TikTok Banned From Government Devices In Australia… And UBC Students Have Been Told That They Might Want To Remove The App Too

Posted in Commentary with tags on April 4, 2023 by itnerd

Australia is joining a growing list of countries who are banning Chinese social media app TikTok from government devices according to Reuters:

 Australia banned TikTok on Tuesday from all federal government-owned devices over security concerns, becoming the latest U.S.-allied country to take action against the Chinese-owned video app.

The ban underscores growing worries that China could use the Beijing-based company, owned by ByteDance Ltd, to harvest users’ data to advance its political agenda, undermining Western security interests.

It also risks renewing diplomatic tension between Australia and its largest trading partner after things eased somewhat since Prime Minister Anthony Albanese took office in May at the head of a Labor government.

TikTok said it was extremely disappointed by Australia’s decision, calling it “driven by politics, not by fact”.

The ban will come into effect “as soon as practicable”, Attorney-General Mark Dreyfus said in a statement, adding that exemptions would only be granted on a case-by-case basis and with appropriate security measures in place.

Not only that, The University Of British Columbia is suggesting to students that they punt the Chinese social media app from their phones as well:

The school said in a statement issued last week that the app is one of UBC’s fastest-growing social media platforms, used by students, staff and faculty for entertainment, research, outreach and recruitment.

 However, it said the video platform has sparked security and privacy concerns about its data collection practices and data sharing with corporate parent ByteDance.

Although UBC said these risks are “not yet” proven, its privacy and information security teams “believe that TikTok does pose a risk to UBC’s systems and its stakeholders.”

It said the university had recently evaluated “the use of certain TikTok marketing features” and concluded they did not comply with British Columbia’s Freedom of Information and Protection of Privacy Act.

This was “due to the sharing of personal information with TikTok without the required contractual protection on TikTok’s use of the data.”

The statement said that “of particular concern” was a reference in TikTok’s terms of service that the app may capture keystroke patterns used on a device, and that this could allow usernames and passwords to be exposed.

The school is recommending that students use a browser to access TikTok content. Now the school does have their own TikTok account which continues to operate. But one has to wonder if they will shut that down for optics reasons.

This illustrates the challenges that TikTok is under. Nobody trusts them. And that’s only going to lead to more bans or more suggestions that you don’t remove it. And it might lead to TikTok being killed via death by a thousand cuts rather than one big ban.

Leave a comment »

Hisense To Bring The NBA To More Fans In North America

Posted in Commentary with tags on April 3, 2023 by itnerd

Hisense, a global leader in Consumer Electronics and Home Appliance industries, and the National Basketball Association (NBA) today announced a collaboration to bring the excitement of the NBA to more fans across North America. 

Hisense will serve as the exclusive partner of “X-Factor Moments,” a weekly content series on the NBA’s social media channels featuring the game changing plays and standout moments throughout the 2023 NBA postseason.  As the Official TV and Home Appliance Partner of the NBA, Hisense will also make NBA League Pass, the league’s premium live game subscription service available on the NBA App, accessible on Hisense TVs in North America beginning with the 2023-24 season.

Year to date through February, Hisense is the no. 2 TV brand in the North American market based on unit share and is the fastest growing TV brand in Canada. With its lineup earning 50+ awards in 2022, Hisense is taking its ULED technology even further with the limited edition release of ULED X – the first television in its lineup to carry the new designation of The Official Television of the NBA.  ULED X revolutionizes LED televisions, bringing viewers a vivid picture and sound quality that puts them right at center court.  This groundbreaking advancement pushes LED TV to its limit and creates the most realistic and immersive entertainment experience to date.

Fans will see milestones of the collaboration come to life around the league’s marquee events, at retailers, on packages and through point-of-sale promotions, trade shows and more, leveraging Hisense’s high-quality, premium products to connect fans with the sport they love most.

For more information, please visit hisense-canada.com

Leave a comment »

Wages Dominate Cybercrime Groups’ Operating Expenses: Trend Micro

Posted in Commentary with tags on April 3, 2023 by itnerd

 Trend Micro Incorporated today published new research detailing how criminal groups start behaving like corporations as they grow bigger, but that this comes with its own attendant costs and challenges.

