This week, Uber Eats is launching its fourth annual Cravings Report revealing all the ways Canadians enjoyed getting their favorite sips and eats exactly how they wanted them.
From Canada’s most polite and pickiest cities to the largest Uber Eats restaurant orders, this year’s report offers a snapshot of the most popular, most unique—and in some cases—most unusual delivery requests received over the last year.
Here are some of the year’s juiciest delivery trends:
Holiday shopping is in full swing, which means the hunt is on for the best deals for gifts. Nearly 1 in 5 plan on gifting electronics this holiday season, according to a new study by Arris.
As for what people want in their technology, 73% want better battery life, 58% are looking for more durable portable electronics, and 40% want more lightweight electronics.
You can read the study here.
Today Rezilion announced updates to MI-X, its highly-rated open-source tool developed by Rezilion’s vulnerability research team. The tool will be featured this week at Black Hat Arsenal during Black Hat Europe and features several new updates to give teams vital information about the exploitability of known critical CVEs in their environment.
Available as a download from the Github repository, MI-X already has more than 100 stars on GitHub since its debut in August 2022. The CLI tool is a free, open-source companion to Rezilion’s enterprise solution for software supply chain security and helps researchers and developers identify if containers and hosts are impacted by a specific vulnerability, thus allowing organizations to target remediation plans more effectively.
The recent updates to MI-X include:
MI-X adds context to vulnerabilities where other tools fall short
Using MI-X, organizations can identify and establish the exploitability of 20+ high-profile CVEs, including hosts and containers. The tool can easily be updated to include coverage for new critical and zero-day vulnerabilities.
Through MI-X, users can:
MI-X will be featured Wednesday, December 7, 2022 from 10:15 a.m.-11:45 a.m. PT in the Business Hall, Station 5, in the Black Hat Arsenal.
For more information on getting started with MI-X, visit https://www.rezilion.com/rezilion-tools/am-i-exploitable/ .
It’s almost 2023, and nearly two-in-three people still track their passwords by memorization or hand-written notes, according to new research. This, even as identity theft doubled during the pandemic.
The second annual study by Security.org asked more than 1,000 Americans how they keep track of online passwords and reveals practices most common across those that experienced identity theft in the last year. Not to mention, risky habits of password manager users.
Google Password Manager is the most used tool in 2022, per 23 percent of respondents, up from eight percent last year.
Other key findings include:
The full research is here: https://www.security.org/digital-safety/password-manager-annual-report/
Russian state-sponsored cyberattacks are used as a weapon to further intimidate Ukraine and other Western countries.
According to the data presented by the Atlas VPN team, 55% of cyberattacks originating in Russia targeted the United States. The United Kingdom, Canada, and Germany are among other top targets.
Russian state-sponsored threat actors targeted the United States in 55% of their cyberattacks. Organizations and government agencies in the United Kingdom were a target in 8% of cyberattacks. Furthermore, 3% of attacks originating in Russia were directed at Canada.
Even though Russia started a full-on war against Ukraine, only 2% of their cyberattacks targeted the country. Switzerland was also a target in 2% of Russian cyberattacks. At the same time, attacks on other Western countries and Baltic states made up 27% of all state-sponsored attacks.
Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on Russia-based cyberattacks:
“While there is no concrete evidence that Russia-based cybercriminal groups cooperate with Kremlin, there is a clear narrative about who is the enemy. While Russia’s war in Ukraine is continuing, organizations and governments of Western countries have to stay sharp against possible attacks.”
Most targeted industries
State-sponsored hackers usually target specific industries to create as much chaos as possible.
The information technology industry was the target in 29% of Russian-sponsored attacks. Russian-sponsored state threat actors launched 18% of their attacks on nongovernmental organizations (NGOs). In addition, 12% of cyberattacks originating in Russia targeted government agencies and services.
Russian hackers targeted 12% of their cyberattacks on education organizations. Furthermore, 5% of cyberattacks originating in Russia were launched at financial service institutions. Finally, cybercriminals affiliated with Russia carried out 24% of attacks on other types of industries.
