Google/Mandiant To The World: There are Lots Of Cyber Threats That Can Influence Elections

Posted in Commentary with tags , on April 27, 2024 by itnerd

From the “we better be paying attention to this” department comes Google’s recent Mandiant report that lists a dozen different ways cyber threat actors can influence elections. From the executive summary:

  • The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections.
  • Operations targeting election-related infrastructure can combine cyber intrusion activity, disruptive and destructive capabilities, and information operations, which include elements of public-facing advertisement and amplification of threat activity claims. Successful targeting does not automatically translate to high impact. Many threat actors have struggled to influence or achieve significant effects, despite their best efforts. 
  • When we look across the globe we find that the attack surface of an election involves a wide variety of entities beyond voting machines and voter registries. In fact, our observations of past cycles indicate that cyber operations target the major players involved in campaigning, political parties, news and social media more frequently than actual election infrastructure.  
  • Securing elections requires a comprehensive understanding of many types of threats and tactics, from distributed denial of service (DDoS) to data theft to deepfakes, that are likely to impact elections in 2024. It is vital to understand the variety of relevant threat vectors and how they relate, and to ensure mitigation strategies are in place to address the full scope of potential activity. 
  • Election organizations should consider steps to harden infrastructure against common attacks, and utilize account security tools such as Google’s Advanced Protection Program to protect high-risk accounts.

 Madison Horn (OK-5) Congressional Candidate had this comment:

In the recent Mandiant report by Google, a range of cyber threats to elections is detailed, but the proliferation of mis- and disinformation campaigns stands out as particularly alarming. These campaigns, which meticulously erode trust in governmental institutions and corrupt democratic processes, pose a severe threat that transcends political lines and demands immediate action.

Driven by motives ranging from shifting electoral outcomes to undermining public confidence and generating profit, these disinformation efforts are often orchestrated by state-backed entities from nations such as China, Russia, and Iran. Their impact is undeniable, as seen in instances like Russia’s involvement in the 2016 U.S. election and China’s ongoing global influence operations, which starkly demonstrate their capacity to sway public opinion and disrupt electoral integrity.

The avenues for these campaigns are primarily popular social media platforms—X, Telegram, Facebook—and YouTube, making the digital battlefield as accessible as it is dangerous. The consequences are profound, resulting in increased voter disengagement, the rise of unqualified leaders, and the destabilization of nations.

This is an urgent security issue that cannot be politicized. The integrity of our democracy is in jeopardy, making it imperative that we elect officials who grasp the complexity of these modern challenges. We need leaders who are committed to implementing robust cybersecurity measures, enhancing digital literacy, and fostering international cooperation to counteract the pervasive influence of state-sponsored disinformation. Our response must be swift and resolute to safeguard our democratic processes.

My opinion is that we all need to be paying attention to this and acting on this report to make sure that elections regardless of where they are are conducted in a free and fair manner without interference. The thing that concerns me is that we live in such a partisan environment at the moment that this could become a partisan issue. And it shouldn’t be regardless wherever on the political spectrum you happen to be on.

Leave a comment »

Freedom Mobile Partially Walks Back Nationwide Access For Apple Watch

Posted in Commentary with tags on April 26, 2024 by itnerd

Recently, I posted a story about Freedom Mobile expanding access to Apple Watches on their Nationwide network. Which is their term for their “partners” from the “big 3” carriers. That seems to be short lived as I got this text message from Freedom Mobile:

That sucks. That suggests to me that one of the carrier “partners” backed out of the deal or something. But the good news is that Apple Watch owners on Freedom Mobile still get to keep the 5GB increase. That’s still way better than anything the “big 3” carriers offer. I’ll be keeping an eye on this to see when Freedom Mobile can offer Nationwide access for Apple Watches as that’s something that a lot of their customers will appreciate.

Leave a comment »

Guest Post: Three Key Milestones On The Journey To Observability 

Posted in Commentary with tags on April 26, 2024 by itnerd

By Gregg Ostrowski, CTO Advisor, Cisco Observability 

These days, applications serve as the main gateway for organizations across multiple sectors. The need to deliver seamless and secure digital experiences is crucial, as businesses are aware that even the slightest mistake in application performance can have negative consequences, including a loss of customers, revenue, and reputation. 

