TELUS strengthens its cybersecurity portfolio as Norton’s exclusive breach response provider in Canada

Posted in Commentary with tags on August 3, 2023 by itnerd

 TELUS announced that it will be the official Canadian breach response provider for Norton, a leading consumer cyber safety brand of Gen, delivering support to employees and customers of organizations affected by data breaches. This marks an expansion of the incident response services offered by TELUS, providing businesses with a diverse range of solutions to help minimize the impacts of a data breach. As cybercrime rates rise and the demand for solutions increases, TELUS Online Security goes beyond standalone identity monitoring services in the market by helping businesses offer their employees and customers breach response and remediation plans that include tools like dark web monitoring, daily or monthly credit reports, dedicated identity restoration support and identity theft reimbursement coverage of up to $1 million for related expenses.

TELUS Online Security powered by Norton™ offers two premium plans for businesses to help protect their employees and customers: Guardian and Guardian Plus. Key benefits include:

  • Identity Theft Protection: Fraudsters can use stolen personal information to open new financial accounts, apply for tax refunds, rent or buy properties, or perform other fraudulent activities. If an employee or customer’s identity is compromised, a dedicated identity restoration specialist will handle the case from start to finish.
  • Credit Monitoring: Employees and customers are alerted to key changes to their credit file, such as a change of address or name, credit report inquiries or new accounts being opened.2
  • Dark Web Monitoring: Detects and notifies employees and customers when their monitored personal information is found on the dark web, including email addresses, bank account numbers, credit card numbers, contact details and driver’s license numbers.

These plans complement the comprehensive suite of breach response services already offered by TELUS Business, which support all elements of an organization’s needs, including preparedness, investigation and remediation of a cybersecurity incident.

The launch of TELUS Guardian and Guardian Plus plans comes as Norton and TELUS extend and deepen their partnership for an additional three years, with the shared goal of creating a safer digital world for all Canadians. For more information on how TELUS Online Security can help your organization, please visit telus.com/Guardian.

Leave a comment »

Review: Infinity Loops Apple Watch Ultra Titanium Link Bracelet

Posted in Products with tags on August 3, 2023 by itnerd

While my wife and I were in France on vacation, we were contacted by Infinity Loops offering us a couple of Apple Watch band to do a review on them. After having a look at the website, we decided to say yes to this request and in short order we had two bands were headed in our direction. Today’s review is of their Apple Watch Ultra Titanium Link Bracelet. At $122 Canadian for the band, is it a good option for Ultra owners (and owners of other Apple Watches as it’s also available in sizes to fit any Apple Watch)? Let’s dive in and find out.

The band arrives in a box like this with no markings on it other than the Infinity Loops logo. And inside you’ll see the band:

The entire band is wrapped in plastic. Which is a good thing as titanium has a tendency to collect light surface scratches easily. The first question that I had was if this was really titanium. To answer that, I took a magnet to it because titanium isn’t magnetic. Thus a magnet should not stick to it if it is titanium. From what I can tell, the links are titanium and part of the clasp is made of stainless steel as the magnet stuck to the underside of the clasp, but didn’t stick anywhere else. Speaking of the clasp, it has two buttons on the side to unlock the strap. And overall, it looks almost exactly like the Apple Link Bracelet which is stainless steel and costs a lot more than the Infinity Loops offering. Speaking of the Apple Link Bracelet, Infinity Loop “borrowed” one of the best features of the Apple offering:

There are buttons on the back of the band that allows you to size it for your wrist without requiring tools or a visit to your local jewelry store to pay someone to do it for you. I had mine perfectly sized inside of five minutes of getting it delivered to me by Canada Post. As for weight, I compared it to a stainless steel link bracelet of the same size and same design. It was about 5 grams lighter than that at 69 grams versus 74 grams for the stainless steel link bracelet.

As you can see, it more or less matches the shade of titanium on the Apple Watch Ultra. And it feels comfortable. And as I type this, no stray hairs have been caught in this band which is a common thing with bands such as this one. My only advice to you is if you resize the band, make sure all the links are snapped in place. I didn’t do that and the band came apart the first time I put it on after I put it on. The build quality is also excellent as I couldn’t find anything that I would call out as an issue. Especially with the lugs which fit as well as a stock Apple Watch band.

