Posted in Commentary with tags Hacked on August 24, 2023 by itnerd
According to a CloudNordic notice to customers, criminals have encrypted all servers and customer data and the company says it can’t and will not pay the ransom demand.
CloudNordic has advised its customers to prepare for the possibility of complete data loss due to a recent ransomware attack. The attack, which occurred on Friday August 18, severely impacted CloudNordic’s operations, leading to a shutdown of their servers and data loss for both the company and its clients.
During the attack, malicious actors targeted CloudNordic’s systems, resulting in the deletion of company data and customer websites and email systems. Since then, CloudNordic’s IT team, along with third-party responders, has been working to recover customer data, but the chances of success are diminishing.
In a statement, CloudNordic explained, “Unfortunately, it has proven difficult to recover most of the data, and many of our customers have likely lost their data with us unless they have been contacted individually.”
CloudNordic suspects that the attack occurred during a server migration from one data center to another. Some servers were infected before the move, and during the transfer, servers from different networks were connected to CloudNordic’s internal network. This allowed the attackers to access administrative systems, storage, replication backup systems, and secondary backups, which were then encrypted for ransom.
As of now, CloudNordic is working on restoring customer web and email servers, but data recovery remains a challenge, and DNS services are still unavailable.
Steve Hahn, Executive VP, BullWall had this comment:
“Migrations are when companies are at their most vulnerable. Whether it’s the Dallas Police a few years back, who lost terabytes of data during a migration, throwing cases and convictions into to chaos, or latent cyber attacks that are triggered during the migration, companies need a containment, backup and security plan in place long before the migration occurs. During one of these large scale migrations we often see ports opened, applications white listed, security services may be suspended and people are generally more at risk to social engineering strategies,
“The attack vectors multiply by the100’s during these migrations and our data is at its most vulnerable state. Often companies put security projects on hold to “focus” on these migrations, when precisely the opposite should occur. The migration should be put on hold until the security controls are firmly in place and tested.”
Willy Leichter, PV of Marketing, Cyware follows with this:
“While it is good to see Viking toughness in refusing to pay a ransom, it’s easier to take this stance when you have no other options. This is a tragic example of how vulnerable many smaller service providers can be, and customers need to always beware – don’t depend on one service provider with your valuable data – if they get wiped out, so does your data.”
Backup, Backup, Backup! It doesn’t matter if your data is local or in the cloud. You need a backup because if you get pwned locally or in the cloud, you will need that backup.
Posted in Commentary with tags Hacked on August 24, 2023 by itnerd
Yesterday, as spotted by VX-Underground, the scraped data of 2.6 million users of DuoLingo, one of the largest language learning sites in the world, was re-leaked on a hacking forum and offered for just $2.23.
A Threat Actor identified a bug in the Duolingo API. Sending a valid email to the API returns generic account information on the user (name, email, languages studied).
They used an email list to assemble over 2.6m unique entries.
This past January, Duolingo had the scraped data of the 2.6 million users on a now-shutdown hacking forum for $1,500. The data included login names and full names only, which DuoLingo confirmed was data from public profiles. DuoLingo claimed they were investigating whether further precautions should be taken, but they did not address the fact that email addresses, not publicly available, were also in the dataset.
The latest data set was scraped using an exposed API that is currently open and has been since at least March 2023, and allows anyone to submit a username and retrieve the user’s public profile information. Meanwhile, one can also feed an email address into the API and confirm if it is associated with a valid DuoLingo account.
“This unfortunately makes Duolingo look extremely negligent for a number of reasons
“Lets list out some of the issues:
The API returning public profile data based on a username without any other checks
Automated scraping was possible because scripts can be run against the API: in other words no backend check that requests are coming from a genuine app
The issue had actually been previously identified but not addressed
“A good mobile security solution can be used to address these issues and restrict API access to properly validated app instances.”
The fact that this has happened before to DuoLingo before is bad, and makes it an app to avoid. Too bad that you don’t know how good the security of other apps is before you use them. Thus all app makers have to step up on this front.