Technologists are recognizing the need for innovative approaches and new tools to manage and optimize their applications. Many IT departments are suffering from ‘tool sprawl,’ where IT teams are using separate and siloed monitoring solutions to manage different aspects of their IT estate – including applications, network and infrastructure. 

The problem is this approach doesn’t provide unified visibility across cloud native and on-premises environments and it doesn’t enable teams to quickly identify issues and understand their root causes up and down the application path. And of course, this inability to isolate issues increases the likelihood of costly application downtime and disruption. 

This is why we’re now seeing a major shift from application performance monitoring (APM) to full-stack observability. Cisco research, found that for 85 per cent of global technologists, observability is now a strategic priority for their organization. 

The benefits of full-stack observability 

With observability, Canadian IT teams can achieve comprehensive and unified visibility into the availability, performance, and security of their applications, extending down to the core network and infrastructure levels. This allows them to monitor and manage performance in real-time, quickly pinpointing issues, mapping dependencies, and applying fixes. Metrics like Mean Time to Resolution (MTTR) improve, optimizing the digital experience, and allowing technologists to allocate less time to troubleshooting, which fosters more innovation. 

It sounds simple but the shift from APM to FSO is more complicated than just flicking a switch and implementing a single new tool overnight. It’s a journey which takes time (often two to three years for large enterprises) and involves significant technical, cultural, and structural change. The starting point for most organizations will be an existing APM approach, built around multiple monitoring tools, but every organization will take a different route to achieving observability, depending on its own specific business needs. 

Advantages of an open platform approach 

Starting out on their journey, organizations need to establish an open and adaptable platform as the foundation for building their capabilities. Consolidating tools may bring on resistance from teams accustomed to specific solutions and hesitant to accept enforced tool restrictions. However, adopting an open platform bypasses this issue by allowing integration and correlation of signals from various tools. For example, an organization might employ separate solutions for network monitoring, application monitoring, and security. All these solutions provide signals which can be aggregated and sent to an alerting system. 

If these signals are all directed to an open, centralized platform for correlation, it enables rapid root cause analysis and provides a single source of truth for issue detection and streamlining operational efficiency.  

Three milestones for organizations on the journey to observability 

While each organization will follow its own unique path to get from APM to full-stack observability, there are some key steps every organization will take (in the most appropriate order), which brings significant benefits to Canadian IT teams: 

1. Expanding visibility across domains 

Regularly, the first step for organizations is to add infrastructure visibility (such as Kubernetes and hosted environments) and network visibility into their monitoring approach. This means that rather than just focusing on the application itself, IT teams can monitor the different domains which are required to make the application function – such as network and infrastructure.  

2. Building security into the monitoring strategy 

By integrating security monitoring into their observability capabilities, organizations can ensure complete protection for applications, from development through to production, across code, containers, and Kubernetes. 

With continuous runtime application self-protection (RASP), technologists can protect applications from the inside out, wherever they live and however they are deployed. They can see what is happening inside the code to prevent known exploits and simplify vulnerability fixes. Developers can generate targeted insights into their application environments which allow them to respond to threats at scale – whether that’s in containers, on-premises, or in the cloud – and integrate security throughout the entire application lifecycle. 

Crucially, adding security into observability enables much greater collaboration between security and application teams, facilitating the shift to DevSecOps methodologies. 

3. Generating an end user view 

By implementing digital experience monitoring (DEM), organizations can start to look at application performance from the customer perspective, understanding and analyzing the experiences end users are enjoying when using an application or digital service. Functionality such as Session Replay enables IT teams to visualize how customers are behaving and engaging. Digital experience monitoring tends to be prioritized within industries which are very consumer-driven, retail but also financial services. This is where delivering an optimized digital experience is crucial. 

Canadian IT leaders must develop a holistic strategy for observability 

As organizations urgently look to expand their visibility into cloud native technologies, the shift to full-stack observability is gathering speed. IT leaders are recognizing the benefits and they’re eager to start taking full advantage. 

