Michigan Medicine Discloses Email Account Breach

Posted in Commentary with tags on October 27, 2022 by itnerd

Michigan Medicine has notified patients of an employee email account breach which exposed health information of about 33,850 patients. 

From August 15th through August 23rd, a cyber attacker targeted Michigan Medicine employees with an email phishing scam, luring employees to a webpage designed to get them to enter their Michigan Medicine login ingo. Four employees entered their info and then inappropriately accepted MFA prompts, allowed the attacker to access their email accounts.

Ooops.

John Stevenson, Director of Product at Cyren had this to say:

     “The fact that four separate employees followed the phishing link and accepted multi-factor authentication prompts shows how sophisticated these attacks can be. It is as a stark reminder that phishing continues to plague the healthcare industry. Of the 684 breaches of healthcare data reported to the US Government, 41% of them resulted from email incidents. The majority of those email incidents (74%) were from phishing vs. malware or accidental disclosure.

Many companies might blame the user in situations such as this for not heeding the lessons of the corporate Security Awareness Training (SAT) program. However, the reality is that SAT must be augmented with the right inbox security. What is needed is additional assistance for the user such as Scan and Report buttons within the Outlook inbox that empower the user to put the lessons learned from SAT into practice then and there, taking a proactive approach to email security.”

This illustrates the fact that people are the weakest point in cybersecurity. And organizations need to focus on making that a non factor to stop incidents like this from happening.

Leave a comment »

Koodo Introduces New Customizable Pick Your Perk Plans

Posted in Commentary with tags on October 27, 2022 by itnerd

Today, Koodo launched its Pick Your Perk plans, a new line-up of customizable rate plans that lets customers personalize their plan with a free feature of their choosing. Pick Your Perk plans start at $45 per month, and enable customers to choose one free perk – with different rate plans offering different perk options to select from.

There are five perks for customers to choose from, including Premium Voicemail, Unlimited International SMS, Rollover Data, Speed Boost, and Unlimited Long Distance Pack. Whether customers choose Rollover Data to roll-over unused data into the next month, or an Unlimited Long Distance Pack to stay connected to loved ones overseas with unlimited talk time to the US, China, Hong Kong, India, Mexico, Bangladesh, and the UK — there’s a perk for everyone.

At Koodo, it’s all about choice. These new rate plans are just another way Koodo helps customers create a plan that’s just right for them.

To learn more about the new Pick Your Perks plans, visit koodomobile.com

Leave a comment »

New Cybersecurity VC Firm Research: Q3 Reveals Decline in Cyber Valuations as Recession Takes Hold

Posted in Commentary with tags on October 27, 2022 by itnerd

DataTribe, a cybersecurity seed investor, has released the firm’s Q3 2022 Insights Report highlighting how cybersecurity investing is trending this quarter compared to last year and the previous quarters.

According to the report, Q3 marked a continued decline in valuations across nearly all stages. The current economic headwinds are pressuring private capital markets like public markets. The exception is Seed investment activity in cybersecurity, which increased 37.5% from 24 to 33 deals YoY. 

You can read the full report here.

Leave a comment »

Apple Exec Confirms That Apple Will Go USB-C On The iPhone… Why You Should Not Get Excited Just Yet

Posted in Commentary with tags on October 27, 2022 by itnerd

In the last few days, the EU confirmed that any mobile device such as a mobile phone needs to have USB-C. Since pretty much every mobile phone out there has USB-C already, this means that Apple will have to ditch the 12 year old Lightning standard and go to USB-C. Yesterday, Greg Joswiak, also known as “Joz” confirmed in a Wall Street Journal interview that Apple would be complying with this law. I have the video posted below and I encourage you to watch the whole video as a whole number of topics were covered and it makes for interesting viewing:

Now. Apple finally ditching Lightning after 12 years is a good thing. I am all for that as that’s one less cable that I have to remember to carry on my next trip. But before you stop traffic and hold a parade, consider this. The European Union only addressed the physical connection. And that’s where the potential problems start. USB-C can be used for everything from USB 2.0, which would make the transfer speeds no faster than they are, to Thunderbolt 4. The latter would be a massive boost for transfer speeds and make a lot of people who use iPhones to shoot Pro Res video in 4K very happy. But only if Apple goes that route.

