Posted in Commentary with tags Bell on May 30, 2024 by itnerd
Bell has announced the deployment of 3800 MHz spectrum in select areas of Toronto and Kitchener-Waterloo, which will offer customers the country’s fastest mobile technology yet on what is already Canada’s fastest 5G+ wireless network.
With the acquisition of 3800 MHz in 2023, Bell secured the most 5G+ spectrum nationwide, adding high-capacity airwaves critical to the advancement of 5G. Bell 5G+ is expected to be even faster and more responsive, allowing for a superior mobile experience with peak theoretical download speeds of up to 4Gbps in select areas.
In addition to deploying 3800 MHz spectrum, Bell and Samsung are undergoing testing to demonstrate its optimal use. Right now, the two are utilizing 5 Component Carrier aggregation (5CCA) on a smartphone device (Samsung Galaxy S24 series) as a means to unlock the fastest mobile speeds available. The 5CCA technology allows the device to access 3800 MHz spectrum, together with Bell’s other available 5G spectrum. Notably, Bell achieved a significant milestone today becoming the first carrier in North America to successfully conduct a 5CCA test on a smartphone over a live production network leveraging 3800 MHz spectrum. During the field test, download speeds of over 2Gbps were achieved, which Bell confirms are the fastest mobile speeds recorded to date in Canada in the field.
By operating Bell’s 5G+ network on 3800 MHz spectrum, complemented with the existing 3500 MHz spectrum, Bell will deliver faster mobile speeds for things like downloading and streaming high-resolution videos, as well as uploading content to share on social media or for cloud photo backups. Bell’s 5G+ spectrum will also allow for greater capacity to manage more devices that connect to Bell’s wireless network and provide lower latency, which means real-time communication and immersive experiences can take place with lightning-fast response time.
For more details about Bell 5G+, including coverage, pricing, availability and compatible devices, please visit Bell.ca/network.
Posted in Commentary with tags Token on May 30, 2024 by itnerd
Token, a revolutionary provider of secure, wearable authentication solutions, today announced the appointment of Robert Osterwise as Chief Technology Officer (CTO) and Tim Tonges as Chief Revenue Officer (CRO). Osterwise and Tonges join Token’s executive leadership team reporting to CEO John Gunn.
As CTO, Osterwise is responsible for advancing Token’s technology vision. He brings deep expertise across multiple areas including circuit design, firmware, and application development. Most recently, Osterwise held the role of Vice President Advanced Technology, Head of IoT, Digital Innovation, Emerging Technologies at Stanley Black & Decker. Before his tenure at Stanley Black & Decker, Osterwise was Technical Director at AT&T and held senior technology roles at Giesecke & Devrient.
As CRO, Tonges is responsible for Token’s sales strategy, revenue growth, and global expansion of the sales organization. Tonges brings more than 20 years of sales leadership experience with technology and cybersecurity solutions at leading companies including FusionStorm, Bell Microproducts, and Pomeroy. He has a history of driving triple digit growth and establishing category leadership.
About the Token Ring with BioTouchSecure
CISA, an agency of the US DHS, reports that 90% of ransomware losses are the result of phishing attacks and cybercriminals gaining access to networks as legitimate users. Token’s Next-Generation MFA Smart Ring stops these attacks by eliminating the inherent weaknesses in 20-year-old legacy MFA technology.
Token Ring is a simple, easy-to-implement, and user-friendly way to stop ransomware attacks. BioTouchSecure integrates capacitive fingerprint biometrics, the most secure form of user authentication, into an attractive wearable device for the ultimate in user convenience and enterprise security. Token Ring was recently honored with Fast Company’s 2024 World Changing Ideas Award.
Posted in Commentary with tags DMZ on May 29, 2024 by itnerd
DMZ at Toronto Metropolitan University held its fourth annual Black Innovation Summit, where 10 Black-led tech startups from across Canada had the opportunity to pitch their business to a panel of judges for the chance to secure grant prizes to accelerate their growth. Designed to bring together the Black tech ecosystem and celebrate Black excellence, this year’s Black Innovation Summit theme addressed rapid tech advancements and global economic uncertainty, empowering attendees with the tools to navigate today’s startup landscape and build resilience in an ever-changing market.
