Armorblox has released its latest security research that will dive into the details of a credential phishing attack that spoofed the professional networking platform LinkedIn.
How this works: The attackers impersonated the trusted LinkedIn brand to send out spoofed emails, evoking a sense of urgency that unusual activity was suspected. The socially engineered email contained a link sending victims to a fake website mimicking a legitimate LinkedIn sign in page.
This aggregate fiber switch is the newest addition to the EnGenius unified cloud platform. The switch is a powerful tool for boosting traffic flow and network performance in large-footprint businesses like multi-dwelling units, hotels, resorts, and university campuses—delivering the fastest speeds available.
Administrators have the advantage of using the EnGenius Cloud for fast configuration, 24/7 monitoring, and remote tech-savvy troubleshooting tools of the fiber switch from everywhere. Its compact design can help administrators easily scale from 12 to 24 SFP+ ports on a single rack as network demands increase. With its lightning-fast speeds and super long-distance capabilities, this aggregate switch is the perfect solution for large organizations that need to keep their network running at peak performance.
The EnGenius fiber aggregate switch will come in at a competitive price of $699 MSRP.
Posted in Commentary with tags Scam on October 25, 2022 by itnerd
The scams keep coming. Today it’s Netflix that’s being used in a scam and it’s somewhat interesting. First you get this text message:
Now clearly this isn’t from Netflix as the grammar is poor, but the link isn’t a Netflix domain. Those alone should make you run for the hills. But because I want to see how these scams work so that you don’t become a victim, I clicked on the link, which you should never ever do.
So you get this and if you look at the address, it has the word similar to Netflix in it, but it’s not Netflix. Clicking continue takes you here:
So first they want your Netflix credentials. Crafty as perhaps there’s a black market for that sort of thing. But I think it’s for another purpose. As in to gain your trust for the next step in this scam.
Hmmm…. Name, date of birth, credit card number. Sound like a two for one here to grab not only your credit card details, but enough details to pull off identity theft. That’s confirmed on the next screen:
Asking for your address confirms that this scam has an identity theft component. By the way, I typed in bogus credit card info and the website didn’t validate it. Clearly the scammers didn’t try too hard here.
Once you enter your details, the scammers dump you to the real Netflix page. Because if you actually entered your real details, you just got pwned and you’re in trouble. The question is, who set this up. Well, there’s no telling as based on this, the website was set up today and whomever did it doesn’t want you to know who they are:
Chances are, when Netflix finds out about this site, and seeing as I tagged them on this post they will find out, this site will be shut down. But it will be live with another domain provider and hosting provider by tomorrow. Which is unfortunate. Still this illustrates why you need to be on guard as Netflix would never send you a text message about some problem with your account. Thus if you get a text message like this, do yourself a favour and delete it.
Posted in Commentary with tags CybSafe on October 25, 2022 by itnerd
CybSafe, the behavioral risk platform helping organizations change behavior to reduce security risk, has launched the next iteration of SebDB, the world’s most comprehensive security behaviors database.
SebDB is the result of collaboration between academics, government, and industry experts. It maps over 70 specific security behaviors linked to security risks. This helps security professionals prioritize the targeting of specific security behaviors to reduce risk.
It enables organizations to take a vital next step in protecting their organization that many miss. While many organizations train their people with Cybersecurity Awareness and Training, it is often not measured in any meaningful way. The links between security behaviors and risks are not always clear. It’s hard to know which interventions to apply. It’s harder still to explain how interventions reduce risk.
SebDB is built by the community for the community. It is a research effort and a practical tool that helps security professionals with the complexity and risk they face now and into the future. It helps organizations change behavior linked to security risks.
In a world where access to technology is no longer optional, people behave differently with technology, providing more opportunities for cyber criminals. By focusing on security behavior rather than generic and ineffective Security Awareness and Training, organizations will better protect themselves.
