New Salesforce for Communications Innovations Announced At MWC

Posted in Commentary with tags on February 23, 2023 by itnerd

Today, as part of Mobile World Conference, Salesforce announced a series of innovations tailored to the communications industry that feature analytics, AI intelligence, and prebuilt solutions that automate common processes to boost customer experiences while driving down operational costs. The company also announced new integrations with WhatsApp and Infosys.

With the new features, communications providers can:

  • Accelerate time-to-value and deliver better customer experiences with enhanced agent performance through Salesforce’s new Contact Center for Communications. 
  • Leverage data and AI-powered insights to predict order delays and recommend fulfillment dates. 
  • Enrich communications and meet customers where they are through new WhatsApp integrations. 

You can read full release linked here as it has way more details.

Leave a comment »

Twelve Canadian startups joining the Google for Startups Accelerator: Canada Cohort Class of 2023

Posted in Commentary with tags on February 23, 2023 by itnerd

A total of 12 startups from across Canada will be participating in our 2023 Google for Startups Accelerator Canada program. Supporting the next generation of Canadian founders and kicking-off our first accelerator cohort of the year, the 10-week, equity-free program is designed to bring the best of Google’s programs, products, people and technology to Canadian startups – at a time when AI continues to advance.

Now in its fourth year, the Google for Startups Accelerator builds on Google’s continued support for Canada’s startup ecosystem. The program is one of five accelerators developed specifically for Canadian companies, others include the Cloud Accelerator,Women Founders AcceleratorBlack Founders Accelerator, and the Climate Change Accelerator. 

The participating startups are:

  • Bidmii (Toronto) is an online marketplace that quickly connects homeowners and contractors for home improvement projects, guaranteeing payment security for each party by holding payments in trust.
  • Chimoney (Toronto) enables businesses to send payments to phones, emails and Twitter, regardless of scale, currency, country and other factors.
  • Clavis Studio (Edmonton) is an AI and /machine learning (ML)-driven design, visualization, and sourcing platform that provides a marketplace for designers and decorators to source new clients and use supporting tools to deliver their projects.
  • Foqus Technologies (Toronto) is an AI and quantitative imaging technology company that designs and develops software solutions to enhance the speed and quality of MRI scans.
  • Gryd Digital Media (Winnipeg) is a PropTech company that has developed a suite of products and services designed to deliver increased efficiencies, increased asset value, and reduced costs to property owners, managers, and REITs nationwide.
  • Morpheus.Network (Burlington) focuses on helping companies and government organizations eliminate inefficiencies and remove barriers to optimize and automate their supply chain operations.
  • Moves (Toronto) is building the collective of the gig economy, solving financial challenges associated with being a gig worker, and the lack of representation and ownership gig workers experience.
  • My Choice (Toronto) is an insurance aggregator that partners with insurance companies and brokerages to bring customers the power of choice and transparency through seamless, personalized user experiences and automation.
  • SalonScale Technology Inc. (Saskatoon) is the salon industry’s leading B2B SAAS provider in professional goods management, providing solutions that address the rising cost of salon supplies.
  • ShareWares (Vancouver) Has developed a platform that pairs technology with current city infrastructure to allow reusable cups and food containers to be bought, returned, tracked, and processed for resale. Stay tuned as food packaging is just the beginning.
  • Tablz (Ottawa) is a 3D bookings platform that lets diners upgrade to the seat of their preference, while generating net new profit for restaurants.
  • TrojAI (Saint John) helps enterprises manage AI risk through stress testing and audit of AI/ML models.

You can read the blog post here.

Leave a comment »

Rezilion Research Discovers Hidden Vulnerabilities in Hundreds of Docker Container Images

Posted in Commentary with tags on February 23, 2023 by itnerd

Rezilion announced today the release of the company’s new research, “Hiding in Plain Sight: Hidden Vulnerabilities in Popular Open Source Containers,” uncovering the presence of hundreds of docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.

The research revealed numerous high severity/critical vulnerabilities hidden in hundreds of popular container images, downloaded billions of times collectively. This includes high-profile vulnerabilities with publicly known exploits. Some of the hidden vulnerabilities are known to be actively exploited in the wild and are part of the CISA known exploited vulnerabilities catalog, including CVE-2021-42013, CVE-2021-41773, CVE-2019-17558.

This finding follows Part I of the research, released in October, which was the first quality assessment for leading open-source and commercial vulnerability scanners and SCA tools. The vulnerability scanner benchmark survey discovered the most common causes for scanner misidentifications, including false positive and negative results.