So, is the Infinity Loops Apple Watch Ultra Titanium Link Bracelet worth it at $122 CDN? I would say so without hesitation. This is a very good option for those who don’t want to spend the cash on Apple’s offering, or some other similar offerings that cost less than what Apple has to offer, but cost more than this band. But they want something more upscale for the Apple Watch. Be it the Ultra or some other model. I’m pretty happy with this band and it will be in my rotation of bands going forward. And I am sure that if you get one, you’ll be happy with it as well.

3 Comments »

New Mobile-Specific AppSec Product Launch Supports iOS Scan Apps & Detect Vulnerabilities

Posted in Commentary with tags on August 3, 2023 by itnerd

Guardsquare, the mobile application security provider, today announced that the company’s award-winning Mobile Application Security Testing (MAST) product, AppSweep, is now available for iOS. Built for developers and mobile application-specific, AppSweep allows users to scan Android and iOS apps to identify security risks. 

Security findings include actionable recommendations developers can leverage to fix the identified security issues ensuring AppSweep users quickly uncover and can solve security issues in mobile app code and dependencies. Free to use with no restrictions, AppSweep is now available for both iOS and Android.

With the ever-growing reliance on mobile apps across all verticals, organizations must prioritize the security of their mobile applications to ensure customer trust and brand loyalty, protect valuable IP, achieve compliance, and prevent loss of revenue. Yet only a third of those involved in mobile app development use a MAST tool, which can lead to insecure mobile apps and detrimental effects on organizations left vulnerable to risks. 

With the introduction of AppSweep for iOS, Guardsquare ensures that regardless of the operating system, organizations can safeguard their mobile apps and protect their users’ sensitive data. AppSweep helps development teams efficiently and effectively meet security needs in an actionable manner.

For more information about AppSweep for iOS and Android, visit https://www.guardsquare.com/appsweep-mobile-application-security-testing

Leave a comment »

Cybersecurity Unicorn Pentera Discovers 12 New LOLBAS Vulnerabilities

Posted in Commentary with tags on August 3, 2023 by itnerd

Here’s a look at groundbreaking research published by  Cybersecurity Unicorn Pentera, highlighting 12 new LOLBAS (Living-Off-the-Land Binaries-And-Scripts) files uncovered by Pentera security researchers.

From draining bank accounts to bypassing Windows OS security features, LOLBAS attacks continue to be a popular technique amongst hackers, and with more than 3000 binary files on Windows, discovering new LOLBAS can be challenging.

Hackers utilize these scripts to stay under the radar, exploiting legitimate tools for malicious activities. As a result of Pentera’s unique automation-driven approach, they were able to increase the number of known LOLBAS downloaders in the years-old project by 30% in just four weeks.

You can read the research here.

Leave a comment »

Radiant Logic Recognized as a Representative Vendor in 2023 Gartner Market Guide for Identity Governance and Administration

Posted in Commentary with tags on August 3, 2023 by itnerd

Radiant Logic, the Identity Data Fabric company, today announces its inclusion as a Representative Vendor in the recently released Gartner Market Guide for Identity Governance and Administration (IGA). Together with its expertise in complex identity environments, and its recent acquisition of Brainwave GRC’s advanced identity analytics capabilities, Radiant Logic is uniquely positioned as an operationally mature IGA solution.  

Designed to help security and risk management leaders understand IGA capabilities and future trends when making decisions for their organization, the Gartner Market Guide for Identity Governance and Administration recommends leaders “choose IGA solutions which align with identity-first security principles that apply context, continuity and consistency to manage identity sprawl.” 

Radiant Logic’s identity-first approach unifies information from disparate sources across legacy and cloud infrastructures to stop identity sprawl and create an authoritative data pipeline that drives: Zero Trust Architecture; merger and acquisition integrations or divestitures; cloud migration initiatives; workforce and customer identity and access management; directory modernization efforts; and more. 

With the acquisition of Brainwave GRC, and powered by years of expertise in data delivery, RadiantOne now delivers advanced analytics and insights into real-time user behavior within an enterprise environment, transforming how organizations detect and prevent cyberattacks, fraudulent activity, lateral movement from insider threats, and more. 

Gartner states: “By 2026, the analytics functionality in IGA tools will advance, and those organizations that have fully adopted and implemented AI/ML-based IGA analytics will see their access administration and governance costs 50% lower than their peers.” The report also recommends that SRM leaders “Accelerate the realization of business value from IGA investments by selecting IGA solutions with strong IGA analytics capabilities, implementing these capabilities, and measuring outcomes using outcome-driven metrics.” 

