Nikon Releases Firmware Version 5.00 for the Nikon Z 9 Full-frame Mirrorless Camera

Posted in Commentary with tags on March 13, 2024 by itnerd

Nikon has released of firmware version 5.00 for its flagship full-frame/FX-format mirrorless camera, the Nikon Z 9.

Firmware version 5.00 is the fourth major update since the release of the Z 9 and increases usability for sports photography by expanding the Auto Capture and High-Speed Frame Capture+ functions. Portrait photography is also enhanced for more effective capture of the images photographers want, with the Skin Softening and Portrait Impression Balance functions, and Rich Tone Portrait Picture Control that enables rendering of details of the subject’s complexion with rich tones. Furthermore, the evolution of the Z 9 continues with improved operability achieved in response to feedback from professionals requesting increased speed and efficiency.

Nikon will continuously meet users’ needs through firmware updates that expand the functionality of its cameras.

Primary features of firmware version 5.00 for the Z 9

•   Expanded functions for sports photography

  • A reserve function that lets users specify the shooting start date/time and duration in advance has been added to Auto Capture. This helps to reduce battery consumption for more efficient shooting, even when the camera must be positioned and configured well before it will actually be used. Auto Capture flexibility has also been increased to allow users to shoot using the DX crop (24×16) image area, and also adds the addition of an [Airplanes] AF subject-detection mode, plus the display of a yellow frame when the camera is in standby for shooting.
  • In addition, a low-speed [C15] item has been added to High-Speed Frame Capture+ options for increased usability with continuous shooting. What’s more, frequency presets for common LED lighting and signboards have been added to the High-Frequency Flicker Reduction function, making it easier to choose the optimal shutter speed and efficiently reduce the effects of high-frequency flicker.

•   Enhanced portrait functions

  • A Rich Tone Portrait Picture Control suitable for creating base images in situations that require retouching, such as wedding and studio photography, has been added. Also, a variety of functions designed to improve portrait photography, including Portrait Impression Balance and Skin Softening have been incorporated. Further, Nikon offers NIKKOR Z lenses including the NIKKOR Z 50mm f/1.2 S, NIKKOR Z 85mm f/1.2 S, and NIKKOR Z 135mm f/1.8 S Plena, all of which support the capture of portraits that accurately express the user’s intent.
  • Overall convenience has been increased with the ability to use the continuous LED light of the Profoto A10 as an AF-assist illuminator and the addition of a [Prefer focus point (face priority)] option for frame advance when reviewing images displayed with playback zoom enabled.

•   Other features added for enhanced operability

  • When [Extended menu banks] is enabled, users can now manage the shooting modes for photo mode and video mode, which were previously linked, separately.
  • Visibility is improved with an option that allows the user to adjust the width of the focus point border.
  • Manual focusing is now possible with maximum aperture live view in manual focus mode.
  • A function that allows the user to cancel zoom when focus mode is set to manual focus and the view through the lens is zoomed in by pressing the shutter-release button halfway has been added.
  • High-Res Zoom operability has been improved, and the AF-area brackets display colour when the subject is in focus has been changed from red to green.
  • The number of functions that can be assigned to custom controls has been increased, as has the number of controls that can be customized.
  • The addition of a [Customize retouch options] item allows the user to choose the functions displayed in the retouch menu.
  • [Loop playback][Wait before playback], and [Auto series playback speed] options have been added for playback of a series of images captured with a burst of continuous shooting.
  • Playback speed for all videos can now be specified in advance from the i menu ([Original speed][1/2× speed][1/4× speed]).
  • Wi-Fi station mode has been added to enable connection to SnapBridge without occupying the entire Wi-Fi connection on a smartphone.

Nikon SnapBridge Update
Nikon SnapBridge is Nikon’s companion Android and iOS app that connects to your camera to automatically download photos and videos and remotely activate the shutter. Now with Ver.2.11.0, SnapBridge adds new functions such as Easy Shooting Setup, which allows users to configure camera shooting settings suited to a particular scene or subject directly from a user’s smart device.

