Trello And loanDepot Pwned…. Millions Affected

Posted in Commentary with tags on January 23, 2024 by itnerd

 I have two data breaches to report on today. Let’s start with Trello. A data breach there has the personal details of more than 15 million users put up for sale on the dark web.

This has been confirmed by haveibeenpwned.com. Meaning that’s not good. I strongly suggest that you check your email addresses in the haveibeenpwned.com database to see if you’re affected.

Meanwhile,  Bleeping Computer is reporting that more than 16 million loanDepot customers are affected by a data breach:

Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month.

Following a January 6 attack that forced it to shut down some of its systems to contain the breach, the company told customers that recurring automatic payments would still be processed, with payment history delays.

And:

Given that loanDepot stores sensitive customer financial and bank account information, those affected by this breach should know they might be the target of phishing attacks and identity theft attempts.

However, loanDepot has yet to share what type of customer personal information was accessed and stolen from its systems.

This one is really bad. But in both cases, I’d be changing my password to a strong and unique password. On top of that, you can fully expect that phishing attacks and other scams will be inbound now that this information is out there.

Leave a comment »

Strong Dealer Momentum, Financials, Leadership Additions And More Noted By Fisker

Posted in Commentary with tags on January 23, 2024 by itnerd

 Fisker Inc. is providing an update on recent business activities.

Dealer Partner Model Update

On January 4, Fisker announced a change in its vehicle distribution strategy toward an innovative Dealer Partnership model in North America and hybrid model in Europe that will continue to include direct sales to consumers and dealer arrangements. Since this announcement, Fisker has seen substantial interest from potential partner dealers across the United States, Canada, and Europe. The company is currently engaged with over 100 dealers. Enthusiasm has been driven by the fact that Fisker is the only American brand available to dealers that manufactures exclusively electric vehicles that have class leading features (for example, the Fisker Ocean has the longest range in its segment). Fisker is scheduled to host dealers at its headquarters in Manhattan Beach during the week of January 29. In addition, Chairman and CEO Henrik Fisker and several Fisker executives are scheduled to attend the National Automobile Dealers Association (NADA) show in early February to meet with prospective dealers and promote the company’s new dealership model. Fisker expects the first Oceans to be available in dealer showrooms in February.

Many of Fisker’s potential dealer partners already support multiple brands of vehicles, have existing EV infrastructure and the ability to service vehicles. The company anticipates that dealers will be able to purchase vehicles for their inventory shortly after finalizing the partner agreements. Fisker believes this strategy is consistent with its asset-light business model and will allow the company to build a strong distribution network capable of servicing its customers in a more cost-efficient way. Initial dealer agreements will likely cover California, Illinois, New York, New Jersey, Massachusetts, Florida, Maryland, and Canada.

Anticipated Positive Impact to Cash Flow

Fisker expects that the Dealer Partnership model will enhance its ability to turn new vehicles into cash by reducing the time vehicles are retained on its balance sheet. Similar to the traditional automotive OEM/dealer model, Fisker will recognize revenue when a vehicle is sold to a dealer. Fisker anticipates that it will sell most of the vehicles it currently has in inventory before the end of this year’s first quarter and expects to provide a delivery update in February.

During the first half of 2024, the company expects to generate cash from the sale of existing 2023 production vehicle as well as a consumption of raw materials, including batteries, in producing cars in first half of 2024 that are currently on its balance sheet. The carrying value of completed vehicles in Fisker’s inventory at the end of 2023 was approximately $290 million. Since Fisker has been selling vehicles through its direct to customer model and will pivot to a dealership model during Q1. We expect to sell the balance of our 2023 vehicle inventory before end of the quarter, releasing almost $290 million on the balance sheet that can be used for working capital. In addition, Fisker has approximately $260 million of parts, including batteries, which will support the production of Ocean vehicles in 2024. As a result, Fisker expects to achieve a higher contribution to cash flow from Oceans produced and sold in early 2024. 

Amendment to 2025 Convertible Notes

As previously announced, on January 21, Fisker entered into a second amendment and waiver agreement with the holder of its 2025 senior convertible notes. Pursuant to this waiver, among other items, the company no longer is required to maintain a minimum cash balance. In addition, the company has obtained a release from the investor of certain intellectual property belonging to Fisker upon the company entering into certain commercial agreements with an automotive original equipment manufacturer (OEM). Fisker believes this waiver provides increased flexibility to pursue strategic collaborations. Reflecting a series of conversions by the senior convertible notes holder, the company’s overall debt level has been reduced. As of January 19, 2024, the principal balance outstanding on the 2025 notes has been reduced by approximately $185.5 million to $324.5 million. 

