Cranium Launches the Connect Reseller Program 

Posted in Commentary with tags on April 9, 2024 by itnerd

Cranium today announced the launch of its new innovative partner program – the Cranium Connect Reseller Program. Designed to provide new opportunities for organizations to discover the benefits of enhancing AI security and governance, the Cranium Connect Reseller Program actively fosters a community of value-added partners, security and risk-focused service providers, and alliance partners.

Representing a significant milestone for expanding the reach of AI security across diverse industries, this initiative focuses on channels for resale, services, and support to enhance profitability and predictability for partners. Those joining the Cranium Connect Program will benefit from competitive margins, access to advanced services, and a surge in customer demand, all driven by Cranium’s strategic marketing efforts.

The program has distinct tiers, each offering escalating benefits and support. This tiered approach ensures a customizable experience for each partner, fostering growth alongside their business development.

Additional benefits include access to dedicated partner testing environments, certification training, promotional opportunities, comprehensive support via the Partner Portal, a hub for sales and marketing resources, and deal registration management.

As the foremost enterprise AI security and trust software firm, Cranium empowers organizations to ensure the security and compliance of their AI and GenAI systems. The Cranium Enterprise software platform offers comprehensive solutions for driving visibility, security, and governance across all AI and GenAI environments. Secure your enterprise’s AI today with Cranium.AI.

Leave a comment »

Google Rolls Out Find My Device Network

Posted in Commentary with tags on April 9, 2024 by itnerd

Google has introduced the Find My Device network for Android. Which as the name suggests is just like the Find My network that Apple rolled out a while ago. This network will allow you to do five things:

  • Keep track of your Android devices as well as find them.
  • Keep track of everyday items such as keys using Bluetooth trackers. Google specifically calls out Chipolo and Pebblebee. But also says that support for eufy, Jio, Motorola and other trackers are coming. One has to wonder if the O.G. of Bluetooth trackers which is Tile will be included? In any case, you can also find “unwanted” trackers which apparently includes AirTags.
  • You can leverage Nest devices to find items in your home and share items with your family.

This is live in the US and Canada and works on phones running Android 9 or higher. The one that that I think is a win here is that this will further discourage the use of AirTags and other Bluetooth trackers by criminals as any of these trackers are now more likely to be found by “Joe Average.”

Leave a comment »

Smishing Attack Takes NYC Payroll Website Offline And Threatens Up To 300K With Identity Theft

Posted in Commentary with tags on April 9, 2024 by itnerd

New York City is the latest victim forced to take a city payroll website offline and remove it from public access for almost a week now after dealing with a smishing incident.

The website was partially taken offline following the smishing campaign that allegedly involved messages sent to city workers asking them to activate multi-factor authentication, with a link to a phishing domain.

It wasn’t till after being contacted by POLITICO, who first reported the incident last week, the city warned the roughly 300,000 full time workers of the phishing campaign, but they did not mention that access to the New York City Automated Personnel System, Employee Self Service (NYCAPS/ESS) website (including essential tax forms) would be limited.

That action also came after the city’s largest agency, the Department of Education, sent an email to its employees on March 23rd, warning about “a new smishing” or SMS phishing campaign “targeting users of NYCAPS/ESS.”

“This (is) a user education issue to not fall prey to these scams, but the real site is antique & easily cloned,” said Naveed Hasan, a technology consultant and member of the city’s Panel for Education Policy.

Dave Ratner, CEO, HYAS had this to say:

   “Smishing campaigns are becoming more commonplace, in part because of our increasing reliance and familiarity with automated systems that generate text messages, and in part because the rise of AI makes it so much easier to generate accurate-looking fakes. This trend will unfortunately continue and there are only two good ways to address it. The first involves increased training, education, and communication; the second involves the use of highly accurate Protective DNS systems which are capable of separating malicious from legitimate sites on the Internet and ensuring that individuals are not accidentally fooled.”

I have long argued for the use of either multi-factor authentication, or better yet password less authentication to stop this sort of thing from happening. But either has to be combined with user education and better checks to ensure “smishing” isn’t a successful attack vector.

Leave a comment »

American Privacy Rights Act Unveiled

Posted in Commentary with tags on April 9, 2024 by itnerd

The newly unveiled American Privacy Rights Act (APRA) represents a significant step toward establishing a federal data privacy standard in the U.S., offering a bipartisan solution to longstanding legislative challenges.  This legislative effort underscores a unified approach to enhance online privacy protections, aiming to reconcile differences over state preemptions and legal remedies for privacy breaches.