The new Easy Shooting Setup function can be used by tapping [Easy Shooting Setup] in the SnapBridge camera tab, selecting a main subject or situation, and deciding output parameters, such as having a soft out-of-focus background or motion blur. It allows even those who are unsure about camera functions and terms to easily create camera shooting settings that achieve desired results. Settings are applied the moment they’re sent to the camera, allowing users to immediately begin capturing their vision. Easy Shooting Setup also provides tips for available scenes and subjects such as people, landscapes and pets to help users better achieve the intended results. Furthermore, favourite shooting settings can be assigned to one of the user setting positions.

Supported operating systems
Android™ (version 10 or later), iOS (version 15.7 or later)

Cameras that support Ver.2.11.0’s Easy Shooting Setup:
Nikon Z f, Nikon Z 5, Nikon Z fc, Nikon Z 50, and Nikon Z 30

The NX Ready app available in some regions will be discontinued with the release of SnapBridge Ver.2.11.0.

Leave a comment »

OVHcloud Opens New Data Centre and Invests $145 Million in the Toronto Area

Posted in Commentary with tags on March 13, 2024 by itnerd

OVHcloud continues its international expansion with the opening of a second Canadian site (the Group’s 42nd data centre), supported by a long-term investment of CAD 145 million. Located in Cambridge, Ontario, the OVHcloud data centre is in the heart of one of North America’s most dynamic innovation clusters, providing trusted cloud solutions meeting the heightened demands of Canadian businesses in terms of performance, resilience, and data governance.

A global player and European leader in cloud computing, OVHcloud has been established in Canada since 2011, where it employs 250 people and operates 90,000 servers hosted in one of the industry’s most eco-responsible data centres, located on Montreal’s South Shore. OVHcloud is opening its first site in Ontario, supported by a CAD 145 million investment over the next 8 years, to support the growth and needs of its customers within a framework of extended trust. Dedicated to the development of its new data centre and to the industrial innovations that are the hallmark of the trusted cloud leader, this investment includes, in its first phase, the hiring of a number of qualified talents.

Located in the Ascent TOR1 hyperscale development, this new data centre has a surface area of 1,000 m2, a capacity of 10,000 servers and 2MW of power. More than just a data centre, it embodies the technological know-how that has earned OVHcloud its reputation for operational excellence and energy efficiency. Its vertically integrated model (OVHcloud builds its own servers, up to 600 a week in its Beauharnois plant) and the industrial scale-up of its water-cooling technology are major assets in guaranteeing an optimal performance-price ratio and a controlled environmental footprint, in line with the expectations of businesses that want to exercise full control over their digital assets. 

Giving companies greater control over their digital journey


In this age of hybrid and multi-cloud strategies, the arrival of OVHcloud in the Toronto area offers a real alternative for companies wishing to diversify and consolidate their cloud infrastructure, based on trusted solutions that meet a variety of requirements.

Reduced visibility of the macro-economic context calls for optimization of cloud spending, and OVHcloud meets this challenge with a pricing model that is predictable, has no hidden costs, charges no egress fees, and includes both inbound and outbound traffic.  

Guaranteeing enhanced resilience, thanks to a multi-site footprint, this new data centre is particularly well-suited to companies requiring a second, geographically-distant Canadian data centre to deploy their backup or disaster recovery solution. They can rely on the robustness of OVHcloud’s own network, connected to several points of presence (PoPs) in Montréal and Toronto, and more than 40 worldwide.

It will also meet the growing demands of highly regulated industries, increasingly intransigent about data sovereignty. Public services, healthcare, financial services, professional services, or telecommunications can count on OVHcloud’s exemplary level of compliance with the highest industry certifications (ISO 27001-017-018, SOC 2 Type 2, CSA Star), as well as the total immunity of its solutions to extraterritorial legislation, such as the US Cloud Act.

