There’s A New Email #Scam Involving YouPorn Making The Rounds

Posted in Commentary with tags on September 6, 2023 by itnerd

There’s a new scam that I have to admit I didn’t see coming. This one involves porn site YouPorn and it claims via an email that you have uploaded a video of yourself and you have to pay to get it removed. Here’s the email that you get:

Now there one thing that is different about this scam:

It actually comes from a youporn.com email address to make you think that it is legitimate. But it’s likely been spoofed so it’s not legitimate. The email then claims to allow you to remove the video for free, but when you click on the link it opens up the home page of your browser. Then it offered several paid options to remove said video. Otherwise, the video will go live onto the site in seven days. Clearly this scam email isn’t convincing as when I checked the Bitcoin address that is used for this scam hasn’t received any money. But as I have always said, scams don’t have to be successful in volume to be successful. Thus don’t help these threat actors to be successful.

Leave a comment »

New research from ESG and ISSA reveals continuous struggles within cybersecurity workforce impacting 71% of organizations 

Posted in Commentary with tags , on September 6, 2023 by itnerd

New research conducted by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) reveals the persistent struggles within the cybersecurity workforce, finding that the cybersecurity skills crisis continues unabated in a multi-year freefall that has impacted 71% of organizations and left ⅔ of cybersecurity professionals stating that the job itself has become more difficult over the past two years—while 60% of organizations continue to deflect responsibility.

The report findings include:

·   A career in cybersecurity is becoming more difficult in an increasingly challenging environment. Nearly two-thirds (66%) of respondents believe that working as a cybersecurity professional has become more difficult over the past 2 years, with close to a third (27%) stating that it is much more difficult. Internal issues like workload complexity, staffing shortages, and budget deficits combined with external issues like the dangerous threat landscape and regulatory compliance challenges have made this profession progressively more difficult. Most (81%) respondents cite the increase in cybersecurity complexity and workload as the reason their careers are more difficult now. Over half (59%) point to the increase in cyberattacks due to an expanding attack surface and 46% state that their cybersecurity team is understaffed. Almost half (43%) agree that both budget pressures and regulatory compliance complexity have increased and present further challenges. Nearly one-in-ten (8%) of cybersecurity professionals have experienced one or several disruptive security events at their organization that have made their work more difficult.

·   A career in cybersecurity is becoming more difficult in an increasingly challenging environment. Nearly two-thirds (66%) of respondents believe that working as a cybersecurity professional has become more difficult over the past 2 years, with close to a third (27%) stating that it is much more difficult. Internal issues like workload complexity, staffing shortages, and budget deficits combined with external issues like the dangerous threat landscape and regulatory compliance challenges have made this profession progressively more difficult. Most (81%) respondents cite the increase in cybersecurity complexity and workload as the reason their careers are more difficult now. Over half (59%) point to the increase in cyberattacks due to an expanding attack surface and 46% state that their cybersecurity team is understaffed. Almost half (43%) agree that both budget pressures and regulatory compliance complexity have increased and present further challenges. Nearly one-in-ten (8%) of cybersecurity professionals have experienced one or several disruptive security events at their organization that have made their work more difficult.

·   Most cybersecurity professionals aren’t very satisfied with their career choices.Cybersecurity professionals face daily job stress like an overwhelming workload, working with disinterested business managers, falling behind business initiatives, and keeping up with the security needs of new IT projects. Little wonder then why less than half of security pros are very satisfied with their current jobs, and 50% of security pros claim it is very likely, likely, or somewhat likely they leave their current job this year.

·   The global cybersecurity skills shortage continues unabated. Most organizations (71%) report that they’ve been impacted by the cybersecurity skills shortage—a dramatic increase from 57% in the last study, leading to an increased workload for the cybersecurity team (61%), unfilled open job requisitions (49%), and high burnout among staff (43%), according to respondents. Further, nearly all (95%) respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has only gotten worse. When asked to identify areas where the security skills shortage is most acute, respondents pointed to application security, cloud security, and security analysis and investigations. A majority of respondents (60%) believe that their organization could be doing more to mitigate the cyber skills shortage, with over one-third (36%) stating that they could be doing much more. Respondents say that their organizations could be taking steps like increasing security professional compensation, providing advanced non-monetary incentives, educating HR professionals and recruiters, and increasing their commitment to cybersecurity training as ways to better address the ongoing skills shortage.