To read a full copy of the report, Inside the Halls of a Cybercrime Business, please visit:  

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/inside-the-halls-of-a-cybercrime-business

A typical large organization allocates 80% of its operating expenses to wages, with the figure similarly high (78%) for small criminal organizations, according to the report. Other common expenses include infrastructure (servers/routers/VPNs), virtual machines, and software.

The study outlined three types of organizations based on size, using examples where Trend Micro collected the most data from law enforcement and insider information.

Small criminal businesses (e.g., Counter Anti-Virus service Scan4You):

  • Typically, one management layer, 1-5 staff members, and under $500K in annual turnover.
  • Their members often handle multiple tasks within the group and also have a day job on top of this work.
  • Comprise the majority of criminal businesses, often partnering with other criminal entities.

Medium-sized criminal businesses (e.g., bulletproof hoster MaxDedi):

  • Typically have two management layers, 6-49 employees, and up to $50m in annual turnover.
  • They usually have a pyramid-style hierarchical structure with a single person in charge.

Large criminal business (e.g., ransomware group Conti):

  • Typically have three management layers, 50+ staff, and $50m+ in annual turnover.
  • Feature relatively large numbers of lower management and supervisors.
  • Implement effective OPSEC and partner with other criminal organizations.
  •  Those in charge are seasoned cyber-criminals and hire multiple developers, administrators, and penetration testers – including short-term contractors.
  • They may have corporate-like departments (e.g., IT, HR) and even run employee programs, such as performance reviews.

According to the report, knowing the size and complexity of a criminal organization can provide critical clues to investigators, such as what types of data to hunt for. 

For example, larger criminal entities may store employee lists, financial statements, company guides/tutorials, M&A documents, employee crypto wallet details, and even shared calendars to probe.

Understanding the size of targeted criminal organizations can also allow law enforcers to prioritize better which groups should be pursued for maximum impact.

Leave a comment »

Guest Post: It’s World Cloud Security Day – And Lookout Says That Remote Work Could Be Risky for Your Organization

Posted in Commentary with tags on April 3, 2023 by itnerd

Today, April 3rd, is World Cloud Security Day which raises awareness of the emerging threats individuals and organizations face when team members use their personal cell phones and computers to access corporate data remotely. These threats include malware, denial of service, and password attacks.

According to Lookout’s The State of Remote Work Security 2023 survey – a study of 3,000 remote and hybrid workers from enterprise companies in the United States, United Kingdom, France, and Germany — data results presented below highlight the behaviors of remote workers that put an organization at risk.

  • 81% of CIOs report their company had experienced a Wi-Fi-related security incident in the last year, with 62% of Wi-Fi-related security incidents occurring in cafes and coffee shops.
  • 43% of remote workers have downloaded, saved, or sent work-related materials to a personal account for convenience; and
  • 57% of remote workers have sent an email from their work account to a personal one for convenience.
  • 56% say they often do work and personal tasks on the same device.
  • Fully remote workers (72%) are more likely to do personal tasks during work hours than hybrid workers (54%); and
  • 32% of remote workers use apps or software for convenience reasons, which are not approved by their IT department. 

Please download the the full report here to find out: 

  • What are the implications for IT security in the wake of the transition to remote work? 
  • What sort of employee practices increase the risk of sensitive data falling into an insecure environment?
  • How does an organization best protect its data when employees spend 20+ hours per week on their personal mobile devices. 

Leave a comment »

Elon Musk Has Created A Real Mess With His Verification Scheme

Posted in Commentary with tags on April 3, 2023 by itnerd

Remember last year when Elon Musk rushed out Twitter Blue? And that became a train wreck next to a dumpster fire in short order with rampant occurrences of impersonation among other things that made Elon look like a loser, and forcing him to pull Twitter Blue for a few weeks? We might be seeing another round of that. There is now a lot of confusion over what being “verified” actually means on Twitter. Part of that is due to Elon being forced to backpedal pulling legacy verifications from people because of the epic backlash that this move has generated. In effect giving them more time to pay him, unless Elon doesn’t like you:

As I type this, the vast majority of legacy verified accounts still have their blue checkmark. On top of that there’s checkmarks for the few Twitter Blue subscribers that are out there. And if you click on any of the checkmarks, you get this message:

In the past, this message said “This account is verified because it’s notable in government, news, entertainment, or another designated category.” What that means is that it’s no longer possible to see whether the blue checkmark is for a notable account, or someone who has paid Elon. Which means anyone to pretend to be anyone yet again for $8 a month. Lovely.