An evolving portfolio 


To meet these requirements, a varied and competitive range of solutions is now available in the Cambridge data centre:

  • Scale and High Grade dedicated servers, designed for complex infrastructures and optimized for mission-critical workloads. Powered by the latest AMD and Intel processors, they meet the new challenges of hyper-convergence, storage and AI, without compromising on performance and availability. 
  • A complete Object Storage solution compatible with the S3 API, as effective for platform modernization as for data backup.
  • Network and connectivity options such as Additional IP for application flexibility, and Load Balancer for efficient load balancing across multiple data centres. Ascent TOR data centre has ultra low latency to the greater Toronto region.
  • The OVHcloud Connect solution, which enables 100% private and highly resilient interconnection (SLA of 99.99%) of its on-prem infrastructure with the OVHcloud network.
  • And, of course, emblematic (and free) OVHcloud services, such as the vRack private network, which connects services between several OVHcloud data centres, or Anti-DDoS to protect infrastructures against computer attacks.

In 2024, the Private Cloud solution leveraging VMware by Broadcom will be added, offering an additional option for companies wishing to boost their level of resilience by activating Veeam or Zerto virtualized solutions in a 100% dedicated environment.

Building a sustainable digital ecosystem


In a move towards regional integration similar to what it has been doing in Quebec for over 10 years, OVHcloud is committed to stimulating innovation and helping to build a trusted digital ecosystem in the Waterloo region – which includes the cities of Waterloo, Cambridge and Kitchener. This region is the entrepreneurial heart of the country, and together with Toronto forms an internationally renowned innovation corridor, the 2nd largest technology hub in North America after Silicon Valley, and one of the world’s Top 20 startup ecosystems.

As such, start-ups’ appetite for cloud computing will naturally find refuge in the dedicated startup program that OVHcloud makes available to support innovation. Open to all, it offers selected startups up to $100,000 in infrastructure credits and personalized support based on open, reversible and interoperable cloud solutions.

Finally, OVHcloud’s commitment to sustainability is reflected positively in Ontario, which is over 90% powered by low-carbon energy sources. Its integrated industrial model and proprietary liquid cooling technology have enabled it to achieve some of the best energy efficiency ratings in the industry. OVHcloud is also the only cloud provider to offer its customers the opportunity to measure the carbon footprint of their cloud services, thanks to a carbon calculator that analyzes the entire lifecycle of their infrastructure, from manufacturing to operation (scope 1-2-3).

Leave a comment »

BEWARE: Bell Is Being Used In A Phone #Scam Related To Fibe Internet

Posted in Commentary with tags , on March 13, 2024 by itnerd

I just got a scam phone call that everyone should be aware of. How do I know it was a scam phone call? Well, first of all I got a call from a local area code. When I picked up, I heard a message saying that Bell Canada had just completed their upgrades to fibre and I was being offered an upgraded and faster “router” at no charge. This was a red flag for me as I know that Bell has suspended their fibre rollout because they’re upset with the CRTC. Besides that, I already have Bell fibre optic Internet. So unless I have missed something, there should be no reason why they would be contacting me to swap out my “router”. More likely they would wait for my HH4000 to die. Then I would call in to get a replacement which would likely be the Gigahub. The other thing that got my attention about this message was the call quality was horrendously bad. The message was full of static and at times I could barely understand it. No telco would ever have a message that is that bad.

The message asked me to press one to get my delivery date. Now given everything that I have explained above, what I should have done is hang up. But as proven multiple times on this blog, I want to dig in further. So I pressed one and quickly got a male with an Indian accent. That’s another red flag as the last time I checked, Bell outsources to the Philippines. Again the quality of the call was so bad that I could barely make out what he was saying, and eventually the call disconnected.

Now while I was 99% sure that I was being scammed, I wanted to confirm it with Bell. Which is why I served up this Tweet to them:

While I was waiting for them to respond to this, I decided to look up the number that the phone call came from. I traced it back to the fax line of an electrical company in Markham Ontario. Thus confirming that the call didn’t come from Bell as calls from Bell typically pop up at as your local area code followed by the digits 310-2355. Though if a Bell tech is calling you, that will not be the case as they use their cell phones. And if you’ve called a tech, you’ll be expecting their call. So, why are they spoofing a local number? It’s to encourage you to answer the call because so many of us won’t answer calls from long distance numbers that we don’t know.