·   CISOs must lead the charge. When asked to identify the qualities that make CISOs successful, nearly three-quarters (71%) pointed toward leadership or communications skills.  CISO effectiveness varies – 31% of respondents claim their CISO is very effective, 40% believe their CISO is effective, and 26% say their CISO is somewhat effective.

Survey respondents were also asked how their organizations could improve their overall cybersecurity programs. The top responses included increasing cybersecurity training for IT and security professionals, striving to improve the organization’s cybersecurity culture, hiring more staff, increasing the cybersecurity budget, and improving basic security hygiene and posture management.

The Life and Times of Cybersecurity Professionals (Volume 6) is available for free download on the Enterprise Strategy Group website and ISSA website

Leave a comment »

UK Security Contractor Denies Severity Of Hack

Posted in Commentary with tags on September 6, 2023 by itnerd

Zaun, a UK manufacturer of fencing systems for the Ministry of Defense, revealed late last week that it was hit by a cyber-attack carried out by LockBit between August 5th and 6th where gigabytes of data related to top secret British military and intelligence sites were exposed. Gigabytes of sensitive data that could help criminals access the HMNB Clyde nuclear submarine base, the Porton Down chemical weapon lab and a GCHQ listening post were posted to the dark web. Labour MP Kevan Jones, stated: “This is potentially very damaging to the security of some of our most sensitive sites.”

The breach occurred through a Windows 7 PC that was running software for one of Zaun’s manufacturing machines. At the time of the attack, Zaun believed its cybersecurity solutions prevented any transfer of data.

“However, we can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, potentially including some historic emails, orders, drawings and project files,” said the statement.

Zaun said it does not believe that any classified documents were stored on the system, but the data released by LockBit included thousands of pages of data related to the perimeters of His Majesty’s Naval Base, Clyde nuclear submarine base, the Porton Down chemical weapon lab and numerous jails.

Stephen Gates, Principal Security SME, Horizon3.ai had this comment:

   “As the cyberthreat landscape continuously changes, manufacturers face a unique set of IT challenges, as well as the real, physical ramifications that impact their bottom lines. Today’s attackers fully understand the disadvantages manufacturers face, especially in terms of their reliance on various computing systems, antiquated operating systems, commercial and custom-built applications, and lots of devices – some new and some incredibly old.

   “In a recent autonomous penetration test performed by Horizon3.ai’s NodeZero, it found a computer in a manufacturing network running a pre-Windows 2000 operating system, exploited it, and eventually achieved domain admin. Many manufacturers likely have some older computers still in use that are running operating systems no longer supported. Although the older computers work just fine for the minimal tasks they perform, they can easily become an enabler of a successful breach.”

I for one don’t buy a word that Zaun says regarding how bad this is. And why in the world were they running a Windows 7 PC? There’s a lot here that needs to be unpacked as this hack could be catastrophic on so many levels.

Leave a comment »

Barracuda found a backdoor trigger in their patched systems 

Posted in Commentary with tags , on September 5, 2023 by itnerd

When Barracuda released a patch on May 18th, it thought it had fixed their 0-day malware problem, but the hackers had other ideas. Some Barracuda users that replaced infected appliances, found the malware reappeared in the new devices. According to Mandiant researchers brought in to remove the malware, this was because:

“It was common practice for impacted victims to export their configuration from compromised appliances so it could be restored into a clean one. Therefore, if the DEPTHCHARGE (malware) trigger was present in the exported configuration, it would effectively enable UNC4841 to infect the clean device with the DEPTHCHARGE backdoor through this execution chain, and potentially maintain access even after complete replacement of the appliance.”

Previously, on May 18th, Barracuda had released a patch to remove UNC4841 from customers devices, but unbeknownst to Barracuda or the Mandiant researchers brought in to remove the malware, the attackers anticipated this action and responded by installing new malware families labeled SKIPJACK, DEPTHCHARGE, and FOXTROT / FOXGLOVE. “This second surge represented the highest intensity of UNC4841 activity identified by Mandiant across the entire campaign, demonstrating UNC4841’s determination in preserving access to specific victim environments.” This defensive move on the part of the attackers was only performed on a very limited number of high priority victims, estimated to be hundreds of devices.