Cyberint, the leader in impactful intelligence, is thrilled to announce its integration with Cyware, the leading provider of threat intelligence management, security collaboration, and cyber fusion solutions. The combined solution enables organizations to access and integrate contextual threat intelligence, enhance their threat-hunting capabilities, and automate collaborative response actions to potential attacks. The joint solution and use cases will be detailed in an upcoming webinar on August 29 at 1:00 pm EDT.
With this collaboration, Cyberint’s web intelligence seamlessly integrates with Cyware’s Threat Intel Exchange product enabling customers to:
Identify potential threats at an early stage by leveraging streamlined deep and dark web intelligence,
Receive contextual threat intelligence to enrich and enhance security tools, blocklists, threat research, and threat-hunting activities,
Aggregate threat intelligence from multiple sources to create clear visibility into threat patterns,
Automatically notify all stakeholders about critical intelligence,
Proactively build detection rules and automate response actions to reduce the risk of successful attacks.
Cyberint’s impactful intelligence solution fuses real-time threat intelligence with bespoke attack surface management, providing organizations with extensive integrated visibility into their external risk exposure. Leveraging autonomous discovery of all external-facing assets, coupled with open, deep & dark web intelligence, the solution allows cybersecurity teams to uncover their most relevant known and unknown digital risks – earlier. Global customers, including Fortune 500 leaders across all major market verticals, rely on Cyberint to prevent, detect, investigate, and remediate phishing, fraud, ransomware, brand abuse, data leaks, external vulnerabilities and more, ensuring continuous external protection from cyber threats.
Cyware helps enterprises transform security operations while breaking through silos for threat intelligence sharing, collaboration, and automated threat response. Its unique Cyber Fusion solutions enable lean security teams to proactively stop threats, connect the dots on security incidents, dramatically reduce response time, and reduce analyst burnout from repetitive tasks. Cyware improves security outcomes for enterprises, government agencies, and MSSPs, and provides threat intelligence-sharing platforms for the majority of ISAC/ISAO information-sharing communities globally.
Critical Insight has released its 2023 H1 Healthcare Data Breach Report, which despite an overall decrease of 15% in total breaches during the first half of 2023, there was a 31% increase in the number of individuals impacted by those breaches compared to the 2nd half of 2022.
The decline in the number of breaches is a positive development and suggests a potential downturn in overall breaches for 2023, the lowest breach count since 2019. Unfortunately, the positivity is counterbalanced by the 40 million individuals impacted within six months, which is 74% of the total affected in 2022.
73% of the primary causes of the breaches were centered around hacking and IT incidents while unauthorized access and disclosure followed as the second most prominent
97% of the compromised individual records were a result of exploited network server vulnerabilities
Also noteworthy is the increased targeting of the industries third-parties (48%) which surpassed those directly impacting the healthcare providers and health plans (43%). Also, of individuals affected, 50% were connected to a third party.
“The percentage increase in breaches of healthcare business associates rather than core healthcare providers is in fact a worrying trend. This may be related to increased adoption of open APIs (e.g. FHIR) to healthcare data. The security of the mobile apps and separate entities accessing healthcare APIs has been previously flagged in a number of reports as a potential entry point for hackers.”
Healthcare is one of those prime targets for threat actors. Thus those in that sector need to do everything possible to make sure that they do not continue to be a prime target.
Posted in Commentary with tags Rogers on August 23, 2023 by itnerd
I wanted to provide an update on this post in which I said that there was hope in terms of a remedy to Rogers long standing email issues that have been ongoing since March of this year. And I will say up front, some of you may not like this update.
The people who will like this update are the ones that are running Office 365. According to this document on the Microsoft website, the version of Microsoft Office 365 that supports Yahoo’s implementation of OAuth has fully rolled out. And I can confirm that if you have Office 365 and you have fully updated to the latest version, you can again add a Rogers email account to Outlook. If you need steps to do that, here’s what I have been doing for my many clients who have been affected by this issue:
1. Update Microsoft Office (save your work before doing this):
Go to File – Click on Office account on the left side:
Click on Update Options and choose Update Now:
Follow the on screen instructions.
2. Go to File- Click on Add Account:
A box should pop up where you can enter your Rogers email address. Once you do that another box should appear:
Enter the password that you use for Rogers webmail. Then follow the prompts that appear after that.