The new research dives deeper into one of the root causes identified in the assessment – inability to detect software components not managed by package managers. The study explains how the inherent method of operation of standard vulnerability scanners and SCA tools relies on acquiring data from package managers to know what packages exist in the scanned environment, making them susceptible to missing vulnerable software packages in multiple common scenarios in which software is deployed in ways that circumvent these package managers. This research shows precisely how wide this gap is and its impact on organizations using third-party software. The report provides numerous real-world examples of some of the most popular docker container images that contain dozens of such hidden vulnerabilities. The report also offers recommendations on minimizing the risk presented in the research.

According to the report, package managers circumventing deployment methods are extremely common in Docker containers. The research team has identified over 100,000 container images that deploy code in a way that bypasses the package managers, including most of DockerHub’s official container images. These containers either already contain hidden vulnerabilities or are prone to have hidden vulnerabilities if a vulnerability in one of these components is identified.

The report identifies four different scenarios in which software is deployed without interaction with package managers, such as the application itself, runtimes required for the operation of the application, dependencies as are necessary for the application to work, and dependencies required for the deployment/build process of the application that are not deleted at the end of the container image build process and shows how hidden vulnerabilities can find their way to the container images.

To download the full report, please visit: https://info.rezilion.com/scanner-research-part-ii

Leave a comment »

New Attack Brief Finds Hackers Exploiting “Best Note Taking App” to Host Malicious BEC Phishing Campaign

Posted in Commentary with tags on February 23, 2023 by itnerd

Avanan, a Check Point Software Company, has revealed a new attack brief on how threat actors use Evernote’s legitimacy, an online note-taking and task management application, to help make their Business Email Compromise (BEC) attacks even more convincing.  

In this phishing attack, hackers use Evernote links to host malicious messages sent in BEC phishing attacks on users by compromising a company executive, in this case, the organization’s president, to send out emails with an attached “secure” message to the victims. 

The recipients have an unread email in their inbox encouraging them to click on the provided link to view the message, which directs them to an Evernote page. Susceptible, vulnerable employees, to their dismay, are led to a fake login page the attackers exploit and leverage to steal credentials. 

You can read the attack brief here.

Leave a comment »

Time To Deploy Ransomware Down… Successful Ransomware Prevention Up: IBM

Posted in Commentary with tags on February 22, 2023 by itnerd

According to IBM, ransomware prevention saw massive improvements in 2022, while ransomware time to deploy (TTD) dopped by 94%, just two findings derived from billions of datapoints collected in 2022 from network and endpoint devices by IBM and reported on in their “X-Force Threat Intelligence Index 2023.” This is a wide-ranging report with excellent stats:

  • 27% – Percentage of attacks included extortion – 30% aimed at manufacturing
  • 21% – Share of incidents that saw backdoors deployed – the top action on objective
  • 17% – Ransomware’s share of attacks (down from 21% in 2021)
  • 41% – Percentage of incidents involving phishing for initial access
  • 26% – Exploited public-facing applications
  • 100% – Increase in the number of thread hijacking attempts per month

Top impacts 2022

  • 21% – Extortion
  • 19% – Data theft
  • 11% – Credential harvesting
  • 11% – Data leak
  • 9% – Brand reputation

This is a bit of mixed bag. But at least the fact that ransomware is being stopped is good news.

Morten Gammelgaard, EMEA, co-founder of BullWall had this to say:

   “It is excellent news that ransomware prevention is improving, if for no other reason than it diverts cybercriminals away from executing attacks to developing new tactics, which they will. With extortion, data theft, data leaks and brand reputation being the top 4 out of 5 ways ransomware impacted organizations in 2022, organizations cannot rely solely on prevention and need to also consider active defense/containment strategies to catch the attacks that bypass prevention-based tools. When an active attack is unable to encrypt or exfiltrate data, organizations are given time to respond, eliminating 80% of the potential impact to their business.”
 

David Maynor, Senior Director of Threat Intelligence at Cybrary followed up with this:

“There are three kinds of lies: lies, damn lies, and ransomware stats. For the last couple of months depending on who you ask ransomware attacks and becoming less of a problem or they are increasing. If your risk model is based on arbitrary thresholds like at 20% we don’t address it but we take it seriously at 21% of attacks seen…you have already lost and a ransomware actor is probably watching you read this.”

Hopefully when this report comes out in 2024, we see more ransomware being stopped which means by extension that ransomware is less profitable for the people behind ransomware.