What’s worse is that various people are saying that removing the legacy checkmarks is a manual process. Which means that this confusion might last weeks or months. That is another sign that Elon really didn’t think this through before pulling the trigger on this. Though he never thinks anything through before doing it because he not that guy. Not to mention that he’s desperate for cash.

And here’s the final part of this that is bad for Elon. I imagine a scenario where the continuation of Twitter’s policy of getting people to pay for blue checkmarks next to their name would make an account LESS valuable because it would be seen as less legitimate. Which I am sure is the exact opposite of what Elon would expect to happen. And further illustrates that Elon doesn’t really think these sorts of things through.

The bottom line is that Elon has really dropped himself in it again. And there’s no clear path that I can see to get himself out of it without having to eat some metaphorical crow in the process. And his ego is too fragile to eat some crow by saying that he got it wrong. Thus this situation is likely to be a gong show for a very long time.

Leave a comment »

EQT And Context Labs Announce Strategic Partnership

Posted in Commentary with tags , on April 3, 2023 by itnerd

EQT Corporation and Context Labs today announced the establishment of a strategic partnership to advance the commercialization of verified low carbon intensity natural gas products and carbon credits. The partnership brings together EQT, the largest natural gas producer in the U.S., and Context Labs, an expert in distributed ledger technology, advanced climate data and analytics, machine learning and AI-capabilities. 

Through tracking, reporting and verification of critical emissions data, the strategic partnership will support EQT in achieving its industry-leading emissions reduction targets, which include a commitment to reach net zero greenhouse gas (GHG) emissions by 2025. With a focus on emissions quantification, operational analysis and the certification of natural gas production, the companies will work to scale emissions mitigation across the full energy value chain.

Context Labs will provide an enterprise-wide deployment of their Decarbonization-as-a-Service (DaaSTM) platform across EQT’s asset footprint, with the goal of achieving full digital integration of EQT’s emissions data. The resulting creation of certified low-carbon intensity products will add a next dimension to EQT’s already robust and digitally-enabled organization.

Context Labs’ enterprise data fabric platform, DaaSTM, will enable certification and verification of the carbon intensity of EQT’s operating assets, with certificates registered in Context Labs’ CLEAR PathTMRepository. Additionally, the relationship will afford EQT the opportunity to integrate carbon credit projects into CLEAR PathTM in support of generating asset-grade, data-backed carbon credits.

Find out more about these companies here:

Leave a comment »

Elon Musk Retaliates Against New York Times By Pulling Their Verified Badge

Posted in Commentary with tags on April 2, 2023 by itnerd

Elon Musk is clearly thinking that he’s all powerful and that people will bend to his will. I say that because news is out that he’s pulled their verified checkmark. Here’s what Elon had to say when this news got out:

And:

I’ve started calling Elon the clown prince of tech because he’s a clown. This behaviour is incredibly reminiscent of a 2 year old throwing their toys out of the stroller during a temper tantrum, and only serves to underscore the fact that Elon has not only lost the plot, but he has no real plan to run Twitter. So besides hoping that other media outlets will see this and pay up to keep their verified checkmarks, Elon is clearly settling scores as the New York Times is a media outlet that is highly critical of Elon. And that bruises his extremely fragile ego. The thing is, I seriously doubt that this will work as I see no signs so far that this is making media outlets and others reconsider getting out their credit cards to pay Elon.

I swear, this guy is a real loser with the only thing going for him is that he has a lot of money. At least on paper. And that’s not helping him at the moment. So I am guess we’re back to him being a real loser.

