New Phishing Scam: The Case of the Crafty Cryptocurrency Con

Posted in Commentary on December 14, 2022 by itnerd

INKY Technology has published a new phishing scam report. Coinbase was used for an elaborate multi-step phishing attack that leveraged a reputable web development platform to harvest credentials and gain control of victim’s cryptocurrency.   

The report outlines in detail the multi-step campaign put in place by the hackers to gain access to the unsuspecting customers credentials.

You can read the report here.

Leave a comment »

When It Comes To Twitter…. Elon Musk’s Desperation To Turn It Around Is Really Starting To Show

Posted in Commentary with tags on December 14, 2022 by itnerd

As the days go on, it’s clear that Elon Musk is desperate to somehow find some way to turn Twitter into a good news story as everything that is coming from the troubled social media platform is bad news. Or worse news. Elon’s latest signs of desperation come in a pair of areas. Let’s start with the privacy one:

Twitter is working on plans to force some users to agree to data sharing or lose access to the app in a bid to save its ad business, according to Platformer.

Elon Musk’s platform, like Google and Facebook, currently allows users to opt out of personalized ads, but this option could soon disappear.

Many users never turn this feature off in the first place, but the company is also considering forcing users to share more data, which can then be sold to advertisers, Platformer’s report said.

This includes sharing user locations and phone numbers for targeted ads, even though the latter is necessary for two-factor authentication.

And:

The plans could hit a snag in Europe, because EU rules say that users have the legal right to withdraw data-sharing permissions at any time.:

Under one plan being considered, users could only opt out if they subscribe to Twitter Blue — which costs at least $8 a month. But that would breach Apple’s rules which outlaw apps from forcing a choice between payment and advertiser tracking.

So Elon is so desperate to make a buck that he’s willing to pick a fight with both Apple and the EU. Plus I am pretty sure the FTC would be knocking on his door to have a word with him as this is the sort of thing that got Twitter into trouble before with them. Then there’s the fact that now this is out, it will send even more Twitter users to the exits who are sick of Elon and his haphazard leadership style. Which of course will give advertisers less incentive to advertise on the platform, taking money out of Elon’s pockets in the process.

Elon’s desperation is also starting to show in terms of him risking the wrath of the legal gods:

Musk appears to be gearing up for legal battles at Twitter, which he purchased in October for $44 billion, according to seven people familiar with internal conversations. He and his team have revamped Twitter’s legal department and pushed out one of his closest advisers in the process. They have also instructed employees to not pay vendors in anticipation of potential litigation, the people said.

To cut costs, Twitter has not paid rent for its San Francisco headquarters or any of its global offices for weeks, three people close to the company said. Twitter has also refused to pay a $197,725 bill for private charter flights made the week of Musk’s takeover, according to a copy of a lawsuit filed in New Hampshire District Court and obtained by The New York Times.

Twitter’s leaders have also discussed the consequences of denying severance payments to thousands of people who have been laid off since the takeover, two people familiar with the talks said. And Musk has threatened employees with lawsuits if they talk to the media and “act in a manner contrary to the company’s interest,” according to an internal email sent last Friday.

The aggressive moves signal that Musk is still slashing expenditures and is bending or breaking Twitter’s previous agreements to make his mark. His reign has been characterized by chaos, a series of resignations and layoffs, reversals of the platform’s previous suspensions and rules, and capricious decisions that have driven away advertisers.

If Elon wants to get sued out if existence, this is a great way to do it. Not paying your rent and not paying severance at the very least will be expensive. And I am pretty sure that in the worst case, some government or law enforcement agency would investigate this to see if it’s illegal. Also, if you read this story, he’s dumped significant parts of his legal team. Some of whom have bailed him out of trouble before. That’s a sign that Elon doesn’t like the counsel that they’re giving him as he strikes me as the type who only wants to hear answers that he likes.

Finally, banks are having trouble with Twitter’s debt. Big trouble:

Some of the banks that lent Elon Musk $13 billion to buy Twitter are preparing to book losses on the loans this quarter, but they are likely to do so in a way that it does not become a major drag on their earnings, according to three sources with direct knowledge of the situation.

Banks typically sell such loans to investors at the time of the deal. But Twitter’s lenders, led by Morgan Stanley, could face billions of dollars in losses if they tried to do so now, as investors shy away from buying risky debt during a period of economic uncertainty, market participants said. In addition, Twitter has seen advertisers flee amid worries about Musk’s approach to policing tweets, hitting revenues and its ability to pay the interest on the debt.