Consider these scenarios:

  • Apple ditches ports entirely, which would in theory comply with the EU law the way I read it. Now there have been rumours of Apple going this route for years to avoid being forced to use USB-C. But I don’t see them doing that. At least not yet.
  • Apple switches to USB-C but they also keep the USB 2.0 speeds that Lightning has. That way they can plausibly say that they comply with the new EU law. Plus for bonus points they may also introduce their own “feature” for fast data transfers off iPhones.
  • Apple switches to USB-C but they also keep the USB 2.0 speeds that Lightning has for the “regular” iPhones. And they go to Thunderbolt 3 or 4 for the “Pro” iPhones. That way they force people who care about fast data transfer speeds to spend more money.
  • Apple switches to USB-C but they go to Thunderbolt 3 or 4 for the all the iPhones. I don’t see them doing that as that would not be the Apple way of doing things since they couldn’t make extra money by doing so. But I am free to be surprised.

Beyond that, USB-C also opens up the possibility of faster charging speeds. So the iPhone could be like many Android phones that do 40W, 50W or even 100W or more of charging. But would Apple go that route or would they stick to the 20W charging that has been on iPhones for a while now? That’s a good question. My guess is no they won’t because Apple really cares about battery health. But again, I am free to be surprised.

These are all things that I suspect will not be addressed until this time next year when the new iPhone appears because Apple isn’t the sort of company to put their cards on the table so to speak. Thus while this move to USB-C is a good thing, you may have to temper your enthusiasm until more details surface in regards to what that means for iPhone users.

Leave a comment »

Hackers Spoof Scanner Notification Emails to Attach Malicious Trojans in Phishing Campaign: Avanan

Posted in Commentary with tags on October 27, 2022 by itnerd

Researchers at Avanan, a Check Point Company, discovered how hackers are using scanner notification emails to send malware to end-users. 

In this attack, end-users are sent a spoofed notification that they have received a scanned message. To spark high interest, the subject line of the email was titled “Commission Receipt”, and the email contained a scanned document appearing as a .htm file, but in fact, was a malicious trojan waiting to be clicked on to take over the end-user’s computer. 

You can read more about this novel attack here.

Leave a comment »

Review: Technaxx Pro TX-168 Universal Car Alarm

Posted in Products with tags on October 27, 2022 by itnerd

I live in Toronto Canada, and car thefts are on the rise around here. Seeing as your car is the second most expensive investment that you’ll make, it makes sense to take steps to protect it. An aftermarket alarm is one of the ways to go and I’ve got one of those to review today. Specifically the Technaxx Pro TX-168 Universal Car Alarm.

The Technnaxx Pro TX-168 car alarm is made up of these parts:

This USB or accessory socket-powered device is the “brains” of the alarm system. I would plug it into a 12V outlet and leave it there as that’s the cleanest setup possible. It has a built in battery that takes about 2 hours to charge and lasts about 2 weeks. You’ll also note that it has USB-A and USB-C connections to charge your phone which is handy. A blue LED under the dome that’s on the right side of the picture indicates charging is in process. The LED also flashes blue when the battery is low, multiple colors when pairing, and green when charged. Red blips (with audible beeps) indicate when activating and deactivating, flashing red every five seconds to indicate the system is active, or solid red to indicate when the alarm has gone off. It detects motion via a passive IR sensor and activates this speaker:

When that motion is detected, it sends a wireless signal on the 2.4 GHz band to activate this remote siren that when I tested it registered 101 dB on my Apple Watch. The siren lives in your engine bay which makes it hard to get to for bad guys. Thus this hopefully should make the more opportunistic thieves run away if they set the alarm off.

The alarm is activated and deactivated with an included key fob powered by a CR2032 battery that is included. Personally, if two people drive the same car, you need two key fobs. Thus I would have like to have seen two fobs in the box. Though I should note that you can pair up to three key fobs. One thing to note is that the key fob does double duty as a panic alarm that registered 97 dB on my Apple Watch when I tested it. The fob has a maximum range of about 10 meters (30 feet) and will work through the vehicle’s windows. If the button is held for about 4 seconds, the alarm chirps four times and the alarm is disabled.

Setup isn’t hard, but you might want to grab a friend who is comfortable under the hood of a car if you are unsure about doing this. The setup process is well documented in a really thick manual that is in multiple languages and only took me about 10 minutes to finish. I should also note that I can see a scenario where you can move this from car to car as it’s easy enough to do.

I would recommend this for someone who has an older car. By that I mean more than 6 or 7 years old as this would be an easy enough upgrade to make that car less desirable to thieves. The only downside that I can see is that the system will only stay live for up to 14 days because that’s how long the battery lasts. So if you were on vacation for a couple of weeks, that might be an issue. But at a cost of 70 Euros or $95 Canadian, it’s a cost effective means to secure the second most expensive purchase that you will make.