This method has worked for every single one of my clients who is running Office 365. At this point you’re likely wondering why I keep saying “Office 365” when I talk about this method. I am saying this because this support for Yahoo’s implementation of OAuth appears to not exist in what Microsoft terms as “Consumer SKUs such as Office Personal and Office Home.” Meaning that if you decided to pay once for Microsoft Office rather than use Office 365 and pay monthly or yearly for it, you’re still out of luck and you’re still forced to get your email via webmail. I have confirmed that this doesn’t work with clients who have these versions of Microsoft Office. The only workaround for this appears to be to switch to Office 365. That’s an option that I simply can’t recommend to anyone who’s already paid for Microsoft Office.
Now it would be easy to light Microsoft up like a Christmas tree in a bonfire over this lack of support for non Office 365 users. And yeah, they likely should be bringing this support for OAuth to other versions of Microsoft Office. But Microsoft wouldn’t be in this situation if Rogers and Yahoo didn’t have an incident that has been ongoing since March of this year that made this an issue for Microsoft. So what I would say to both Rogers and Yahoo is that they need to both take some leadership on this and do whatever they need to do get Microsoft to roll this out so that ALL Microsoft Office users can put this issue to bed. Either that, or both Rogers and Yahoo need to fix the app specific password issue (or stop using app specific passwords altogether) so that Rogers users can use the email client of their choice with Rogers email. Because despite what Rogers tech support says, webmail is not an acceptable replacement for something like Outlook.
Of course instead of waiting for Rogers and Yahoo to fix this, you can take the option that I’ve been recommending for a while now. Which is to abandon Rogers email offering and use something else. The majority of my reasons can be found in this article. Rogers and Yahoo aren’t communicating to users about this issue. Nor do they have a resolution to this issue that works for their entire user base. Thus You cannot depend on both companies to save you from this if you’re affected by this. Which tells you all you need to know about both companies.
I will continue to monitor this and provide further updates as they come. Because if Rogers and Yahoo isn’t going to keep you updated, someone has to. And that appears to be yours truly. Which also tells you all you need to know about both companies.
Posted in Commentary with tags BenQ on August 23, 2023 by itnerd
BenQ is redefining the 21:9 projector market with the new LK935 4K UHD laser projector. Purpose-built for the hybrid environment, the 5,500-lumen LK935 projector delivers the full richness, clarity, and accuracy of complex content that make up hybrid meetings and video conferences today. It features a super-dense pixel count of 1,149 pixels per square inch (PPI2) on a 130″ screen, 21:9 aspect ratio, 92% Rec.709 color coverage, conferencing color modes, and HDR support to ensure text, video, images, graphs, and other content is presented in pristine high quality necessary to achieve equitable and productive meetings.
Built for Widescreen Use With Varied Content Needs As the move toward 21:9 becomes the defining standard for achieving equitable, productive meetings, BenQ brings the company’s years of leadership in ultrawide display technology to the LK935 4K UHD widescreen laser projector. It doesn’t simply fill the screen but enhances teamwork and collaboration with the high-quality reproduction and super high pixel density that meeting applications using the 21:9 format demand, such as Teams Front Row. While most business WUXGA projectors are designed only to replicate one content format at a time, such as text, the LK935 21:9 projector can reproduce many forms of content simultaneously — text, video, images, graphs, and more — and in the best quality. This ensures that every piece of content is easily comprehended.
Projecting Mobile Device Quality Attendees need larger images for clarity and to help create the feeling of an in-person meeting feel, which the 21:9 format provides. However, the risk is that information on a large screen will be pixelated or unreadable with a standard business projector. This demands greater pixel density, which is the number of pixels per inch that yields the overall resolution. The LK935 is the first 21:9 projector in its price range to deliver larger, more pixel-dense content at 1,149 PPI2 — almost four times the pixel density of most WUXGA projectors at 303 PPI2 on a 130″ screen. What viewers see resembles the rich pixel density they enjoy from their mobile devices — the gold standard for high-quality resolution. With the LK935, all content — from small text of chat boxes to facial expressions — are clear and discernable to the entire room.