Banks still have to mark the loan to its market value on their books and set aside funds for losses that are reported in quarterly results. In the absence of a price determined by actual sales of the debt, however, each bank can decide how much to write it down based on its market checks and judgment, according to the three sources who are familiar with the process of determining the value of such loans.

Elon’s issues aren’t going to help this situation that his lenders find themselves in. I would watch this as banks do not like to lose money and that may add to Elon’s problems. Of which there are many.

Like I said yesterday, I think we are in the endgame when it comes to Twitter. I think it’s just a matter of time until the final nails in the coffin are hammered in.

2 Comments »

LG Launches UltraGear OLED Gaming Monitors With 240Hz Panels

Posted in Commentary with tags on December 13, 2022 by itnerd

LG Electronics is exhibiting its latest lineup of premium UltraGear™ OLED gaming monitors (models 27GR95QE and 45GR95QE) at CES 2023. The new UltraGear monitors demonstrate LG’s leadership in the fast-growing OLED category and its continuing strength in the global gaming display market.

Equipped with the world’s first 240Hz OLED panel, which is exclusively manufactured by LG, the new 27- and 45-inch models deliver a record-breaking response time of less than 0.03 milliseconds Gray-to-Gray (GTG), not to mention superior self-lit picture quality complete with accurate, lifelike colours and infinite contrast. Courtesy of these cutting-edge display technologies, the latest models tick every box when it comes to what consumers want in a gaming monitor. 

27-inch OLED Gaming Monitor with Unprecedented Speed

LG UltraGear OLED Gaming Monitor (model 27GR95QE) offers the level of performance needed to get the most of the latest game titles; its QHD (2,560 x 1,440) resolution OLED display providing a 240Hz refresh rate and a staggering 0.03ms (GTG) response time for delightfully smooth, low-latency gaming. It also covers 98.5 per cent of the DCI-P3 colour gamut, ensuring vibrant graphics that fully capture the vision of the game designers and digital artists who created them. Additionally, the monitor’s Anti-glare & Low Reflection (AGLR) panel makes it easier to see what is on screen so that users can enjoy a distraction-free gaming experience regardless of ambient light conditions.

Featuring support for variable refresh rate (VRR), NVIDIA G-SYNC Compatible, FreeSync Premium and VESA Adaptive Sync, LG’s 27-inch UltraGear provides seamless visuals with minimal tearing or stuttering. It also supports HDMI 2.1 specifications and DisplayPort 1.4 connectivity, and incorporates a 4-pole headphone jack that allows users to relish the realistic, spatial sound of DTS Headphone:X. Meanwhile, the included remote control provides quick and easy display management plus the added convenience of programmable hotkeys. 

Next-level Immersion with 45-inch Curved OLED Display

A CES 2023 Innovation Award honouree, model 45GR95QE is LG’s first-ever 45-inch curved OLED gaming monitor with a 21:9 aspect ratio, WQHD (3,440 x 1,440) resolution screen. It is also the very first 45-inch display with an 800R curvature: an exciting, new form factor designed to deliver next-level gaming experiences. Certified as a low blue light product by leading global testing organizations TÜV Rheinland and UL Solutions, the matt Anti-glare & Low Reflection OLED panel of the curved UltraGear monitor is easier on the eyes than a conventional LED panel, meaning users can play for longer with less eye discomfort.

The 45GR95QE’s remarkable, curved OLED panel offers a 1,500,000:1 contrast ratio and 98.5 per cent coverage of DCI-P3, producing the bright colours, deep blacks and crisp images that not only make the onscreen action come alive, but also heighten the player’s focus. Like its 27-inch sibling, the 45-inch model has a response time of less than 0.03ms GTG and a 240Hz refresh rate. Harnessing the immense potential of OLED, the 45GR95QE provides total gaming immersion.

Visitors to CES 2023 from January 5-8 are encouraged to stop by booth #15501 in the Las Vegas Convention Centre to experience the latest UltraGear OLED gaming monitors. Available to pre-order in the U.S. and Canada starting December 12, LG’s latest OLED gaming monitors will be launching in key markets throughout North America and Asia in January, in Europe from February, and in the Middle East and Latin America in the following months.