To read the full article, head over to:
https://atlasvpn.com/blog/over-50-of-all-cyberattacks-originating-in-russia-target-the-us
Cradlepoint, the global leader in cloud-delivered LTE and 5G wireless network solutions, is today announcing the availability of its third NetCloud Exchange (NCX) solution, Zero Trust Network Access (ZTNA). NCX ZTNA ensures a native ZTNA experience that offers simplicity, efficiency, and granularity for Cradlepoint deployments.
While cellular connectivity delivers agility and the freedom to connect anyone from anywhere, this extended WAN edge—encompassing resources in sites, vehicles, and remote locations—creates a broader network attack surface. This, along with the need for an extended workforce to access resources in a secure way, requires an innovative approach to network security. Zero trust is emerging as the technology of choice to address these challenges.
With a focus on enterprises who are looking to leverage 5G, Cradlepoint’s NCX ZTNA solution will offer differentiated capabilities to support the expanded edge and extended workforce. Key capabilities include:
Cradlepoint NCX ZTNA adds to the previously announced Secure Connect and SD-WAN Services. All services are based on the same zero-trust foundation and are enabled through the NetCloud Exchange Service Gateway—a scalable solution that aggregates traffic, provides flow-level visibility, and acts as the policy-enforcement point in the network.
For more information on Cradlepoint’s NetCloud Exchange solution, Zero Trust Network Access, please visit https://cradlepoint.com/products/ztna/.
Consumers have come to rely on applications and digital services for almost every aspect of their lives and they’ve now become far more discerning about what makes an incredible digital experience. With the holiday shopping season upon us and multiple online sales events available to customers, the pressure is on for brands to offer consumers amazing online bargains and incredible digital and application experiences. If this year, a massive 91 per cent of consumers said that they will only rely on online shopping applications and services, the search for great deals will be even more important! 95 per cent agreed that cheap prices and bargains will be central given the costs of living and the uncertain economic situation.
So, the extra pressure is on for retailers and their IT teams as consumers (78 per cent) stated that the digital experience is as important as the deals that are on offer.
Cisco AppDynamics recently conducted a global survey of 12,000 consumers across 12 countries including Canada, exploring how applications are being used throughout the online shopping process during seasonal shopping moments, and the significance of their role today.
Consumers surveyed revealed that:
You’ll find a blog post with additional details here.
Santa Cruz Software, a global leader in software development for cross media content publishing, today announced a new version of its DAM connector LinkrUI will now enable Digital Asset Manager (DAM) syncing for three Microsoft Office applications. Available both via DAM reselling partners and via retail, LinkrUI for Microsoft Office is now compatible for applications Microsoft Word, Microsoft Powerpoint and Microsoft Excel.
LinkrUI enables direct searching, opening, placing and synchronizing of digital assets stored in a DAM system or other storage services, such as Box and Dropbox. The new version of LinkrUI automatically synchronizes assets between Microsoft Office applications and the DAM or storage service to ensure that everyone in an organization can find and work on the latest version.
LinkrUI started as a best-in-class extension to Adobe applications, providing an in-app panel link between popular creative applications and the DAM or cloud storage service. Santa Cruz Software recently began offering a version of LinkrUI completely free — guaranteed version control at no cost — which is compatible with Adobe Photoshop, Adobe Indesign and Adobe Illustrator. The premium version of LinkrUI adds compatibility for Adobe Premiere and Adobe After Effects and includes additional features like live filtering and Smart-Linkr, which finds and fixes broken asset links automatically. LinkrUI for Microsoft Office includes compatibility for Microsoft Word, Microsoft Powerpoint and Microsoft Excel.
A recent survey by Santa Cruz Software found that 83% of professionals said they spend time each week finding lost assets. In fact, 11% do it hourly. Over half spend at least three hours per week managing versions and a staggering 15% are spending over six hours. LinkrUI solves this problem by automatically syncing the current asset with the DAM.
LinkrUI for Microsoft Office is now available via resellers and retail. LinkrUI for Microsoft Office costs $99/year per seat and includes compatibility for Microsoft Word, Microsoft Powerpoint and Microsoft Excel. Please visit the LinkrUI webpage to download LinkrUI and see a list of current DAM vendors.