1 Comment »

Here’s Who’s NOT Paying Elon $8 A Month For Twitter Blue

Posted in Commentary with tags on April 2, 2023 by itnerd

Yesterday was the start of Elon’s latest desperate attempt to make money. Which is to kill off the legacy verification program in favour of a paid scheme that goes something like this:

  • Organizations can apply to become verified and any Twitter linked to a verified organization will be “automatically verified.” Though that’s going to cost $1000 a month and users who are affiliated to a verified organization will cost an additional $50 a month.
  • Twitter will maintain the verification status for Twitter’s top 500 advertisers and the 10,000 most followed organizations, according to company documents obtained by the New York Times.
  • A gray checkmark will be given to accounts representing a national government or government officials without requiring them to pay a subscription fee.
  • Everyone else needs to pay up for Twitter Blue.

To the shock of absolutely nobody, there’s been a whole lot of pushback on this scheme. The White House has said it would not pay to have its staff verified. And numerous media outlets have said that they’re not paying up either. Here’s a lengthy Twitter thread by Oliver Darcy of CNN on this:

And a lot of big names on Twitter have said the same thing. Here’s a example of what I am talking about:

This is not only going badly for Elon as he’s not only going to fail miserably at increasing his revenue stream, but this is also becoming a PR issue as well. When big names and big institutions either flee the platform, or aren’t prominent, there is little value or incentive for the average Joe to be on the platform. Never mind pay Elon $8 a month. And if the average Joe isn’t Twitter, there’s no point for advertisers to be there either.

I will not that I am still seeing celebrities and organizations with their blue checkmarks. But who knows how much longer that will last? Or if Elon is about to one of the many U-turns that’s he’s done since buying Twitter. But I think it’s safe to say that Elon’s “ready, fire, aim” mentality is about to come back to bite him yet again.

1 Comment »

Twitter Apparently Hasn’t Paid For Employee Charitable Donations Made In 2022…. WTF?

Posted in Commentary with tags on April 1, 2023 by itnerd

Twitter is a real gong show under Elon Musk. But you knew that. However, this Tweet from Zoe Schiffler of Platformer takes the gong show to another level:

Really? Elon’s literally stealing money from charities. Even by the standards that Elon operates under, that’s a new low. Even for him.

To give you some perspective about how much cash we’re talking about here, there’s this:

https://twitter.com/KarlRobillard1/status/1641958212684636160

Now if you expand Shiffler’s Tweet, Twitter claims that they are “is “actively working” to get the money to the NGOs.” But clearly Elon doesn’t want to cut the cheque, otherwise we wouldn’t be here talking about it. And I am willing to go out on a limb to say that now this is public, I am 50/50 as to whether he will because embarrassment and humiliation doesn’t seem to affect him.

You have to wonder if there is nothing that Elon won’t do at this point.

Leave a comment »

The FDA Now Requires Stronger Cyber Security In Medical Devices 

Posted in Commentary with tags on April 1, 2023 by itnerd

Yesterday, the FDA published new guidelines strengthening the cybersecurity levels of products used by healthcare providers that are connected to the internet. This comes after years of concerns that these devices could be hit by attacks endangering lives, which was highlighted by a September 2022 report by Proofpoint’s Ponemon Institute that linked a 20% increase in mortality rates due to cyber-attacks targeting healthcare organizations.

According to a guidance, applicants seeking approval for new medical devices must:
 

  • Submit a plan designed to address possible cybersecurity issues
  • Outline a process to provide regular security updates and patches
  • Provide “a software bill of materials,” including commercial, open-source and off-the-shelf software components

The new FDA guidelines come a couple of months after security experts at Sonar found three vulnerabilities in OpenEMR, and more recently, KillNet was observed targeting healthcare applications hosted using the Microsoft Azure infrastructure.

George McGregor, VP, Approov had this to say:

“This is a major step forward in strengthening cybersecurity defenses in healthcare in the USA (something that we have been campaigning for as a leading provider of mobile security solutions)  A key element of the guidelines for medical devices is that companies must have a plan in place for “postmarket”  runtime protection.  

“Another welcome aspect of the requirements is that they explicitly state that cyber defenses must be able to be updated rapidly if and when required. This requires security administration to be a key element of the operational plan, including the ability to update policies as new vulnerabilities are uncovered and rotate secrets and keys quickly in the event that they are stolen. “

I am glad to see that the FDA is taking this step as attacks on healthcare are are thing as evidenced by the attack on Sick Kids hospital last year. Because sooner or later one of these attacks will affect patient care in a severe way if nothing is done.

Leave a comment »

« Older Entries
Newer Entries »