In a recent blog written by Forrester analyst Jinan Budge, she states: “SebDB, a crowdsourced database by CybSafe, for example, contains a comprehensive list of over 70 digital behaviors to pay attention to; it goes a step further and also ties them to the risk that they pose.
“Digital behaviors include using a VPN, tethering a laptop, locking devices, changing passwords, and using password managers. While many training programs try to train people on these behaviors, hardly any of them measure whether these behaviors pose a risk to organizations, or, if they do, whether the training actually changes these behaviors. A recent NIST study supports this, with 44% of survey participants rating ‘what to measure and how to measure program effectiveness’ as ‘very’ or ‘moderately’ challenging.”
Posted in Commentary with tags Telus on October 24, 2022 by itnerd
TELUS has been awarded the Sustainability Excellence Award at the World Sustainability Awards 2022 for its global leadership and commitment to building a better, more sustainable future. Held in Munich, judges recognized TELUS for its ambitious sustainability strategy, environmental business practices and rapid progress on diversity and inclusion. TELUS was also recognized at the Global Good Awards 2022 in London, placing bronze as Global Good Company of the Year. Both of these award ceremonies recognize individuals, organizations, and businesses around the world who are driving positive social and environmental change.
TELUS’ recognition at the World Sustainability and Global Good Awards follows a number of international accolades recognizing TELUS’ global leadership in sustainability, corporate citizenship, social purpose, and environmental and social reporting, including:
Dow Jones North American Index ranked TELUS as the top North American company in environmental, social and governance (ESG) performance in the telecommunications sector for the 21st year in a row
Awarded the Terra Carta Seal for leadership on climate change energy transition
Recent recipient of several 2022 Loyalty360 Awards including the Social Impact and Corporate Social Responsibility and CSR & Social Impact Awards
Posted in Commentary with tags Apple, EU on October 24, 2022 by itnerd
You might recall that the European Union recently passed a law requiring devices sold within the union to have USB-C. Since most phones and tablets already have USB-C, one could plausibly argue that this law is squarely aimed at Apple as they have stuck with Lightning on iPhones even though Lightning is really USB 2.0 with a fancy connector. Which in 2022 is quite sad.
Today, the final steps to bring this law into effect are done and this law is now good to go according to this press release:
The new rules will make a USB-C charging port mandatory for a whole range of electronic devices. This will mean that most devices can be charged using the same charger. For consumers to know exactly what they are buying, the directive introduces a pictogramthat specifies whether a new device comes with a charger and a label indicating the charging performance.
The directive also allows consumers to choose whether to purchase a new device with or without a charger. This will not only save consumers money, but will also reduce the electronic waste associated with the production, transportation and disposal of chargers. Four years after the directive enters into force, the Commission will assess whether this unbundling of sales should be made mandatory.
Although becoming more popular, wireless charging has not yet been harmonised across devices. To enable this technology to become available for more devices, the Commission will work on harmonising wireless charging for electronic devices and on interoperability based on technological developments.
Categories of devices concerned
The new rules will apply to a wide range of portable devices:
mobile phones
tablets and e-readers
digital cameras and video game consoles
headphones, earbuds and portable loudspeakers
wireless mice and keyboards
portable navigation systems
In addition, all laptops will also be covered by the new rules 40 months following the entry into force of the directive.
So from the sounds of it, Apple will need to convert AirPods over to USB-C along with the Magic Mouse, Magic Keyboard, and Magic Trackpad given that all their laptops and tablets already have USB-C. While it’s been rumoured that Apple has been testing USB-C iPhones, they have a lot of work ahead of them. But I for one cannot wait for a USB-C iPhone as Lightning is dead and has been for years. The other thing that I note is this re-ignites the charger in the box debate. Apple led the way on not including chargers in the box of a new phone. But based on this, it sounds like they will have to rethink that.