Leave a comment »

White House Announces Public-Private Cybersecurity Partnership With The Chemical Industry

Posted in Commentary with tags on October 27, 2022 by itnerd

The White House released a statement announcing that the government is extending its public-private cybersecurity partnership to the chemical industry:

The majority of chemical companies are privately owned, so we need a collaborative approach between the private sector and government. The nation’s leading chemical companies and the government’s lead agency for the chemical sector – the Cybersecurity and Infrastructure Agency (CISA) – have agreed on a plan to promote a higher standard of cybersecurity across the sector, including capabilities that enable visibility and threat detection for industrial control systems.

The Chemical Action Plan will serve as a roadmap to guide the sector’s assessment of their current cybersecurity practices over the next 100 days, building on the lessons learned and best practices of the previously launched action plans for the electric, pipeline, and water sectors to meet the needs for this sector. 

I secured a pair of comments on this statement from leading industry experts.

Jerry Caponera, General Manager, Cyber Risk at ThreatConnect:

There are a couple of things that worry me concerning the chemical sector. The first is that the chemical sector produces items that we may not necessarily think about but can’t survive without in modern society. Imagine a world without plastics to store our food or chemicals to make electronics.

The second is the real risk. We saw three ransomware attacks in 2019, including 2 in the US (a bigger one was Norsk Hydro). They mitigated the impact because the hit was on IT, not OT systems. But it could have been worse.

Third, there’s a massive risk with the materials in question. Chemicals produce much of what we need, but a chemical material in raw form can be dangerous. A cyber attack on a chemical system where the IT and OT systems are linked could cause a consequential loss of life. 

I’m glad the chemical industry is high on the list of sectors to watch. The ransomware attack on the colonial pipeline caused a minor blip in the supply of gas. Suppose a significant ransomware attack on chemical plants would destroy plastic packaging. That would be devastating. 

Padraic O’Reilly, Co-Founder and Chief Product Officer, CyberSaint Security

The biggest issue is that almost all infrastructure is privately held. Analogous to the pipeline: large cyber-to-physical systems with extensive OT. Complex segregation issues and legacy protocols and infrastructure. Malicious attacks and control of SCADA systems and PLCs are real vulnerabilities. Internet-connected devices and cloud migration are an issue, too. On the upside, the chemical sector has been under CFATS through DHS for over a decade. That will oil the gears. Likely that sophisticated monitoring and detection lag behind the most mature industries. Likely, too, that cyber risk management needs to be done at the executive level to ensure proper resourcing.

This can only be good for the security of the sector. Hopefully this idea spreads to other sectors as that will make us all safer.

UPDATE: I have a third comment from Wade Ellery, Field Chief Technology Officer, Radiant Logic:

     “These developments show the steady course our country is moving in to protect our most vulnerable assets, which have huge implications on the lives of our citizens. A comprehensive cybersecurity plan is the first step in tackling the immediate threat of cyber attacks. An identity-first security foundation–in which information sharing can cohesively exist throughout the different operations within the United States and our allies–must be a key component of that plan. In order for that to happen, identity security must be taken as the first line of defense for our most valued resources.”

Leave a comment »

ServiceNow Global Program To Reskill One Million People By 2024

Posted in Commentary with tags on October 26, 2022 by itnerd

ServiceNow today announced RiseUp with ServiceNow, a global program designed to skill one million people on the company’s platform by 2024. The program will fuel a new economy of in‑demand, job‑ready talent with an emphasis on faster, more equitable career paths in the high‑growth ServiceNow ecosystem.

According to IDC, 90 percent of organizations will experience a digital transformation‑related IT skills shortage by 2025, costing more than $6.5 trillion globally due to delayed product releases, reduced customer satisfaction, and loss of business.1 As business leaders double‑down on a select number of powerful platforms that deliver fast time to value, ServiceNow’s reach and scale offer customers, partners, and prospective talent the opportunity to help tackle some of the biggest problems facing business leaders today. Unlike other workflow solutions that only address one business function or industry, the ServiceNow Platform spans the entire enterprise, offering opportunities in burgeoning new sectors such as data analysis, platform development, workflow, and experience design.

RiseUp with ServiceNow expands what it means to be considered tech talent by emphasizing whole‑person competencies and “power skills” such as critical thinking, interpersonal communication, and creativity. The program builds toward a more diverse, inclusive workforce by creating meaningful opportunities for candidates to gain the skills necessary to land highly coveted technical roles. 