This is one of these posts where I have no clue where to begin because there is so much to cover. Let’s start with the fact that Twitter’s credit rating has been withdrawn by S&P:
The rating firm, which is among the top in the US, said the action was “due to a lack of sufficient information to maintain the rating” in a release on Friday. At the time of the withdrawal, both Twitter and its debt were on “CreditWatch,” suggesting an imminent rating action.
Twitter’s massive about $13 billion debt load was funded directly by banks led by Morgan Stanley when Musk’s $44 billion acquisition of the social media giant closed. Since then, Musk’s takeover of Twitter has brought sweeping changes to the company’s operations and product. Those changes included mass layoffs, changes in features and a raft of companies pulling advertising dollars from the platform.
The group of banks that funded the buyout now face the challenge of syndicating the debt to investors, many of whom use rating companies to determine the risk involved in buying credit.
S&P downgraded the company five notches to B- from BB+ on Nov. 1 as a result of its high leverage post-acquisition. The rating firm expected to “obtain more information regarding the final capital structure and any potential changes to the operating strategy,” according to the November research update.
That’s going to be a problem if Elon Musk needs more money to keep Twitter afloat seeing as it’s not coming in from advertising. I would not be surprised if he sells more Tesla shares in the weeks to come. Which of course will send that stock into free fall the second he does.
Next up is this District Attorney who has quit Twitter because of these reasons:
Santa Clara County District Attorney Jeff Rosen will deactivate his Office’s Twitter account, citing the explosion of hate speech on the popular communications platform.
DA Rosen’s decision to remove Northern California’s largest prosecutor’s office from Twitter follows increasing hatred, bigotry and antisemitism on the platform and Twitter owner Elon Musk’s own statements and posts, such as a meme used by racists and antisemites.
DA Rosen is respectfully asking all elected District Attorneys throughout the United States to take their Offices off Twitter.
Ouch. But he’s pointing out what everybody knows. Hate speech has massively increased since Elon took over Twitter and his reality distortion field does not change that fact. And this sort of stuff is bad for business as Elon will find out. After all, advertisers do not want to do business with a platform full of racists.
Then there’s a rather bizarre answer that Elon Musk gave in a Twitter Space chat about why he bought Twitter:
Finally, Elon’s got a big problem with one of his other companies. Neurolink is under investigation:
The investigation into Neuralink Corp – which is developing a brain implant – was opened in the US following complaints from staff, Reuters reports.
Staff have complained that animal testing is being rushed and is causing needless suffering and deaths, according to the news agency.
And:
Reuters, citing sources familiar with the investigation and internal company documents, reports that the company has killed about 1,500 animals since 2018 including pigs, sheep and monkeys.
The number is not necessarily indicative of malpractice or wrongdoing, as medical companies of various kinds routinely use animals in experiments.
But dozens of documents seen by the news agency suggest growing concern within the company about the animal tests. Some failed tests reportedly had to be repeated, increasing the number of animals that died in the process.
Some employees’ reportedly tied the failed tests to pressure from Mr Musk to accelerate research as the company works to develop its brain implant, which it has said could potentially help paralysed people walk again and address other neurological diseases.
Elon is quickly becoming the man of 99 problems. And this one is a big one both from a legal standpoint and from a PR standpoint as I fully expect groups like PETA to start making his life miserable. Which in turn will make him do and say things that will only end badly for him.
I wonder where any or all of this will lead? We’re likely to find out soon enough.
Security Researcher Demonstrates Attackers Communicate via DNS to Attack Air-Gapped Networks
Posted in Commentary on December 8, 2022 by itnerdPentera has releaseda new research report on how Uriel Gabay, Security Researcher at Pentera was able to bypass an air-gapped network to execute an attack. In order to protect an organization’s critical assets from Internet access, IT teams often create isolated or ‘air-gapped’ networks.
These networks are largely considered inherently untouchable, but Pentera Labs Research was able to bridge the air-gap and access them with only a few lines of code. Air-gapped networks may not have direct access to the Internet, but they still often require DNS services in order to resolve a company’s internal DNS records.
Uriel was able to exploit this reality to execute an attack over the DNS and showcase how hackers could relatively easily access offline information that organizations assumed was safe.
You can read the research here.
Leave a comment »