Dave Ratner, CEO, HYAS had this to say:

   “Unfortunately, it is far too common for bad actors to leave hidden backdoors or otherwise initiate mechanisms to maintain their hold on a victim, even post cleanup. The only real way to ensure that incident response and system cleanup has been successful is monitoring the communication traffic leaving the organization — remaining backdoors or infections will continue to beacon out to adversary infrastructure, and with the right visibility this can alert you to their remaining footholds and allow you to truly cleanup after an attack.”

Carol Volk, EVP, BullWall follows with this:

   “Backing up infected files definitely happens. In incident response sessions, we always stress recreating infrastructure from the ground up (not using anything that existed previously) as the best practice for exactly this reason. Usual approaches to prevention cannot prevent this because attackers will always find a way in, so containment is critical.”

Clearly the playbook for dealing with threats to Barracuda hardware is to get a new appliance and set it up from scratch which shows you how crafty these threat actors are. Perhaps this should be in the playbook for any intrusion that you might be dealing with? Just a thought.

Leave a comment »

Elon Musk Goes After The ADL, But Claims He’s Not Antisemitic…. WTF????

Posted in Commentary with tags on September 5, 2023 by itnerd

I’ve been saying for a while now that Twitter is a cesspool of hate under Elon Musk. And this story from Forbes highlights not only how much hate is on the platform, but how that hate is driven by Elon himself. First some background:

In May, the ADL released a report after monitoring 65 previously banned accounts that Musk had welcomed back to the platform. It found that these accounts were posting antisemitic content and were actually having a compound effect by inspiring antisemitic content among their followers. The organization said it found over 5,000 examples from February 2023 of “virulent antisemitism” posted by 2,173 accounts that followed reinstated accounts. In March, the ADL released a different report revealing that X was not enforcing its own content moderation policies. It noted that 72% of antisemitic tweets that ADL reported as a so-called trusted flagger (an organizational partner that can report content and get it prioritized) were not removed or sanctioned in any way.

For those who aren’t aware, the ADL is the Anti Defamation League. This is an organization that has been fighting hate in all its forms for decades. And this is an organization that needs to be applauded for the work that it does to shine a light on hate in all its forms. But Elon doesn’t agree with that:

Musk has previously criticized the ADL, calling them in a tweet “so aggressive in their demands to ban social media accounts for even minor infractions” and “ironically the biggest generators of anti-Semitism on this platform!”

This is one of these moments where you have no words in terms of how to respond to such a statement. For Elon to say that in 2023 shows you what sort of person he really is. But he didn’t stop there. According to this story, he served these statements up:

“To be super clear, I’m pro free speech, but against anti-Semitism of any kind,” Musk said in a post on X, formerly Twitter, on Monday.

Musk added that the ADL has helped to drive advertising revenue on the platform down. Revenue from advertising in the US is down 60%, according to Musk, and advertisers have told Musk that the ADL’s claims against X and Musk are part of the reason why.

Musk then threatened to file a defamation suit against the ADL.

Now Elon is known for saying stuff that he never does. But I can see a scenario where he sues the ADL. The reason why I say that is that a non profit group that called him out for hate speech got sued by Elon. Thus he only seems to sue the groups that that have the audacity to hold him accountable for his actions. Talk about a having a thin skin.

Also, let’s cover the fact that Elon claims to be against antisemitism. I’m going to call BS on that as his actions and behaviour don’t match that statement. An example of what I am talking about is this:

Musk made the comment after the hashtag #BanTheADL started trending on X over the weekend after the organization’s CEO Jonathan Greenblatt shared a post on Wednesday about a positive conversation he had had with X CEO Linda Yaccarino about “what works and what doesn’t” on the platform. 

Greenblatt’s post was swarmed by right-wing users who criticized the ADL CEO for promoting “censorship” on X and used the hashtag #BanTheADL.

Musk himself chimed in on the debate, and mulled starting a poll on banning the organization and liking posts with #BanTheADL.

Also on Monday, Musk accused the ADL of trying to “kill” his platform by accusing him and it of anti-semitism.

“Since the acquisition, the @ADL has been trying to kill this platform by falsely accusing it & me of being anti-Semitic,” Musk said.

Does this sound like someone who is against antisemitism? I say he’s encouraging it and only saying that that he’s against it because of the blow back that he’s getting.