NHTSA Preliminary Evaluation

Fisker issued the following statement on the National Highway Traffic Safety Administration (NHTSA) Office of Defects Investigation’s (ODI) Preliminary Evaluation of reported braking issues with the 2023 Fisker Ocean:

The Fisker Ocean brake system uses both friction braking and regenerative braking. In December 2023, Fisker responded to customer feedback and issued an Over-the-Air update (Version 1.10) to the regenerative system that improved the customer experience when traveling over bumps and uneven surfaces, resolving the issue. The Fisker Ocean brake system meets or exceeds all US and international performance requirements.

Key Executive Leadership Updates

As previously announced, Fisker has strengthened its leadership team with the addition of seasoned and experienced executives across departments including finance, accounting, marketing, and sales.

These leaders include Angel Salinas as Chief Accounting Officer; Eric Goldstein as Head of Investor Relations; Beverly Lively as VP, Internal Controls & Audit; and Dan Quirk as EVP, of Finance and Accounting. Wolfgang Hoffman has also joined as Country Manager for Canada as well as Amira Aly as VP, Marketing, Sales & Financial Service US.

Fisker also held the largest meetup in company history, with approximately 2,500 owners and prospective owners gathering in 24 US locations and at six locations in Europe.

Leave a comment »

CISA, FBI, EPA Releases A Water And Wastewater Cyber Incident Response Guide

Posted in Commentary with tags , on January 22, 2024 by itnerd

In a joint effort, CISA, the FBI, and the EPA have introduced an incident response guide designed to aid owners and operators in the Water and Wastewater Systems (WWS) Sector.

The agencies partnered with over 25 industry, non-profit and government organizations within the WWS Sector to create the response guide which outlines four pivotal stages of the incident response lifecycle:

  • Preparation
  • Detection and Analysis
  • Containment, Eradication, and Recovery
  • Post-Incident Activities

“The Water and Wastewater Systems Sector is a vital part of our critical infrastructure, and the FBI will continue to combat cyber actors who threaten it. A key part of our cyber strategy is building strong partnerships and sharing threat information with the owners and operators of critical infrastructure before they are hit with an attack,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division.

Mark B. Cooper, President & Founder, PKI Solutions had this to say:

   “Just as we have seen the creation and focus of Critical Infrastructure Protection (CIP) controls for the energy industry, vital infrastructure services such as water, waste treatment, and gas should have similar regulatory and industrial standards for cybersecurity controls. Through enforcing strong CIP standards for all vital services, these critical services can be better prepared for a world that has ever evolving cybersecurity threats and deliberate actors seeking to disrupt services.”

Incident response guides like these are valuable as they save a company or a sector from the trouble of trying to figure out what the best practices are to responding to an incident. Frankly, we need to see more of these out there ASAP.

Leave a comment »

Nearly 1.3 Million Patients’ Covid19 Records Exposed In Data Breach 

Posted in Commentary with tags on January 22, 2024 by itnerd

Almost 1.3 Million records belonging to Coronalab.eu (owned by Microbe & Lab), a Netherlands-based Covid-19 test laboratory, were exposed according to cybersecurity researcher Jeremiah Fowler, putting its patients at risk of many online threats. 

The key findings are the following: 

  • An estimated 1,285,277 records; 
  • That included patients’ testing samples, appointments and certificates; 
  • Testing samples revealed patients’ name, email address, date of birth, passport number and more. 

If you want to know more about Jeremiah’s findings, you will find all the details here: https://www.vpnmentor.com/news/report-coronalab-breach/

Leave a comment »

Visa And Plug And Play Announce Alliance To Grow The Canadian Fintech Ecosystem

Posted in Commentary with tags on January 22, 2024 by itnerd

Visa Canada has announced a new alliance with Plug and Play, one of the world’s largest accelerators and venture capital firms. As a founding sponsor, Visa will support Plug and Play’s entrance into the Canadian fintech market and together, establish a platform to enable fintechs to flourish. 