Radiant Logic’s analytics-driven governance capabilities leverage RadiantOne’s expertise in accessing and managing identity data for admin and access decisions. With the integration of Brainwave GRC, Radiant Logic offers advanced controls to ensure policies conform to principles of Segregation of Duties and Zero Trust principles. Only Radiant Logic combines the best of full-suite IGA with the ease-of-use of IGA light, making it the solution for IGA that works.   

Leave a comment »

Hot Topic Has Been Pwned In A Credential Stuffing Attack

Posted in Commentary on August 3, 2023 by itnerd

American retailer Hot Topic reports being hit by repeated credential stuffing attacks that used valid credentials. The attacks were automated and repeated over a four-month period. “Following a careful investigation, we determined that unauthorized parties launched automated attacks against our website and mobile application on February 7, March 11, May 19-21, May 27-28, and June 18-21, 2023, using valid account credentials obtained from an unknown third-party source.”

Hot Topic is an American retail chain specializing in counterculture-related clothing and accessories, as well as licensed music. With 690 stores across the US, 10,000 associates and millions of online and instore customers, the exposed threat landscape is huge.

In the breach notification the company explained that hackers used customers stolen account credentials and to access their Rewards accounts multiple times. The company said they were not the source of the stolen credentials and still have no idea where the credentials came from.

The company did say that they have taken “specific steps to safeguard our website and mobile application from” credential-stuffing attacks. Because the company was unable to discern between unauthorized and legitimate logins, they would be notifying all customers that had their accounts accessed during the cyberattacks of potential abuse of their credentials.

The information possibly exposed includes:

  • Full name
  • Email address
  • Order history
  • Phone number
  • Date of birth
  • Shipping address
  • Last four last digits of saved payment cards

Ted Miracco, CEO, Approov Mobile Security had this comment:  

“Mobile apps for retailers must take the same specific steps to safeguard their website as fintech and healthcare companies, as they are also in possession of valuable client data and vulnerable to automated “credential stuffing” attacks. This includes deploying bot protection software designed to stop such attacks.  

“While Hot Topic stated that they have been working with outside cybersecurity experts, it is not clear why they did not implement mobile app attestation specifically? Mobile app attestation is a very inexpensive security measure that ensures only authentic apps access a backend service, stopping bots, and tampered or repackaged apps. This is an attack where known solutions existed, and it is inexcusable that more precautions were not taken by the management team at Hot Topic.”

Carol Volk, EVP, BullWall follows up with this:  

“Retailers are in a tough spot when it comes to preventing credential stuffing attacks. For starters, as we see here, there is no such thing as a “strong password”, because hackers are not trying to guess our passwords, but leveraging stolen passwords. Whether your password is ‘1234’ or an 18 character string with numbers and symbols, the bad guys already have it. The best way to safeguard against the use of compromised credentials is to require MFA. Unfortunately, retailers know that customers will not tolerate the friction of MFA just to order a t-shirt, a pizza or a movie ticket, so we remain at risk.”

Emily Phelps, Director, Cyware:  

Strong security hygiene is critical to defend against credential stuffing. Consider the following recommendations:

  1. Use multifactor authentication (MFA) whenever available, to enable added layers of security.
  2. Strong passwords or passphrases that are long enough to make it difficult for an adversary’s tools to figure out.
  3. Use a password manager with encryption to safely store and maintain unique, long passwords.
  4. Limit the number of login attempts from a single IP address within a specified time frame.
  5. Adopt AI/ML technologies that are designed to recognize and block credential stuffing attempts by identifying abnormal behavior patterns.
  6. Consider biometric alternatives.

Hopefully there’s accounting of what was actually exposed rather than what was potentially exposed. And that accounting happens soon. That way victims of this hack can take the required steps to protect themselves.

Leave a comment »

The Chattanooga Heart Institute Pwned… 170K Patients Affected

Posted in Commentary with tags on August 3, 2023 by itnerd

The Chattanooga Heart Institute is notifying more than 170,000 patients that hackers may have stolen their personal and medical information in a cyberattack detected in April. The breach was claimed by the Karakurt cybercrime group a month later.