Leave a comment »

Today Is “Patch Tuesday” And It’s Time To Patch All The Things

Posted in Commentary with tags on December 13, 2022 by itnerd

While I was busy covering the feature dump that Apple did with all its operating systems, I didn’t cover the fact that it was Microsoft’s “Patch Tuesday”. Bleeping Computer has a lot of info on December’s “Patch Tuesday” dump here. And there is truly a lot here for you to read. To help you make sense of it all, I have enlisted the help of Yoav Iellin, Senior Researcher at Silverfort:

Marked as critical, CVE 2022-41076 is one security teams should definitely be aware of as it allows for an attacker to escape the Powershell Constrained Session Configuration to run unapproved commands. Powershell Constrained Session is used across a wide variety of applications so admins need to be aware of where they are exposed and either update, or disable the affected feature. While Microsoft notes this vulnerability is complex to exploit, it can however be triggered by any authenticated user, removing the extra step of escalating privileges.

An interesting, actively exploited vulnerability from an initial access point of view is CVE-2022-44698. This is a flaw in Windows SmartScreen – a component in Microsoft applications designed to reduce the risk of socially engineered malware by checking the reputation of downloaded files prior to installation. Using this vulnerability, an attacker could convince the victim to run a crafted file or access an unsafe link and then bypass protections alerting them to potentially malicious downloads.

Included amongst the usual CVE numbers, Microsoft Security Advisory ADV220005 tells an interesting story. This advisory recounts the detection of malicious drivers submitted and signed by the Microsoft Windows Hardware Developer Program. Components such as this enjoy kernel level access, so would have been able to evade security controls had they not been detected.”

The guidance that Mr. Iellin spoke of can be found here and is very much worth reading. But perhaps that reading should take place after you patch all the things so that the bad guys don’t use today’s “Patch Tuesday” dump to create attacks from.

Leave a comment »

Infographic: Tech Brands Top Americans’ Wishlists In 2022

Posted in Commentary with tags on December 13, 2022 by itnerd

Americans want tech for Christmas, according to the team at Business.CenturyLink.com’s latest report. Ring, Amazon-branded electronics, and Nintendo products all topped this season’s wishlists.

You can check out the full report here.

Source: https://business.centurylink.com

Leave a comment »

EnGenius ESG510 Security Gateway Now Shipping

Posted in Commentary with tags on December 13, 2022 by itnerd

EnGenius Technologies has begun shipping its first-ever security gateway product line—that crucial first line of defense for business networks—bringing unparalleled simplicity, faster speed, enterprise features, enhanced security, and greater cloud management from anywhere.  

As part of the EnGenius Cloud access points and switches, the EnGenius ESG510 security gateway (router) is easy to set up and can be managed anywhere with the EnGenius Cloud user interface or Cloud To-Go mobile app. The security gateway features two WAN and two LAN ports capable of up to 2.5G speeds (more than double the speed of most gateways in the market today) which helps provide high performance and superior uplink and downlink transmissions, including maximum firewall throughput up to 2.35Gbps. Apart from its ease of use and high performance, the gateway also includes enterprise-level security features, including;  

  • Built-in load balancing and safeguards with dual-WAN and cellular failover 
  • Stateful firewall with high-efficiency filtering and inspection to enhance security 
  • High-speed and secure site-to-site VPN and client VPN 
  • Quick self-healing VPN and VLAN setup for faster and easier deployments 
  • Touchless system maintenance and automatic updates 
  • Multi-mode passthrough and routing options

The EnGenius security gateway series is now shipping and will deliver an effortless setup, intelligent design, and plenty of horsepower to handle heavy throughput. Customers will also receive automatic upgrades when fixes and new features become available. Scan. Plug in. Done. 

If you are interested in learning more, please visit  https://www.engeniustech.com/security-gateway.html.

Leave a comment »

Tesla’s Approval Rating Tanks…. And It’s Elon’s Fault

Posted in Commentary with tags on December 13, 2022 by itnerd

Remember the days when Tesla was the default choice for EV buyers? Those days seem to be over according to U.K.-based research firm YouGov. The firm conducts regular consumer perception studies which Tesla has always come out on the positive side of said studies. But as of November 7th, which isn’t long after Elon bought Twitter, that changed:

The electric-car maker started 2022 with a net-positive score of 5.9%, then peaked in May at 6.7%. In early November, it fell to a negative-1.4% reading.

YouGov found a political divide in the numbers. As the Wall Street Journal explains, “self-described liberals now view Tesla more negatively than conservatives, though conservatives also have a negative view of the brand on average.”

What changed to influence opinions so radically? Tesla CEO Elon Musk famously bought the social network Twitter at the end of October and has been a prominent figure in the news for reshaping its operations.

