Posted in Commentary with tags HP on March 29, 2023 by itnerd
Today at its Amplify™ Partner Conference, HP Inc announced HP Wolf Connect, an IT management connectivity solution that provides a highly resilient and secure connectionto remote PCs, enabling IT to manage devices even when powered down or offline.
Using a cellular-based network, HP Wolf Connect’s robust connectivity helps ensure IT teams can readily manage a dispersed hybrid workforce. It can reduce the time and effort needed to resolve support tickets, secure data from loss or theft to mitigate a potential breach and optimize asset management.
HP WolfProtect and Trace with Wolf Connect is the world’s first software service capable of locating, locking and erasing a PC remotely, even when it’s turned off or disconnected from the Internet. This capability protects sensitive data on the move and helps lower IT costs by reducing the need for PC remediation or replacement.
Securing and managing the hybrid workforce is a top priority for organizations. New global research from HP Wolf Security found 82% of security leaders operating a hybrid work model have gaps in their organization’s security posture. The global study of 1,492 security leaders found:
61% say protecting their hybrid workers will get harder in the year ahead.
70% say that hybrid work increases the risk of lost or stolen devices.
Securing the endpoint is ground zero for attacks on hybrid workers
Beyond PC loss and theft, the endpoint i.e., laptops, PCs or printers – continue to face serious threat from ransomware and is ground zero for attacks on hybrid workers. This requires the creation of new cybersecurity strategies and innovative security tools in response to changing employee behaviors.
84% of security leaders say the endpoint is the source of most security threats and where the most business-damaging security threats happen.
66% say the greatest cybersecurity weakness is the potential for hybrid employees to be compromised; with phishing, ransomware, and attacks via unsecured home networks cited as the top risks.
65% say it is challenging to update their threat detection measures (e.g., Endpoint Detection & Response and Security Information and Event Management tools) to reflect the behavior of hybrid employees, making it harder to spot attacks.
Three-quarters (76%) of security leaders agree application isolation is key to protect hybrid worker devices, but only 23% are benefiting from using it at present; with 32% planning to deploy in the next 12 months.
Hybrid work security is a key focus for 2023
HP’s new hybrid security research details how security teams are prioritizing securing the hybrid workplace:
Four-in-five (82%) security leaders have increased their cybersecurity budget specifically for hybrid workers. 71% expect this hybrid investment focus to increase further in 2023.
80% have deployed a different set of tools and policies to protect hybrid employees.
70% are limiting network access of people working remotely to minimize the risk of a breach.
HP surveyed more than 1,492 IT and security leaders in hybrid organizations globally across 5 markets (US, UK, France, Germany, and Japan) in July-August 2022. All are decision makers for endpoints, network, cloud, or privacy management, and oversee or manage a cybersecurity operations team and/or IT hardware and software within their organization. Hybrid organizations are defined as having a range of employees who either work in the office, work remot
StrikeReady, an AI-driven security company, has won the Business Intelligence Group’s Artificial Intelligence Excellence Award in the Natural Language Processing category for the second consecutive year. Out of 52 product winners, StrikeReady was the only company in the cybersecurity industry to be recognized for demonstrating excellence and innovation in using AI.
The most recognized security product and service industry-wide with over 60 awards and honors, StrikeReady CARA stood out with its innovative AI-based Virtual Security Assistant, which provides context-based responses and actions by leveraging underlying embedded technologies, such as threat intelligence platform (TIP), breach and attack simulation (BAS), SOAR, and more. StrikeReady has always envisioned that conversational AI is the foundation for empowering cybersecurity analysts. With ChatGPT coming into the limelight, it has reinforced their belief that AI-based assistance will be the biggest disruption in cybersecurity. They are the only company offering this solution.
The Artificial Intelligence Excellence Awards honor companies that have demonstrated excellence, innovation, and leadership in using AI to improve their products and services. Winners are selected by an independent panel of judges who evaluate the nominees based on their AI technologies and their contributions to the AI industry.
Posted in Commentary with tags IBM on March 29, 2023 by itnerd
Security researchers with Rapid7 have disclosed threat actors are exploiting a critical vulnerability in an IBM file-exchange application to install ransomware on servers. The IBM Aspera Faspex critical vulnerability, tracked at CVE-2022-47986, was patched by IBM in January.