Antonio Sanchez, principal evangelist at cybersecurity company Fortra says:

“Today, about half of the states have some sort of legislation, but it’s varied. Ideally, this legislation would be a baseline of privacy at the federal level which provides consumers with more control over their personal data.  Each state would then decide on passing something more stringent than the baseline.

This would be a great win for consumers as this would be a big step towards reducing misinformation, disinformation, and AI generated content which are used to sway the public’s mindset on a particular issue.  For big tech this would represent a big hit to their bottom line since big tech monetizes personal data by mining, using, and selling it.  The ones that use it deliver content (real and AI generated) to targeted audiences to either position a product or gain support on a social issue.

I like the idea, but we will see if this continues to move forward or if it slowly fades away and nothing happens.”

This is a piece of legislation that is long overdue. If the people on Capitol Hill are smart they would do everything possible to move this bill forward and get it passed into law. But given the tenor of politics in the US at the moment, one has to wonder if that will happen.

UPDATE: Madison Horn, Congressional Candidate (OK-5) and cybersecurity expert adds these comments regarding the American Privacy Rights Act:

The American Privacy Rights Act is a significant first-step towards setting up national consumer centric data privacy standards. While the American Privacy Rights Act aims to define the type of data that companies can collect, there is ambiguity and concern in a number of areas that will be left vague. In the typical process for introducing new regulation, there is either over or under calibration, or it is not specific enough. Regulators must define what data is considered necessary, determine how data collection needs should be managed across applications, determine whether data storage will be centralized or segmented, and establish clear limitations on the types of data companies can collect.

I have concerns that regulators will over-calibrate these new data privacy regulations and inadvertently introduce vulnerabilities in company systems, potentially making it easier for bad actors to exploit them. While giving consumers control over their data is a positive step, it’s crucial that identity and access-management are securely designed, otherwise bad-actors could easily steal personal data. Giving consumers the right to access, correct, delete, and export their personal data is a great step forward, but brings significant security concerns. There’s a technical challenge in setting up and managing identities to ensure that people can’t access or edit someone else’s data. Despite the good intentions, opening these doors will inadvertently increase security concerns. The real task lies in minimizing these incidents as much as possible. It’s all achievable, but requires careful planning and execution.

To get this crucial data privacy law right, it’s important that everyone involved – lawmakers, regulators, and the private sector – all meet at the table together. If lawmakers try to force this law through like dictators, there will be endless pushback from lobbyists – something entirely counterproductive to effective regulation – and will only hurt small businesses and innovation. With many of the few qualified individuals in Congress left retiring or being pushed out of office by partisan politics, it’s up to the American people to elect qualified leaders with experience that matches the problems of today. Leaders that understand the nuances and pitfalls of drafting, right sizing and passing acts that adequately protect Americans while not hindering innovation and economic growth. 

Leave a comment »

IntelBroker Strikes Again By Pwning Home Depot

Posted in Commentary with tags on April 9, 2024 by itnerd

Home Depot experienced a data breach by one of its SaaS vendors that inadvertently exposed employees’ data. The announcement came after increasingly notorious threat actor IntelBroker leaked the data of approximately 10,000 employees on BreachForum last Thursday. While the third-party vendor was testing their systems, the data exposed includes names, work email addresses and User IDs during.

“Today, I have uploaded the Homedepot.com database for you to download, thanks for reading and enjoy!” wrote IntelBroker on BreachForums.

Recently, IntelBroker has gained notoriety by breaching large organizations and government agencies such as DC Health Link, PandaBuy, Acuity, Hewlett Packard Enterprise and the Weee! grocery service, as well as an alleged breach of General Electric Aviation.

Stephen Gates, Principal Security SME, Horizon3.ai offered this comment:

   “It’s clear that traditional cybersecurity measures and approaches used in some third-party environments can fall short in identifying and mitigating exploitable risks effectively. Often, implementing and enforcing security best practices takes a back seat in smaller companies with smaller IT footprints. This is primarily due to not having dedicated security-focused personnel on staff, inadequate security budget, and leaders not fully understanding their risks.

   “Often, the mantra is, “We’re just a small software supplier. Why would anyone attack us?” These sorts of supply chain events are only going to grow, and today, supplier security posture management is becoming key to ensuring someone else’s risk does not transfer upstream to you.”

Dave Ratner, CEO, HYAS followed with this:

   “People need to realize that increasingly, the breach happens not because of lack of security in your organization but due to a breach in a SaaS application, third-party, or vendor in the supply chain.  It highlights the critical need for cyber resiliency approaches that not only assume breaches occur but have the visibility, capability, and controls to detect them early in the kill chain and stop them before data is leaked or damage occurs.”

