Guest Post: TikTok removed nearly 50 million videos due to minor safety in Q2 2022

Posted in Commentary with tags on November 16, 2022 by itnerd

Video sharing platform TikTok has over 1 billion users and is among the most popular social media.

According to the data presented by the Atlas VPN team, TikTok removed nearly 50 million videos due to minor safety in the second quarter of 2022. Notably, most of these videos were taken down due to nudity and sexual content involving minors.

In total, TikTok removed over 113 million videos in Q2 2022. The platform’s automated defenses deleted 48 million videos, while the moderation team removed over 65 million. In addition, TikTok changed the initial decision and restored about 6 million videos.

Of those videos, nearly 44% were removed due to minor safety. TikTok deleted about 24 million videos, about 21% of all, due to illegal activities and regulated goods. Out of all removed videos, adult nudity and sexual activities made up nearly 11% or about 17 million videos.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on TikTok safety for minors:

“While TikTok might have solid policies to protect minors, it does not always reflect in practice. Social media platforms develop new products or functionalities and release them without seriously addressing online safety, particularly for minors. As of now, TikTok seems behind other companies when it comes to creating a safe environment for their underage audience.”

Minor safety

While most content on TikTok is fun or educational, people can still find some disturbing videos.

Out of the total videos removed due to minor safety, nearly 76% involved nudity and sexual activity involving minors. Harmful activities by minors made up nearly 16% of all removed videos due to underage people’s safety policy. Content containing physical and psychological harm to minors made up about 4% of violations.

Out of all deleted videos due to minor safety, 2.4% were engaging in the sexual exploitation of underage people. At the same time, grooming behavior was the reason behind nearly 2% of video removals.

To read the full article, head over to:

https://atlasvpn.com/blog/tiktok-removed-nearly-50-million-videos-due-to-minor-safety-in-q2-2022

Leave a comment »

Google Canada reveals the top Black Friday and Cyber Monday trends & Canadian shopping behaviours this holiday season

Posted in Commentary with tags on November 16, 2022 by itnerd

As Canadians look forward to the 2022 holiday season, retailers can expect to see a more price-conscious shopper that’s focused on cost and convenience. 

With Black Friday and Cyber Monday around the corner, Google Canada is revealing new insights about how Canadians are changing their holiday shopping behaviours along with some of the top trending items Canadians are looking for this Black Friday and Cyber Monday.

You can also check out Google’s blog post for more information.

Here’s how Canadians plan to shop for Black Friday/Cyber Monday this year: 

  • Digital is here to stay and is now the gateway to all commerce
  • While we expect to see a return in-store shopping this holiday season, shoppers will use digital to inform, inspire and enable their purchases. 
  • 86% of shoppers discover brands/products while browsing online(1)
  • 89% of holiday shoppers searched online first before a store visit(2)

Holiday shoppers are price-conscious about their spending this season

  • 72% of surveyed Canadian holiday shoppers say they are concerned about the rising cost of items they need or want to buy(2)
  • 60% of holiday shoppers say they plan to buy less because of the impact of inflation on their finances(2)
  • Search interest for price sensitive terms have increased this year, with ‘discount code’ increasing 2x and ‘price match’ up 7x(3)
  • 85% of Canadian holiday shoppers say they will shop at a store with discounts(2)
  • 73% said they will shop with stores that offer free shipping(2)
  • 41% of holiday shoppers said they are comparing prices and price matching(2)

Holiday shoppers are being strategic, making fewer impulsive purchases

  • More than half (54%) of holiday shoppers said they will confirm an item is in stock before going into stores(2)
  • 1 in 4 holiday shoppers say they are shopping for things now that they don’t need until later because they’re worried items will go out of stock(2)
  • Nearly half of Canadian holiday shoppers say they’re taking inventory of what they have to determine what they need(2)
  • 32% say they keep an eye out for new brands even if they’re not planning to buy right then(2)

Holiday shoppers are getting ahead of the season 

  • Nearly 1 in 4 surveyed Canadian holiday shoppers had said they had already begun their holiday shopping by mid-September and 1 in 3 said they planned to start earlier this year than they had in 2021(2)
  • Searches interest for “black friday” and “outdoor christmas lights” are already growing strongly compared to last year, with searches for ‘black Friday’ up 300%, and ‘christmas lights’ up 80%(3)

Here’s what Canadians are searching for leading into Black Friday/Cyber Monday:

