headset. One thing that I should note is that the microphone flips up and down. And that’s important because when you flip it up, it mutes you. When you flip it down, your speech becomes audible again. That’s pretty clever.

On the left ear, you get a USB-C port and the power switch. Pro tip: You need to hold the power switch to power these headphones on or off.

On the right side, you get a volume control. One thing that I should note about these headsets is that while they don’t claim to be Mac compatible, they worked just fine and spinning the volume control brought up the volume indicator on the screen. That was kind of neat.

Also included are a USB-C to USB-A cable for charging purposes along with the 2.4 GHz wireless receiver that you need use these headphones.

Here’s some other specs that I pulled off of the HyperX website:

  • Driver: Dynamic, 50mm with neodymium magnets
  • Type: Closed back
  • Frequency response: 10Hz – 20.2 kHz
  • Sensitivity: -12 dBFS/Pa at 1kHz
  • T.H.D: ≤ 2%
  • Microphone
    • Element: Electret condenser microphone
    • Polar Pattern: Bi-directional, Noise-cancelling
    • Sensitivity: -12 dBFS/Pa at 1kHz
  • USB Specification: USB 2.0
  • Bit-Depth: 16-bit
  • Wireless Range: Up to 20m

Now, some random thoughts before I get into the rather unique testing that I did with these headphones:

  • Battery life: HyperX claims 20 hours of battery life with a 3.5 hour recharge time. At the time of writing this review, I had charged them to full and used them for 11 hours without an issue on anything to game playing to Microsoft Teams calls. So 20 hours of battery life seems plausible to me.
  • Setup: This is laughably easy. Plug in the 2.4 GHz receiver into a free USB port, turn on the headset, and set your audio output and input to the headset assuming that you’re on a PC or a Mac and declare victory. For the record, this will also work with a PS5 in a similar manner. But I did not test that as I do not have a PS5.
  • Microphone Quality: People that I talked to had no complaints about being able to hear me clearly over the bi-directional noise-cancelling microphone, especially with the foam windscreen which helps reduce and filter out breathing noise. The key word is reduce because I did find one scenario where this wasn’t the case which I will get to later.
  • Sound Quality: The sound put out by the headset is definitely crisp and clear, and depending on what you use it with, the sound can be quite loud. On the PC side of the fence, you can install their NGENUITY software and use it to not only tweak your sound, but to also unlock DTS Headphone:X Spatial Audio for even better sound.

Now, how did I test these headphones. As most of you know, I use an online cycling platform called Zwift to help me to keep and improve my fitness. You can get more info on that here, and here. But what you likely don’t know is that I am part of an online race team called Galaxy Cycling Club. Galaxy races on Zwift as well as run group rides on the platform as well. I race two or three times a week and one of those times is a team time trial where three to eight riders ride together to get the fastest time possible on a course that is anywhere from 30 to 50 kilometres in length. Here’s a picture of one of the time trials that I was in a few weeks ago:

You can see all of us in a line. That’s done to have the first person in line break the wind, and the others benefit from being in the draft of that person because they are doing about 20% less work than the person at the front of the line. That means you can go faster and have more in the metaphorical gas tank at the end. The person in the front spends 60 to maybe 90 seconds on the front before pulling off and going to the back of the line. That requires constant communication with the rest of the team so that the line is maintained. That’s where these headsets came in handy. I used them in one of these time trials and exposed them to not only sweat, but the sound of two fans that I keep in front of me to keep me cool. I will admit that this is an extreme test of these headphones. Especially since HyperX makes no claims as to water resistance. But I had almost no issues in the one hour and sixteen minutes that I was racing (covering 43K in that time for the record). The only issue that I had was the fans were clearly audible to my teammates which implies the fans overwhelmed the microphone’s ability to cancel out noise. That I do not think will be an issue for most people as most people will have a pair of fans cranked up to the max blowing cool air in front of them.

So after doing that extreme test of the headphones, let me get to the best part about them. The price. They retail for $129.99 CAD normally, but are currently on sale for $20 off. That’s a very good value for considering what these headphones can do for you. If you’re a competitive gamer, and even if you aren’t, these headphones are very much worth a look.