As a full-day event, the Summit included three curated activities: a networking event that revealed DMZ’s inaugural Black Youth Entrepreneurship Award, roundtable discussions to share insights and foster connections among entrepreneurs, investors, and corporate executives, and a startup pitch competition exclusively for Black founders.
The pitch competition awarded $55,000 CAD in total grant prizes to the top three pitch finalists. Award winners included:
Cleanster, a Montreal-based startup that connects property managers to top-rated cleaners, was named the first-place winner and took home $30,000 CAD.
Woveo, a Calgary-based digital credit union-like fintech platform that offers low-cost credit and helps users build credit, was named the second-place winner, taking home $15,000 CAD.
Outlit, an Ottawa-based startup that helps sales teams close deals by developing AI agents to accelerate contract reviews and shorten sales cycles, was named the third-place winner, taking home $5,000 CAD.
First-place winner Cleanster also received the esteemed People’s Choice Award at the Pitch Competition, awarded by Summit attendees, along with an additional $5,000 CAD prize.
The Black Innovation Summit also unveiled its inaugural Black Youth Entrepreneurship Award, designed to recognize the efforts of a young Black entrepreneur who demonstrates exceptional innovation, leadership, and community impact within Ontario. Taneesha Greaves, a content creator, social media specialist, and Founder of Greaves Media, was awarded the 2024 Black Youth Entrepreneurship Award and a $5,000 grant prize.
The annual Black Innovation Summit serves as the marquee event for DMZ’s Black Innovation Programs (BIP), which were launched in 2019. A first-of-its-kind initiative in Canada, DMZ’s Black Innovation Programs were created to see more Black-led startups in the tech ecosystem and break the perpetual cycle of inequity. To date, DMZ has supported over 1,000 Black-identifying founders and has distributed $2.5 million CAD worth of grants and services.
Black founders in DMZ’s Black Innovation Programs receive additional opportunities and specialized support like grant funding, mentorship opportunities, a peer network, exclusive events, and connections to investors dedicated to supporting Black-led innovation—on top of the standard programming all DMZ founders get.
Black founders looking for hands-on, tailored support to take their business to the next level can learn more about DMZ’s Black Innovation Programs at dmz.to/bip.
Posted in Commentary with tags Scam on May 29, 2024 by itnerd
Before I do anything else, let me explain what a Pig Butchering Scam is. Wired will help me with this part:
Pig butchering scams originated in China, where they came to be known by the Chinese version of the phrase shāzhūpán because of an approach in which attackers essentially fatten victims up and then take everything they’ve got. These scams are typically cryptocurrency schemes, though they can involve other types of financial trading as well.
Scammers cold-contact people on SMS texting or other social media, dating, and communication platforms. Often they’ll simply say “Hi” or something like “Hey Josh, it was fun catching up last week!” If the recipient responds to say that the attacker has the wrong number, the scammer seizes the opportunity to strike up a conversation and guide the victim toward feeling like they’ve hit it off with a new friend. After establishing a rapport, the attacker will introduce the idea that they have been making a lot of money in cryptocurrency investing and suggest the target consider getting involved while they can.
Next, the scammer gets the target set up with a malicious app or web platform that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims can often see curated real-time market data meant to show the potential of the investment. And once the target funds their “investment account,” they can start watching their balance “grow.” Crafting the malicious financial platforms to look legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, like letting victims do a video call with their new “friend” or allowing them to withdraw a little bit of money from the platform to reassure them. The latter is a tactic that scammers also use in traditional Ponzi schemes.
Though the swindle has some new twists, you can still see where it’s going. Once the victim has deposited all the money they have and everything the scammers can get them to borrow, the attackers shut down the account and disappear.
As for the romance scam, the RCMP will help me with that:
A romance scam is when a person creates a false identity and pretends to have romantic feelings for a victim to gain their trust and affection for the purpose of obtaining their money. The scam usually unfolds like this:
Step 1: Fraudsters research potential victims online, including reviewing their social media posts, to develop a tailored strategy for each victim and improve their chances of success.