RiseUp with ServiceNow focuses on three pillars:

  • Lowering barriers to learning: With more than 600 free courses and 18 job‑related certification paths, Now Learning allows individuals to work at their own pace. More than 325,000 people have already completed 2.3 million courses this year.
  • Expanding opportunities for tech talent: ServiceNow NextGen offers in‑house academies and training partnerships with non‑profit and government agencies. The redesigned ServiceNow Community also connects over 450,000 members with peer‑to‑peer networking opportunities, learning forums, virtual events, and more.
  • Placing newly skilled talent in jobs: A commitment to grow the new ServiceNow Partner Placement Program will help customers and partners source, train, and assess talent from diverse backgrounds with the expectation to scale to 25 total partners by the end of 2023.

RiseUp with ServiceNow complements the company’s investments in recruitment and career advancement for its own employees, along with strategic investments in employee growth and development solutions for customers and partners.

Additional Information:

Leave a comment »

Apple Explains How WiFi 6E Works On The New iPad Pro

Posted in Commentary with tags on October 26, 2022 by itnerd

When I told you that you should not buy the new iPad Pro, which is view that I still stand by for the record, one of the things that I mentioned was this when I looked at the spec sheet and found 6GHz missing from the WiFi section:

This is something that I have to admit that I find puzzling because the way Apple defines WiFi 6E, it seems that they are using both the 2.4 GHz and 5 GHz bands to improve bandwidth and increase range based on your distance from the router. Likely because those bands have better ranger than 6GHz. But my understanding of WiFi 6E is that there is no WiFi 6E without the 6GHz band. This article on WiFi 6E from Cisco seems to support my understanding of how WiFi 6E works. And I cannot find this dual band use case. Though if there is one, I would love it if someone can point me towards it. In any case if you accept that there is no 6E without the 6GHz band, what is Apple doing here? I admit that I am pretty perplexed by this because I cannot see them making this sort of mistake by saying that the iPad Pro has something that isn’t technically possible. I guess we’ll have to wait until someone gets their hands on one and lights it up on a WiFi 6E router and tells the world what happens next.

Well, Apple has released a support document to clear this up. Or at least try to.

For best performance with Apple devices, the Wi-Fi router providing the network should use a single network name across all of its wireless bands: the 2.4GHz band, the 5GHz band, and the Wi-Fi 6E network’s 6GHz band.

If the router isn’t using the same name for all bands, your device identifies the network as having limited compatibility. It then finds the name of the corresponding 5GHz network and asks whether you want to join it for better compatibility. 

  • If you select OK, your device joins the 5GHz network without the benefits of Wi-Fi 6E.
  • If you select Not Now, your device continues to use the Wi-Fi 6E network, but your overall experience with some activities over the network might not be as expected.

Well, let’s think about this for a second. There is a reason why companies or individuals break up their network by band and give each band a separate name, and that reason is compatibility. For example, I have an ASUS ZenWiFi XT8 router that has three separate networks:

  • A 2.4 GHz that has a couple of HomeKit devices as well as a printer on it.
  • A 5 GHz network that has the majority of my gear including MacBooks, iPhones, A Roku TV, and a PC among other things.
  • There’s a second 5 GHz band that acts as a wireless backhaul for the two nodes of the XT8 router.

I did this because when I had a single network name for the first two bands, some of my gear either wouldn’t connect at all. For example, some of my HomeKit gear would fall into that category. Or if they did, the faster gear would sometimes connect on the slower band. Which of course is a #Fail.

Also, I for one also want more details on what “overall experience with some activities over the network might not be as expected.” with separate bands means. I’m very curious what Apple means by that, and why it doesn’t apply to have separate 2.4ghz and 5ghz on routers that don’t support 6E.

It gets better though. There’s also this tidbit:

If you administer the network, you can make that change in the webpage or app used to administer the router. Edit the names for each band so that they’re all the same.

Based on what I said earlier, having Apple tell you to change your network to make their iPad Pro work with WiFi 6E doesn’t change the fact that nobody is going to change a network that works perfectly fine for their needs. Or put another way, this is not going to happen in most cases.

I think that what this document makes clear is that Apple is doing something different when it comes to WiFi 6E. And that’s likely not going to be a good thing for the few people who have WiFi 6E in the home or office. And I suspect that we’ll start hearing about it shortly as new iPad Pros should be in the wild today. And once people start posting experiences that aren’t exactly positive, Apple will have to respond to that in more detail than this.

UPDATE: I had a reader of this blog reach out to me on Twitter to say that he had problems with his iPad Pro on WiFi 6E:

https://twitter.com/brandonkruger5/status/1585674361972875266
https://twitter.com/brandonkruger5/status/1585675728560996354

I’m going to be keeping an eye on this closely as this could be the start of people complaining about WiFi 6E on their iPad Pros.