Source

  1. Google/Ipsos, “Holiday Study,” Shopping Period Oct 30 2021 –Dec 23 2021, Online survey, CA, 18+ who shopped in the past two days.1 n= 2669; Think with Google: How consumers discover brands online
  2. Google commissioned Ipsos Consumer Continuous, US, CA, UK, FR, DE, IT, AU, JP, IN, CN, BR, MX, ES, ZA, KR, AR, CO, BE, CL, PE, SE, NL, DK, FI, NO ~n=235-489 online consumers 18+ per market that plan to shop for the holidays. Sep 8-11, 2022
  3. Google trends data, Canada English

1 Comment »

INKY Reveals A New Clever Image Based Phishing Scam

Posted in Commentary with tags on November 16, 2022 by itnerd

INKY has published a new Fresh Phish, in which INKY’s cybersecurity research analysts describe that they’ve detected what might be a new email phishing trend.

This report outlines how hackers have been caught using a clever ‘image-based phishing scam’ that has been able to circumvent most email security systems.

You can read the full report here.

Leave a comment »

If You Question Elon Musk’s Leadership At Twitter, You’re Fired

Posted in Commentary with tags on November 16, 2022 by itnerd

Well, it looks like Elon Musk is so thin skinned that anyone who says anything about his leadership is going to get fired based on this:

Elon Musk is a class A jackass. And I think it’s safe to say that burn it to the ground is Musk’s play at the moment. Because firing people to gain loyalty almost never works. And this will simply result in even more people heading to the exits. As a result it will leave Musk with nothing. But he clearly thinks he’s the smartest person in the room. And he’s getting his opportunity to prove it. Though at the rate he’s going, all he’s proving is that he’s ill equipped to run Twitter and he’s far from being the smartest person in the room.

And he can’t fire me for saying that.

1 Comment »

Elon Musk To Relaunch Twitter Blue While Giving Staff An Ultimatum…. They Must Choose To Be “Hardcore” Or Leave

Posted in Commentary with tags on November 16, 2022 by itnerd

The initial launch of Twitter Blue was a train wreck next to a dumpster fire to put it mildly. But Elon Musk is going to the well once again because he desperately needs the money.

Based on this Tweet, I am guessing that he wanted to launch sooner because he desperately needs the money. But had to delay that because I am guessing that he has to figure out how to launch this without creating the disaster that he did the first time around. Though he did say this:

How is this even possible? I ask because he fired anyone who would be capable of doing this confirmation.

I’m calling it now. Prepare for train wreck next to a dumpster fire 2.0 as Musk is clearly in Hail Mary country here.

In other news. Musk is now giving staff a choice. Be “hardcore” or leave:

Elon Musk sent a message to Twitter staff telling them that they had until Thursday to consider whether they wanted to stay on for “working long hours at high intensity” or take a severance package of three months pay.

Musk told Twitter employees that anyone who had not clicked on a link confirming “you want to be part of the new Twitter” by Thursday evening New York time would be considered to have quit.

“Whatever decision you make, thank you for your efforts to make Twitter successful,” the message said.

It would not surprise me if a lot of people just said “I’m out of here” and packed up their things and left. Musk may be in for a reality check on Thursday when he doesn’t get the number of people that he thinks he will who make the choice to be “hardcore”. Then you have to wonder what he does at that point. And how he keeps the lights on as a result.

4 Comments »

Sobeys Employees Detail The Chaos Inside Sobeys Stores After They Were Pwned By Ransomware

Posted in Commentary with tags on November 15, 2022 by itnerd

Last week word started to filter out that Canadian grocery chain Sobeys got pwned by ransomware. The chain claimed that they had an “IT issue”, but by the end of the week there was proof that they had been pwned. Now CBC News is giving us an inside look at the chaos that ensued after the chain was pwned:

“Somebody higher up got an email and basically clicked a link they weren’t supposed to,” said the front-end Safeway employee. “I don’t know the exact dollar figure, but I know it was like millions, like several millions.”

The troubles began overnight Thursday, Nov. 3 into Friday, Nov. 4.

When employees arrived for work on Friday, their computers took longer than usual to boot up, and when they finally did, “nothing came up other than this big white block in the middle of the screen that said ransomware, please comply before proceeding, or something like that,” said a worker in a meat and seafood department at a Safeway store.

“I saw the word ransom and that scared me right away.”

And:

The computer issues have also disrupted Empire’s ability to maintain its usual scheduling and payroll systems.

“I literally went into work and there was like a schedule written down on a piece of paper and I’m like, what is this?” said a worker.