Step 2: After developing an online relationship and gaining the victim’s trust, the fraudster usually fakes a scenario where they need quick money — such as a crisis or an investment opportunity.
Step 3: The scammer then requests money, cryptocurrency, gifts, or investments. They might also send money to the victim to build further trust or engage the victim as a money mule or courier in an illegal transaction. Eventually the victim becomes aware of the scam, many times after they’ve handed over thousands of dollars, at which point the fraudster stops communicating with them.
So with those explanations out of the way, let me explain why I feel I was targeted in one or the other type of scam.
Early today I got this message over Mastodon after I got followed by this person:
Now I was immediately suspicious right out of the gate as this fits the hallmarks of either type of scam. But in the interest of science. I played along. But at the same time, I poked around this Mastodon profile. In short:
They had been a member of Mastodon since October 2023
They had 14 posts.
Those are sort of red flags. But I needed more evidence to confirm what I was suspecting. And after interacting with this person for a while, I got it:
Scammers will often try to take you off the platform that you meet them on to a place like Telegram to continue the conversation and lead you down the path to separate you from your money. Thus this confirmed that this was some sort of scam. As a result I blocked this person on Mastodon. Honestly, I am surprised that something like this hasn’t happened sooner on Mastodon. Or maybe it has and I wasn’t aware of it. I say that because these scams are easy enough to perpetrate on other types of social media. But the decentralized nature of Mastodon make it way easier to pull something like this off because if a scammer gets caught out, they can set up another account on another Mastodon server and try again.
Regardless of what social media platform that you use, you need to be aware of this sort of thing so that you don’t become a victim. And now, back to your regular scheduled programming.
The newest enhancements allow for more streamlined workflows and will boost productivity for businesses. The enhancements will also give organizations deeper financial insights and advancements in financial reporting, asset management, and operational efficiency!
PwC Control Insights now generally available: Designed with compliance and growth in mind, this tool helps organizations strengthen their financial control environment as they scale with Sage Intacct. It provides a live dashboard allowing organizations to maintain strong financial controls and offer actionable insights with recommendations.
Availability: US, Canada, UK, South Africa, and Australia
Bank transaction assistant file import: With this new guided import experience, users can streamline the process of importing bank data and improving reconciliation efficiency. This saves time and reduces the likelihood of errors, improving the overall reliability of financial data and simplifying the monthly close process.
Availability: US, Canada, UK, Ireland, Australia, France & South Africa
AI timesheets: This AI-powered timesheet solution, Sage Intelligent Time (SIT), is embedded in Sage Intacct to help users gather, organize, and suggest activities for inclusion in timesheets, alongside client, project, and task information. This maximizes billable time and improves the accuracy and efficiency of time tracking, leading to more precise invoicing and revenue recognition.
Availability: US, Canada, UK, South Africa, and Australia
Employee expense allocations: This feature helps to streamline the expense reporting process by allowing users to quickly code expense receipts and leverage the power of transaction allocations. It reduces time-consuming administrative tasks related to expenses and helps maintain compliance with internal policies and external regulations.
Availability: US only
Sage Fixed Asset Management – Purchasing integration: Building on the recent release, this expanded feature helps users create assets directly from purchasing transactions such as vendor invoices. It simplifies data entry and improves asset management, significantly reducing manual efforts. This enhancement also increases the accuracy of asset tracking and ensures that asset-related financials are updated in real-time. As a result, it supports a smoother process from the purchase of assets through to their depreciation and maintenance, providing more streamlined asset lifecycle management.
Availability: US, Canada, UK, Ireland, Australia, France & South Africa
Boosted revenue management: The latest revenue recognition updates drill down into supporting documents meaning that organizations can now more easily understand how deferred revenue progresses and what to expect in the future. Providing an expedited path for recognizing revenue and achieving reconciliations, it now comes with smarter search and filter options, helping organizations to be clear on revenue schedules faster with dimension group filters.
Availability: US, Canada, UK, Ireland, Australia, France & South Africa
Construction enhancements: The latest enhancements mean that construction organizations can automatically calculate key metrics related to project revenue and profitability and review project-based costs and billing with Project-level Work in progress.
