Commvault Appoints Global Sales and Operations Leader Allan Timchuk as Area Vice President, Americas Sales

Posted in Commentary with tags on March 21, 2023 by itnerd

Commvault, an enterprise data protection leader for the complex and mission critical hybrid environments of today’s global businesses, today announced that Allan Timchuk has joined the company as Area Vice President, Americas Sales.

At Commvault, Timchuk will be responsible for the go-to-market strategy, customer engagements, and partner alignment in Canada and Latin America (LATAM). He will report to David Boyle, Senior Vice President, Americas Sales.

Timchuk brings a wealth of experience in executive sales leadership, global sales operations, and strategy within technology and security organizations, having worked in enterprise, commercial, government, and international markets. He has led teams helping customers use technology solutions to drive business value for more than two decades. He is committed to leveraging his creativity and transformational technology expertise to resolve customers’ business challenges.

Most recently, Timchuk was responsible for overseeing sales, customer engagement, and go-to-market for the Security Business Practice at VMware Canada. Prior to that, he held the role of COO for the Americas at Dell EMC Technologies Modern Data Center. In addition, Timchuk was the Director of Sales for government markets at SAS Canada for over five years, and had an 11-year tenure at EMC Corporation, responsible for sales and go-to-market strategy for government, commercial, and enterprise businesses for Eastern Canada.

Timchuk studied Industrial Design at Carleton University and is based in Ottawa, Ont.

Leave a comment »

Twitter Appears To Be Testing Using Government IDs To Sign Up For Twitter Blue

Posted in Commentary with tags on March 21, 2023 by itnerd

The folks at TechCrunch are reporting the following:

Twitter appears to be testing a new verification process for Twitter Blue subscribers that would involve submitting a government ID. Code-level insights reveal a process for sending in a photo of the user’s ID, both front and back, along with a selfie photo to verify their Twitter account. The feature is listed alongside others only available to Twitter Blue subscribers, like support for editing tweets, uploading longer videos, organizing bookmarks with folders and other paid subscription perks.

The ID upload feature was uncovered in Twitter’s code last week by product intelligence firm Watchful.ai, but it’s unclear for now if it’s being tested externally. The firm told TechCrunch it believes the feature is in testing in the U.S., where it was found in the Android version of the Twitter app. However, it doesn’t know how many (or if any) Twitter users are actually seeing the feature as of yet.

Seeing as the launch of Twitter Blue has been a train wreck next to a dumpster fire to say the least, and very few Twitter users have signed up for it, I guess that Elon was forced to come up with something that makes it less likely to be a train wreck next to a dumpster fire as this will stop the impersonations and the other stuff that happened when Twitter Blue first launched. As for getting people to sign up for Twitter Blue, I have to assume that this is one piece of a bigger puzzle to encourage Twitter users to sign up for Twitter Blue. And we’ll have to wait to see what those other pieces are.

Leave a comment »

Hitachi Energy Discloses Data Breach

Posted in Commentary with tags on March 21, 2023 by itnerd

Hitachi Energy disclosed a data breach Friday which occurred after the Cl0p ransomware gang targeted a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT). The data breach allowed for unauthorized access to employees’ data in some countries:

Upon learning of this event, we took immediate action and initiated our own investigation, disconnected the third-party system, and engaged forensic IT experts to help us analyze the nature and scope of the attack. Employees who may be affected have been informed and we are providing support. We have also notified applicable data privacy, security and law enforcement authorities and we continue to cooperate with the relevant stakeholders.

According to our latest information, our network operations or security of customer data have not been compromised. We will continue to update relevant parties as the investigation progresses.

Sylvain Cortes, VP of Strategy, Hackuity had this to say:

     “There are 198,000 known CVEs, and this ransomware gang just needed one to compromise Hitachi’s employee data. The scariest part? They didn’t even have to breach Hitachi’s internal systems. While the victim has since disconnected the compromised third party, this is yet another wake-up call: organizations’ attack surfaces extend far beyond the “surface”. Vulnerability Management has never needed reinventing more than in 2023.”

I have a feeling that there’s more to come from this breach disclosure. I’d not only recommend watching this space, but companies need to learn from this event so that they don’t become the next victim.