Craig Harber, Security Evangelist: Open Systems had this comment:

   “The Home Depot data breach highlights the importance of companies implementing third-party risk management. To protect their customers, companies must implement consistent security standards across their entire business ecosystem to help mitigate cyber-attacks originating through partner and supplier systems.

   “Most modern businesses depend on third-party partners. Unfortunately, these partnerships introduce inherent risks because the resulting interconnected IT/business systems do not deliver the critical trust relationship to prevent supply chain attacks, data breaches, and reputation damage.

   “In this case, a SaaS vendor accidentally leaked the personally identifiable information (PII) of 10,000 employees. This information was exposed by a well-known threat actor, IntelBroker, on their data leak site. The attackers are likely to exploit this data for targeted phishing campaigns to gain credentials and infect Home Depot’s corporate network with ransomware.

   “To prevent further occurrences, security teams must implement consistent security standards across the entire business ecosystem, including all its subsidiaries’ IT/business systems. Consistent security practices include requiring prompt and regular patching of system vulnerabilities and implementing multi-factor authentication to prevent exploitation.”

Supply chain attacks are real and likely happen more often than you think. Thus you have to force the companies that you work with to be on the same page as you when it comes to security. Otherwise, pwnage through no fault of your own is never far away.

UPDATE: Paul Valente, CEO and Co-founder, VISO TRUST:

   “For many companies, third party risk is just a compliance checkbox.  Home Depot got lucky this time, but the incident highlights how companies need to do more to elevate third party risk management.  While some breaches are inevitable, using the latest AI-assisted TPRM approaches companies can avoid these types of breaches.”

Leave a comment »

The Canada 100 Report Has Been Released With TD Bank Group On Top

Posted in Commentary with tags on April 9, 2024 by itnerd

TD Bank Group (TD) is the most valuable brand in Canada for the second consecutive year, according to the latest Canada 100 report by Brand Finance the world’s leading brand valuation consultancy. 

With a brand value of CAD25.8 billion, TD edges out RBC, which holds the second position with a brand value of CAD22.4 billion. TD has shown robust performance in Brand Finance’s latest consumer research findings. Across Canada, Familiarity has increased from 71% to 84%, and 31% of individuals currently report using TD’s services. 

WSP Global brand value soars 72%

WSP Global is the fastest-growing brand in Canada this year, with a notable 72% surge in brand value, now standing at CAD1.6 billion. This growth is primarily attributed to strategic acquisitions and market expansion efforts. The integration of Golder in 2021 and the subsequent rebranding in 2023 notably bolstered market share, driving significant growth. WSP continues its expansion journey with the acquisition of John Wood Group in 2022, aimed at enhancing its environmental leadership and, more recently, Communica Public Affairs, strengthening its indigenous and stakeholder engagement services in Canada.

TELUS dials up success, overtaking Bell to become Canada’s most valuable telecoms brand

TELUS has recorded a solid 13% brand value growth to CAD11.7 billion, positioning it as the leading telecoms brand in Canada this year, surpassing Bell (brand value down 2% to CAD10.8 billion). TELUS has reported robust financial performance, driven by expanding its subscriber base – which now surpasses 10 million mobile phone users – after celebrating the strongest fourth-quarter customer growth on record. This notable achievement underscores the efficacy of its advanced broadband networks and customer-centric ethos.

Moreover, TELUS’s Brand Strength Index score has increased by 4.2 points to 80.3 out of 100. This growth primarily stems from enhanced reputation scores and improved perceptions regarding its environmental initiatives. TELUS is actively pursuing its objective of transitioning to 100% renewable or low-emission electricity within the next two years and a commitment to be carbon neutral by 2030 or sooner.

A&W is Canada’s strongest brand 

In addition to calculating brand value, Brand Finance also determines the relative strength of brands through a balanced scorecard of metrics evaluating marketing investment, stakeholder equity, and business performance. Compliant with ISO 20671, Brand Finance’s assessment of stakeholder equity incorporates original market research data from over 150,000 respondents in 41 countries and across 31 sectors.

This year, A&W has claimed the title of Canada’s strongest brand with a Brand Strength Index (BSI) score of 85.3 out of 100. With over 1,000 restaurants across Canada, A&W has consistently maintained a strong level of awareness and familiarity among Canadian consumers. Brand Finance’s latest research underscores this, revealing familiarity and consideration scores of 85% and 93%, respectively, across Canada. 