Availability: US, Canada, Australia and Early Adopters in the UK
Supplies inventory: This streamlined ordering process provides the ability to track supplies, requisitions and gain insights into usage trends and cost insights across periods. Also manage inventory levels and reorder when needed to avoid availability delays. Employees can enter requisitions for items designated as supplies inventory, such as office or program supplies. Users can easily process requests and monitor status using the workbench.
ThreatLocker, a leading provider of Zero Trust cybersecurity solutions, is proud to announce the launch of its latest data center in Toronto, Canada, less than three months after opening its data center in Sydney, Australia. This initiative will significantly bolster cybersecurity capabilities for Canadian businesses and organizations across various sectors, including the private sector, commonwealth, state, territory, and local governments.
The development of this data center by ThreatLocker® will assist Canadian entities in aligning with baseline cybersecurity controls recommended by the Canadian Centre for Cyber Security, which stem from compliance frameworks like NIST, CISC, ISO/IEC, and ITSG-33. More specifically, ThreatLocker® offers Zero Trust, Least Privilege capabilities in the form of Application Control, Ringfencing, Network Control, and Privilege Access Management solutions, amongst many other options.
ThreatLocker®, founded in 2017 by CEO Danny Jenkins, COO Sami Jenkins, and VP of Quality Assurance John Carolan, protects over 2 million endpoints across more than 40,000 organizations globally. The company provides 24/7/365 Cyber Hero support with an average response time of 60 seconds or less. ThreatLocker®offers a powerful Zero Trust endpoint security platform designed to enable organizations to stop ransomware and other cyberattacks by controlling what software can run in their environments. The combined solutions of ThreatLocker®, including Application Allowlisting, Ringfencing™, Storage Control, Elevation Control, and Endpoint Network Control, lead the cybersecurity market towards a more secure approach by blocking the exploits of unknown application vulnerabilities.
On Friday, Sav-Rx, a prescription management company, filed a breach notification disclosing that it suffered a cyberattack in October 2023, compromising the personal data of over 2,812,336 people in the US.
A&A Services, operating as Sav-RX, is a company that provides prescription drug management services to employers, unions, and other organizations across the U.S.
The impact on its business operations was minimal, systems were restored in a day and prescriptions were shipped on time.
The data exposed included:
Full names
DOBs
SSNs
Emails
Addresses
Phone numbers
Eligibility data
Insurance ID numbers
The breach notification revealed that the hackers first accessed customer data on October 3, 2023.
Sav-Rx stated that it took eight months to send out notices because their initial priority was minimizing interruption to patient care before launching the investigation on the impact of the incident.
In response to the incident, Sav-Rx is setting up a 24/7 security operations center, implementing MFA on critical accounts, network segmentation, enhanced geo-blocking, upgraded firewalls and switches, strengthened Linux security, and BitLocker encryption.
“While Sav-Rx managed to restore operations swiftly, the compromised data—ranging from full names and Social Security numbers to insurance ID numbers—highlights the grave risks posed to individuals’ personal information. The delayed breach notification, which took eight months, reflects the challenges organizations face in balancing immediate operational needs with comprehensive incident response.
“This incident is a stark reminder that cybersecurity cannot be an afterthought. Sav-Rx’s response, including the establishment of a 24/7 security operations center and implementation of multi-factor authentication, network segmentation, and advanced encryption, is commendable. However, these steps, including ransomware containment, should have been proactive measures rather than reactive responses.
“The healthcare sector must prioritize cybersecurity investments and adopt proactive strategies to protect patient data and critical infrastructure. The Sav-Rx breach emphasizes the importance of preparedness and the need for continuous vigilance to safeguard against future attacks.”
“The remediation and implementation plan being conducted post-breach is necessary and good — and if other organizations haven’t done this yet then they are behind — but unfortunately in today’s era it is not sufficient. Given the prolific onslaught of attacks, and the fact that criminals continue to evolve their techniques and attack vectors, everyone needs to include the implementation of cyber resiliency and Protective DNS in their 2024 security plans.”
Everything that this organization is doing now is too late to prevent the damage that is sure to come to those who are affected by this breach. Hopefully someone in Washington is going to call this company on the carpet to explain themselves in detail.