However, they need to take the time to ensure they have the right strategy and approach from the start, giving just as much consideration to the cultural and process changes required for success as the implementation of the observability platform itself. 

Finally, IT leaders need to understand there is never really an end to the journey to full-stack observability. As new technologies emerge, there will always be a need to add new layers of monitoring and visibility. This is why a platform approach is beneficial, with open standards enabling organizations to plug in new tools and solutions. This way, observability provides the foundation for rapid and sustainable innovation into the future.

Leave a comment »

Samsung Adds Canadian French To Expanded List Of Galaxy AI Languages

Posted in Commentary with tags on April 26, 2024 by itnerd

Many Francophone Canadians feel that having two official languages is an important part of what it means to be Canadian. Yet most of the Canadian population is not bilingual in Canadian French and English.  

Harnessing the power of mobile AI, Samsung is unlocking new ways to communicate for Canadians with the inclusion of Canadian French to its list of languages Galaxy AI now supports.  The language will be available across all its translation features, including Live Translate, Interpreter and Browsing Assist. The new Canadian French language Live Translation feature is a first of its kind amongst mobile manufacturers.

In addition to the 13 languages already available, Samsung is empowering even more Galaxy users around the world to harness the power of mobile AI, also adding Australian English, Cantonese, Arabic, Indonesian and Russian. Beginning April 24th, the newly supported Galaxy AI languages and dialects will each be available for download as a language pack from the Settings app so you’ll be all set and ready to go for Quebec travel adventures this summer!

Aligning with the recently launched Galaxy S24, Galaxy AI is now available across more devices including the Galaxy S23 Series, the Galaxy S23 FE, the Galaxy Z Fold5, and the Galaxy Z Flip5. Some Galaxy AI features are also now available on the Galaxy Tab S9 Series and the Galaxy Buds.   

Here’s the list of Galaxy AI features on which Canadian French will become available:

  • Live Translate produces two-way, real-time voice and text translations of phone calls, making it easy for users to book reservations while traveling or chat with your grandparents in their native language. 
  • Interpreter can instantly translate live conversations through a user-friendly split-screen view, allowing people standing opposite each other to read a text translation of what the other person is saying.  
  • Chat Assist can help perfect conversational tones by generating context-aware suggestions to enable communications to sound as they were intended, whether it’s a polite message to a coworker or a short catchy phrase for a social media caption.  
  • Note Assist can create AI-generated summaries, pre-formatted templates and cover pages, elevating your day-to-day productivity.  
  • Transcript Assist uses AI and Speech-to-Text technology to transcribe, summarize and even translate voice recordings. 
  • Browsing Assist helps you stay up to speed on what’s happening in the world while saving time by generating concise summaries of news articles or web pages. 

Leave a comment »

ByteDance Prefers That TikTok Be Banned In the US Rather Than Selling It Says Reuters

Posted in Commentary with tags on April 26, 2024 by itnerd

A Reuters report that was posted late yesterday has blown my mind. In short, ByteDance who’s back is against the way because of Congress all but banning TikTok if ByteDance doesn’t sell it, actually prefers that that the app be banned in the US if legal options fail here’s why:

The algorithms TikTok relies on for its operations are deemed core to ByteDance’s overall operations, which would make a sale of the app with algorithms highly unlikely, said the sources close to the parent.

TikTok accounts for a small share of ByteDance’s total revenues and daily active users, so the parent would rather have the app shut down in the U.S. in a worst case scenario than sell it to a potential American buyer, they said.

A shutdown would have limited impact on ByteDance’s business while the company would not have to give up its core algorithm, said the sources, who declined to be named as they were not authorised to speak to the media.

Assuming that this is true, I have to wonder what do those algorithms do? Every social network except Mastodon has them. But they’re usually to present you with stuff that you’re interested in. Or try to target advertising towards you. The cynic in me says that they do a lot more than that, and ByteDance doesn’t want anyone to find those details out. That also suggests to me that TikTok and ByteDance fighting to keep the app alive in the USA is not about users or free speech or anything like that. Which makes this ban the right decision as clearly ByteDance has something to hide that likely is counter to their core agreements.