Posted in Commentary with tags Asus on October 24, 2022 by itnerd
I’ve only done this once before with Linksys routers, but I am being forced to do this again as ASUS has put out a firmware version for their ZenWiFi XT8 router that will cause you problems. Specifically the firmware version is 3.0.0.4.388.21099 which was released on October 3rd. This firmware appears to have some sort memory leak issue. Meaning that it consumes all available RAM memory on the router until it runs out and crashes. When this happens, you will see the following:
The router will work fine for four or five days.
The child node will suddenly disconnect and you will see a blue flashing light.
The primary node will look fine with a white light, but there is no WiFi available.
A reboot will bring everything back online. But only for four or five days where the above will repeat. This has been reported in a couple of places like Reddit and SNBForums. What’s interesting is that UKTechHub has posted that ASUS has released a new firmware to a user on that forum that seems to address this issue. That implies that ASUS knows that this issue exists. Why ASUS hasn’t widely released a newer firmware that addresses this problem that they seem to know about remains a bit of an open question.
Until ASUS formally addresses this, your best bet is to stay on firmware 3.0.0.4.386.49873. If you have already upgraded to 3.0.0.4.388.21099, then your best bet is to do the following:
Download and install firmware 3.0.0.4.388.21099 using method 2 from these instructions.
After updating do a factory reset of the router using these instructions.
Using a computer and a web browser, connect to the router and using the advanced options, upload the backup of the configuration that you saved in the first step.
The reason why I recommend going this route is that for whatever reason, ASUS routers do not cleanly update the firmware. And that leads to all sorts of weird issues that are hard to track down. In my case, it breaks HomeKit unless I go through the steps above.
Now you could just stay on 3.0.0.4.388.21099 until ASUS decides to fix this. But you’ll have to reboot your router every four or five days which is a pain. Thus I would hope that ASUS decides to step up to the plate and addresses this with a firmware fix. But I am not holding my breath as based on my recent experience with them and how they support their customers, ASUS doesn’t seem to be that sort of company. Though they are free to prove me wrong.
UPDATE: ASUS has released a newer firmware to address these issues. More info here.
Posted in Commentary on October 24, 2022 by itnerd
Roku’s latest and most powerful streaming device is here. And this version has a couple of interesting things going for it that may make you shell out $129 Canadian for it. The player in question is the 2022 version of the Roku Ultra. Here’s what you get in the box:
You get the player, a HDMI cable which is a nice touch, a USB-A to Micro USB cable to charge the remote, a pair of headphones with different earth sizes, the new Roku Voice Remote Pro, the power adapter and some documentation. About the only thing that I could be critical of is the fact that while it’s great that the Voice Remote Pro is rechargeable meaning that you don’t have to put batteries into it frequently, it charges via Micro USB rather than USB-C seeing as this is a USB-C world. But that’s a minor gripe that I got past quickly.
The back of the Roku Ultra has a USB-A port, an HDMI port, Ethernet, and power.
As usual, setup of this Roku device is laughably easy:
Connect the HDMI cord to the Roku Ultra and TV
Plug the Roku Ultra into the power outlet using the provided power adapter
Change your TV to the input that the Roku Ultra is on and follow the instructions to pair your remote, create your account, and pick your channels and perform software updates on the device if required.
Done. Declare victory and have a beer!
One thing that I didn’t mention is that the Roku Ultra has the ability to connect over WiFi 5 as well as Ethernet which is 10/100 Mbps (which may strike you as odd, but you only need 25 Mbps or so for a 4K HDR stream so it’s fine). That’s great as that gives you a second option if your WiFi sucks for whatever reason. Which of course will affect the quality of the streams that you watch. And as usual, the selection of channels is impressive. Roku has pretty much anything and everything that you could possibly want. And navigating through the user interface is dead easy.
So, this all sounds like every other Roku review that I have done. Well, there are some things that stand out with the Roku Ultra that I would like to highlight:
Dolby Vision is on board along with HDR10+. That means that if you have a TV that supports HDR generally, or either one of those standards specifically, and you use content that is encoded in either one of those standards, colours will just pop and in the case of Dolby Vision, the picture will be as accurate as it would be at your local movie theatre. Especially if that TV has a mini-LED or OLED display.