Sylvain Cortes, VP of Strategy at Hackuity had this comment:
“It is unsettling to note that for the same vulnerability (CVE-2022-47986) many cyber security companies have their own information that remains fragmented. It is important to be able to unify this information from several vendors in order to maximize its defense operations and trigger the right response. Solutions that aggregate vulnerability-related data from vulnerability scanners, EDRs or even service practices provide organizations with the critical visibility they depend on.”
This reminds me of the GoAnywhere file transfer solution vulnerability that has led to multiple organizations being pwned by the Cl0p ransomware group. Except that we haven’t seen threat exploit this to the same degree that Cl0p has. If you use IBM Aspera, you should be applying these patches ASAP, assuming you haven’t already so this doesn’t turn into another GoAnywhere situation.
In today’s world, smartphones have become essential to our daily lives. From checking emails to browsing social media, we rely on these devices for communication, entertainment, and information.
According to the data analyzed by the Atlas VPN team, Apple overtook Samsung as the most popular smartphone in the first months of 2023. It is a significant shift in the global smartphone market, as Samsung has been the dominant player for several years. However, is this change part of a bigger tendency or only a short-term trend?
Nearly through all of 2022, Samsung had the highest market share of all smartphones.
In October, Apple surpassed Samsung’s market share by 0.2%. Despite that, Samsung regained its position at the top the next month, claiming 28.33% of the market share. Apple’s market share in November and December stayed just slightly behind, with 27.48% and 26.98%, respectively.
At the start of 2023, two months in a row, iPhones are now the leading smartphone. In January, Apple made up 27.6%, while Samsung had 27.09% of the market share. Next month, Apple’s share dropped slightly to 27.1%, and so did Samsung’s to 26.75%.
Currently, the world has about 6.84 billion smartphone users, of which 1.85 billion are using iPhones and 1.82 billion have chosen a Samsung. However, it is essential to note that these numbers are just estimates, as some people might have multiple phones and use both Apple and Samsung devices.
Xiaomi phones comprised 12.29% of the market in February, while Oppo had a 6.86% share. Huawei’s smartphones have declined for the past 6 months and reached a market share of 4.84% last month.
Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on Apple overtaking Samsung as the most popular smartphone:
“While it is impossible to predict the future with certainty, Apple’s success will likely continue due to its strong brand image, customer loyalty, and effective marketing. While Samsung is undoubtedly a formidable rival, it will need to innovate and differentiate itself to catch up to Apple.”
Posted in Commentary with tags Athom on March 29, 2023 by itnerd
Athom, makers of privacy-first smart home solutions, today announced the public launch and began shippingHomey Bridge, an easy-to-use, affordable smart home hub to the U.S., U.K., Canada, and other countries. Previously available only in beta and Europe, Homey Bridge supports more than 50K smart home devices from more than 1,000 different brands, and works in tandem with theHomey App (iOS, Android and web browser), enabling users to customize and automate their smart home based on their unique habits and preferences. Homey Bridge retails for $69 USD, £69 GBP or $99 CAD, and can be purchased on the Homey website, or at Amazon.com and Amazon.co.uk.View a short video about Homey Bridge here.
The elegant and functional design of Homey Bridge forms a perfect centerpiece of a user’s smart home and makes it easy for users to connect all of their smart home devices due to its compatibility with six wireless technologies — Zigbee, Z-Wave Plus, Wi-Fi, Bluetooth, Infrared and 433MHz (UK only). Homey Bridge pairs with the Homey App and enables users to easily connect up to five smart home devices. Upgrading to Homey Premium ($2.99 USD, £2.99 GBP or $3.99 CAD per month) allows users to connect an unlimited amount of smart home devices, and also provides access to additional advanced automation features and Homey Insights. Additionally, the Homey app can be used to control smart home devices as an app-only solution without the need of Homey hardware, with the same subscription pricing structure.