Color Accuracy Ensures Quality of Information Whether projecting meeting attendees or color-specific marketing, creative, or scientific content, color accuracy is a critical detail. With the LK935 projector, BenQ leverages its years of expertise in the detail-oriented cinematic, medical, and esports markets to deliver 92% Rec.709 color accuracy. The result is that participants’ skin tone and hair color appear clear and accurate, and other content is depicted as the creator intended. The projector’s Video Conference Mode automatically optimizes the accuracy of skin tone and hair color for a more immersive meeting experience. With HDR support, the LK935 is also able to read and display content with HDR metadata, projecting video with accurate secondary colors and high pixel density that is as close as possible to the original.
Designed for Installation Flexibility In order to attain the perfect image in any room, BenQ has equipped all its projectors with tools that make installation and setup quick and easy. The LK935 features a big 1.6x zoom to allow installers to replace outdated projectors without repositioning existing ceiling mounts, vertical/horizontal lens shift to move the image up and down, and 3D keystone correction range of up to ±40° on both the horizontal and vertical axes.
Long-lasting Performance, Zero Maintenance Like all BenQ projectors in its laser family, the LK935 eliminates the hassle and cost of installing replacement lamps. It features a long-lasting 20,000-hour laser light source life that ensures no risk of the image yellowing over time. It’s robust enough to support 24/7 applications with no usage or warranty restrictions. It also has an IP5X-rated, sealed DustGuardTM laser engine that is dustproof and eliminates the need for ineffective filters. The result is a long-lasting projector where organizations don’t have to spend money on labor and maintenance, achieving a much greater ROI.
High System Integration and Compatibility The LK935 is HDBaseT compatible, transmitting video, audio, RS-232, and LAN control signals from multiple sources such as PCs, laptops, document cameras, and DVD/Blu-ray players using a single RJ-45 cable. For convenient system integration into corporate network infrastructures, it is compatible with leading projector control systems, such as Extron, Crestron, and PJ-Link. It also comes with BenQ’s DMS to remotely oversee and monitor an organization’s fleet of projectors, including those from other companies, with ease.
Posted in Commentary with tags Uber on August 23, 2023 by itnerd
Starting today, Uber is launching Uber Reserve for UberX and UberXL in select cities across Canada. Uber is known for being on-demand – push a button, and get a ride. Now, you can push a button and plan your ride, giving riders even more certainty and extra assurance. Uber Reserve is perfect for trips to the airport, train stations, other cities, business meetings or planned events, so riders can enjoy a stress-free ride.
Here’s what riders need to know:
Plan ahead: Uber Reserve allows you to request a ride up to 90 days or 30 minutes in advance, at any time and on any day of the year. You can also Reserve a trip with multiple stops to pick up friends and family along the way.
Save 30% this summer by planning ahead: Enjoy 30% off your next Uber Reserve trip (up to $30) in selected geos in Montreal, Vancouver and Ottawa. Valid for pickup time until 11:55pm local time on Sept 19, 2023.
Reliability on time: Count on your ride to be there when you need it with Uber Reserve. Our technology matches drivers for your trip ahead of time and helps them arrive on time for a stress-free ride.
No rush to meet your driver: You have extra wait time built in so you can double check you’ve got everything before hitting the road.
Flexible cancellation: Change of plans? No problem. Uber Reserve lets you cancel up to 60 minutes before your requested pickup time with no extra fees. If you cancel less than 60 minutes before your reservation, you will be charged a cancellation fee for your driver’s time. You can view the cancellation fees in the app before and after scheduling your trip.
Tailored for you: Ride options for every budget and occasion, and prioritized matching with your Favourite Driver! Favourite Driver allows you to select specific drivers whom you’d like to be matched with when requesting Reserve rides. You can add them to your Favourite Driver list during the rating process.
Here’s how it works:
Request a ride up to 90 days to 30 minutes in advance, at any time and on any day of the year.
Once the rider requests a reservation, we start looking to match that reservation with a driver ahead of the pickup time.
Riders are notified once a driver has been assigned.
Riders will receive another notification when the driver is enroute.
5 minutes of wait time is built in depending on the product, so riders can take their time.
Riders can cancel up to 60 minutes before your requested pickup time with no extra fees.
Uber Reserve is already live in Toronto, Calgary and Edmonton on most of Uber’s products.