Bell got back to me on Twitter to confirm what I already knew:

Though they didn’t come out and say it, it was a scam call. Clearly there’s a threat actor out there who is using Bell to perpetrate a new scam. I wasn’t able to play along to figure out what their game is. But if they do call back, I’ll go into the weeds and let you know about it. But in the meantime, if you get one of these calls, do yourself a favour and hang up.

13 Comments »

US House Passes Bill To Ban TikTok In The US

Posted in Commentary with tags on March 13, 2024 by itnerd

TikTok might be in a bit of trouble as the House Of Representatives in the US have passed a bill that will do one of two things:

The bill, titled the Protecting Americans From Foreign Adversary Controlled Applications Act, would require TikTok to sever itself completely from its Chinese parent company ByteDance or face a potential ban from mobile app stores and web-hosting services. The bill would also create a process through which the president can designate certain social media applications with ties to foreign governments as a national security risk.

Lawmakers in the Republican-controlled lower chamber overwhelmingly supported the legislation, with 352 representatives voting in favor of the act, and just 65 opposing it. The vote breakdown contained little rhyme or reason in terms of party alignment, a rarity considering the months of partisan paralysis in the House.

The bill now goes to the Senate where it faces an uncertain future. Despite the fact that President Joe Biden supports this bill, it’s a question mark if the Senate will pass it. But if they do, one would have to think that TikTok’s days will be numbered.

UPDATE: Clearly TikTok is threatened by this based on this Tweet:

In my opinion, the poster is right. TikTok needs to be banned. In fact, it should have been banned years ago.

1 Comment »

Meta Serves Up A Lawsuit Against A Former VP Over Alleged Document Theft 

Posted in Commentary with tags on March 13, 2024 by itnerd

Business Today is reporting Meta files lawsuit against former VP over alleged data breach: Report. The complaint, filed on February 29 in California state court in Contra Costa County, asserts that Khurana illicitly transferred these documents to his personal Google Drive and Dropbox accounts just prior to his departure from Meta. Here’s the news brief:

Meta has initiated legal action against one of its former vice presidents, accusing him of a ”stunning” act of betrayal after he defected to an undisclosed AI cloud computing startup, as reported by Bloomberg.

Dipinder Singh Khurana, also known as T.S. Khurana, had been at Meta for 12 years, ascending to a senior position as VP of infrastructure. However, Meta alleges that Khurana breached his contract by absconding with a cache of proprietary, highly sensitive, and confidential documents relating to Meta’s business operations and personnel.

The complaint, filed on February 29 in California state court in Contra Costa County, asserts that Khurana illicitly transferred these documents to his personal Google Drive and Dropbox accounts just prior to his departure from Meta. Meta contends that Khurana’s actions were not only disloyal but also had tangible repercussions, as at least eight employees listed on the pilfered documents subsequently left Meta to join Khurana’s new venture last year.

“Khurana’s conduct while leaving Meta, and since then, reflects an utter disregard for his contractual and legal obligations,” the lawsuit states. A spokesperson for Meta told Bloomberg that the company ”takes this kind of egregious misconduct seriously” and will ”continue working to protect confidential business and employee information.”

Troy Batterberry, CEO, EchoMark had this comment:

   “Insider threats represent a significant and growing challenge for organizations, as made clear by the recent case involving an accused former Meta executive. The taking of confidential and proprietary information is not an uncommon situation, especially within enterprises and adequately protecting proprietary information and intellectual property is a prominent issue. The stark reality of what businesses face today regarding data security and insider threats highlights the need to safeguard sensitive information against unauthorized transfers. 

   “Whether or not there’s a breach of legal contract, the misconduct is a blatant misuse of privileged access and a breach of professional expectations and conduct. Actions that involve unauthorized sharing of sensitive information not only breach trust but also undermine the very foundation of an organization’s integrity and security. Incidents like these are not isolated and can have far-reaching consequences for any organization.”

Threats to your organization don’t come from some threat actor in China or Russia. They come from people you trust inside your organization. Thus you need to do everything possible to keep threats from outside and inside from affecting your business.