American, British and Canadian households continue to connect a wide array of smart home devices — from TVs, speakers, electrical plugs, lights, thermostats, sensors, home appliances, EV chargers, and more. The volume of connections and devices presents a challenge, however: up to a quarter of respondents in a 2022 Deloitte survey said they “feel overwhelmed by devices and more than half are worried about the security and privacy of their smartphones and devices in their home.” Built privacy-first, Homey Bridge is unique in that it doesn’t listen in or sell any customer data, or use any of its customers’ personal information to create user profiles or targeted advertisements. The result is a streamlined and safeguarded smart home where people can take advantage of technology instead of worrying about who has their personal information or being bombarded with ads.
Homey Bridge is packed with features — including HomeyFlow, Insights and Energy — developed over the past eight years for the Homey Pro smart home hub in the European market. Features include:
Homey Flow enables users to create a series of automated rules that tie their devices together, independent of brand and technology — and help to run their smart homes most efficiently and conveniently, e.g. “Always dim lights in the bedroom when the drapes close” or “Automatically lower the thermostat, turn off the lights and enable the alarm when I lock the front door”. Flows can also be started using voice assistants, such as Google, Alexa and Siri Shortcuts, and via widgets for mobile and Apple Watch.
Homey Insights allows users to analyze their smart home usage via visual, easy-to-read graphs and charts. For example, users can track trends such as the temperature levels of their homes and thermostat over time, or how much energy their refrigerator uses in summer compared to winter. Homey Insights requires an active Homey Premium subscription — $2.99 USD, £2.99 GBP or $3.99 CAD per month.
Homey Energy allows users to see their home’s energy usage in real-time, so they can make changes to increase their home’s sustainability. For example, users can see how much energy their washing machine uses on ‘hot’ versus ‘warm’ wash cycles, how much energy their solar panels generate right now, and which rooms and devices use the most electricity.
HOMEY BRIDGE SPECIFICATIONS:
Wireless Communication Technology Compatibility: Homey Bridge contains six wireless technologies: Wi-Fi, Bluetooth Low Energy 4.0 (BLE), Zigbee, Z-Wave (Plus, S2), Infrared and 433MHz RF (UK only), to connect local devices to the Homey app. Homey Bridge automatically switches its Z-Wave frequency with a unique multi-antenna design, based on Homey Bridge’s geographical or country location. Additionally, transmitting 433 MHz is automatically enabled in eligible regions, such as Europe and Asia.
What’s in the Box: Homey Bridge, USB power adapter, USB power cable and a Quick Start Guide
Device Dimensions: 5.04” inches in diameter x 1.4” inches in height
Weight: 1.2 lbs (including packaging)
Supported Devices: 50,000+ smart devices from more than 1,000 brands
Control Options: controlled via the Homey App: iOS (v11 or higher), Android 5.0 or higher or a web-based browser
Homey App Availability: iOS (v11 or higher), Android (5.0 or higher) or a web-based browser
Device Agnostic: Homey App connects devices across a wide range of brands and technologies. The app is available in two versions:
Free: Users can connect, control and automate up to five smart devices. Devices can be either cloud-connected or be connected via Homey Bridge.
Premium: A $2.99 monthly subscription per household includes an unlimited number of devices, and also provides access to Homey Insights and more advanced automation features like Homey Logic. Devices can be connected via Homey Bridge or the cloud.
Voice Assistant Compatibility: Google Assistant, Amazon Alexa and Siri Shortcuts
Control Options:
Smartphone or Tablet: iOS and Android
PC, Mac, Linux: Universal web app
Other: Apple Watch, iOS and Android widgets, voice assistants (Google Assistant, Amazon Alexa and Siri Shortcuts)
Posted in Commentary with tags Google on March 29, 2023 by itnerd
Today, Google released the 2023 edition of their annual Ads Safety Report, which takes a deeper look at how Google created a safer experience for users in the ad ecosystem in the past year. Google also launched a brand new transparency tool called the Ads Transparency Center, which will be a fully searchable repository of global ads we serve from verified advertisers.
Google blocked or removed over 5.2 billion ads for violating Google’s policies. That’s more than 9,000 ads per minute.
Google restricted over 4.3 billion ads.
Google blocked over 17 million ads related to the war in Ukraine under our sensitive event policy.
Google suspended more than 6.7 million advertiseraccounts for egregious policy violations.