Leave a comment »

Ferrari Has Been Pwned By Hackers…. And The Car Company Won’t Be Paying Them

Posted in Commentary with tags on March 21, 2023 by itnerd

From the “I didn’t think I would be typing this” department comes this disclosure by supercar maker Ferrari that they have had a “cyber incident”, which is code for the fact that they got pwned. And the statement is very interesting:

Ferrari N.V. (NYSE/EXM: RACE) (“Ferrari”) announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details. Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm. In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.

As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks.

Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.

Ferrari takes the confidentiality of our clients very seriously and understands the significance of this incident. We have worked with third party experts to further reinforce our systems and are confident in their resilience. We can also confirm the breach has had no impact on the operational functions of our company.

So let’s pick this apart. First is someone stole some client details. Which I am guessing is valuable to the threat actors as their clientele isn’t exactly poor, and some may not want their names out there. Though you gotta wonder if you’re paid for a Ferrari, you’re going to drive it. Thus your name is going to get out there regardless. But I digress. Next is that they will not pay the ransom. And that as far as I am concerns is good as paying ransoms only encourages threat actors. I did a quick check of the dark web last night and I did not see any evidence of the data the threat actors stole being shopped around. But that could change in the next day or two. It is also unknown who the threat actor is. And it is unknown if this is related to the situation that had Ferrari being pwned by RansomExx last year. So this is in short a fluid situation that will likely get updated in the days ahead as more details come to light.

UPDATE: Jason Middaugh, CISO, Inversion6 Had this comment:

This is Ferrari’s second cyber incident recently, and it’s never a good day when you suffer a data breach, but Ferrari couldn’t have handled the situation any better. Getting out in front of a breach and letting your customers know about the situation was text-book perfect. Also, not paying the ransom was another great call by their cybersecurity and executive management team. Paying a ransom for data that’s already been exfiltrated is a bad idea, especially since there’s no guarantee that after the ransom is paid the attackers just won’t release the data anyway. Post-incident, I expect Ferrari to put the pedal to the floor on their cyber program to reduce the risk of another data breach.

Leave a comment »

Uber Details Rider Ratings In Canadian Cities Along With How To Improve Your Rating

Posted in Commentary with tags on March 21, 2023 by itnerd

It’s been one year since Uber has given riders the ability to see exactly how their rating is calculated via the Privacy Center in the Uber app. Since then, revealing personal rider ratings has become a trend on socials, and many people are making a viral moment out of checking their rankings.

For the second year in a row, Uber is releasing the top five and lowest five ranked Canadian cities for rider ratings. 

Some riders took last year’s rankings to heart and turned their city’s ratings around thanks to helpful tips from drivers, while other cities dropped from the top spots. Winnipeg and Halifax entered the top five, Red Deer dropped from number two to three and London graduated from the bottom five cities. As some of the newest cities with rideshare in Canada, Sherbrooke and Trois-Rivieres in Quebec are taking the top spots. 

The below list shows the top 5 Canadian cities which have the highest average rider rating and lowest average rider rating. 

Highest average rider rating: 

  1.  Sherbrooke, QC
  2.  Trois-Rivières, QC
  3.  Red Deer, AB 
  4.  Winnipeg, MB 
  5.  Halifax, NS

Lowest average rider rating: 

  1.  Ottawa, ON 
  2.  Toronto, ON 
  3.  Montreal, QC 
  4.  Hamilton, ON 
  5.  Edmonton, AB 

For step-by-step instructions on how to find your ratings breakdown, check out this blog.

To access the Privacy Center and ratings breakdown in the app:

  • In the settings menu, tap privacy and then Privacy Center
  • In the Privacy Center, swipe to the right and click on the “would you like to see a summary of how you use Uber” tile
  • Scroll down to the “browse your data” section and tap on “View my ratings” to see the breakdown

Want to improve your rating? Drivers have shared some of the top reasons they hand out fewer stars: 

  1. Pack it in, pack it out: Drivers shouldn’t have to clean up after your mess. Always make sure to take your trash and any other belongings with you. Don’t leave a mess behind. 
  2. Buckle Up: Studies show that unbuckled passengers in the back seat can put the driver at greater risk of injury in a crash. So always remember to buckle up for your and the driver’s safety. 
  3. Be ready: Remember that drivers’ time is valuable and they shouldn’t have to wait for you. A smooth pickup is better for everyone so be ready to go when the driver arrives.
  4. Treat everyone and everything with respect: As outlined in Uber’s Community Guidelines, they want riders and drivers to feel safe, respectful, and positive. Always treat your driver and their vehicle as you would want to be treated. 
  5. Don’t slam the door! It is easy to accidentally slam a door if you aren’t thinking about it, and drivers have consistently cited door slams as a reason why they deduct stars.   