This latest example of hate on Twitter/X highlights the fact that if you’re still on the platform, you need to leave. It’s bad enough that hate on the platform is at an all time high. But when the guy who owns the platform is helping to drive that hate to even higher levels, it becomes clear that anyone who is against hate of any kind needs to be someplace else. And if you’re advertiser who users Twitter/X as part of your marketing strategy, you need to reconsider how you spend your dollars as Twitter/X is not a place where I would want my marketing dollars spent given the level of hate that is present on the platform.

Leave a comment »

From Emergency Contraceptives to Sex Toys – Uber Eats reveals new trends on Canadians’ sexual health for World Sexual Health Day

Posted in Commentary with tags on September 4, 2023 by itnerd

To celebrate, Uber Canada is sharing consumer data trends that shed light on Canadians’ sexual health and wellness. 

Over the past two years, more pharmacy and convenience store merchants have joined Uber Eats. It’s no surprise then that almost half (44%) of Canadians reported using delivery apps to order everything from snacks to essential items in the last year. Sexual wellness products—including condoms, emergency contraceptives, lubricants, vibrators and more—have become a popular category in people’s online shopping carts.

The latest data drop reveals the most popular sex products purchased by Canadians across the country and ranks the cities that are the most prepared for sexual adventures, based on the volume of sexual health products they’re purchasing on Uber Eats. 

Emergency contraceptives and pregnancy tests top the list of the most popular sexual health products ordered on Uber Eats along with lubricants and vibrators. This year, Kitchener-Waterloo jumped from #10 in the city rankings to the #1 most prepared city for safe sex, as the biggest consumers of sexual health products and contraceptives. You can see where your city ranks and what products are trending across Canada below. 

Top 10 Canadian cities that are the biggest consumers of sexual health products

*results weighted to account for pop. differences 

Top 5 Most Popular Sexual Health Products Across Canada

Uber is also celebrating cities that are ordering the most of a particular sexual wellness product. Check out the ‘23 winners:

  • Hamilton takes the title of “The Slickest City,” as Hamiltonians are by far the biggest consumers of sexual lubricants on Uber Eats
  • Londoners are the “Most likely to have you covered,” with London being the city that purchases the most condoms 
  • Torontonians are the “Most likely to pass a vibe check,” since Toronto consumes the most sex toys/vibrators on Uber Eats

1 Comment »

Donald Trump’s Truth Social Could Be Dead By Friday

Posted in Commentary with tags on September 3, 2023 by itnerd

Truth Social, which is the social network that Donald Trump created after he was tossed off Twitter has been a dumpster fire since the second that it was announced. The latest crisis could spell doom for Truth Social according to The Washington Post.

Here’s the TL:DR:

According to the Washington Post, there is a September 8 deadline for a merger with a Miami-based company called Digital World Acquisition to close or be extended. Should that merger fail, Truth Social will be forced by law to return $300 million to investors. And Donald Trump will end up with “nothing” in financial gain. I wrote about this merger here.

The Washington Post report reveals that Truth Social has been plagued by unceremonious executive departures, credible accusations of insider trading, and even a whopping $18 million settlement over accusations that Truth Social executives lies to investors and the Securities and Exchange Commission. I wrote about some of that here.

Like I said, it’s been a dumpster fire. And it is another illustration of how bad a businessman that Trump is. Because everything he touches dies. And what doesn’t help is the fact that Trump made a re-appearance on Twitter by posting his mug shot and typing the words “Never Surrender”. Which is an odd thing for a guy who has surrendered to authorities four times in the last little while.

I’ll be watching on Friday to see if Truth Social lives or dies. I’m going to go with Truth Social dying. But I am free to surprised.

1 Comment »

Trend Micro AI Protection In ASUS Routers…. Should I Use It?

Posted in Commentary with tags , on September 3, 2023 by itnerd

I got a question from a client who asked me about Trend Micro’s AI Protection which comes with most if not all routers made by ASUS. She wanted to know if it was safe to use from a privacy standpoint because of this 9to5mac.com article and this ZDnet.com article. To answer that question, let’s first talk about what AI Protection does. In short, it does four things:

  • Router Security Assessment: This checks the router against the best security practices that I and others generally recommend to see where you might be vulnerable.
  • Malicious Site Blocking:  This feature checks the websites that you’re visiting and see if it matches any record in terms of being a threat to you via Trend Micro’s database. And if it does, then the website is blocked. More on this database in a bit.
  • Two-Way IPS: This prevents connected devices from receiving spam and DDoS attacks by blocking incoming malicious packets. I seriously doubt that every packet is checked as consumer routers don’t have that sort of horsepower. My guess is that it’s checking the source and destination, or it’s looking for patterns of some sort.
  • Infected Device Prevention and Blocking: This is similar to the previous feature and it blocks attacks coming from compromised devices from your network.

