BlackByte Ransomware Now Included Data Theft Capabilities

Posted in Commentary with tags on October 21, 2022 by itnerd

A BlackByte ransomware affiliate is using a new custom data stealing tool called to steal data from compromised Windows devices so that they can do double extortion attacks reports Bleeping Computer. This news comes months after the FBI released an advisory on the strain, following its use to breach three companies in the US’ critical infrastructure.

Kevin Bocek, VP of Security Strategy & Threat Intelligence at Venafi has this to say:

“Following attacks on US critical infrastructure, the FBI released an advisory on BlackByte ransomware in February. But clearly this has done little to deter threat actors. They’ve built on BlackByte’s success with this latest update, which now includes next-generation double extortion capabilities, including a direct upload of exfiltrated data to Mega cloud with hardcoded credentials. This should set alarm bells ringing for organizations. Double extortion tactics make it much harder to say no to ransomware demands because the safety net of ‘restore from backup’ is no longer there to fall back on.

Our research shows that 83% of ransomware attacks now make use of double extortion tactics. Threat actors – who are essentially just developers gone bad – have worked hard to improve their product, and the cybersecurity industry should be responding in kind. Ransomware often evades detection because it runs without a trusted machine identity. So, organizations must be managing machine identities via a control plane to reduce the use of unsigned scripts, increase code signing and restrict the execution of malicious macros. This is vital to a well-rounded ransomware defense.”

As these ransomware gangs evolve their attacks, companies need to evolve their defences accordingly. Otherwise they’ll just become victims of these ransomware gangs.

Leave a comment »

Elon Musk Says That He Will Slash 75% Of Twitter Jobs

Posted in Commentary with tags on October 21, 2022 by itnerd

The latest plot twist in the Elon Musk wants to buy Twitter saga is this report saying that Musk will take a massive axe to the company and get rid of 75% of the people who work there:

Musk told prospective investors in his deal to buy Twitter that he planned to get rid of nearly 75% of the company’s 7,500 workers, according to internal documents and interviews by The Washington Post

Musk’s deal to buy Twitter for $44 billion is expected close by next Friday in good faith after a months-long legal battle with Twitter.

The Post found that even if Musk does not end up buying Twitter, massive layoffs would still be in the picture for the social media company.

Twitter’s current management reportedly planned to slash the company’s payroll by about $800 million by next year regardless of the deal, which the Post said would mean at least a quarter of Twitter’s workforce would have to depart. 

On top of that, with all the turmoil and chaos that Musk creates wherever he goes, I am surprised that Twitter employees haven’t headed to the exits on masse as nobody wants to have this sort of chaos as something that they need to deal with on a daily basis. And for those who are still there and haven’t found employment elsewhere, this might be the last straw that sends them to the exits. It’s clearly not a good situation for Twitter and there are no winners here.

2 Comments »

#Fail: Microsoft Admits To “Accidentally” Exposing Sensitive Customer Data

Posted in Commentary with tags on October 20, 2022 by itnerd

Microsoft yesterday admitted to accidentally exposing sensitive customer data after failing to configure a server security. The involved files were exposed from 2017 to August 2022, including data such as:

  • Names
  • Email addresses
  • Email content
  • Company name
  • Phone numbers

In addition, Microsoft warned that the exposed data may include “attached files relating to business between a customer and Microsoft or an authorized Microsoft partner.”

SOCRadar claims that the sensitive data of over 65,000 entities in 111 countries on a misconfigured Microsoft server that had been left accessible over the internet.

What could possibly go wrong with that sort of info floating around for anyone to get access to?

John Stevenson, Product Director at Cyren had:

     “Given that Cloud server ‘misconfigurations’ are one of the most common root causes for the loss of personally identifiable information (PII), it is extremely important that organizations stay vigilant for any attempt to target them or their employees, especially through phishing attempts. While there is currently no evidence that the PII accessible from the server has been exploited in the wild, search tools such as the one referenced here are undoubtedly double-edged. At this time, the ‘BlueBleed’ site allows any authenticated user to search the data repository. With the news of this leak, it is essential that organizations look to additional security controls that operate in the inbox to identify targeted, socially engineered email attacks that are routinely missed by Microsoft’s native security controls.”

SOCRadar, which has dubbed the data breach “BlueBleed”, has created a website where concerned companies can search to see if their data has been exposed. You might want to pay a visit to see if your company has been affected.

Leave a comment »

Google Launches My Ad Center Globally

Posted in Commentary with tags on October 20, 2022 by itnerd

Today Google is announcing the launch of My Ad Center, which will start rolling out gradually to people globally. At Google I/O, they pre-announced My Ads Center, a new ads product that allows users to customize their ads and manage the information Google uses to personalize ads. 