The company has also come under criminal investigation over a series of accidents that may have involved its driver assistance software, according to Reuters.

And this sentiment has confirmation from another research firm:

Morning Consult, a U.S.-based polling firm, also finds that negative perceptions of Tesla are increasing. The company surveys about 200 Americans daily to test their attitudes about several prominent brands. At the start of 2022, it said, 43% of Americans viewed Tesla positively, while 15% had a negative opinion of the company. As of Nov. 27, 38% saw the company positively, while 22% viewed it negatively.

Morning Consult’s numbers also reinforce the political divide. Among self-described Democrats, 24.8% saw Tesla positively in October. Just 10.4% said the same at the end of November. Self-described Republicans saw their opinion of the company rise, from a favorable 20% to 26.5%, over the same period.

“It seems like Tesla is on its way to becoming a partisan brand,” Morning Consult’s Jordan Marlatt told the Wall Street Journal.

None of that is good for business. And that’s likely part of the reason why Tesla’s stock has fallen by 50% this year. Which hits Elon’s bank account negatively. For this sentiment to turn around, Elon would have to do a complete 180 in terms of how he behaves. Something that I do not see happening given his recent behaviour.

At the end of the day, the only person to blame for Tesla’s brand perception issues is Elon Musk.

Leave a comment »

MSPs, Hybrid Workers and Connected Cars Face Cyber-Threat Onslaught in 2023

Posted in Commentary with tags on December 13, 2022 by itnerd

Trend Micro Incorporated today released Future/Tense: Trend Micro Security Predictions for 2023. The report warns that threat actors will ramp up attacks targeting security blind spots in the home office, software supply chain and cloud in the coming year.

According to the report, VPNs represent a particularly attractive target as a single solution could be exploited to target multiple corporate networks. Home routers will also be singled out as they’re often left unpatched and unmanaged by central IT.

Alongside the threat to hybrid workers, the report anticipates several trends for IT security leaders to watch out for in 2023, including:

  • A growing supply chain threat from managed service providers (MSPs), which will be selected because they offer access to a large volume of downstream customers, thereby maximizing the ROI of ransomware, data theft and other attacks
  • “Living off the cloud” techniques may become the norm for groups attacking cloud infrastructure to stay hidden from conventional security tools. An example could be using a victim’s backup solutions to download stolen data into the attacker’s storage destination
  • Connected car threats such as targeting of the cloud APIs which sit between in-vehicle embedded-SIMs (eSIMs) and back-end application servers. In a worst-case scenario (i.e., Tesla API) attacks could be used to gain access to vehicles. The connected car industry could also be impacted by malware lurking in open-source repositories
  • Ransomware-as-a-service (RaaS) groups may rethink their business as the impact of double extortion fades. Some may focus on the cloud, while others could eschew ransomware altogether and try monetizing other forms of extortion like data theft
  • Social engineering will be turbo-charged with business email compromise (BEC)-as-a-service offerings and the rise of deepfake-based BEC

Trend Micro recommends organizations mitigate these emerging threats in 2023 via:

  • Zero trust strategies built on a “never trust, always verify” mantra, to minimize damage without sacrificing user productivity
  • Employee training and awareness raising to turn a weak link in the security chain into an effective line of defense
  • Consolidating onto a single security platform for all attack surface monitoring and threat detection and response. This will improve a company’s ability to catch suspicious activity across their networks, reduce the burden on security teams and keep defenders sharp 
  • Stress testing IT infrastructures to ensure attack readiness in different scenarios, especially ones where a perimeter gateway has already been breached 
  • A software bill of materials (SBOM) for every application, to accelerate and enhance vulnerability management—by delivering visibility into code developed in-house, bought from commercial sources, and built from third-party sources

To read a full copy of the report, please visit: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2023

Leave a comment »

Guest Post: Businesses in North America double their 2022 spending on payment fraud prevention

Posted in Commentary with tags on December 13, 2022 by itnerd

For the second year in a row, merchants reported rises across the board in numerous key measures that assess the extent to which fraud affects eCommerce. 

From higher income lost to fraud to more eCommerce orders being rejected as fraudulent to increased chargebacks and disputes, the average statistics retailers reported rose internationally over the last year.

The most significant shift in fraud payment prevention spending was recorded in North America, where businesses upscaled their spending two times, from 5% of their annual revenue in 2021 to 10% in 2022, according to data presented by Atlas VPN

The figures mentioned were extracted from the Global Fraud and Payments Report 2022, in-depth research conducted by the collaborative efforts of Cybersource, the Merchant Risk Council (MRC), and Verifi. 