Leave a comment »

Guest Post: Car Theft Is Out Of Control Right Now…. Here’s Some Tips From ESET Canada In Terms Of How You Can Protect Yourself

Posted in Commentary with tags on February 22, 2023 by itnerd

The technology in our cars is advancing by leaps and bounds, but as far as vehicles have come with automated features and expanded entertainment options, thwarting the car thief has proven to be an elusive endeavor. 

York Regional Police recently reported more than 2,000 vehicles have been stolen in their jurisdiction over the past year, and they are noting the criminals are using technology to their advantage. They start by identifying high-end vehicles in public places — like a shopping mall parking lot — and place an “AirTag” tracking devices discreetly on the vehicle. This allows them to follow the vehicle to the owner’s house where they use more technology — an electronic device used to reprogram a car’s factory setting — to hack into a car’s computer and re-program it to accept the key they brought with them. 

The car thieves then simply drive the car away. 

Car thieves have also been known to steal a car by relaying the signals of the contactless key to give them a method to gain access to and start the car without having the key present. Two thieves work in tandem — one uses a transmitter in close proximity to the car key and the other has a receiver beside the car. If a vehicle owner stores their keys just inside the front door (quite a common practice), the transmitter will pick up that signal and relay it to the accomplice at the car, allowing them to get the door open and start the vehicle without causing it any damage.

“These acts may seem like technological voodoo, but they can actually be quite easy for criminals to pull off,” says Tony Anscombe, Chief Security Evangelist with ESET Canada. “All it takes is the right equipment, which is easily accessible, and as technology advances, this equipment becomes cheaper and cheaper.”

Car owners are not powerless against this, but interestingly enough many of the solutions against these high-tech crimes are decidedly low-tech: 

  • Protect your keys. Key to thwarting the thieves is to deny them access to the signal from your key fob. This can be accomplished with something as simple as a tin box for storing keys, or storing your keys away from the front door of your home. A secure faraday pouch or bag will also block theft of the fob’s signal, especially if you are out and about. 
  • Conceal your vehicle. It is a wise idea to store your expensive car in a locked garage. 
  • Secure your vehicle. If a garage is not an option, simply locking your doors will not be enough of a deterrent for a determined criminal. An alarm system helps, and a steering wheel lock is not only effective, but it is also a visual deterrent from even trying to steal your car. 
  • Lock the data port. The car’s OBD data port is where thieves will access your car’s computer. A simple lock can be purchased online that will protect this port from being accessed by unauthorized folks. 
  • Get it on video. Surveillance cameras trained on your driveway will record any activity there. Today’s systems are advanced elements of your smart home, and many allow remote access so you can keep an eye on your property from a far. 

Leave a comment »

Activision Has Been Pwned As It Were A N00b Playing Call Of Duty

Posted in Commentary with tags on February 22, 2023 by itnerd

It appears that video game company Activision has been pwned by hackers. And this hack is really bad. Here’s a quick synopsis:

  • Sunday 2/19 – Cybersecurity research group vx-underground Tweeted screenshots of data purportedly stolen from Activision, including a content release schedule for Call of Duty.  “Activision did not tell anyone.”
  • Monday 2/20am – Insider Gaming said it confirmed the Activision data breach after obtaining “the entirety” of the stolen data (not published by vx-underground).
  • Monday 2/20pm – Nothing to see here: “Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.” Activision confirmed to Bleeping Computer that their systems were breached through an SMS text phishing attack on an HR employee, gaining access to their Slack on December 2 and tried to trick other employees into clicking malicious links..
  • However, Insider Gaming claims to have reviewed the entirety of the stolen data, saying the data also contained sensitive employee information, including full names, emails, phone numbers, salaries, places of work, and more.

And seeing as they are being purchased by Microsoft, this could not have come at a worse time for the company. And Activision’s response to this has been, shall we say, sub-optimal.

David Maynor, Senior Director of Threat Intelligence at Cybrary had this to say:

   There is no one “SOP” for breaches. This timeline shows a typical public reaction to a breach. Some entity, in this case VX-Underground, notices something on a market and tells the world about it. Reporters that follow VX-Underground use it as a tip and suddenly the victims switchboard/email server gets loaded with requests for comment. 

   “There is also the fog of war effect where different people have different parts of a puzzle and make assumptions. This leads to different hot takes contradicting each other.