Starting today, Uber Reserve for UberX and XL are available in the following cities:
Vancouver
Montreal
Ottawa
London
Today, Uber Reserve is live for UberX and Comfort in below cities and riders will be able to Reserve Uber XL as well starting today.
Posted in Commentary with tags Roku on August 23, 2023 by itnerd
Today, Roku and CBC announced the national public broadcaster’s streaming service,CBC Gem, is now available on the Roku platform in Canada. CBC Gem is home to essential Canadian series and a curated selection of acclaimed, best-in-class content from around the world, as well as more than 800 documentaries, 500 hours of ad-free content for kids and tweens, and over 200 Canadian feature films. The addition of CBC Gem gives Roku users access to more than 6500 hours of live and on-demand programming for free on their Roku streaming player or Roku TV. Radio-Canada streaming service ICI TOU.TV has also launched on Roku devices in Canada.
Roku users can also access programming from one of Canada’s most trusted news sources, including a free 24/7 ad-supported streaming (FAST) channel and live streams of 14 local newscasts on CBC channels from across the country.
Availability Roku users can add the free CBC Gem app to their home screen directly from the Channel Store on the Roku platform. Authenticated users can sign into CBC Gem on the Roku platform using their existing login credentials. For more information about Roku, please visit www.roku.com.
CBC Gem is available free as an app for iOS and Android devices, online at CBCGem.ca, and on TV screens via Roku, Apple TV, Google Chromecast, Amazon Fire TV, Android TV and Xbox. Additional platforms will be announced soon. Free 24/7 ad-supported streaming (FAST) channel CBC News Explore is also currently available on The Roku Channel app at channel 105 in Canada and the United States.
Posted in Commentary with tags HP on August 23, 2023 by itnerd
HP today issued its quarterly HP Wolf Security Threat Insights Report, showing how threat actors are chaining different combinations of attacks together like toy bricks to sneak past detection tools.By isolating threats that have evaded detection tools on PCs, HP Wolf Security has specific insight into the latest techniques used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 30 billion email attachments, web pages, and downloaded files with no reported breaches. Based on data from millions of endpoints running HP Wolf Security, the researchers found:
It’s playtime for cybercriminals using building block style attacks: Attack chains are often formulaic, with well-trodden paths to the payload. Yet creative QakBot campaigns saw threat actors connecting different blocks together to create unique infection chains. By switching up different file types and techniques, they were able to bypass detection tools and security policies. 32% of the QakBot infection chains analyzed by HP in Q2 were unique.
Spot the difference – blogger or keylogger: Attackers behind recent Aggah campaigns hosted malicious code within popular blogging platform, Blogspot. By hiding the code in a legitimate source, it makes it harder for defenders to tell if a user is reading a blog or launching an attack. Threat actors then use their knowledge of Windows systems to disable some anti-malware capabilities on the users’ machine, execute XWorm or the AgentTesla Remote Access Trojan (RAT), and steal sensitive information.
Going against protocol: HP also identified other Aggah attacks using a DNS TXT record query – typically used to access simple information on domain names – to deliver the AgentTesla RAT. Threat actors know the DNS protocol is not often monitored or protected by security teams, making this attack extremely hard to detect.
Multi-lingual malware: A recent campaign uses multiple programming language to avoid detection. Firstly, it encrypts its payload using a crypter written in Go, disabling the anti-malware scanning features that would usually detect it. The attack then switches language to C++ to interact with the victim’s operating system and run the .NET malware in memory – leaving minimal traces on the PC.
The report details how cybercriminal groups are diversifying attack methods to bypass security policies and detection tools. Key findings include:
Archives were the most popular malware delivery type for the fifth quarter running, used in 44% of cases analyzed by HP.
Q2 saw a 23% rise in HTML threats stopped by HP Wolf Security compared to Q1.
There was a 4%-point increase in executables from 14% to 18% from Q1 to Q2, mainly caused by usage of the PDFpower.exe file, which bundled software with a browser hijacking malware.
HP noted a 6%-point drop in spreadsheet malware (19% to 13%) in Q1 compared to Q4, as attackers move away from Office formats that are more difficult to run macros in.
At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanner in Q2.