The study included 1,060 merchants active in eCommerce fraud and payment management. SMBs ($50k to <$5mn) amount to 38% of the sample size, Mid-Market ($5mn to <$50mn) to 25%, and Enterprises ($50mn+) to 37%. The poll was conducted in November and December of 2021 globally. 

The majority of the companies (60%) were in the physical goods & retail sector, a quarter in the other products & services category, and the remaining surveyed merchants were in the travel & tourism (9%) and digital goods & entertainment (6%) industries.  

Besides North America, another significant change from 2021 to 2022 appeared in the Asia-Pacific (APAC) region, where companies decreased their allocated part of the revenue for fraud prevention by 6%. 

Before, businesses in the APAC area were spending the highest portion of their earnings on payment fraud prevention, but after these changes, they fell in line with the global average, which stands at 10% in 2022.

Mid-market companies allocate most funds

Moving on to fraud prevention by company sizes, interestingly, the average metrics of Mid-market businesses now outnumber those recorded by SMB and corporate eCommerce enterprises. 

While Mid-market firms spend an average of 11% of their annual revenue on payment fraud prevention, SMBs only spend around half as much, at 6%.  

The reasoning behind this is likely because Mid-market businesses are large enough to be enticing targets for fraudsters yet have lesser budgets and fewer employees, tools, and resources to use for fraud protection. Thus, midsize firms may suffer disproportionately from eCommerce fraud.

To read the full article, head over to: https://atlasvpn.com/blog/businesses-in-north-america-double-their-2022-spending-on-payment-fraud-prevention

Leave a comment »

Review: EnGenius ECW336 WiFi 6E Access Point 

Posted in Products with tags on December 13, 2022 by itnerd

Full disclosure: I was supposed to have this tested and reviewed about two weeks ago. But things beyond my control got in the way of that. Having said that, when I did get around to testing the EnGenius ECW333 WiFi 6E Access Point, I walked away impressed by what it could do. Let’s take a look at the access point:

It looks like every other EnGenius WiFi access point from the top with LED lights to indicate the stars at the top.

Underneath is a 12V DC connection for power, 5Gbps PoE LAN connection, and a reset hole. The 5Gbps LAN port is interesting as there’s not a whole lot of 5Gbps PoE switches out there. So this is clearly here for future proofing.

I am not sure if I simply never noticed this in previous access points from EnGenius that I’ve reviewed, or if this is new. But you get a Kensington lock slot as part of the deal.

The whole point of this access point is the 6Ghz band which is less crowded. Which as a result gives you more speed for your WiFi devices that can leverage this speed. But you get backwards compatibility as well. EnGenius claims that you get these speeds:

  • 2.4GHz: 1148Mbps
  • 5GHz: 2400Mbps
  • 6GHz: 4800 Mbps

You can set this access point up and manage it via the EnGenius cloud, which I have to say is excellent as I can set it up for a client and teach them in a few minutes how to manage their network if they have EnGenius gear from end to end. Or I can manage it for them from anywhere as their cloud supports apps for your smart phone. If cloud management isn’t for you, doing it via a web browser works too. In either case, it’s trivially easy as anyone reading this will have this access point up and running in under 30 minutes. Finally for what it’s worth, if you want to give the public access to this without having to constantly hand out the WiFi password, it supports Facebook WiFi.

What I was really interested in was the speed. So I decided to test all three bands to see what sort of performance that I would get. So after assembling some devices that I could use to test each band, here’s my results:

  • 2.4GHz Average at 20 feet line of sight: Downstream 270Mbps, Upstream 194Mbps
  • 5GHz Average at 20 feet line of sight: Downstream 150Mbps, Upstream 44Mbps
  • 6GHz Average at 20 feet line of sight: Downstream 665Mbps, Upstream 871Mbps

Now I am testing this in an insanely noisy environment where there are literally dozens of access points competing with each other. But having said that, these numbers are pretty impressive. Especially the 6Ghz numbers. If you plan out a deployment with a number these access points set up to do overlapping coverage of an office or even a large home, and it doesn’t have the number of access points that I have to deal with, I can easily see you getting much better numbers than what I have posted here. As far as I am concerned, this is a win.

The EnGenius ECW336 Access point is currently available at Amazon US for $895.00. If you want to set up a wireless network that is easy to roll out and has fast speed, and is future proof, this access point is very much looking at.

Leave a comment »

« Older Entries
Newer Entries »