Some employees are being asked to write down their hours in a logbook.

Employees in the chain are paid every other week, and some were told last week they would not get paid last Thursday, their scheduled payday.

However, workers later told the CBC the company found a workaround: since the first week of the two-week pay period occurred before the ransomware attack, employees would receive the same amount of pay for the second week, even if they did not work the same number of hours. Each employee also received an extra $100 on Thursday to compensate for any extra hours they may have worked the second week.

Once the payroll system is functioning again, any worker who was overpaid will be expected to return overpayments.

And:

Many customers are likely unaware of the difficulties employees are dealing with. But some impacts have been clear.

On the first day of the outage, some self-checkout machines weren’t working.

“The lineups at the tills, because people aren’t used to that and we pump a lot of people through these self checkouts — so, a lot of pissed-off customers over that,” said a Safeway worker.

Customers have been unable to use gift cards or redeem Scene loyalty points, and stores have been unable to process Western Union transfers — causing frustration for some, one employee said. 

The company has not officially told employees the cause of the outage. They have been instructed to simply tell customers it’s an IT issue.

“You kind of feel bad having to like just you know, water it down, what’s really going on, to customers,” said an employee. “You feel like you’re deceiving everybody because there’s more going on behind the doors than what they’re trying to make it out to be.”

This shows the sort of carnage that being pwned by ransomware can cause. It also shows what happens when you don’t have a remediation strategy in place in case you do get pwned. Clearly Sobeys had a huge hole in their cybersecurity plan. Or they didn’t have a plan. Either way, I say parliament should find out. Sobeys is the second largest grocery retailer in the country, which means that this is a non-trivial event. And Canadians deserve answers as to how and why they got pwned and how they will avoid getting pwned again in the future.

Leave a comment »

Symantec Tracks And Documents A Threat Actor Named “Billbug”

Posted in Commentary with tags on November 15, 2022 by itnerd

Symantec has released a blog post detailing a new threat actor named “Billbug” which appears to be a nation state actor that is going compromised a certificate authority as well as government agencies:

Symantec, by Broadcom Software, was able to link this activity to a group we track as Billbug due to the use in this campaign of tools previously attributed to this group. Billbug (aka Lotus Blossom, Thrip) is a long-established advanced persistent threat (APT) group that is believed to have been active since at least 2009. Symantec has previously published on this group’s activity in 2018 and 2019 under the Thrip name, but following our 2019 investigation, we determined that Thrip and Billbug were most likely the same group so now track all activity under the Billbug name.

In activity documented by Symantec in 2019, we detailed how the group was using a backdoor known as Hannotog (Backdoor.Hannotog) and another backdoor known as Sagerunex (Backdoor.Sagerunex). Both these tools were also seen in this more recent activity.

The victims in this campaign included a certificate authority, as well as government and defense agencies. All the victims were based in various countries in Asia. Billbug is known to focus on targets in Asian countries. In at least one of the government victims, a large number of machines on the network were compromised by the attackers.

The targeting of a certificate authority is notable, as if the attackers were able to successfully compromise it to access certificates they could potentially use them to sign malware with a valid certificate, and help it avoid detection on victim machines. It could also potentially use compromised certificates to intercept HTTPS traffic. However, although this is a possible motivation for targeting a certificate authority, Symantec has seen no evidence to suggest they were successful in compromising digital certificates. Symantec has notified the cert authority in question to inform them of this activity.

This activity has been ongoing since at least March 2022.

Kevin Bocek, VP of Security Strategy and Threat Intelligence, Venafi had this to say

“The compromise of a digital certificate authority (CA) is bad news. CAs are a vital centerpiece in the system of identity that keeps our online world running securely. A CA issues companies with TLS certificates – a type of machine identity that enables secure machine-to-machine communication. This identity tells other machines that it can be trusted. It is this system that enables the green padlock we are all so familiar with now. If a CA is compromised, all the identities associated with it come into question. 

In this particular case, the attack on the CAs has all the tell-tale signs of a sophisticated nation state attack. However, this doesn’t just impact the CAs – every business, consumer and government that relies on these CAs to know whether a digital service is real or fake, and whether communications are private or tapped, is impacted. An attacker could use this position of power to conduct man-in-the-middle attacks, to intercept encrypted traffic, or to issue identities for malicious or fraudulent services to enable them to be trusted by major browsers and operating systems. We’ve seen this play out with attacks such as DigiNotar in the Netherlands.  