Now let’s talk about how it does this. AI Protection collects a ton of information about you and checks that against a database hosted by Trend Micro. What information it collects is clearly laid out here. There’s also a simplified version of this here. But let me boil it down for you. The relevant things that Trend Micro collects starts on page 10 of the English version of the first link. That’s a fair bit and I can see why that might bother some people. But consider this, Trend Micro is subject to the GDPR, which means that they have to clearly lay out what data they collect about you and why they do it. And if the EU who are behind the GDPR thinks that anything is fishy, they will not hesitate to smack Trend Micro pretty hard. That alone is an incentive for them to make sure that they are on the right side of this issue. Thus I feel that you should have nothing to worry about as it seems to me that this data is being used for security purposes.

Having said that, if you’re still uncomfortable with using AI Protection, then either don’t use it or do the following to turn it off:

  • Log into your ASUS router
  • Click on “AI Protection” on the left
  • Change “Enabled AI Protection” to off
  • Then go to “Administration”
  • Click on the “Privacy” tab
  • Click “Withdraw” under the Trend Micro section.

In my case, I run AI Protection on my ASUS router as I like the security that it provides me. And I do recommend it to my clients. I don’t think there’s any real privacy risks here. But only you can decide if that’s true for you. Hopefully this article can help guide you to the decision that is right for you.

2 Comments »

Bell Is Now The Target Of A Phone Scam

Posted in Commentary with tags , on September 2, 2023 by itnerd

In the last month I have reported on a Rogers phone scam, and a TELUS phone scam that target customers of both telcos to scam the unwitting out of phones. After coming across the TELUS one, I said this:

What’s clear here is that the threat actors have either moved on from using the Rogers name to run their scam, or the threat actors are running the two scams in parallel. Which means that they could move to using Bell, or Freedom, or any other carrier at any time once the word gets out that the scam exists and is tied to a specific carrier. That means you need to keep your head on a swivel at all times to make sure that you don’t get taken advantage of these scams.

Well, it seems the threat actors have moved onto Bell. A reader emailed into me about a scam that they encountered that involves Bell that goes something like this:

  • A person claiming to be from “Bell” will call you and offer you a discount in terms of your wireless service. And along with that, you will get a brand new Samsung Galaxy S23 delivered to your door.
  • IF you say yes, they will extract all sorts of personal information to complete the order. You will then get the phone a couple of days later.
  • After you receive the phone, you will then get another call from “Bell” saying the phone that you just received was accidentally sent to you. You will then be directed to go to the nearest UPS to send the phone to the “correct recipient”. And you will get a label from an email address ending in “@thebell.ca ” which isn’t Bell Canada.

What the scam is all about is that the threat actors are extracting enough information from you to order a new phone from Bell and ship it to you. That way you and Bell are out a new phone. Thus I will give you this advice:

  • Remember that Canadian cell phone plans are among the most expensive in the world. And carriers don’t give away phones. Especially Samsung Galaxy S23 models. Thus if it sound too good to be true. It is likely too good to be true. 
  • If you want to verify if a deal is true or a scam, hang up and call Bell using a number from their website. Do not rely on the number that you see on your phone’s call display as that could be a number that has been spoofed
  • Under no circumstances should you give out any personal information to anyone who calls you in this manner.

If you have fallen for this scam and the phone shows up at your home, call Bell, explain the situation and follow their instructions to cancel the account that the threat actors created and to return the phone to Bell. This is what I told the person who reported this to me.

Clearly these threat actors are very active. That means that you need to have your thinking caps on to make sure that you aren’t scammed. And if you come across any more variants of this scam, please let me know so that I can get the word out.

9 Comments »

There’s A New Firmware For The Bell Gigahub

Posted in Commentary on September 2, 2023 by itnerd

This will be a quick one.

Bell dropped a new firmware for the Gigahub this week. It’s version 1.19.1 and like the other firmware for the HH4000, there’s no release notes. Thus I am wondering what this firmware does and fixes. Thus if you notice anything, I’d love to know so that I can share that information with you. Please leave a comment below and share what you notice.

6 Comments »

« Older Entries
Newer Entries »