Despite its continued success as the strongest Canadian brand for the second consecutive year, A&W has experienced a slight decline in overall strength this year, primarily attributed to lower ESG scores. However, in a significant stride towards sustainability, A&W Canada became the first QSR brand to launch a nationwide exchangeable cup program, ‘A&W One Cup,’ to combat single-use cup waste. This initiative could bolster positive perceptions across ESG dimensions in the upcoming year.

TD has the highest Sustainability Perceptions Value at CAD1.76 billion

As part of its analysis, Brand Finance assesses the role of specific brand attributes in driving overall brand value. One such attribute that is growing rapidly in significance is sustainability.  A brand’s perceived sustainability on environmental, social, and governance is represented by Sustainability Perceptions Scores. The proportion of brand value attributable to sustainability perceptions, or ‘Sustainability Perceptions Value’, is then calculated for each brand.

In addition to being the most valuable Canadian brand, TD has the highest Sustainability Perceptions Value of Canadian brands, at CAD1.76 billion. TD’s position at the top of the Sustainability Perceptions Value table does not assess its overall sustainability performance but rather indicates how much brand value is tied to its sustainability perceptions.

TD’s dedication to sustainability has received recognition in Brand Finance’s research. Amongst brands with high familiarity, TD is the highest-perceived banking brand by Canadian respondents for the environmental dimension and second for social and governance. TD recently unveiled its ambitious three-year, USD 20 billion Community Impact Plan, aimed at empowering diverse and underserved communities across the United States. 

Additionally, through the 2023 TD Ready Challenge, TD also awarded $10 million in grants toward innovative solutions that address barriers to affordable housing. Under TD’s Climate Action Plan, which serves as the Bank’s Transition Plan, TD continues to advance on the Bank’s sustainability goals and role as a corporate citizen.

Leave a comment »

ThreatLocker Unveils New Managed Detection and Response (MDR) Service with the World

Posted in Commentary with tags on April 8, 2024 by itnerd

 ThreatLocker, a pioneer in least privilege endpoint protection technologies, announced the launch of their MDR service with the Cyber Hero Team at Zero Trust World 2024. 

ThreatLocker understands the importance of preemptively blocking cybersecurity threats with a default deny baseline. Adding detection and response capabilities allows customers to stay secure while alerting them of suspicious or potentially malicious activity happening in their environment.  

Products including Allowlisting, Ringfencing, and Network Control in the ThreatLocker Endpoint Protection Platform block attempted bad actions on a device, and ThreatLocker Detect (formerly known as ThreatLocker Ops) will alert organizations of said attempts. The MDR service is made possible by the near-instant response of the ThreatLocker Cyber Hero Team when they directly notify a customer of a malicious attempt and ensure the security of their infrastructure.  

In addition to providing a prompt notification via the Cyber Hero Support Team, ThreatLocker Detect policies can be curated to completely isolate a machine from the rest of the environment or go as far as implementing an advanced lockdown to stop all software and network traffic from running. 

In a live demonstration at Zero Trust World 2024, ThreatLocker showcased the response speed of the Cyber Hero Team in locking down a machine after an attacker connected to a remote server, tried to run IP Scanning tools, and attempted to disable security tools.   

The attacker was challenged with a QR code. When they didn’t respond and continued taking additional bad actions, such as attempting to disable ThreatLocker service, the attacker’s attempts were thwarted with ThreatLocker default deny, and the machine was locked down. The Cyber Heroes responded within a minute during the live presentation.   

The new additions by ThreatLocker satisfy cyber insurance regulations on implementing Zero Trust MDR strategies to prevent modern-day attacks.  

ThreatLocker will roll out its new products to new and existing partners. It currently protects over one million endpoints globally. 

Leave a comment »

Mother’s Day gift ideas: Epson has you covered for spring cleaning solutions & beyond

Posted in Commentary with tags on April 8, 2024 by itnerd

May is just around the corner, which means Canadians are on the hunt for the perfect gift to celebrate mom. This Mother’s Day, mom deserves more than just a scented candle as an afterthought gift, she deserves an investment product that she can use for years to come. From crafting and DIY to spring cleaning support, Epson’s star-class lineup of EcoTank printers and photo scanners has you covered this Mother’s Day.

A good quality printer is a must for any mother looking to get organized. The Epson EcoTank ET-2850 Supertank Printer (MSRP: $399.99 CAD) has high-capacity ink tanks, impressive print quality and hands-free voice-activated printing that can help mom and the whole family with printing tasks big and small. From bills and receipts to permission slips and homework assignments, there’s always something that needs to be scanned or printed in a busy household. Plus, with up to 2 years of ink in the box, mom doesn’t have to worry about any last-minute trips to the store.