Dolby Atmos is on board this time around which means that if you have an audio system that supports this, audio will simply be top shelf.
The remote is a serious step forward for Roku as you can use hands-free voice commands, set personal shortcuts for your favorite channels, control your TV, and the like. And if you lose the remote, you can find it using the Roku Official Remote Control App a sonar sound that comes out of the remote’s speaker. Plus I could also listen to shows and music through the Roku Ultra through the pair of provided headphones.
But the main thing that I noticed about this iteration of the Roku Ultra is how fast it was. This is unlike a lot of its competition where switching from menu to menu can often be a jittery experience. One last thing that I would like to point out is that the Roku Ultra ships with Roku OS 11.5. I wrote about the fact that this brings Apple Fitness+ integration here, which means that you also have one less reason to buy an Apple TV. Especially since it supports HomeKit and AirPlay. Though I will also mention that it also support Google Home and Amazon Alexa.
So, at $129 Canadian when I checked on Amazon, is this worth it? Hands down, the Roku Ultra is one of the best streaming device solutions on the market today. It offers one of the most powerful devices on an easy to use platform with integrated functionalities, such as the ability to connect over Ethernet or WiFi, and control the device with your voice. Combine that with the addition of HDR10+ along with Dolby Atmos and Dolby Vision, and the return of smart home support makes this streaming device a compelling value. If you’re in the market for a streaming device, the Roku Ultra has to be on your list.
Posted in Commentary with tags Kentik on October 23, 2022 by itnerd
We’ve all seen our fair share of SPOOKY network attacks, and this Halloween Kentik is taking it a step further with their own DDoS horror story! Yes, the team at Kentik has written their own tale of network terror just in time for Halloween!
In a data breach notification on its website, the healthcare system is informing patients that an incorrectly configured tracking pixel – placed on the MyChart and LiveWell websites and applications and on some scheduling widgets – exposed some of their information.
The pixel, the company says, “transmitted certain patient information to third-party analytics vendors that provided us with the pixel technology, particularly for users concurrently logged into their Facebook or Google accounts.”
Potentially exposed information includes IP addresses, information on scheduled appointments, patient proximity to an Advocate Aurora Health location, provider data, type of appointment or procedure, MyChart communications (including names and medical record numbers), insurance details, and the names of patient proxies.
Advocate Aurora Health says it has no evidence that Social Security numbers or financial account and credit/debit card details were exposed in the incident.
“We have disabled and/or removed the pixels from our platforms and launched an internal investigation to better understand what patient information was transmitted to our vendors,” the healthcare provider says.
Advocate Aurora Health says it has found no evidence that the exposed data has been misused and also notes that the misconfiguration is unlikely to lead to identity theft or financial harm.
I’m skeptical that this screw up won’t cause identity theft or financial harm. Facebook and Google sole purposes in life is to harvest information and then find ways to make money from it. Thus I can see a scenario where someone could get access to this info and then use it to to make the lives miserable of the people who are affected by this. I guess that’s why this health care provider is offering up the advice of checking your credit report. Likely because while they don’t think anything bad has happened, they don’t know for sure.
I for one hope that there’s an external investigation into this, and punishment if warranted is handed out swiftly because companies simply need to do a much better job of protecting data like this.
Hackers impersonate ‘proPHISHional’ network, LinkedIn, to steal user credentials: Armorblox
Posted in Commentary with tags Armorblox on October 25, 2022 by itnerdArmorblox has released its latest security research that will dive into the details of a credential phishing attack that spoofed the professional networking platform LinkedIn.
How this works: The attackers impersonated the trusted LinkedIn brand to send out spoofed emails, evoking a sense of urgency that unusual activity was suspected. The socially engineered email contained a link sending victims to a fake website mimicking a legitimate LinkedIn sign in page.
Read more about this attack vector here.
Leave a comment »