   “From the trial last year of the Uber CISO, Joseph Sullivan, we know that big corps can handle breaches differently. What I can say from personal experience is that the responses to questions as well as public statements are approved by if not written by a crisis communications team. The default response is deescalate, deflect, then deny. This is why the infosec community values technically insightful Root Cause Analysis (RCA) from a victim.”

Tim Morris, Chief Security Advisor, AMER at Tanium follows up with this:

   “There is conflicting information on this one. Specifically, about what was accessed /stolen. Regardless, the initial attack vector was a social engineered phishing/smishing attack, obtaining access via SMS / 2FA. Proving once more that SMS / 2FA isn’t the most robust form of authentications and other, stronger MFA methods should be used.

   “Also, training of users is still needed. Users should treat SMS messages with the same scrutiny as email phishing scams. Be wary of phone calls from “IT Support”. Unless initiated by the user, they should be suspect. Either ignore or call back to a known number. For SMS, ignore and never give out any 2FA codes sent via text.

   “Principle of least privilege needs to be implemented, so that if/when an employee’s account credentials are stolen the “blast radius” is small, i.e. what the attacker has access to is minimized. Threat hunting, good incident response, and monitoring are key to find these intrusions quickly, and limit their reach.

   “Have a good PR plan on what to do when a breach happens. This successful attack happened two and a half months ago, and is only public now because some leaked data was published on vx-underground.”

Given the profile of Activision who makes the Call Of Duty franchise, and their relationship with Microsoft, a lot of eyes are going to be on this one. If I were Activision, I’d be working very hard to find out what happened, what was stolen, and how to stop this from happening again. Then I would put all of that out in the public domain as quickly as possible. Because right now, Activision look like a bunch of n00bs.

Leave a comment »

Guest Post: Social media used AI to create the new big tobacco. So, what’s next?

Posted in Commentary with tags on February 22, 2023 by itnerd

By Bill Ready, CEO at Pinterest

AI has been advancing rapidly over the last 10 years, doubling every 6 months. Until recently, the advancements have mostly been behind the scenes from a consumer perspective. But in the last few months a next generation of AI has been made available to the public and captured the attention and imagination of many. In fact, two of the largest providers of search, Google and Microsoft (with OpenAI), are showing significant advancements in AI that appear set to create a next major step forward in how search works. I’m excited about that, as are countless others. I’m also very glad to see that it has sparked a broader dialog about the appropriate use of AI and the ethical issues it raises. It’s encouraging that Microsoft and Google have been directly speaking to how they are attempting to address those issues—even though many questions remain.  

What’s missing is a discussion of the other major use of AI in our world today: social media. Social media used AI to create the new big tobacco. It has addicted all of us—but especially young people—over the last decade. But laced with a now evermore powerful AI, it’ll only get worse for our mental health. What comes next is a choice. What will social media do with this next generation of AI? Calls for change have come from parents, researchers, whistle-blowers, regulators, and lawmakers for years. But the call needs to come from within social media as well. 

What happened? 

Remember when social media first came into broad use? It helped reconnect us with old friends, share family updates with relatives, and meet and connect with neighbors. It gave us hope that we could create a more curious, connected, and compassionate world. 

That feels like a distant memory. Today, social media has made us more distracted, more depressed, and more divided. It has turned us against our neighbors and focused us on our differences rather than our commonalities. 

That’s because social media companies put AI in charge of what we see and they asked it to maximize view time. AI quickly figured out that people were more likely to view something for longer when it triggered their basest instincts: fear, anger, envy, greed. 

The points of view that would get the most engagement were the most extreme rather than the most sensible. The more you were enraged, the more you would engage. With each refinement of social media apps, users are less and less in control of what they see and more and more vulnerable to an increasingly powerful AI that is tuned to keep them viewing, no matter the cost to their wellbeing.  

To give a simple metaphor of how this works, let’s take an experience we’ve all had: You’re sitting in a traffic jam and there’s an accident up ahead. You know you shouldn’t look. You know it won’t make you feel good. But…there’s an urge to look anyway. If you ask people afterwards whether they’d like to see another car crash, almost everyone would say no. And fortunately, we don’t have to encounter these situations every day in the real world. But in the world of social media,  the AI is going to show you another car crash. And you can’t help but glance at that one, too. So it shows you another and another, until eventually all you see are car crashes. 

Defenders of social media will say they are simply giving users what they want. But do we really think this is what people want: more fear, more anger, more envy, more violence, more hate speech, more trolling? A world where all we see are car crashes? That people want to feel worse about themselves and the world around them?