To remediate the problem, just as you change your passwords if they are breached, CISOs, CIOs and CEOs must do the same for machine identities. In today’s age of businesses running in the cloud, organizations must quickly identify and remove all certificates associated with unknown and untrusted CAs, and replace them with new certificates from trusted sources. Yet an organization could have hundreds, if not thousands of identities to replace. This is why organizations need to invest in a control plane that can automate the management of machine identities.” 

Sitaram Iyer, Senior Director of Cloud Native Solutions, Venafi had this to add:

“This compromise of a certificate authority (CA) highlights the importance of managing all machine identities in an enterprise. If the compromised were to be the root CA, then the attacker can potentially gain full control over the entire PKI infrastructure and compromise the trust in the system. Revocation of all the certificates issued by this CA must be revoked and replaced. This certainly comes at a high-cost effort – and in most cases, credibility of the organization.  

This can be even more catastrophic as organizations create subordinate CAs that are used for signing workloads in cloud native environments for managing pod or mesh identities. The sheer volume of these identities and the need to revoke all subordinates, recreate them and issue identities for workloads is a huge effort.  

Protecting and managing all the machine identities, irrespective of where and how it’s used, is critical for creating an enterprise security posture. Manual processes need to be eliminated, and all machine identity management should be 100% automated with security teams having the right kind of observability.” 

Clearly this is a threat actor that needs monitoring as they aren’t going away. In fact it seems that the longer they are around, the more sophisticated that they get.

Leave a comment »

Hackers Using Steganography For Malware Attacks 

Posted in Commentary with tags on November 15, 2022 by itnerd

In early September 2022, researchers identified a threat group called Worok that targeted many victims, including government entities around the world, to gain access to devices. They concealed malware used to steal information inside PNG images by least significant bit (LSB) encoding which attaches malicious code to the LSB in the image’s pixels.

To get a view of this attack from the security industry, I have Alyn Hockey, VP Product Management at cybersecurity software and services provider Fortra:

“It’s a hack that’s easily undetected and the old technique is increasingly used to hide malware payloads. So, when an image is viewed by a member of an organization, the payload, otherwise known as a virus, worm or Trojan, can start work immediately – resulting in damage to systems and loss of data.

Steganography examples can be traced back as early as 5 BC when used as a defense tactic by Histiaeus, a Greek ruler of Miletus. Histiaeus shaved and tattooed a man’s head with messages that would go unnoticed once his hair grew back. The alleys, aware of the practice, found the warning messages on the man’s scalp.

Fast forward to 2022 when an employee of General Electric was convicted of conspiracy to commit economic espionage. While this sounds like something out of a thrilling motion picture, the former employee simply used steganography. He was able to take company secrets in files by downloading, encrypting, and hiding them in a seemingly mundane sunset photo. He used his company email address to email the image to his personal email address. According to court documents, the encryption process took less than 10 minutes. 

Again, while not as common as other cyberattacks, the shocking and quick way it can fly under the radar is reason enough to have a security solution that protects not only from external threats like malware but keeps data safe through effective data loss prevention methods. Organizations can apply an anti-steganography feature to sanitize all images as they pass through the secure email gateway. Anti-steganography removes anything hidden within the image, which will not visually alter the image but make it impossible for recipients to recover hidden information – including accidental opening of malware. While this will cleanse all images, it mitigates the overall risk thereby keeping the organization safe – doing so in milliseconds, so the flow of business won’t be disrupted.”

The Bleeping Computer story that I linked to has a lot of detail that is very much worth reading.

Leave a comment »

NSA Releases Guidelines On Mitigating Software Memory Safety Issues

Posted in Commentary with tags on November 15, 2022 by itnerd

Yesterday the NSA released released guidelines on how organizations can implement protections against  software memory safety issues Here’s an snippet from the press release on the topic:

The “Software Memory Safety” Cybersecurity Information Sheet highlights how malicious cyber actors can exploit poor memory management issues to access sensitive information, promulgate unauthorized code execution, and cause other negative impacts.
 
“Memory management issues have been exploited for decades and are still entirely too common today,” said Neal Ziring, Cybersecurity Technical Director. “We have to consistently use memory safe languages and other protections when developing software to eliminate these weaknesses from malicious cyber actors.”
 
Microsoft and Google have each stated that software memory safety issues are behind around 70 percent of their vulnerabilities. Poor memory management can lead to technical issues as well, such as incorrect program results, degradation of the program’s performance over time, and program crashes.