Google removed ads from over 1.5 billion pages last year.
Google added or updated 29 policies for both advertisers and publishers in 2022.
New fact-checking tools on Google Search
With International Fact Checking Day (April 2) approaching, it’s an important time to consider information literacy and misinformation online. Everyone should be empowered with the tools they need to find information they can trust, that’s why we’re highlighting tools and features available on Search to help people evaluate the information they come across online. You can read more details about the new Search features in this blog post.
About this page, is a new Search results page experience. Now when you search for a URL on Google.ca, About this page will appear below the top navigational results on the Search page. It provides quick, important context about the webpage you searched for, to help you evaluate the credibility of the page.
About this result will now be available for all Canadians. Through the feature, you can quickly find more context about the sources and topics you’re searching for. This includes information like a description of the source (if available), when the site was first indexed, and whether your connection to a site is secure. You’ll see Information about some of the factors used to connect a result to the query, and whether a result is personalized for you.
Fact Checking Fund (GNI), back in November, Google and YouTube announced a $13.2M grant to the International Fact Checking Network to provide indirect funds to 135 fact-checking organizations across 65 countries covering 80 languages. The fund will be opening very soon, building on our previous work to address misinformation, and is Google and YouTube’s single largest grant in fact-checking.
Elon Musk has been getting more and more desperate to get users of Twitter to sign up for Twitter Blue. But based on this report from Mashable that a reader pointed me to, that’s likely failing. Let’s start with this:
Researcher Travis Brown, who has been tracking Twitter Blue subscriptions since January, recently revealed around half of all users subscribed to Twitter Blue have less than 1,000 followers. That’s approximately 220,132 paying subscribers.
Furthermore, 78,059 paying Twitter Blue subscribers have less than 100 users following their account. That’s 17.6 percent of all Twitter Blue subscribers.
Breaking down follower counts even further, there are 2,270 paying Twitter Blue subscribers who have zero followers.
That’s a significant chunk of Twitter Blue subscribers being unable to crack even four-digits worth of followers, even though some have subscribed believing it would help boost the growth of their Twitter account.
This is pretty bad. If I’m an advertiser, there’s zero value to any of these Twitter users. Because they don’t have anything near the level of pull with their followers to make it worthwhile to stick ads on the platform. The only person who wins here is Elon. Well, actually he’s not winning here either:
According to his data, Twitter Blue currently has a total of 444,435 paying subscribers. Accounting for the limitations of pulling this data using the Twitter API, Brown tells Mashable that he estimates that Twitter likely has around 475,000 paying subscribers.
This means that less than 0.2 percent of Twitter’s 254 million daily active users, a metric previously shared by Musk, are paying for Twitter Blue.
So let’s do some quick math shall we? If we assume that every Twitter Blue subscriber is paying $8 a month, that implies that Elon is pulling in $3.8 million a month from said subscribers. Keep in mind that he spent $44 billion buying a platform that according to him is now worth $20 billion, and it becomes clear that the math isn’t adding up because at that run rate, it will take an extremely long time to make his money back. Especially since advertising which is Twitter’s other source of income is dwindling.
Here’s another thing to consider. I’m sure that Elon was banking on those who are legacy blue checkmark owners would pay to keep the checkmark. But…
While the verified checkmark is seemingly the main draw of the subscription, Twitter does tout other features that come with the subscription service, although most of the advertised benefits have yet to launch. Users can edit certain tweets, add more than 280 characters to a post, and attach longer videos.
If these added Twitter Blue benefits were to be enticing to anyone, it would be Twitter’s power users. However, according to Brown’s data, only 6,482 legacy verified accounts have paid to subscribe to Twitter Blue.
There are approximately 420,000 legacy verified accounts in total, which are mostly celebrities, pro athletes, journalists, influencers, and other notable users that received the checkmark badge for free under Twitter’s old verification system.
Again, Elon’s not winning here. And it actually gets worse for Elon:
Twitter has already been struggling to grow Twitter Blue’s paid subscriber base. Will legacy verified accounts sign up for Twitter Blue to keep their blue checkmark? Judging by the sentiment on Twitter, it doesn’t appear that many are willing to do so. As even Twitter itself has reportedly noticed, users verified with the paid checkmark are often shunned by other users on the platform. And taking away legacy verification is likely to further cement the blue checkmark as scarlet letter on the platform.