Late last week, ABN Amro Bank NV announced that unauthorized parties may have accessed the data of some of its clients after supplier AddComm was the victim of a ransom-ware attack this month.
AddComm, which distributes documents and tokens to clients and employees for ABN Amro, said in a statement that the hack took place between May 5 and May 17 and disrupted its services for a few days.
At this time, it is not clear what type of data was involved, and ABN Amro said it has no indication that the unauthorized parties have used the data of its clients and that the lender’s systems were not affected.
This comes in the same month that Banco Santander SA said that information of clients and staff managed by a third-party was accessed without authorization, and Deutsche Bank, Commerzbank and ING Groep were among dozens of companies to suffer from the MOVEit file transfer tool breach.
Meanwhile, the European Central Bank, which oversees lenders in the region, conducted a stress test to examine how banks respond to and recover from cyber attacks and observed the extensive use of outsourced functions as one of the main challenges impacting 88% of banks that claim they are at least partially reliant on service providers to operate their core banking system.
“The fact is that every exploit has to do one thing before it wreaks havoc: communicate with the threat actor controlling it. Identifying and thwarting that communication is the first, last and best chance an organization has to prevent an attack. Third-party breaches will continue to escalate and be a critical pain point for organizations of all sizes until true cyber resiliency implementations are put into effect and organizations have not just the operational internal visibility that they require, but also the capability to detect those telltale signs of a breach and imminent attack, early in the kill chain, and stop it before damage ensues.”
“The recent ransomware attack underscores the critical need for proactive cybersecurity measures in the financial sector. To address these challenges, modernizing traditional SOCs into cyber fusion centers can enable real-time threat intelligence sharing and collaboration across institutions, fostering a collective defense approach. By integrating strategic AI-driven cybersecurity solutions, financial institutions can proactively detect and mitigate threats, ensuring the resilience and integrity of their operations.”
Third party attacks are a danger that every business needs to wrap their heads around. If they don’t, they’ll be the next victim through no fault of their own.
This is a follow up to this recent story involving Amazon and workers rights.
Investors of Amazon.com continued to lend their support to a shareholder proposal on freedom of association and collective bargaining during the company’s recent annual general meeting (AGM).
The proposal, put forward by an international coalition of responsible investors representing 3.5-trillion USD in assets under management (AUM), called for Amazon to undergo a third-party assessment reviewing the extent to which it has been living up to its promises to respect international labour standards.
According to Company filings that were published on Friday, approximately 32 per cent of votes were cast in favour of the proposal — the second-highest level of investor support for any of the 14 shareholder proposals voted on at last Wednesday’s AGM. Accounting for the large number of shares controlled by board member and former Amazon CEO Jeff Bezos, roughly 37 per cent of independent votes were cast in favour of the proposal.
These developments coincided with a surge in investor support for the shareholder proposal. In addition to the original coalition of 22 cofilers, the proposal was publicly supported in recent weeks by numerous major public funds and asset managers:
the California Public Employees’ Retirement System (CalPERS)
the California State Teachers’ Retirement System (CalSTRS)
the Office of the New York City Comptroller
the New York State Common Retirement Fund
Norges Bank Investment Management (NBIM)
Legal and General Investment Management (LGIM).
The proxy advisory firms International Shareholder Services (ISS) and Glass-Lewis also backed the proposal, despite management’s opposition.
Sarah Couturier-Tanoh, Director of Shareholder Advocacy for SHARE, the Shareholder Association for Research and Education, which led the investor coalition behind the proposal had this comment:
“Once again, shareholders have sent a clear message to Amazon’s board and management that the Company must do better in delivering on its commitment to workers’ rights,”
“Given the widespread support the proposal received, we expect the board to demonstrate — at a minimum — what it is doing to comply with international human rights standards and mitigate the labour-rights related risks shareholders are seeing.”
News has emerged that the hacker group known as RansomHub is threatening to release the sensitive data of high-end Christie’s art auction house in New York, including financial data and client addresses by the end of May, if no ransom is paid:
Now, RansomHub has posted a new thread on a dark web site, assuming responsibility for the attack, and claiming it grabbed customer names and birth dates. At this moment it is impossible to verify the authenticity of the claims, but with RansomHub’s history, it’s possible they are telling the truth.