I got commentary from Yotam Perkal, Director, Vulnerability Research at Rezilion on this guidance:

Regarding the NSA guidelines, it is true that the majority of exploitable vulnerabilities in languages such as C and C++, are due to memory issues. That said, these languages are still extremely widely used especially in applications that are performance oriented. In the latest StackOverflow developer survey, close to 40% of developers claimed to be using either C or C++ in their daily work, even in open source projects over 15% of the code is still written in these languages (see here). Hence, I don’t see them disappearing any time soon. 

It is also important to note that even with a memory safe language, memory management is not entirely memory safe as most of these languages allow the developers the flexibility to perform potentially unsafe memory management tasks. Moreover, for an existing project, migration of code from one language to another isn’t a trivial task and requires skilled workforce in both the source and target language. So all in all I think while the recommendation is valid, I don’t believe it will be widely adopted. 

Organizations that do have applications written in memory unsafe languages, should definitely take efforts to make sure they perform proper testing (SAST and DAST) as part of the development cycle in order to identify potential memory issues before code makes its way to production. They should also make sure to enable various binary hardening mechanisms such as ASLR, CFG, NX bit and others while compiling code written in memory unsafe languages.These mechanisms make potential exploitation far more complex. There are open-source tools that enable evaluation of binary hardening status for existing binaries such as checksec.sh. 

For open-source projects, there is a possibility to check eligibility to enroll to Google’s OSS-Fuzz project which aims to make common open source software more secure and stable by performing automated fuzzing.

I would recommend that software developers read this guidance and take Mr. Perkal’s advice to make sure that their applications are less exploitable. Because these are dangerous times that we live in, and anything that one can do to minimize the risk of an application that can be exploited is a good thing.

Leave a comment »

Guest Post: Fraud Awareness Week: Tips for Staying Safe During the Cyber Holidays

Posted in Commentary with tags on November 15, 2022 by itnerd

By Hank Schless, Senior Manager of Security Solutions at Lookout

This week is Fraud Awareness Week and the conversation is all about knowing how to best protect ourselves in a constantly evolving and quite scary cyberworld. According to the Better Business Bureau’s naughty list of the top 12 holiday shopping scams this Christmas season, the two most prevalent scams are misleading social media ads and social media gift exchange scams. 

The Internet Crime Complaint Center’s (IC3) 2021 reported that non-payment or non-delivery scams cost people more than $337 million. Credit card fraud accounted for another $173 million in losses. Lookout, the leader in delivering integrated Security, Privacy, and Identity Theft Protection solutions, is here in time with the perfect gift for keeping your wallet and data safe this season.  

Tips To Stay Safe This Holiday Season

Exercise Savvy Shopping

  • If you’re purchasing from a company for the first time, do your research and check reviews.
  • Verify the legitimacy of a buyer or seller before moving forward with a purchase. If you’re using an online marketplace check their feedback rating. Be wary of buyers and sellers with mostly unfavorable feedback ratings or no ratings at all.

Watch for “Red Flags” When Paying Online

  • Avoid paying for items with prepaid gift cards. In these scams, a seller will ask you to send them a gift card number and PIN. Instead of using that gift card for your payment, the scammer will steal the funds, and you’ll never receive your item. 
  • Use a credit card when shopping online and check your statement regularly. If you see a suspicious transaction, contact your credit card company to dispute the charge.

Avoid Shipping Pitfalls 

  • Always get tracking numbers for items you buy online, so you can make sure they have been shipped and can follow the delivery process.
  • Avoid buyers who request their purchase be shipped using a certain method to avoid customs or taxes inside another country.

Enable Security Protection To Block Shopping Scams & Threats

  • Run security protection on your mobile devices – like Lookout’s security application – which is an app you can download from Google Play or the App Store. Security protection will automatically monitor and identify scam URLs in email, text messages, and on the web and block you from threats that can do harm.
  • Gift Card Scams:
    • CVS, Walmart & Home Depot 
    • The FTC reports that around $10 million a month has been lost globally to these scams. 
    • About one in four people who tell the FTC they lost money to fraud say they paid with a gift card.(1) In fact, gift cards have topped the list of reported fraud payment methods every year since 2018. During that time, people reported losing a total of nearly $245 million, with a median individual loss of $840.(2)
    • https://www.kiplinger.com/personal-finance/603028/beware-of-gift-card-scams 

All consumers can scan their email for FREE on Lookout’s website to learn about breaches that may have occurred & take action to secure their data.

Leave a comment »

« Older Entries
Newer Entries »