This will sound familiar, but the lack of big names on Twitter with blue checkmarks next to their names lowers the value of the platform for other Twitter users or advertisers. But I am sure that Elon didn’t think that through before he came up with the idea of Twitter Blue.
Bad as that is, it gets even worse for Elon:
Many Twitter power users who have interacted with Twitter Blue subscribers note that they are most often far right wing accounts, cryptocurrency scammers, and hardcore Elon Musk supporters.
If I am an advertiser, these are the sorts of people I would be staying away from. And a lot of users of Twitter feel that way too. No wonder there’s a steady influx of users to Mastodon. Here’s the user count from 3PM EST:
Earlier today, I wrote that somewhere between one and two thousand users an hour are joining a Mastodon instance. That now seems to have crossed the two thousand an hour threshold. In other words the rate of people joining a Mastodon instance is increasing. That shows that Elon’s plans to make money are not only not working, but are driving users away from Twitter. Thus you have to wonder how long it will be before his $44 billion dollar investment, which is now worth $20 billion ends up being worthless.
Posted in Commentary with tags Hacked on March 28, 2023 by itnerd
Latitude Financial which operates in Australia and New Zealand first disclosed it was pwned by hackers in mid-March and said the breach was thought to only include about 100,000 identification documents and 225,000 customer records. Fast forward to the present day and breach is now impacting 14 million residents in New Zealand and Australia, according to a statement released by Latitude Financial yesterday:
As our forensic review continues to progress, we have identified that approximately 7.9 million Australian and New Zealand driver licence numbers were stolen, of which approximately 3.2 million, or 40%, were provided to us in the last 10 years.
In addition, approximately 53,000 passport numbers were stolen.
We have also identified less than 100 customers who had a monthly financial statement stolen.
We will reimburse our customers who choose to replace their stolen ID document.
A further approximately 6.1 million records dating back to at least 2005 were also stolen, of which approximately 5.7 million, or 94%, were provided before 2013.
These records include some but not all of the following personal information: name, address, telephone, date of birth.
Latitude maintains insurance policies to cover risks, including cyber-security risks, and we have notified our insurers in respect of this incident.
Yikes! This is not trivial to say the least. Dr. Darren Williams, CEO and Founder, BlackFog had this to say about the latest revelations regarding this incident:
“On the back of the successful attack on Medibank and Optus late last year Australia has entered the mainstream as an attack target. We have seen continued focus globally on centralized data repositories specifically in sectors such as Healthcare, government and education. Latitude is the latest victim of this growing trend and highlights the need for data exfiltration monitoring and protection to stop such breaches moving forward. Like any attack, prevention is the best course of action with large fines imposed by most governments, as well as exposure to class action lawsuits. Limitations in cyber insurance policies and the number of exclusions mean businesses should be focused on protection rather than remediation to mitigate risk from attack. The only safe risk is zero.”
Sylvain Cortes, VP of Strategy, Hackuity adds this comment:
“The largest-known data breach on an Australian financial institution is no small achievement for attackers. Whatever the cost of proactive security, it pales in comparison to the financial and brand damage Latitude Financial will now suffer for years. And that’s not even mentioning the millions of compromised customers who are paying the price alongside them.”
I hate to say that this is likely going to be one of these situations where we get more info one drip at a time. And every drip is going to reveal that this hack was way worse than we know.
Posted in Commentary with tags OVH on March 28, 2023 by itnerd
OVHcloud has just signed a partnership agreement with Centech, a Quebec innovation center recognized by UBI Global as one of the top 10 university business incubators in the world. Created in 1996, Centech’s mission is to stimulate entrepreneurship and high-potential technological projects, from conception to market, by creating an ecosystem based on excellence and open innovation in selected sectors such as Deeptech and Medtech.
Driven by the same vocation to support innovation through its dedicated Startup program, OVHcloud will offer Centech dedicated technical support and premium access to its portfolio of open, interoperable and reversible cloud solutions. Whether they are in the start-up or development phase, Centech startups will benefit from an access to a cloud combining performance and flexibility to accelerate their projects and conquer new markets.