In addition to the features announced at I/O, the new features in the product include:

  • More controls for activities used to personalise ads: My Ad Center expands their privacy controls to allow users more direct control over which data sources, specifically Web & App Activity and YouTube History, are used to personalize your ads across Google Search, YouTube, and Discover
  • Expanding user control for sensitive categories: In My Ad Center, users have the ability to see fewer ads in five sensitive categories, including alcohol, dating, gambling, pregnancy and parenting, and weight loss. Before, this feature affected ads shown on YouTube and Display. Now, it expands to ads shown on Search and Discover
  • Advertiser pages: To give people even more transparency, Google is enhancing ad disclosures with new advertiser pages. Users can access these disclosures in the new My Ad Center panel and see the ads a specific verified advertiser has run over the past 30 days

The full blog with more details is available here.

Leave a comment »

It Seems That I Am The Target Of A Phishing #Scam… What A Bizarre Feeling This Is

Posted in Commentary with tags on October 20, 2022 by itnerd

I woke up this morning to an email that is targeting me in a phishing scam. Which is really bizarre as I spend a lot of time and effort writing about and helping people deal with scams. Now I get that scammers don’t read this blog, and don’t know that I spend a lot of time and effort exposing their nefarious activities so that my readers don’t run afoul of scams. But it is still kind of bizarre when one hits my inbox. Especially since this specific scam leverages my email server:

Before I get into dissecting this phishing email, let me disclose something. I run my own email server and I have total control over it. That is part of the reason why I find this phishing email bizarre. Because this scam would lead me to believe that I was sending an email to myself as I am the administrator of this server and the user of the email account on this server.

In any case let’s walk through this email. It is using the following elements to get you to hand over your email credentials:

  • It claims that you have emails pending for delivery and you need to do something to get them into your inbox. It also claims that if you don’t take action “users” won’t be able to receive new messages, and you need to prevent that from happening. That’s the call to action so to speak in terms of getting you to buy into the scam.
  • It also claims that any emails that are in this state will be deleted in “1 day” and they will “delete the data 90 days later”. That’s to create a sense of urgency so that you fall for the scam.

So why would someone want me to hand over my email credentials? Simple, the scam is meant to be a gateway to allow the scammer to perpetrate identity theft or take over the mailbox to use it for some other fraudulent activity. Or they may be trying to simply drop malware on your system.

Your best advice is to never, ever click the links that are in an email like this. And if you have already trusted such an email and attempted to log-in with your account details via a third party site, you are strongly advised to immediately change the password within your email service. Then scan your computer for malware.

Speaking of the link, this was the link that was present behind the words “Recover Pending Messages to your Inbox”:

https://siasky.net/EACVfUpVNlUjV1WtVftU_p8aJqloinzOcbOUSc5xCd6J5w#nerd@theitnerd.ca

From what I can tell as a page never came up when I went to this link, it’s either trying confirm that the email address was live, or drop some malware onto my computer, or do something else evil. I cannot say for sure. But I took my own advice and changed passwords for the email accounts that are on this server just in case. I’ll be watching things very closely over the next little while to see if these threat actors do anything else as I have now made myself a bit of a honeypot for their activities. And if they do something interesting, you’ll be the first to know.

1 Comment »

Hackers Hijack College Student Accounts to Launch BEC-Style Attacks: Avanan

Posted in Commentary with tags on October 20, 2022 by itnerd

Researchers at Avanan, a Check Point Company, have discovered hackers are spoofing legitimate college student email accounts to send out larger BEC and credential harvesting campaigns. 

In this attack, hackers compromise legitimate student email accounts to send out emails warning users of blocked messages that can only be released by clicking on the provided link. The link redirects victims onto a credential harvesting page that not only gives hackers access to key company information, but gives them the ability to send out even more attacks from the target account.

You can read the full report here.

Leave a comment »

If You’re In The Market For The New iPad Pro, You Should Skip It

Posted in Commentary with tags on October 19, 2022 by itnerd

Apple released the new iPad Pro on Tuesday. The headline feature of this iPad Pro is that it comes with the M2 chip. But before you rush out to get one, I would say that you shouldn’t get one. Here’s a list of reasons why you should give this iPad Pro a hard pass:

  • The M2 chip doesn’t give you a whole lot more: With the exception of better Pro Res encoding and decoding, the M2 chip is by Apple’s own marketing only gives you a 15% bump in speed. That’s odd because the new MacBook Air gets an 18% bump in speed. Neither of these pieces of hardware have a fan so you would think that they would be similar in performance. But clearly there’s either some sort of difference that made Apple bring down the performance of the M2 in this new iPad Pro. And keep in mind, that 15% is likely peak performance. Which means the real speed increase will be less.
  • The M1 chip in the iPad Pro was already overkill: Given that the iPad Pro with the M1 chip was already destroying every other tablet out there, you have to ask yourself if you really need something that is even faster. I would argue that unless you need something specific like the better Pro Res encode and decode engines, likely not. Plus I am dubious if you would actually see the difference between the M1 and M2 variants of the iPad Pro.
  • The camera hardware is already 2 years old: Apple didn’t bother to change any of the camera hardware in the iPad Pro which is the same hardware that was in the iPhone 12 Pro phones. Which means that it doesn’t support Dolby Vision which the iPhone 13 Pro and iPhone 14 Pros do. And pro users which this iPad Pro targets will want to use the best camera available. Which means that this isn’t it.
  • Speaking of the camera hardware, there’s no landscape camera: The budget iPad got a landscape camera this year. But oddly enough the iPad Pro which is aimed at pro users allegedly didn’t get that landscape camera. That means that users on Teams and Zoom calls will still look like they are not looking at the camera. How does that make sense on a “Pro” tablet?
  • The Apple Pencil hover feature isn’t new: Apple is marketing that the iPad Pro’s hover feature is new and cool. The thing is it is not new. Samsung did this on its tablets ages ago. So this is Apple’s marketing at work using the “reality distortion field” to try and sell iPad Pros.

All of that really doesn’t make the new iPad a good value. But there’s one more thing. Does the iPad Pro Come With WiFi 6E? I ask because when you look at the the spec sheet, it says this:

This is something that I have to admit that I find puzzling because the way Apple defines WiFi 6E, it seems that they are using both the 2.4 GHz and 5 GHz bands to improve bandwidth and increase range based on your distance from the router. Likely because those bands have better ranger than 6GHz. But my understanding of WiFi 6E is that there is no WiFi 6E without the 6GHz band. This article on WiFi 6E from Cisco seems to support my understanding of how WiFi 6E works. And I cannot find this dual band use case. Though if there is one, I would love it if someone can point me towards it. In any case if you accept that there is no 6E without the 6GHz band, what is Apple doing here? I admit that I am pretty perplexed by this because I cannot see them making this sort of mistake by saying that the iPad Pro has something that isn’t technically possible. I guess we’ll have to wait until someone gets their hands on one and lights it up on a WiFi 6E router and tells the world what happens next.

So, instead of buying this iPad Pro, what should you get? Well that depends on who you are:

  • If you have an iPad Pro before the M1 version came out, go to Amazon and buy the iPad Pro with an M1 in it.
  • If you don’t have an iPad Pro, the above advice apples to you as well.
  • If you have an iPad Pro with an M1 processor in it. Don’t upgrade.

To me, this iPad Pro is all about Apple doing as little as possible to try and get a bump in sales for iPad Pro models. If that is the case, pro users should really skip this model as there’s not enough here to justify a purchase. Instead you should wait for Apple to come up with an iPad Pro that has enough that is new and different to justify you giving them your hard earned money.

1 Comment »

Singapore Announce Ransomware Task Force

Posted in Commentary with tags on October 19, 2022 by itnerd

Singapore has today announced the formation of an inter-agency ransomware task force which will pool representatives from different sectors to better tackle ransomware attacks aimed at businesses. The task force, set up earlier this year, will develop and make recommendations on possible policies, operational plans and capabilities to improve Singapore’s counter-ransomware efforts.

Dr. Darren Williams, CEO and Founder of BlackFog had this to say:

     “Interconnectivity and alignment between government entities is paramount for any country, regardless of size, to establish a unified approach towards ransomware prevention. As noted by the Coordinating Minister for National Security, the attacks against Costa Rica served as a prime example of how quickly your entire nation can be undertaken from the swift actions of a skilled attacker. Moving forward, these targeted countries must not only focus on preventing ransomware as a whole, but on preventing sensitive data from being exfiltrated. We have seen time and time again how even when a ransomware attack is dealt with, once data has been stolen, the damage can perpetuate indefinitely.”

I think that this is a great move as one can respond better to these sorts of attacks if everybody is on the same page. I’ll be watching Singapore to see how well this works out.

Leave a comment »

Guest Post: 49% of IT professionals believe AI poses an existential threat to humanity

Posted in Commentary with tags on October 19, 2022 by itnerd

Artificial intelligence (AI) technology is closer to us than ever before. However, could AI pose a threat to humanity?

According to the data presented by the Atlas VPN team, 49% of IT professionals believe innovation in AI presents an existential threat to humanity. Despite that, many other experts see AI as a companion who helps with various tasks rather than a future enemy.

Nearly three out of four (74%) IT professionals think AI will automate tasks and enable more time to focus on strategic initiatives. About two-thirds (67%) of IT professionals believe that AI will be a mission-critical element of their business strategy in the years to come. 