Leave a comment »

Nissan Australia Notifies 100000 Customers That Their PII Was Swiped In A Hack From Three Months Ago

Posted in Commentary with tags on March 13, 2024 by itnerd

Nissan Australia today released a statement that they have started contacting around 100000 customers who may have had their personally identifiable information (PII) compromised three months ago when they were hit by a cyberattack:

We now know the list of affected individuals includes some of Nissan’s customers (including customers of our Mitsubishi, Renault, Skyline, Infiniti, LDV and RAMS branded finance businesses), dealers, and some current and former employees.

Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks. This number might reduce as contact details are validated and duplicated names are removed from the list.

The type of information involved will be different for each person. Current estimates are that up to 10% of individuals have had some form of government identification compromised. The data set includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers.

The remaining 90% of individuals being notified have had some other form of personal information impacted; including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth.

We know this will be difficult news for people to receive, and we sincerely apologise to our community for any concerns or distress it may cause.

Darren Williams, CEO and Founder of Blackfog had this to say:

     “The fact that around 10,000 were believed to have had seriously critical PII data stolen, such as driving licenses and Medicare cards, as a result of the Nissan cyberattack, is really quite concerning. The perpetrators of this attack managed to steal confidential data and will surely try to blackmail the victims endlessly for extortion purposes.

They were able to evade the security tools at the front door and remain hidden in the system of a multinational global brand for months, highlighting the sophistication of today’s cybercriminals. To really reduce the chance of data breaches, organizations need to look beyond perimeter defense and focus on securing the back door with anti data exfiltration solutions.”

This sort of PII is like gold to a threat actor as it can be used by the threat actor to launch secondary attacks or simply sold to the highest bidder to do the same thing. This is bad and hopefully Nissan does better on this front as this situation is not acceptable.

Leave a comment »

Red Canary Detects Spike in Cloud Account Compromises and Email Forwarding Rule Abuse

Posted in Commentary with tags on March 13, 2024 by itnerd

 Red Canary today unveiled its sixth annual Threat Detection Report, examining the trends, threats, and adversary techniques that organizations ought to prioritize in the coming months and years. The report tracks MITRE ATT&CK techniques that adversaries abuse most frequently throughout the year, and two new and notable entries soared to the top 10 in 2023: Email Forwarding Rule and Cloud Accounts. 

Red Canary’s latest report provides in-depth analysis of nearly 60,000 threats detected with the more than 216 petabytes of telemetry collected from customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications in 2023. The report sets itself apart from other annual reports with its unique data and insights derived from a combination of expansive detection coverage and expert, human-led investigation and confirmation of threats. 

The research shows that while the threat landscape continues to shift and evolve, attackers’ motivations do not. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions. Key findings include: 

  • Cloud Accounts were the fourth most prevalent MITRE ATT&CK technique Red Canary detected in 2023, rising from 46th in 2022, increasing 16x in detection volume and affecting three times as many customers in 2023 than in 2022.
  • Detections for malicious email forwarding rules rose by nearly 600 percent, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, rerouting money into the criminal’s account.
  • Half of the threats in top 10 leveraged malvertising and/or SEO poisoning, occasionally leading to more serious payloads like ransomware precursors.
  • Half of the top threats are ransomware precursors that could lead to a ransomware infection if left unchecked, with ransomware continuing to have a major impact on businesses. 
  • Despite a wave of new software vulnerabilities, humans remained the primary vulnerabilitythat adversaries took advantage of in 2023, comprising identities to access cloud service APIs, execute payroll fraud with email forwarding rules, launch ransomware attacks, and more.
  • Uptick in macOS threats–in 2023 Red Canary detected more stealer activity in macOS environments than ever before, along with instances of reflective code loading and AppleScript abuse.