Undoubtedly, we spend a significant portion of our day online. But just how much?
According to data presented by the Atlas VPN team, the average time spent browsing the internet in 2022 was 397 minutes (6 hours and 37 minutes) per day. It equates to an astonishing 2,415 hours yearly, or nearly 30% of our time.
However, there is some good news as daily online time actually decreased by 4.8% or 20 minutes compared to 2021 as we gradually moved past the pandemic.
These figures are derived from data provided by Meltwater, and We Are Social. The data looks at internet usage trends worldwide among internet users aged 16 to 64.
The time spent online varies significantly from country to country. South Africans are the most internet-addicted, with an average of 578 minutes (9 hours and 38 minutes) spent online each day, three hours more than the global average.
Brazilians are just a little behind, with 572 minutes (9 hours and 32 minutes) devoted to internet usage daily. The Philippines ranked third with an average of 554 minutes (9 hours and 14 minutes) spent online per day, followed by Argentinians and Colombians, both with 541 minutes (9 hours and 1 minute) of daily internet usage.
People in the United States also spend an above-average amount of time online, dedicating 419 minutes (6 hours and 59 minutes) daily to internet browsing — the same as people living in Singapore. Meanwhile, Canadians are slightly less generous with their time, spending an average of 395 minutes (6 hours and 35 minutes) online daily.
In contrast, East Asian countries have one of the lowest average daily internet usage, with Chinese people spending 325 minutes (5 hours and 25 minutes) online, followed by South Korea at 321 minutes (5 hours and 21 minutes), and Japan with only 225 minutes (3 hours and 45 minutes) — the least out of all the countries in the study. The only exception is Taiwan, with an average daily internet usage time of 434 minutes (7 hours and 14 minutes).
Most European countries also spend significantly less time online than the global average. Austrians devote 322 minutes (5 hours and 22 minutes) daily to internet usage, while Germans spend 312 minutes (5 hours and 12 minutes).
People in Denmark dedicate the least amount of time to being online out of all European countries in the study, with an average of 298 minutes (4 hours and 58 minutes) spent on the internet each day.
HP Wolf Connect expands PC management to help close security gaps
Posted in Commentary with tags HP on March 29, 2023 by itnerdToday at its Amplify™ Partner Conference, HP Inc announced HP Wolf Connect, an IT management connectivity solution that provides a highly resilient and secure connectionto remote PCs, enabling IT to manage devices even when powered down or offline.
Using a cellular-based network, HP Wolf Connect’s robust connectivity helps ensure IT teams can readily manage a dispersed hybrid workforce. It can reduce the time and effort needed to resolve support tickets, secure data from loss or theft to mitigate a potential breach and optimize asset management.
HP Wolf Protect and Trace with Wolf Connect is the world’s first software service capable of locating, locking and erasing a PC remotely, even when it’s turned off or disconnected from the Internet. This capability protects sensitive data on the move and helps lower IT costs by reducing the need for PC remediation or replacement.
Securing and managing the hybrid workforce is a top priority for organizations. New global research from HP Wolf Security found 82% of security leaders operating a hybrid work model have gaps in their organization’s security posture. The global study of 1,492 security leaders found:
Securing the endpoint is ground zero for attacks on hybrid workers
Beyond PC loss and theft, the endpoint i.e., laptops, PCs or printers – continue to face serious threat from ransomware and is ground zero for attacks on hybrid workers. This requires the creation of new cybersecurity strategies and innovative security tools in response to changing employee behaviors.
Hybrid work security is a key focus for 2023
HP’s new hybrid security research details how security teams are prioritizing securing the hybrid workplace:
To learn more, download HP Wolf Security’s latest report for IT decision makers and for Security Leaders.
Methodology
HP surveyed more than 1,492 IT and security leaders in hybrid organizations globally across 5 markets (US, UK, France, Germany, and Japan) in July-August 2022. All are decision makers for endpoints, network, cloud, or privacy management, and oversee or manage a cybersecurity operations team and/or IT hardware and software within their organization. Hybrid organizations are defined as having a range of employees who either work in the office, work remot
Leave a comment »