Leave a comment »

BBC To Staff: You Might Want To Remove TikTok From Your Phones

Posted in Commentary with tags on March 20, 2023 by itnerd

First it was governments banning TikTok on government employee phones. Now it’s over to private corporations. Well, in this case semi-private corporation as BBC is a public broadcaster as they’ve told this to their employees:

The BBC has advised staff to delete TikTok from corporate phones because of privacy and security fears.

The BBC seems to be the first UK media organisation to issue the guidance – and only the second in the world after Denmark’s public service broadcaster.

The BBC said it would continue to use the platform for editorial and marketing purposes for now. TikTok has consistently denied any wrongdoing.

The app has been banned on government phones in the UK and elsewhere.

So the way I read this, it’s a suggestion not a command. But that could change. Perhaps that would be based on what happens with TikTok elsewhere. But even this step by the BBC is going to get the attention of other organizations who may do this, or go further. And it will be interesting to see if TikTok or the Chinese Communist Party responds to this in any way.

Leave a comment »

Amazon To Slash 9000 More Jobs

Posted in Commentary with tags on March 20, 2023 by itnerd

On top of downsizing 18,000 of employees, it’s now making the news that 9000 more jobs are being slashed at Amazon:

Amazon will lay off 9,000 more employees in the coming weeks, CEO Andy Jassy said in a memo to staff on Monday.

The cuts are on top of the previously announced layoffsthat began in November and extended into January. That round totaled more than 18,000 employees, and primarily affected staffers in its retail, devices, recruiting and human resources groups.

Amazon made the decision to lay off more employees as it looks to streamline costs. It took into account the economy, as well as the “uncertainty that exists in the near future,” Jassy said. The company just wrapped up the second phase of its annual budgeting process, referred to internally as “OP2.”

“The overriding tenet of our annual planning this year was to be leaner while doing so in a way that enables us to still invest robustly in the key long-term customer experiences that we believe can meaningfully improve customers’ lives and Amazon as a whole,” Jassy said.

This also follows up Facebook/Meta doing a version of the same thing. Which doesn’t bode well for the tech sector as this may spur other companies to do the same thing. We’ll have to see what happens on that front, but I suspect that the next few weeks and months ahead will be very bumpy.

Leave a comment »

Silverfort recognized as a Microsoft Security Excellence Awards finalist 

Posted in Commentary with tags on March 20, 2023 by itnerd

Silverfort today announced it is a Zero Trust Champion and Security ISV of the Year award finalist in the Microsoft Security Excellence Awards. The company was honored among a global field of industry leaders that demonstrated success across the security landscape during the past 12 months.  

At the Microsoft Security Excellence Awards on April 24, 2023, Microsoft will celebrate finalists in 11 award categories honoring partner trailblazers, solution innovators, customer and technology champions, and changemakers. This is the fourth year Microsoft is recognizing partners for their outstanding work in the security landscape. All finalists are members of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and managed security service providers (MSSPs) that have integrated their security products and services with Microsoft’s security technology.  

MISA was established to bring together Microsoft leaders, ISVs, and MSSPs to work together to defeat security threats and make the world a safer place. The industry veterans in MISA and Microsoft will vote to select the winners of the Microsoft Security Excellence Awards, providing an opportunity for colleagues to honor their peers for delivering exceptional work to our shared customers. 

Leave a comment »

Guest Post: Queen Elizabeth and Taylor Swift among most used passwords in 2022

Posted in Commentary with tags on March 20, 2023 by itnerd

The most frequently reused credentials eventually end up on breached lists accessible to purchase on the dark web, thus becoming a weak point in personal and company security when subject to brute force and password-spraying attacks.
 

Examining the most often reused passwords allows individuals to gain insights into what type of passwords to avoid when safeguarding their online journeys. 

Some passwords, like password, 123456, qwerty, and other similar basic choices, have always been and will remain some of the most insecure picks to protect one’s account.

However, the data presented by Atlas VPN, which comes as a courtesy of SpyCloud, who extracted it from various lists on the dark web, reveals that the most commonly used credentials also change year-by-year and reflect the hottest topics.  