Red Canary noted several broader trends impacting the threat landscape, such as the emergence ofgenerative AI, the continued prominence of remote monitoring and management (RMM) tool abuse,the prevalence of web-based payload delivery like SEO poisoning and malvertising, the increasing necessity of multi-factor authentication (MFA) evasion techniques, and the dominance of brazen but highly effective social engineering schemes such as help desk phishing

Emerging techniques for macOS, Microsoft, and Linux users to watch out for 

The techniques section within the report highlights the most prevalent and impactful techniques observed in confirmed threats across the Red Canary customer base in 2023. While many techniques like PowerShell and Windows Command Shell persist, there were some interesting variations, including: 

  • Adversaries compiled malicious installers with Microsoft’s new MSIX packaging tool–typically used to update existing desktop applications or install new ones–to trick victims into running malicious scripts under the guise of downloading legitimate software. 
  • Container escapes–where adversaries exploit vulnerabilities or misconfigurations in container kernels and runtime environments to “escape” the container and infect the host system. 
  • Reflective code loading is allowing adversaries to evade macOS security controls and run malicious code on otherwise hardened Apple endpoints. 

Attackers don’t target verticals; they target systems  

The data shows that adversaries reliably leverage the same small set of 10-20 ATT&CK techniques against organizations, regardless of the victim’s sector or industry. However, adversaries do favor certain tools and techniques that may target systems and workflows that are common in specific sectors: 

  • Healthcare: Visual Basic and Unix Shell were more prevalent likely due to the different machinery and systems used within that industry. 
  • Education: Email forwarding and hiding rules were more common, likely due to a heavy reliance on email.
  • Manufacturing: Replication through removable media, such as USBs, was more common—likely due to a reliance on air-gapped or pseudo air-gapped physical infrastructure and legacy systems. 
  • Financial services and insurance: Less “obvious” techniques, such as HTML smuggling and Distributed Component Object Model were more common, likely due to greater investments in controls and testing.

Recommended actions:

  • Validate your defenses. Look at the top threats and techniques and ask: ‘am I confident in my ability to defend each of these?’ Red Canary’s open source test library Atomic Red Team is free and easy to adopt. 
  • Patching vulnerabilities is key. It remains tried and true as one of the best ways to insulate yourself from risk.
  • Become a cloud expert–ensure your permissions and configurations are properly set up, and know how everyone in your organization is using cloud infrastructure, as the difference between suspicious and legitimate activity is nuanced in the cloud and requires a deep understanding of what is normal in your environment.

Learn more

About the Threat Detection Report

The full report is intended as a reference library for security practitioners to improve their ability to prevent, mitigate, detect, and emulate cyber threats. It offers detailed guidance on data sources that log relevant evidence of adversary behaviors, tools that collect from those data sources, how security teams can use this visibility to develop detection coverage, and much more deeply actionable information.

The Threat Detection Report sets itself apart from other annual reports by offering unique data and insights, accompanied by recommended actions derived from a combination of expansive visibility and expert, human-led investigation and confirmation of threats.

Each of the nearly 60,000 threats Red Canary detected in 2023 were not prevented by the customers’ other expansive security controls. They are the product of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.

Leave a comment »

RCE Bugs Feature Among 60 CVEs In March Patch Tuesday

Posted in Commentary with tags on March 13, 2024 by itnerd

It is being reported that Microsoft fixed 60 vulnerabilities in this month’s Patch Tuesday security update round. This includes two critical bugs CVE-2024-21407 that enables attackers to escape from a Hyper-V guest virtual machine and achieve remote code execution on the Hyper-V host, and CVE-2024-21408, a denial of service vulnerability in Windows Hyper-V.

Melvin Lammerts, Hacking Lead at cybersecurity firm Hadrian had this comment:

This Patch Tuesday underscores the critical importance of timely system patching. The Hyper-V vulnerabilities are particularly concerning, as they could enable attackers to execute arbitrary code on the Hyper-V host or cause a complete system crash.  Administrators relying on Hyper-V should prioritise these patches without delay.Furthermore, the Microsoft Defender bypass vulnerability serves as a reminder that no single security solution is foolproof. A robust defence-in-depth strategy is essential, incorporating patching, firewalls, intrusion detection systems, and reliable endpoint protection.Finally, staying informed through resources like the Microsoft Security Bulletins is the best way to stay on top of the latest threats and helps you maintain a strong security posture.