Social media may not have initially understood the unintended consequences of telling AI to maximize view time, but those consequences are overwhelmingly clear now. Even worse, these choices have become deeply ingrained in the business model of much of social media. 

As CEO of Pinterest, I’m writing this because I believe it to be one of the most important societal issues of our time. We must build a more positive place online. And it is possible. 

To that end, we’ve made a particular set of choices.

From implicit to explicit signals 

First, we train our AI models to prioritize explicit intent signals. That could include what people pin to our platform in the first place (say, an amazing brunch recipe), what they might search for once they are here (bold summer makeup), or what they save to their boards to act on later (clever ideas to decorate a dorm room).

When you tune AI on those more conscious, explicit actions, you get very different outcomes than when you optimize for views alone. In that environment, additive rather than addictive content wins, largely because the user is playing a more deliberate role in choosing. 

So far, it’s working. And we know this because of our next choice.

From tactics to outcomes

Second, we’re committed to holding ourselves accountable to more positive wellbeing outcomes. There’s no shortage of tactics that social media companies could implement or propose that seem like they ought to help. But unless they result in demonstrably better wellbeing outcomes,those efforts will always be woefully inadequate. In order to build a better internet for our better selves, emotional wellbeing has to be a real, measurable result—and should become the standard for the entire industry. 

A recent study we ran with UC Berkeley’s Greater Good Science Center found that 10 minutes a day of active engagement with inspiring content on Pinterest by Gen Z users buffers against rising burnout, stress and social disconnectedness. We replicated similar findings across the UK, Canada, Australia, Germany, France, Brazil, and Japan. More than a dozen studies over the last five years—commissioned and not—show that positive spaces like Pinterest have a wide range of benefits for users.

It’s still early and we don’t profess to have all the answers. We have had our own regrettable moments in which our AI models have served negative or damaging content to users. But we’re committed to better outcomes and bolstered by these early studies that show it’s possible.  

A more positive internet is possible.

We got here by making different choices about AI. By placing our users’ wellbeing over their view time. And by holding ourselves accountable for more positive outcomes on mental health—not simply empty tactics. We’ve seen the effects of what social media has been asking AI to do for the last decade. My question is this: what will social media companies ask this new, more powerful generation of AI to do next?

What comes next is a choice.

A choice that leaders must make, a choice that users deserve and should participate in, and a choice that the good of society depends on. Pinterest is committed to using our platform—and the AI that powers it—to create more positive wellbeing outcomes.

We’re making our choice and our intentions clear. 

Read more on our research withGreater Good Science Center at University of California Berkeley.

Read more about what Pinterest is doing to support emotional wellbeing and create a better internet for our better selves.

Leave a comment »

Is Antivirus Software Still Relevant? Report Shows Americans Say “Yes” And Rely On Free Over Paid Programs

Posted in Commentary with tags on February 22, 2023 by itnerd

Even as Apple and Microsoft invest billions in protecting their own devices, 85 percent of American adults are continuing to rely on third-party antivirus software, up from 77 percent a year ago.

That is one finding of Security.org’s annual report on the antivirus market:

Security.org’s latest report also found:

  • Nearly three-in-four Americans still strongly believe computers need antivirus to protect their devices
  • More than half (61 percent) of antivirus users rely on free programs, such as Microsoft Defender, which comes installed on their PCs
  • Only eight percent of free antivirus users experienced a breakthrough virus in the past year, compared to 10 percent of paid users
  • An estimated 33 million households pay for antivirus software, many of which include popular features that boost internet security, such as VPNs, password managers, or secure browsers
  • Seven percent of people in the study – an estimated 16 million Americans – will be in the market for antivirus software in the next six months

You can read the full report here. I will say that this mirrors a lot of the experience that I have with my home/SMB clients which makes this report worth reading.

Leave a comment »

Uber Is Renewing Their Commitment To The Canadian Black Chamber Of Commerce

Posted in Commentary with tags on February 22, 2023 by itnerd

In 2021, the Canadian Black Chamber of Commerce (CBCC) and Uber Canada announced the nationwide launch of Black Business Direct, the newest national digital directory to help even more Black-owned businesses be discovered. Today, Uber Canada is renewing its commitment to the CBCC and Black Business Direct for another two years.

Black Business Direct is a free, easy-to-access resource for Canadians to search and support local Black-owned businesses across the country. Over the last two years, Black Business Direct has grown to over 1000 listings with new additions every day. CBCC has also made the directory bilingual, introducing a French version of the site. 

You can get more details on their website here.

Leave a comment »

« Older Entries
Newer Entries »