The Canadian fintech industry is experiencing tremendous growth with an expected compound annual growth rate of 25% through 2029. Through this collaboration, fintechs will access the power, scale, trust, and security of Visa’s global network. They will also be invited to exclusive, interactive events where they can learn, collaborate, network, and connect with new partners to grow their business.  

This relationship builds on Visa’s successful collaboration with Plug and Play in the U.S. which launched an Inclusive Fintech Accelerator program to help foster diversity and inclusivity in the sector by addressing some of the unique challenges faced by diverse founders in the tech industry. Founders selected to be a part of the program receive access to Visa products, APIs, and insights. 

Visa’s Fintech Fast Track Program 

Visa’s commitment to enhancing the payment ecosystem includes working shoulder to shoulder with fintechs through a number of programs created to support the industry, like Visa’s Fintech Fast Track Program. This initiative is designed to help fintech and crypto companies bring new payments solutions to market with speed, harnessing the reach, capabilities, and security of VisaNet, Visa’s global payment network. Through the program, approved fintech startups can strengthen global payout service offerings, expand capabilities, and gain access to Visa’s growing partner network of 4.1 billion cards and 80 million merchant locations worldwide in over 200 countries and territories.

Learn more about Visa’s Fintech Fast Track program here

Leave a comment »

Tesla Cybertruck Owners Need To Wash Their Truck Frequently Or Bad Things Will Happen…. No Seriously

Posted in Commentary with tags on January 21, 2024 by itnerd

The Tesla Cybertruck is starting to create a lot of negative news now that owners are getting their hands on on them. Hot off the heels of this, comes news that Tesla recommends that you wash the Cybertruck frequently if certain substances get onto the stainless steel body. Don’t believe me. Have a look at this:

That’s just insane. I say that because car manufacturers have spent a lot of time and effort to stop this sort of thing from happening as long as you take care of the vehicle. Meaning you wash it on a regular basis, along with waxing it. I’ve never seen a car that requires you to immediately wash stuff off of it or bad things will happen. Though I will admit that you SHOULD wash your car as soon as you can if a bird poops on it for example. But that’s usually never a today problem as it can likely wait a day or two without anything bad happening.

While I am sure that this is written by a lawyer who is trying to cover Elon Musk’s posterior legally, it really doesn’t put the Cybertruck in a good light. Real truck owners do real truck things with their trucks and don’t give a second thought about having to make sure that it is cleaned immediately if a bird poops on it. It’s another data point that illustrates that the Cybertruck isn’t a rugged as Elon claims it is. Which means that if you’re looking for an electric truck and you do real truck things with it, you should look elsewhere.

Leave a comment »

Microsoft Pwned By “Midnight Blizzard”

Posted in Commentary with tags , on January 20, 2024 by itnerd

Microsoft has revealed that on January 12, 2024, they were attacked by a nation state. Here’s what happened next:

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.

And:

Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.  

The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.  

This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard.

So this “state sponsored” which in this case the state in question is Russia seeing as “Midnight Blizzard” is a Russian affiliated group were looking for info on themselves. Does that mean that they were worried about what Microsoft knew about them? I say that because this is the first time I have heard of a group hacking someone to find out information on themselves. Second, if you are wondering what a “password spay attack”, it’s defined as follows:

Password spraying is a type of brute force attack. In this attack, an attacker will brute force logins based on list of usernames with default passwords on the application. For example, an attacker will use one password (say, Secure@123) against many different accounts on the application to avoid account lockouts that would normally occur when brute forcing a single account with many passwords.

This attack can be found commonly where the application or admin sets a default password for the new users.

This again highlights why passwords tend to be the one of the weak points when it comes to cybersecurity. But I digress.

The fact that Microsoft was targeted in this manner is pretty brazen on the part of these threat actors. I for one will be interested to see what Microsoft says in terms of what these threat actors did once they got in beyond what Microsoft has said, and what they might have taken.

Stay tuned to this space.

UPDATE: Carol Volk, EVP, BullWall had this comment:

   “So how big do you have to be to be secure? The apparent lack of 2FA and/or weak passwords by Microsoft’s senior staff allowed the Russian hacking group Midnight Blizzard to read their emails, and that’s the point here, anyone and everyone is vulnerable. It’s not just the zero-days that get you, it’s just that one hole in your defenses. In this case an old fashioned “password spray attack” worked just fine to let attackers in to read management emails.