3 Comments »

Delmanor Communities And Kite Mobility Inc. Partner To Bring Electric Vehicles To Active Retirees

Posted in Commentary with tags , on April 25, 2024 by itnerd

Delmanor has announced a partnership with Kite Mobility Inc., a pioneering force in electric mobility solutions. Together, they are revolutionizing retirement living by introducing state-of-the-art, safe, and accessible electric vehicles (EVs) to residents of Delmanor Aurora. This collaboration marks a Canadian historical first, empowering active retirees with a fleet of EVs as a no-cost amenity, redefining personal transportation for this demographic.

Delmanor x Kite Fleet

Residents of Delmanor Aurora will have exclusive access to the Volvo XC40 Recharge EVs, offering them a seamless transition to sustainable and convenient mobility. By embracing this innovative initiative, residents will enjoy the freedom of daily personal travel without the burdens of car ownership, including car payments, insurance, gas, and maintenance costs. The partnership aims to foster a sense of community, fun, and environmental stewardship while addressing the evolving needs of retirees.

Delmanor x Kite Mobile App

Utilizing Kite Mobility’s intuitive mobile application, residents will effortlessly access and manage the EVs, enhancing their overall experience with seamless technology integration. The platform ensures ease of use, safety, and reliability, aligning perfectly with Delmanor’s commitment to providing unparalleled services and amenities.

Leave a comment »

ByteDance Says It Has No Plans To Sell TikTok… RIP TikTok?

Posted in Commentary with tags on April 25, 2024 by itnerd

To quote Dr. Strange from the movie Avengers: Infinity War, “We’re in the endgame now”.

ByteDance is gambling on fighting the TikTok ban that President Joe Biden signed into law yesterday by winning in court:

 TikTok’s chief executive said on Wednesday the social media company expects to win a legal challenge to block legislation signed into law by President Joe Biden that he said would ban its popular short video app used by 170 million Americans.

“Rest assured – we aren’t going anywhere,” CEO Shou Zi Chew said in a video posted moments after Biden signed the bill that gives China-based ByteDance 270 days to divest TikTok’s US assets or face a ban. “The facts and the Constitution are on our side and we expect to prevail again.”

I say that it’s a gamble because there’s no guarantee that they will win in court. Yes there’s been a couple of cases where TikTok has fought off bans by going to court, but this time might be different:

Congress is arguing that TikTok poses a national-security risk, and the courts tend to defer to that governing body when it comes to issues of national security, experts told Business Insider. The federal government has more authority on that subject than a state like Montana does.

“The court will look at the merits of the case, but really driven by deference to Congress as having much more understanding of the national-security risks than the judges themselves do,” Matthew Schettenhelm, a senior litigation analyst at Bloomberg Intelligence, told BI. Schettenhelm estimated the law had a 70% chance of surviving a legal challenge.

So what this means is that ByteDance may be placing itself in a position where they have guaranteed that TikTok will be banned. And the clock is ticking. If I were them, I’d be queuing up a plan B. Like, right now.

2 Comments »

Reddit Announces Dynamic Product Ads

Posted in Commentary with tags on April 25, 2024 by itnerd

Reddit just announced their newest ads product offering: Dynamic Product Ads (DPA). This new ad product will enable advertisers to promote relevant products in conversations where redditors are already deeply researching, discussing, and deciding what to buy. Dynamic Product Ads provided 1.9x higher ROAS when compared to Conversion objective campaigns for the advertisers who participated in testing.

You can read more about this news in their blog post here.

Leave a comment »

A New Outbound Calling #Scam Using Rogers Name Is Making The Rounds

Posted in Commentary with tags , on April 24, 2024 by itnerd

I’ve noted an increase in phone calls coming to my cell phone and my home phone lately. Normally I either don’t answer or punt the calls to voice mail as I suspected that these calls are scam calls. Besides, anyone who wanted to talk to me would leave a voice mail for me. But what happens almost 100% of the time is that the caller doesn’t leave a message. That suggests to me that this view of these being scam calls is likely accurate. But recently, I decided to answer the call to see what the deal was.