It is no surprise that music, streaming, and celebrity culture are among the most prevalent themes in passwords in 2022. 

Celebrity names as most common passwords

Last year, hundreds of thousands of credentials included keywords connected to celebrities Taylor Swift, Bad Bunny, Jennifer Lopez, Ben Affleck, and Elon Musk. 

Swift’s 10th album, “Midnights,” which reportedly generated $230 million in sales, resulted in passwords such as taylor, taylor swift, swiftie, and midnights being used 186,000 times. 

Similarly, Bad Bunny’s status as the most-streamed artist on Spotify in 2022 inspired the use of bad bunny, titi, and verano as passwords, with the latter two being among his popular songs, appearing 141,000 times.

The acquisition of Twitter by Elon Musk inspired the use of twitter and elon musk as passwords, which were used 74,000 times. 

Additionally, Jennifer Lopez and Ben Affleck’s reunion and marriage, known as Bennifer, was reflected in passwords such as jennifer lopez, jlo, ben affleck, and bennifer, appearing 46,000 times.

Avoid streaming and family-related passwords

Other pop culture events that captured the public’s attention were also reflected in the list of frequently reused passwords. 

The growing popularity of streaming TV services was reflected in passwords such as youtube, netflix, and hulu, which were chosen 261,000 times. 

The death of Britain’s Queen Elizabeth and other news about the royal family ignited the use of queen, queen elizabeth, and royal family as passwords. In total, credentials with the aforementioned keywords were used 167,000 times in 2022, according to various databases on the dark web.  

As expected, other frequently reused passwords included russia, russian war, ukraine, ukraine war, and trump. 

To read the full article, head over to: https://atlasvpn.com/blog/queen-elizabeth-and-taylor-swift-among-most-used-passwords-in-2022 

Leave a comment »

Let’s Say You Want To Ban TikTok Outright… How Would It Be Done?

Posted in Commentary with tags on March 19, 2023 by itnerd

I’ve been talking a lot about Chinese owned TikTok being banned in various places. Most of these bans relate to devices with access to some sort of government network. But the stakes are about to go up for TikTok as the US is looking to ban the social media app outright. If that were to happen, how would such a ban be implemented? I have some thoughts on how that could work:

  1. Apple and Google would be required to stop offering the app for download: This one is easy as both companies can do this easily. Not only that, they can do this on a geographical basis. By that I mean that they could enforce a ban in the US by making TikTok “disappear” in the US. Though I suspect that any sort of ban would spread elsewhere, which means that they would have to do this in more places. But as I said earlier, this is easy for either company.
  2. Apple and Google would be required to remove TikTok from phones: This is where things start to get tricky. I can’t imagine that any ban on TikTok would be effective if the app were still on people’s phones. Thus I can see a scenario where TikTok was instantly “Thanos Snapped” off of every phone the moment that the ban went into effect. I imagine that both Apple and Google have the ability to do this as mobile device management programs that companies use to manage smartphones can do this. Where things become very tricky is that I can see a scenario where people might sue Apple, Google, or the government because they would feel that nobody has the right to remove apps from their phones. It is possible that both Apple and Google have language in their terms of service that nobody reads that allows them to do that. But even if they do, I suspect that a court will have to sort this out.
  3. Apple and Google would be required to stop people from “side loading” TikTok: Here’s another tricky part of this whole discussion. Side loading. Which is the act of loading an app that isn’t on an App Store onto your device. If you’re on team Apple, you’ll need to do a function called “jailbreaking” to get past Apple’s restrictions on this sort of thing. And that’s not a trivial task for 95% of Apple iPhone users. That to me suggests that Apple likely doesn’t have much to worry about on this front. The real challenge is with team Android who have made “side loading” a sport because it’s not all that difficult to do. Google would have to figure out how to shut that down to ensure that they comply with a ban of TikTok. Which given the diversity of the Android platform may be difficult or next to impossible to do.

Now it is entirely possible that TikTok may avoid an outright ban, making this all irrelevant. But I don’t think so. The US is really intent on taking it to TikTok, and US allies will likely follow suit. Thus I hope that Apple and Google are planning for this as I am sure that a ban of TikTok is coming, and they will need to respond.

Leave a comment »

« Older Entries
Newer Entries »