In their beach notice the clinic said that a forensics investigation into the incident had determined that hackers had access to its network between March 8th and March 16th, and on May 31 they learned that the hackers had obtained files from its systems containing copies of confidential patient information, and while medical information was among the data affected, the incident did not involve data directly from the clinic’s electronic medical record system.

The investigation is still ongoing, but the information identified as being compromised includes:

  • Name
  • Mailing address
  • Email address,
  • Phone number
  • Birthdate
  • Driver’s license number
  • Social Security number
  • Account information
  • Health insurance information
  • Diagnosis, medical condition
  • Lab results
  • Medications
  • Other clinical, demographic or financial information

Over the coming weeks as the review of each file is completed, the clinic will be sending out notification letters to those individuals whose data may have been involved.

Carol Volk, EVP, BullWall: (she/her):  

“Attackers will always find a way into the network. There is no set of preventative security tools that can prevent 100% of the attacks. While a strict defensive approach is worthwhile and critical, organizations would be wise to shift some of their effort to containing attacks once the perimeter has been breached. Encryption and exfiltration activities can be spotted and stopped, preventing a bad day from becoming a horrible day. A full cyber defense stack must prepare for this.”

This is a pretty bad hack as all the info that was obtained can lead to identity theft. Hopefully a full accounting of what happened and what will be done to protect the 170,000 patients who are affected by this will be disclosed.

Leave a comment »

An ISP Named Cloudzy Is Discovered To Be Supporting Cybercrime

Posted in Commentary with tags on August 3, 2023 by itnerd

In a new report by researchers at Halcyon, researchers detail an ISP with a legal US business profile identified as Cloudzy that is facilitating ransomware attacks and state-sponsored APT operations by providing C2P services to more than 20 hacking groups, including ransomware operators, spyware vendors, and state-sponsored APT actors.

Cloudzy does not verify customer identities and accepts anonymous crypto payments, and, despite terms and conditions prohibiting the use of its services for illicit activities, more than half of the servers hosted by Cloudzy appear to directly support malicious activities on infrastructure run from the IP space owned by other ISPs.

The company is registered in the US, but really only exists on paper, with its ‘employees’ being those of the hosting firm abrNOC in Tehran. Furthermore, Halcyon discovered infrastructure associated with hacking groups tied to Chinese, Iranian, Indian, North Korean, Pakistani, Russian, and Vietnamese governments, by the sanctioned Israeli spyware vendor Candiru, and other cybercrime and ransomware groups.

“While these C2P entities are ostensibly legitimate businesses that may or may not know that their platforms are being abused for attack campaigns, they nonetheless provide a key pillar of the larger attack apparatus leveraged by some of the most advanced threat actors,” said Halcyon on their blog.

Carol Volk, EVP, BullWall had this comment:

“Ransomware actors are knowingly or unknowingly supported by ISPs and crypto networks. They are a profitable and growing business model and all we can do is be prepared for the coming attack.  

“In the near term, AI automation will initially accelerate the ransomware problem, while companies and researchers continue to improve upon methods of applying automation and AI approaches to their cyber defenses. Research by IBM found that fully 64% of respondents are already using AI to improve cyber defenses and response times, and 29% are evaluating implementation to improve their cyber defenses. AI will continue to improve the ability to identify network breaches and implement containment strategies, stopping the attacks before they can remove or encrypt data.

Willy Leichter, VP, Cyware follows up with this:  

“This is another example of the well-developed hacking-as-a-service industry, and the limitations of blocking traffic based on location. While this is thinly veiled, there is certainly a lot of infrastructure in the US and other countries being controlled by illegal hacking groups. We need to always have a zero-trust mindset – don’t assume anything is safe because it’s from a reputable location.”

I have to admit that this is pretty crafty and a great way for these threat actors to get to victims. I wonder how many other setups like these exist? It would be in our interest to find out quickly.

Leave a comment »

Guest Post: Internet users are estimated to reach 6 billion in the next 5 years

Posted in Commentary with tags on August 3, 2023 by itnerd

The internet has become an indispensable part of our lives, transforming how we communicate and access information. As we look ahead, the internet’s influence is set to surge even further.

According to estimations by the Atlas VPN team, the number of internet users is projected to surpass 6 billion within the next five years.

As of 2023, there are approximately 5.16 billion internet users globally, accounting for 64.4% of the world’s population. By 2028, this number is expected to rise by nearly a fifth (19%) and reach 6.13 billion. 