   “Microsoft is lucky this time, as apparently the gang was searching emails to see what MS was saying about them. They could have just as easily stolen or destroyed the data. Attackers can always find a way into a network, so regular air gapped backups and a rapid response ransomware containment system should be part of the complete defensive stack.”


Mark B. Cooper, President & Founder, PKI Solutions follows with this:

   “The continued use of passwords will always lead to more security breaches like Microsoft experienced. This is especially true when test/non-production accounts are expected to be used for a short period of time or won’t be used to access confidential information and are allowed to have weak security controls. A strong identity and encryption standard that covers all identities, temporary or otherwise, is the only way to stem the tide of password breaches. Stronger technology like mutual authentication certificates and security tokens have been around for decades, but it has been traditionally easy to dismiss the complexity or operational challenges as an excuse not to secure an enterprise the way it should.”

2 Comments »

Vans & North Face Owner Reports 35 Million Impacted By Data Breach

Posted in Commentary with tags on January 20, 2024 by itnerd

VF Corp., the parent company of the apparel brands Vans, Supreme, and The North Face, reported in an SEC filing that hackers stole the personal data of 35.5 million customers in a December cyberattack.

The filing did not say specifically what kinds of personal data was taken or if any corporate data was stolen but VF Corp said it does not retain consumer Social Security numbers, bank account information, or payment card information for its consumer businesses.

VF said in December, at the time of the incident, that it had experienced operational disruptions and its “ability to fulfill orders” and in its Thursday filing, they said the company is “still experiencing minor residual impacts from the cyber incident,” but that it has caught up on fulfilling orders that were delayed. 

Al Martinek, Customer Threat Analyst, Horizon3.ai:

   “While accurately predicting the actions of cyber threat actors is challenging, especially during the holiday season, it is imperative to remain vigilant to ensure the security of your systems and networks. Cyber vigilance becomes even more critical in safeguarding personal and financial information, given the increased online activities and festive shopping that create opportunities for cyber threats and scams. As we have seen, no matter how big or small a company is, threat actors will likely continue to focus on targets of opportunity and take advantage of complacent company manning and low staff. Additionally, increased online shopping creates a perfect environment for scammers to mask themselves among the chaos.  

   “Threat actors steal data, exploit weak credentials, and ultimately find any way possible to disrupt company operations during times of amplified cyber traffic. Adopting a proactive, autonomous approach that involves identifying, addressing, and validating exploitable vulnerabilities serves as the primary defense against cyber threats for any organization. Solutions such as continuous penetration testing not only deliver prompt results for addressing crucial issues but also save valuable time and stress for security teams. This approach allows for timely mitigations and verifications, providing organizations with the necessary peace of mind in keeping sensitive information out of enemy hands and networks hardened against attacks.”


Stephen Gates, Principal Security SME, Horizon3.ai:

   “The outcomes noted here are a classic example of human-operated, ransom-based attacks. The likelihood of attackers gaining and maintaining their footholds in the victim’s networks is all too apparent.

   “In 2024, organizations must find the weaknesses in their networks that are enabling these attacks to begin, then progress like a tumor. Most of the time, the weaknesses being exploited are not CVEs. Instead, they are easily compromised and reused credentials, effortlessly discovered and unprotected data, software and hardware misconfigurations, poorly implemented security controls, and weak and/or unenforceable security policies.

   “These oversights and error conditions are one of the biggest reasons why the SEC new rules also add Regulation S-K Item 106, which will require registrants to describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats.

   “If you are not continuously assessing your internal, external, and cloud infrastructures, you likely will not be able to identify and manage material risks from cybersecurity threats. The real key is to continuously assess yourself before attackers do it for you.”


Craig Harber, Security Evangelist: Open Systems:

   “The company’s filing this week confirms the extent of the December data breach, 3.5 million customers plus the initial disruption of business operations caused by encrypting IT systems. The disruption appears to have been limited to the company’s ability to fulfill orders, but this was the peak delivery season, right before Christmas. The attackers certainly were hoping to take advantage of this.

   “Fulfillment uncertainty impacts customer confidence in the company’s ability to deliver items on time during the holiday season. Not surprisingly, VF Corporation’s share price tumbled on the news of the cyberattack based on project revenue losses, erosion of customer confidence, and long-term reputational damage to its brand.