In addition, three out of five (62%) experts expect to work alongside intelligent robots or machines in the next 5 years. On the other hand, some professionals think that AI can also cause harm, as 55% feel that AI will create major data privacy issues.

About half of IT experts believe that AI will put IT jobs at risk and that innovation in AI presents an existential threat to humanity.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on AI technology:

“The AI we have today can benefit businesses by making various tasks easier. However, that does not guarantee it is always positive. AI is a tool with potentially harmful consequences if used in the wrong hands. Despite this, it appears unlikely that it will pose an existential threat to humanity in the near future.”

Use cases for AI

Many businesses already utilize AI for many different tasks.

In the next 2 years, 45% of IT professionals plan to use AI for data analytics. Furthermore, s Also, AI will be used to detect and deter security intrusions and fraud in 40% of surveyed specialists companies in the upcoming years.

One out of three (34%) IT experts plan to use AI for machine learning. Another third (31%) of professionals believe their company will use AI for transferring and cross-referencing data. In addition, 29% of experts see AI helping with web and social media analytics and natural language processing in the next 2 years.

To read the full article, head over to: https://atlasvpn.com/blog/49-of-it-professionals-believe-ai-poses-an-existential-threat-to-humanity

Leave a comment »

Nobody Should By The New iPad… And I Do Mean Nobody

Posted in Commentary with tags on October 19, 2022 by itnerd

Yesterday, Apple released its latest version of the iPad. To be specific, I mean Apple’s entry level iPad which up until yesterday was a dated product. But because it was so cheap, it didn’t matter. Well, Apple updated it, sort of. But they seriously jacked up the price. And they did some stuff to it that really makes you scratch your head.

The net result is this: Nobody should buy this iPad.

That sounds harsh. But let me explain why:

This is nothing but a repackaged fourth generation iPad Air that has been crippled by Apple: Ignoring the fact that this looks exactly like the previous generation iPad Air, if you look at the specs of the fourth generation iPad Air, and the specs of this iPad, they’re very similar. But Apple clearly went through some effort to cripple it in the following ways:

  • Unlike the fourth generation iPad Air, the new iPad has a non-laminated screen that does not support P3 wide colour gamut. Plus there’s no anti-reflective coating.
  • Unlike the fourth generation iPad Air, the new iPad only supports the first generation Apple Pencil. And to add insult to injury, it needs an adapter to pair and charge the Apple Pencil because it has USB-C rather than Lightning. Not that you can get one of those adapters, or an Apple Pencil with the adapter in the box until November.
  • The price is much higher. This new iPad jumps from $449 Canadian to $599.

If I have to make a guess about why this was done, it would go something like this.

  • Apple likely tried to recycle the fourth generation iPad Air to make their new budget iPad because that design has been paid down and it should have kept costs low. Apple has done that with products like the iPhone SE which is based on the iPhone 8 with internals from more recent iPhones for example. And it’s worked for them in the past. But whether it was due to the current economic situation, or some other factors that were beyond Apple’s control, they clearly couldn’t hit the $449 price target. So they cut a bunch of corners to keep the price down. Even if it meant that this iPad was way less appealing.
  • As for the Apple Pencil situation, my guess is that this was done to keep the education market happy as they likely have a ton of generation one Apple Pencils lying around that they won’t or can’t throw in the bin. And they would also not be happy if they were forced to use the generation two Apple Pencil. Even if making that move would have been the right decision by Apple.

Now to be fair, they did update the following in the new iPad:

  • It comes with the A14 Bionic processor, which was in the previous generation iPad Air which should provide a bit of a speed boost.
  • They upgraded the camera hardware in a serious way going to 12 MP for front and rear. Which should provide better photos for those people who insist on taking photos with their iPad.
  • It now does up to 4K video and the front camera is now in landscape orientation and it supports centre stage. So that you don’t look weird on your next Teams or Zoom meeting.
  • It finally comes with USB-C.

But the main reason why I cannot recommend this iPad is the price. At $599 It starts to encroach into the territory of the current iPad Air at $799 Canadian. And that iPad is much faster with an M1 processor and support for the second generation Apple Pencil which makes it a much better buy because you get more iPad for your money. Conversely, the previous generation iPad which costs $449 Canadian is still available. Likely because Apple knew that the price of this new iPad would be an issue. Regardless, it is still a great buy. And it’s an even better buy if you grab it from Amazon who often carries it for less than Apple does. It’s a great value and one that you should consider if you need a new iPad and don’t need the horsepower of the iPad Air. Which to be frank, most of us don’t. Either way, this new iPad is a big miss by Apple. And you shouldn’t pay for their mistake by buying it.

Leave a comment »

« Older Entries
Newer Entries »