These estimations are based on historic internet user data provided by DataReportal.

Internet user numbers and penetration rates vary widely around the globe. Developed countries typically boast internet penetration rates of over 80%, while those with less advanced cyberspace can hover below 50%. Surprisingly, the top 20 countries alone account for a staggering 3.67 billion internet users, representing 71% of the world’s total. 

China currently leads the world in terms of the largest internet user population, with 1.05 billion users, comprising over 20% of the total global internet users. Overall,73.7% of China’s population has internet access.

India, the second most populous country as of January 2023, holds the second spot on the list with 692 million internet users. However, only about 48.7% of India’s population has internet access, ranking it below the world’s average. In fact, India has the highest number of unconnected people worldwide, with over 730 million individuals lacking internet access.’

Next on the list is the United States (US), with 311.3 million internet users, which translates to approximately 91.8% of its population having internet access.

The US is followed by Indonesia and Brazil, with 212.9 million and 181.8 million internet users, respectively. 77% of Indonesia’s population has internet access, while Brazil’s rate is slightly higher at 84.3%. Brazilians also rank second in terms of time spent online.

Other countries in the top ten include Russia (127.6 million), Nigeria (122.5 million), Japan (102.5 million), Mexico (100.6 million), and the Philippines (85.16 million).

The digital future

As the number of internet users continues to climb steadily and technology evolves exponentially, the digital landscape is poised for profound transformations, ushering in new opportunities and challenges that will shape the future of our interconnected world.

As the number of internet users grows, so do the risks associated with data privacy and cybersecurity. Cyber threats, data breaches, and identity theft are increasingly prevalent in a hyper-connected world. 

Not surprisingly, most Americans regard cyberterrorism as the most pressing danger to the United States, according to a Gallup poll on world affairs.

To read the full article, head over to:https://atlasvpn.com/blog/internet-users-are-estimated-to-reach-6-billion-in-the-next-5-years 

Leave a comment »

TELUS launches HomePro

Posted in Commentary with tags on August 2, 2023 by itnerd

TELUS is making it easier for Canadians to navigate the complexity of installing and managing multiple smart home products with the launch of HomePro, a new à la carte and subscription service offering customers access to in-person and 24/7 online tech experts to support nearly every connected device in their home. TELUS has partnered with tech-care industry leader Asurion to provide customers with device protection coverage and online support for everything from device setup, installation, troubleshooting and more. In addition to personalized support, HomePro also includes a monthly membership to Amazon Prime at no cost (valued at $9.99 per month), courtesy of TELUS.

HomePro offers two monthly subscription plans and in-person à la carte services: 

  • HomePro Starter plan: for $15 per month, customers get 24/7 virtual (chat or phone) access to expert technical support and set up for almost any device in the home, plus access to an Amazon Prime membership. This means that customers can connect with tech experts any time for personalized support, including set up of the latest electronics purchased in Amazon or elsewhere. HomePro Starter is now available across Canada, excluding Quebec.
  • HomePro Plus plan: for $25 per month, customers will receive all the benefits of HomePro Starter, including access to an Amazon Prime membership, plus device protection coverage on almost every device in their home — regardless of where or when it was purchased. For an additional $10 to the monthly cost of HomePro Starter, customers can enjoy peace of mind knowing their tech is better protected against unexpected issues. HomePro Plus will be rolling out across Canada in the coming months. 
  • In-person à la carte services are available for customers needing expert tech installations and setup of almost any device – from mounting a TV, to setting up Wi-Fi, to configuring a smart thermostat – without requiring a subscription. HomePro in-person services are currently available exclusively in Calgary with plans to bring these services to more Canadian provinces in the coming months.

From fast, free delivery for millions of items to accessing a vast library of streaming entertainment, Amazon Prime gives HomePro members the ability to enjoy the exclusive features and services offered with a Prime membership — including Prime Video, Prime Delivery, Amazon Music Prime, Prime Gaming, Prime Reading, and Amazon Photos, among others. Customers with an existing Prime membership can simply link their subscription billing over to their MyTELUS account and have their monthly Prime membership included within their HomePro subscription — with no changes to their Amazon Prime account preferences, viewing history or profile.

HomePro is available to all customers regardless of whether they have current TELUS services.
For more information about HomePro and to become a member, visit telus.com/homepro

Leave a comment »

« Older Entries
Newer Entries »