   “Cyberattacks are inevitable in today’s environment. Companies must be prepared to respond when it happens. Preparation includes coping with internal efforts to contain, assess, and mitigate active threats while maintaining business operations and adhering to regulatory compliance reporting requirements.

   “The SEC Incident Disclosure Regulations that went into effect on Dec. 15th means that waiting until a cyberattack is underway to roll out your incident response plan is no longer an option. Companies must have effective cybersecurity plans in place to prevent cyberattacks, minimize the damage they cause and comply with regulatory requirements to ensure that they are not penalized for non-compliance.”


Mark Cooper, President & Founder, PKI Solutions:

   “One method that organizations often overlook in protecting sensitive customer and business information is a strong encryption and identifying process. When information is maintained in an encrypted state, even if hackers steal or re-encrypt the information, the original data is protected from disclosure. As we have seen more and more lately, hackers are releasing information despite payment from their victims. To protect that data, organizations should be leveraging aggressive encryption programs proactively.”

With a count of 35 million people affected, this is a non-trivial event. And seeing as my wife recently bought a North Face jacket, we’ll be checking to see if she’s been affected. Unfortunately that’s now how the world is where you expect your data to leak because of a hack and all you can do is brace for impact. This is why companies and anyone else who has your data must do better to protect it.

1 Comment »

Health and Human Services Pwned And Millions Of Dollars Was Stolen

Posted in Commentary with tags on January 20, 2024 by itnerd

According to Bloomberg, last year unknown hackers stole $7.5 million from the Department of Health and Human Services by taking over email accounts belonging to the grant recipients and tricking federal employees into transferring funds to malicious accounts.

The payment management system platform that the hackers accessed serves eight other departments, including the Pentagon and the Treasury Department, in addition to the White House, NASA and the Small Business Administration.

Sadly, $1.5 million of the stolen money was intended to fund health care for “the nation’s highest-need communities.”

The news outlet also reported that White House officials were disappointed by Health and Human Services for their lack of urgency in handling of the intrusions. Health and Human Services has since referred the incident to the Office of the Inspector General who claims to be taking it very seriously.

Emily Phelps, VP, Cyware had this comment:

   “Given the highly sensitive and valuable data these departments manage, especially when it involves funds for essential services like health care, the risk of cyberattacks cannot be underestimated. This incident not only showcases the vulnerabilities in current systems but also emphasizes the necessity for government agencies to be equipped with advanced tools and real-time intelligence to preemptively identify and combat such threats. Strengthening cybersecurity infrastructure and ensuring immediate and informed responses to cyber threats are imperative to safeguard public sector data and resources.”

The fact that HHS didn’t have the sense of urgency that should be expected after this hack and theft happened is disappointing. Hopefully those who were asleep at the switch are dealt with accordingly.

Leave a comment »

New Samsung Galaxy Tab A9+ Announced

Posted in Commentary with tags on January 19, 2024 by itnerd

Samsung Electronics has recently announced the launch of the new Samsung Galaxy Tab A9+, which will provide users with the exceptional Samsung tablet experience at a great value. The Galaxy Tab A9+ combines immersive video and audio with hyper-fast connectivity to support everyday entertainment and productivity needs in a portable package. As a member of the Galaxy connected ecosystem, this new device will offer a continuous experience across multiple Galaxy devices.  

With the Galaxy Tab A9+, Samsung is making it easier than ever for all to enjoy great entertainment and productive multitasking. Below are a few of the product highlights: 

  • Engineered For Viewing Pleasure: The Galaxy Tab A9+ offers the largest screen of any Galaxy A series tablet yet, with an 11-inch display to immerse users in their favourite movies, shows, or games. 
  • Awesome Performance: With the largest memory and storage available on the Galaxy Tab A series to date, there is plenty of room to store and save documents, sources of inspiration, and more. 
  • Samsung Kids: With a simple set up process, parents and caregivers can monitor and control children’s digital activities, access settings, create child profiles, set playtime and monitor the content that children are consuming. 

The Samsung Galaxy Tab A9+ will be available for purchase at samsung.com, Samsung Experience Stores, and at major carrier and retail partner locations across Canada, starting at $329.99 for 64GB.

For more information about the Samsung Galaxy Tab A9+, please visit the Samsung website.  

Leave a comment »

« Older Entries
Newer Entries »