Perfect for the moms with a knack for crafting, the EcoTank Photo ET-8550 Printer (MSRP: $1099.99 CAD) and the EcoTank Photo ET-8500 Printer (MSRP: $999.99 CAD) can print lab-quality, wide-format colour photos, graphics and everyday documents. Transform mom’s DIY projects into high-quality creations using a printer capable of handling thick cardstock and various media up to 1.3 mm thick. This includes tasks like organizing family cookbooks filled with years of recipes and crafting personalized vacation scrapbooks with family inside jokes.

If your mom leans more towards interior decorating and has a treasure trove of photos stored on her hard drive, Epson’s photo printers offer the perfect solution. They can effortlessly print borderless pictures up to 8.5″ x 11″, allowing moms to incorporate more family photographs into their home décor.

With Epson’s lineup of photo printers, everyone in the family can join in on some quality bonding while helping mom with her latest project.

Speaking of photographs, Epson has the perfect gift idea for the mom with a photo collection spanning across generations. The FastFoto FF-680W Wireless High-speed Photo Scanning System (MSRP: $799.99 CAD) is the ideal scanner for moms looking to clean out old photos collecting dust in boxes. The FastFoto scanner can easily restore, save, organize and share photos, postcards, documents and more! 

Mom can get the whole family involved to digitize photos together, reminiscing on memories and learning about family history along the way. The FastFoto can easily scan thousands of photos as fast as one photo per second at 300 dpi, and help restore old photos with its powerful colour restoration, red-eye reduction and image enhancement technology. The FastFoto can also automatically scans both sides of a photo, so you can eternalize the image and any dates or messages on the back written by loved ones.

Leave a comment »

SAP Concur and Mastercard Announce Partnership to Simplify Expense Reports

Posted in Commentary with tags on April 8, 2024 by itnerd

How much do employees dread the expense report? In a past SAP Concur Global Business Travel Survey, nearly one out of four business travellers said they’d rather have a cavity filled at the dentist than fill out an expense report.  

The expense reconciliation process can be lengthy, especially when organizations rely on manual processes. Nearly all travel decision makers say that rising complexity in the travel and expense (T&E) landscape requires new processes and mindsets, according to a Mastercard survey. This is creating a shift in how businesses approach T&E, with 90 per cent of surveyed travel decision makers predicting that the future of T&E is the convergence of payment and expense management. Concur can help businesses reimagine their expense management process and use technology to make their employees’ lives easier.   

SAP is announcing a new partnership with Mastercard, a global technology company in the payments industry, to simplify the expense process. Through a new integration, purchases made on Mastercard corporate cards are captured and automatically populated in Concur Expense; users are alerted immediately if additional information is needed. With real-time spend data, customers can achieve compliance while users can enjoy an improved experience with automated expense creation. What’s more, customers can continue banking with preferred partners and utilizing existing card programs.   

The integration will be available to select customers globally starting in the second quarter 2024. As part of the new partnership, SAP is also working with Mastercard to provide travel and finance managers with the power to set spending controls and restrictions to help encourage expense policy compliance.  

Leave a comment »

Bell Fibe TV PVR Storage Cut To 60 Days…. WTF?

Posted in Commentary with tags on April 7, 2024 by itnerd

It’s almost as if Bell wants to anger its customers rather than keep them. I say that because Bell is going to cut the amount of time that Bell Fibe TV customers get to store recordings in Bell’s Cloud PVR service. It used to be one year which for comparisons sake was the same as competitor Rogers does. But now according to this, it’s going to 60 days. And here’s what someone from Bell had to say about that:

A representative says the company anticipates “minimal impact” to customers since viewing of “nearly all” recordings takes place within 60 days

I bet that while Rogers in the same Toronto Star article said that they have no plans to change what they do, you can bet that they’ll be watching to see what sort of blow back that Bell gets. If it’s none, Rogers will copy what Bell does and go from one year to 60 days. If there’s significant blow back from Bell customers, they will laugh as Bell takes the heat. But I’m digressing here. The fact is that Bell is really making themselves harder and harder to chose as a telco. Sure their fibre technology, if you can get it, is top shelf. But their customer service frankly sucks, and then to top it off they do stuff like this. At some point this will come back to bite them at some point. The question in my mind, is when will that happen.

1 Comment »

« Older Entries
Newer Entries »