1 Comment »

Bell And Mila Join Forces To Drive AI Innovation In The Telecommunications Sector

Posted in Commentary with tags on June 13, 2024 by itnerd

In line with Bell’s significant investments in AI, this partnership reinforces Bell’s transformation as a technology services leader, harnessing Mila’s groundbreaking research to drive transformative improvements across Bell’s operations. From data analysis and operational efficiency to internet-based applications, Mila’s expertise will accelerate advancements that will enhance the customer experience.

This announcement builds on the 18-month collaborative project Mila and Bell entered into earlier this year to apply deep learning neural network algorithms to Bell’s environment. This technique leverages the transformative power of AI deep learning to teach computers how to process information in a manner inspired by the human brain.

By working more closely with Mila, Bell will continue to champion the exploration of emerging technologies, leveraging Mila’s cutting-edge research and intellectual leadership, collaborating with emerging AI innovators and engaging in scientific discussions. The expertise gained from applying AI within Bell’s operations will be leveraged to empower the entire Canadian business community.

With Mila headquartered in Montréal, Bell will continue developing the city as a key centre for innovation, which includes recently purchased Montréal-based FX Innovation, a leading expert of cloud-focussed managed and professional services and workflow automation solutions, and the technology development team at Bell behind award-winning apps such as MyBell.

Leave a comment »

Unlock Your Job Search Potential with LinkedIn’s New AI-Powered Tools

Posted in Commentary with tags on June 13, 2024 by itnerd

Searching for a job can feel really challenging, especially when the competition is tough. In February 2024, Statistics Canada reported 41,000 new jobs were added. Despite this growth, the unemployment rate still increased by 0.1 percentage points to 5.8%, as more people entered the labour force seeking employment. 

This week, LinkedIn announced several new features and product enhancements aimed at making it easier and more efficient for job seekers to put their skills and experience centerstage and focus their energy on finding the best job for them.  

  • AI powered job search is now available to all Premium subscribers in English worldwide. Jobseekers can discover relevant and tailored job opportunities based on their skills, interests, and preferences and assess how well they’re a fit for a job in seconds.  
  • Conversational Job Search: search for jobs in the same way you’d ask a question, using plain language to find a role that’s the best fit for you. 

Around half of professionals on LinkedIn say writing resumes and cover letters are a painful part of the job search. LinkedIn’s new AI-powered resume feedback and cover letter drafts help ease the experience of applying to roles where your experience and skills align. 

  • Resume Review: Get tailored recommendations on your resume to help save you time and showcase your most relevant skills for the job.  
  • Cover Letter Assistance: With one easy click, we can help you draft a compelling cover letter. By utilizing AI, you can save time, make sure relevant information is included, and increase chances of making a positive impression. 

You can find more detailed information about these new features from LinkedIn’s Rohan Rajiv in his announcement here.

Leave a comment »

HYAS & CyberRey Announce A Partnership

Posted in Commentary on June 13, 2024 by itnerd

HYAS Infosec and CyberRey today announced their partnership to proactively protect the CyberRey client ecosystem against both sophisticated malware and malware-less cyber attacks. The agreement gives CyberRey customers worldwide – and especially those in South Africa and Turkey (where today’s announcement is also issued) – new protection against advanced, undetected adversarial cyber threats and attacks.

The collaboration enhances CyberRey’s comprehensive cybersecurity solutions by integrating the best-in-class protective DNS solution HYAS Protect. HYAS Protect blocks the command and control (C2) communication used by malware, ransomware, phishing, and other forms of cyber attacks to attempte communication to threat actor infrastructure.  

Protective DNS is a critical part of a zero-trust implementation, and essential for an organization’s overall resiliency approach.

CyberRey is a globally recognized cybersecurity solutions provider that helps organizations throughout the United Kingdom, South Africa, and Turkey navigate an ever-changing threat landscape, build robust security postures, and protect critical data.

CyberRey clients can also utilize the advanced threat intelligence solution HYAS Insight to both answer the key questions surrounding each attack and proactively prepare themselves for future attacks by gaining insight into the criminals’ complete campaign architecture.

Leave a comment »

« Older Entries
Newer Entries »