The call I got was from a “John Wilson” calling on behalf of Rogers. I put the name in quotes because I guarantee that it was not this caller’s real name. I say that because that’s a very Anglo-Saxon name. But the person on the other end had a pretty easy to detect South Asian accent. That’s always a red flag. Now to be fair, Canadian telcos have been known to use offshore call centres for business generation. And a lot of times those offshore call centres are located in South Asia. But I texted a contact within Rogers who was in a position to know if they have currently contracted out any business generation activities like this and they almost immediately texted back saying no.

So what “Mr. Wilson” was presenting to me was a deal that would cut the price of my “services” by $20-$30 a month. What was interesting was that he never said what “services” that I had which he could save me money on. He then asked me if I was interested in this deal. That’s when I had some fun with him and asked him point blank if he knew who I was and what Rogers services that I had. I did this because Rogers and their contractors from my experience already know who you are and what services you have with them. Thus if they can’t answer those question, it’s likely a scam. Now while this isn’t a 100% bulletproof test as evidenced by this example, it’s good enough that I rely on it. “Mr. Wilson” not only was unable to answer those questions, but he clearly got flustered as I knocked him off his script. Thus confirming that this is a scam.

I told him to have a nice day and hung up on him. But this suggests to me that there’s a threat actor or actors out there that are doing an aggressive outbound scam call campaign trying to leverage the fact that Canadians pay too much money for their telco services. And I say aggressive because I get three to five calls a day from numbers that are from the 647 area code. Now those numbers are highly likely to be spoofed. And the reason why they do that is to make you more likely to answer the call. The thing is, Rogers and their contractors show up on caller ID as Rogers. That’s not to say that a threat actor couldn’t spoof that as well. But Rogers wouldn’t use random 647 area code numbers to call from.

What’s the end game? I am not sure as I didn’t play along long enough to find out. Perhaps it’s meant to grab your credit card details or other financial details so that they can steal money from you? Perhaps if they call again, I’ll play along longer to try and find out. Then I’ll post an update to let you know. But I wanted to get this out there so that you’re aware that this scam is going on, and that you need to protect yourself by being vigilant.

Leave a comment »

Ferrari And HP Announce A Title Partnership 

Posted in Commentary with tags on April 24, 2024 by itnerd

Today, Ferrari and HP Inc. announced a historic, multi-year title partnership. Connecting two of the world’s most iconic companies, the partnership features a shared commitment to advance sustainable innovation and accelerate purposeful technology across the Scuderia Ferrari Formula 1 team, the Scuderia Ferrari Esports team, and the Scuderia Ferrari Driver Academy.

In addition, the HP logo will make its debut on the Maranello F1 cars ahead of Miami Grand Prix scheduled for May 3-5, when the team will start competing as Scuderia Ferrari HP. The Scuderia Ferrari Esports team and the Scuderia Ferrari car driven by Maya Weug in the all-female F1 Academy series launched in 2023, will also race using the new moniker.

Uniting heritage and purpose for bigger impact

HP and Ferrari are committed to accelerate sustainable innovation whether through technology or sport. The companies will also work together to expand educational initiatives within their teams and communities and create a lasting impact for generations to come.

Powering the teams through technology

As part of the partnership, the integration of HP’s high-performance products and services, including adaptive PCs and devices, conferencing technology, and printing capabilities, will enable Scuderia Ferrari HP and the other racing teams of the Prancing Horse to turbo charge training precision and optimize strategic decision-making, on and off the track.

Debut at Miami Grand Prix

Ahead of the Miami Grand Prix, representatives from both organizations will be present for the reveal of the Scuderia Ferrari HP livery, which will debut in a unique edition specifically designed for Miami. Ferrari CEO, Benedetto Vigna, Scuderia Ferrari HP’s Team Principal Fred Vasseur, the team’s drivers Charles Leclerc and Carlos Sainz, and HP CEO, Enrique Lores will be in attendance.

Leave a comment »

« Older Entries
Newer Entries »