The top threat vectors in Q2 were email (79%) and browser downloads (12%).
About the data
This data was anonymously gathered within HP Wolf Security customer virtual machines from April-June 2023.
Posted in Commentary with tags Hacked on August 23, 2023 by itnerd
According to a statement made on Monday by Australian utility company Energy One Limited, a cyberattack on August 18th impacted both the firm’s Australian and UK corporate systems.The global supplier of wholesale energy market software and services is currently investigating the incident but confirmed that it has alerted both the Australian Cyber Security Centre and “certain UK authorities” and is taking immediate steps to mitigate the impact of the event.
“As part of its work to ensure customer security, Energy One has disabled some links between its corporate and customer-facing systems,” the notification said.
The statement added that the investigation is still attempting to establish the impact on its systems, and determining if and what personal information may have been affected, and also what the initial point of entry for the attacker was.
This hack was covered in this article where Rob Bolton had this to say:
Rob Bolton, VP EMEA at Versa Networks commented: “It’s important for both customers and employees not to panic. In the meantime, people should be on the lookout for any potential phishing emails or any other form of unsolicited communication.”
Bolton also praised EOL for what he said was a “quick response time” which will mitigate the impact of the attack. “Quickly isolating an attack can be the difference between services and systems being available to customers or not, as well as sensitive data or personal information being stolen,” he said.
“Rob Bolton is correct — quickly isolating an attack can be the key difference for overall business resiliency. It’s why we recommend that all critical infrastructure providers utilize Protective DNS solutions, so that any infection can be quickly identified, isolated, and remediated.”
Sometimes there’s nothing that you can do to stop an attack from happening. But you should do everything possible to stop it from progressing further.
Criminals wipe all CloudNordic servers and customer data
Posted in Commentary with tags Hacked on August 24, 2023 by itnerdAccording to a CloudNordic notice to customers, criminals have encrypted all servers and customer data and the company says it can’t and will not pay the ransom demand.
CloudNordic has advised its customers to prepare for the possibility of complete data loss due to a recent ransomware attack. The attack, which occurred on Friday August 18, severely impacted CloudNordic’s operations, leading to a shutdown of their servers and data loss for both the company and its clients.
During the attack, malicious actors targeted CloudNordic’s systems, resulting in the deletion of company data and customer websites and email systems. Since then, CloudNordic’s IT team, along with third-party responders, has been working to recover customer data, but the chances of success are diminishing.
In a statement, CloudNordic explained, “Unfortunately, it has proven difficult to recover most of the data, and many of our customers have likely lost their data with us unless they have been contacted individually.”
CloudNordic suspects that the attack occurred during a server migration from one data center to another. Some servers were infected before the move, and during the transfer, servers from different networks were connected to CloudNordic’s internal network. This allowed the attackers to access administrative systems, storage, replication backup systems, and secondary backups, which were then encrypted for ransom.
As of now, CloudNordic is working on restoring customer web and email servers, but data recovery remains a challenge, and DNS services are still unavailable.
Steve Hahn, Executive VP, BullWall had this comment:
“Migrations are when companies are at their most vulnerable. Whether it’s the Dallas Police a few years back, who lost terabytes of data during a migration, throwing cases and convictions into to chaos, or latent cyber attacks that are triggered during the migration, companies need a containment, backup and security plan in place long before the migration occurs. During one of these large scale migrations we often see ports opened, applications white listed, security services may be suspended and people are generally more at risk to social engineering strategies,
“The attack vectors multiply by the100’s during these migrations and our data is at its most vulnerable state. Often companies put security projects on hold to “focus” on these migrations, when precisely the opposite should occur. The migration should be put on hold until the security controls are firmly in place and tested.”
Willy Leichter, PV of Marketing, Cyware follows with this:
“While it is good to see Viking toughness in refusing to pay a ransom, it’s easier to take this stance when you have no other options. This is a tragic example of how vulnerable many smaller service providers can be, and customers need to always beware – don’t depend on one service provider with your valuable data – if they get wiped out, so does your data.”
Backup, Backup, Backup! It doesn’t matter if your data is local or in the cloud. You need a backup because if you get pwned locally or in the cloud, you will need that backup.
Leave a comment »