This highlights what I tell every client that I have. Which is patch everything the second it becomes available as it’s an easy way to protect yourself.

Leave a comment »

Air Canada’s Aeroplan Is Being Used In An Email Based Phishing #Scam

Posted in Commentary with tags on March 13, 2024 by itnerd

Some new scams have hit my inbox as of late. And this Aeroplan one is interesting. For those of you who don’t know what Aeroplan is, this is an airline rewards program that is run by Air Canada and its partner airlines. I have an Aeroplan account so I do get marketing emails from them. But one look at this, I knew that this wasn’t one of them:

So the first thing was the fact that the word Aeroplan was highlighted several times. That is odd and when I compared it to other Aeroplan emails, this wasn’t present. So that put me on alert. The other thing that put me on alert is the typical scam hook of if you don’t do something, bad things will happen to you. In this case, if I don’t click the link to upgrade your Aeroplan account, your account will be limited. Whatever that means. Then there was the words “Kindly use the link below to upgrade your account.” Air Canada nor Aeroplan would ever use language like that. Finally, the email was allegedly sent from my personal email account. Meaning that the threat actor spoofed my email.

I wanted to go down the rabbit hole to see what the threat actor was up to. So before clicking on the link, I hovered my mouse cursor over it and saw this:

That looks like a link that has been shortened by Twitter’s link shortener. And that’s done to cover up the fact that if you click on it, which you should not do if you get this email, it will be taking you to someplace other than the Aeroplan website. But since I investigate these scams, I clicked it and this is what I got:

Now I have to give the threat actor credit here. Just like the email, this website is a very good replication of the actual Aeroplan website. Most people I think would be fooled by this. But if you look at the address bar, you’ll see that you’re not at the Aeroplan website as it’s not Aeroplan.com.

And at first glance, this fake website is going after your login details so that presumably the threat actors can log into your account and drain it of your Aeroplan points in the form of gift cards or something like that. And what’s interesting is that the website might be trying to validate that you’ve entered a valid Aeroplan number because when I tried to enter a bogus number, I got this:

This was also the case when I tried to enter a bogus email address. Clearly this threat actor has some skills as they really want to get your login details. And what’s even more interesting is that the links to create a new account or reset your password go to the real Air Canada website. I guess that they’re hoping that those who don’t remember their passwords will reset them, then come back to enter them in what’s clearly a phishing site. What concerns me is that the fact that the threat actor has spoofed my email address to try and scam me. That implies that this might be a targeted attack. I wonder if this is related to the fact that Air Canada got pwned in 2018. Then pwned again in 2023. And the threat actor or actors behind either of those attacks are using the information gained in either of those events to launch further attacks against Aeroplan members. Seeing as I’ve been an Aeroplan member for years, that seems plausible. Thus I would be interested to know if you’re an Aeroplan member and you get an email like this. If so, feel free to leave a comment below.

Leave a comment »

New Online Investment Scams: Fake Trading Platforms Exploit Victims Using Email, Social Media, Ads

Posted in Commentary with tags on March 13, 2024 by itnerd

Netcraft has published its new research following the recent release of the FBI’s 2023 IC3 Report, which revealed that investment fraud was the costliest type of crime, with losses rising to $4.57 billion in 2023, a 38% increase from the previous year.

Netcraft’s newest report reveals it detected and blocked almost 13,000 fake investment platform domains across more than 7,000 IPs, the highest number since they began tracking these platforms independently and 25% more than in December when compared to January alone.

The Netcraft research delves into how cybercriminals behind these scam websites find their victims, operate fake trading platforms, use social engineering tactics, and eventually trick victims into depositing significant amounts of money. Cybercriminals often depend on sophisticated fraudulent investment websites that use fake trading platforms to lure victims through email, social media posts, or counterfeit ads. Netcraft’s report includes a real-world example of a WhatsApp invitation to join an investment group that promises to teach you how to earn huge profits in the cryptocurrency market and emails containing links to fake investment platforms, which offer tiered accounts and promise unrealistic ROI.

You can read the report here.

Leave a comment »

« Older Entries
Newer Entries »