Leave a comment »

New Zoho Report Finds that 73% of Canadian SMBs are Optimistic about the Future, Forecasting 10-20% Growth in the Next Six Months

Posted in Commentary with tags on October 26, 2022 by itnerd

The newly released Zoho SMB Outlook Report by Zoho Corporation, a leading global technology company, reveals that Canadian small and medium-sized business leaders are optimistic about their business prospects and looking to hire. According to the survey, 40.1% of respondents expect 1-10% growth; 22.7% expect 11-20%; and 10.6% expect growth of 20+% over the next six months.  

Surveying 1,526 Canadian business leaders (C-level to manager) about business performance, staffing, the economy, pandemic responses, and tech usage, the Zoho SMB Outlook Report additionally reveals that 64.6% of business respondents say their pricing has been impacted by inflation.

The Canadian SMB Outlook Report builds on two previous versions of the report that surveyed individuals in May, 2022, and October, 2021. The May report indicated that 81.2% of respondents were optimistic about the next six months and forecasted 1-20+% growth. Currently 73.4% feel similarly optimistic, which suggests that the economy and news of a recession have muted respondents’ enthusiasm, but not by much.

Key Survey Findings:

Business Growth:

Respondents feel good about their business prospects, with 40.1% of respondents expecting 1-10% growth and 22.7% expecting 11-20%, and 10.6% expecting growth of 20+% across the following regions. 

  • Alberta – 40% expecting 1-10% growth, 24.8% expecting 11-20%, and 6.7% expecting growth of 20+% during the next six months. 
  • BC – 41.3% expecting 1-10% growth, 22.7% expecting 11-20%, and 9.1% expecting growth of 20+% during the next six months. 
  • Ont. – 40% expecting 1-10% growth, 24.5% expecting 11-20%, and 10.8% expecting growth of 20+% during the next six months. 
  • Quebec – 37.8% expecting 1-10% growth, 25.2% expecting 11-20%, and 13.5% expecting growth of 20+% during the next six months. 

Staffing:

Staffing plans show optimism with 43.4% planning to hire, 51.2% expecting no change, and only 5.5% anticipating layoffs.

  • Alberta – 41.8% hiring, 50.9% no change, 7.3% layoffs
  • BC – 41.3% hiring, 53.3% no change, 5.4% layoffs
  • ON – 43.6% hiring, 51.9% no change, 4.5% layoffs
  • Quebec – 44.8% hiring, 48.7% no change, 6.5% layoffs

The majority of respondents who are hiring struggled to find staff, with 47.5% saying yes, 35.9% saying no, and 16.6% not hiring.

  • Alberta – 48.5% yes, 35.9% no and 15.8% not hiring
  • BC – 46.3% yes, 30.6% no and 23.1% not hiring
  • ON – 45.2% yes, 38.8% no and 16% not hiring
  • Quebec – 57.4% yes, 32.2% no and 10.4% not hiring

Inflation:

Inflation is affecting businesses, with 64.6% of respondents saying they’ve been impacted and 35.4% indicating no changes.

  • Alberta – 72.1% yes, 27.9% no
  • BC – 59.9% yes, 40.1% no
  • ON – 66.3% yes, 33.7% no
  • Quebec – 67.8% yes, 32.2% no

The majority of respondents increased prices, with 25.2% raising prices by 1-2%, 24.9% raising prices by 3-5%, and 20.2% raising prices by more than 5%. 29.7% said the question applies to them, suggesting perhaps that they didn’t increase their prices.

  • Alberta – 29.1% raised prices by 1-2%, 23% raised prices by 3-5% and 20.6% raised prices by more than 5%.
  • BC – 20.7% raised prices by 1-2%, 24.4% raised prices by 3-5% and 19% raised prices by more than 5%.
  • ON – 26.9% raised prices by 1-2%, 25.6% raised prices by 3-5% and 19.1% raised prices by more than 5%.
  • Quebec – 22.6% raised prices by 1-2%, 29.6% raised prices by 3-5% and 25.2% raised prices by more than 5%.

A Link to the report dashboard can be found here: Zoho SMB Outlook Report

Report Methodology

Conducted in August, 2022, by Zoho Survey, this study contacted 1,526 individuals across Canada. Participants in the study included a range of business leaders, from manager roles to the C-level, at small and large enterprises across a variety of industries.

The Canadian SMB Outlook Report builds on two previous versions that also surveyed individuals in May, 2022 and October, 2021.

Leave a comment »

« Older Entries
Newer Entries »