RansomHub was born out of the disappearance of the ransomware-as-a-service known as ALPHV, or BlackCat.
With a ransomware-as-a-service model, one group builds and maintains the malware while others, called affiliates, do the actual breaching and encrypting. When affiliates successfully extort money from a victim, they get a piece of it, while a piece goes to the developers. When an ALPHV affiliate breached Change Healthcare earlier this year, they allegedly successfully extorted the healthcare giant for $22 million. However, when it was time to split the prize, the developers took all of it and just disappeared, leaving the affiliate with roughly 4TB of stolen sensitive data.
This affiliate was later named RansomHub and it tried, on its own, to extort Change Healthcare again.
In Christie’s case, the group said it would release the timer by the end of May, since it couldn’t come to an agreement with the company.
Darren Williams, CEO and Founder, Blackfog had this to say:
“The clock is ticking for Christies Art House who has a major decision to make now that criminal gang RansomHub has implemented a payment deadline. With the personal and financial data belonging to their high-profile clients at risk, this is indeed quite worrying.
The ‘to pay or not to pay’ dilemma is a serious issue for all types of organisations who are facing a rising wave of ransomware attacks. High profile organisations such as Christie’s, which sells high value items upwards of £600 million, will always be on the radar or cyber attackers looking for a quick win with large financial gain.
Once the data is in the hands of the attackers, the focus must be on handling the incident and repercussions as quickly as possible, leaning on experts to help ease the process when possible. Once the clean up is done, the focus must shift to preventing these attacks in the future by implementing technology designed to prevent the exfiltration of data, mitigating the risks of future attacks and extortion.”
RansomHub, the attacker group behind this attack, is quite new, first identified by BlackFog in February of this year. The criminal gang has since claimed attacks on multiple organisations – notably UnitedHealth Group, American Clinical Solutions and now Christie’s art auction house in New York.
It will be interesting to see what happens next as we’re only two days from the end of May. I’m pretty sure that this group will release some sort of data in retaliation for not getting paid. But not paying them is the correct course of action as cybercrime groups cannot be allowed to succeed in terms of extorting money from their victims.
Bell deploys 3800 MHz spectrum in select areas of Toronto and Kitchener-Waterloo
Posted in Commentary with tags Bell on May 30, 2024 by itnerdBell has announced the deployment of 3800 MHz spectrum in select areas of Toronto and Kitchener-Waterloo, which will offer customers the country’s fastest mobile technology yet on what is already Canada’s fastest 5G+ wireless network.
With the acquisition of 3800 MHz in 2023, Bell secured the most 5G+ spectrum nationwide, adding high-capacity airwaves critical to the advancement of 5G. Bell 5G+ is expected to be even faster and more responsive, allowing for a superior mobile experience with peak theoretical download speeds of up to 4Gbps in select areas.
In addition to deploying 3800 MHz spectrum, Bell and Samsung are undergoing testing to demonstrate its optimal use. Right now, the two are utilizing 5 Component Carrier aggregation (5CCA) on a smartphone device (Samsung Galaxy S24 series) as a means to unlock the fastest mobile speeds available. The 5CCA technology allows the device to access 3800 MHz spectrum, together with Bell’s other available 5G spectrum. Notably, Bell achieved a significant milestone today becoming the first carrier in North America to successfully conduct a 5CCA test on a smartphone over a live production network leveraging 3800 MHz spectrum. During the field test, download speeds of over 2Gbps were achieved, which Bell confirms are the fastest mobile speeds recorded to date in Canada in the field.
By operating Bell’s 5G+ network on 3800 MHz spectrum, complemented with the existing 3500 MHz spectrum, Bell will deliver faster mobile speeds for things like downloading and streaming high-resolution videos, as well as uploading content to share on social media or for cloud photo backups. Bell’s 5G+ spectrum will also allow for greater capacity to manage more devices that connect to Bell’s wireless network and provide lower latency, which means real-time communication and immersive experiences can take place with lightning-fast response time.
For more details about Bell 5G+, including coverage, pricing, availability and compatible devices, please visit Bell.ca/network.
Leave a comment »