FlashBox Expands Into Vancouver

Posted in Commentary with tags on October 12, 2022 by itnerd

FlashBox, a technology-based, same-day delivery company offering cost-effective deliveries for businesses has launched in Vancouver.

The company, which started in Toronto, Ontario, provides faster and more affordable delivery than other providers by using technology to accelerate their processes. The streamlined operations allow FlashBox to deliver to customers same-day.

Same-day deliveries are picked up and delivered within 10 hours. Orders are scheduled through an online dashboard every morning before 11:00 am. Then, picked up between 11:30 am and 2:30, to then be delivered to residential addresses between 4:00 pm and 10:00 pm.

FlashBox’s elaborate tracking experience offers customers full visibility around delivery. A live map view allows you to be informed of delivery times and exact driver location. Text and email notifications update both the sender and receiver. Prices start at only $6 per delivery. 

FlashBox plans on expanding into Montreal, Calgary and other major cities across Canada soon.

Leave a comment »

PhishLabs By HelpSystems Identifies Phishing Campaigns That Are Abusing Google Ad Click Tracking Redirects

Posted in Commentary with tags on October 12, 2022 by itnerd

PhishLabs by HelpSystems has identified attackers leveraging a weakness in Google’s ad service to carry out phishing campaigns on U.S. and Canadian Financial Institutions. This weakness abuses the fact that the URL shown in Google Ads is not the linked site but rather the final destination, including redirects. By leveraging conditional redirects, the attackers create ads that appear legitimate but will redirect to hostile sites.

In these attacks, both ad text and link hovering falsely state the user will be redirected to the targeted organization’s legitimate site. When the user clicks on the ad, they are routed through multiple redirects before landing on a phishing page. 

Malicious Google Ad 

Legitimate click tracking redirects begin at Google Ads and are routed through numerous click trackers before landing at their desired destination. Google Ads display the user’s final landing page due to client preference that the ad link not display the click tracker. In these attacks, threat actors create their own redirects, which they set up to lead to the legitimate site. 

When Google traces the redirects, they see the appropriate site and will have the Ad display the legitimate URL. Threat actors then configure the redirect to use certain criteria such as geo location to direct certain users to a phishing site. These campaigns are potentially utilizing other obfuscation techniques to evade detection by Google, as well.

In the example below, attackers have incorporated a redirect that is not only malicious, but also contains logic that will hide its true destination. When Google attempts to determine where the user will land, they see a legitimate credit union site. As a result, they will only display the credit union URL. If the end user clicks on the ad, they will instead land on a different site that is malicious. In this case, the redirect would only display the phishing site if the user IP was based in Minnesota. 

Stacy Shelley, VP of marketing for email security and digital risk protection at PhishLabs by HelpSystems, says:

“It used to be the case that when you hover over a Google Ad, you would see a Google tracking link, and that made it very easy to abuse. So, Google started processing all the redirects until it gets to the final landing page. If the page is legit, the ad will be published with the final landing page as the hover link (no redirects displayed).

“What we’re seeing indicates there are weaknesses in that process that threat actors are exploiting. They use conditional geolocation logic to present the legitimate landing page when Google scans their ad. Google publishes the ad and displays the legit landing URL on hover. As a result, you get a more convincing ad experience (no odd URL) that still redirects targeted victims to a malicious site.”

PhishLabs Actions 

PhishLabs has technology in place to monitor Google Ads for malicious content targeting its client base. With the recent change in behavior, the company is in the process of enhancing detection capabilities for these threats. 

PhishLabs is actively working with Google and providing information on the behavior observed to reduce the prevalence of these threats and sharing live threat examples as they are detected. Google is also working on implementing preventative measures. 

Thanks to PhishLabs By HelpSystems for supplying me with all of this information so that I could present it to you.

Leave a comment »

Repair, recycle and upcycle: Join the movement to reduce electronic waste

Posted in Commentary with tags on October 12, 2022 by itnerd

TELUS is sponsoring Canada’s first ever Circular Economy Month this October, an awareness campaign that focuses on the importance of waste reduction and recycling. The majority of Canadians, 69 per cent, say their mobile phone is their most expensive personal item, however less than half of the population has actually repaired their phone and only 12 per cent of Canadians have ever purchased a used device. To help address this problem, TELUS is encouraging Canadians to repair, recycle or upcycle their pre-loved phones or tablets, helping to contribute towards the circular economy by prolonging their device’s lifespan, reducing electronic waste and keeping them out of landfills. 

Canadians can be an active participant in the circular economy this month and all year round by:

  • Repairing pre-loved devices. Canadians can keep their devices longer and minimize waste by visiting one of TELUS’ Mobile Klinik stores to have it repaired, whether it’s a cracked screen, sluggish operating system or water damage, or other issues. Each day, Mobile Klinik refurbishes 300 devices across its more than 125 locations in Canada.
  • Recycling pre-loved devices. Bring a pre-loved device into a TELUS store where the team will responsibly recycle it to keep it out of landfills. TELUS will also plant a tree for every device recycled as part of its mission to plant its one millionth tree. Learn more about how to recycle your device.
  • Upcycling pre-loved devices.Drop off pre-loved phones or tablets at a TELUS store and the team will upcycle them to connect a Canadian-in-need through TELUS’ Mobility for Good® program. TELUS’ Mobility for Good provides access to smartphones for youth aging out of foster care, low-income seniors and Indigenous women at risk or surviving violence. Find out more about donating your phone.  

Circular Economy Month aligns with TELUS’ focus on environmental sustainability and its long-standing efforts to help preserve and protect the planet. TELUS’ 2021 Sustainability Report outlines its environmental, social, and governance strategy and priorities which includes the ambitious goal to use 100 per cent renewable energy by 2025. TELUS’ network infrastructure and investments are helping Canadians transition to a sustainable future through the digitization of the economy, including optimizing energy consumption at home and reducing food waste through its TELUS Agriculture solutions. 

To learn more about TELUS’ commitment to a more sustainable future, visit telus.com/sustainability.

Leave a comment »

Guest Post: Revealed: Instagram users are most likely to get their accounts hacked

Posted in Commentary with tags on October 12, 2022 by itnerd

With the social media user base growing daily, social media account hacks are becoming increasingly common. However, user profiles of some social media platforms get compromised more often than others.

According to the data presented by the Atlas VPN team, based on the Identity Theft Resource Center survey, Instagram users suffered the most from account takeover in 2021. In total, 84% of social media account takeover victims reported that their Instagram accounts got hijacked by scammers. 

Instagram, which has over 1.4 billion monthly active users, is the world’s fourth most popular social media channel.

A quarter (25%) of social media takeover victims also reported losing their Facebook accounts to malicious actors. Twitter was reported by only 3% of social media account takeover victims, followed by WhatsApp (1%) and LinkedIn (1%). A whopping 68% of victims have not regained access to their social media accounts. 

Social media accounts are highly valuable to cybercriminals as they hold a wealth of personal information, which may include the user’s full name, email address, phone number, birth date, physical address, photos, private messages, and more, and can be used to commit fraud.

A hijacked social media account can be utilized to take over even more accounts by publishing fraudulent posts, sending the victim’s contact list malicious links, and asking their friends to reveal personal information or provide funds. The malicious actors can also extort the account owner for money in exchange for getting back the stolen account. 

Some social media accounts, like Facebook, can be used to log into various other online accounts, such as online banking, which may hold even more sensitive information. Additionally, cybercriminals can sell compromised social media accounts on the dark web. 

Top ways hackers gain access to social media accounts

Malicious actors have many methods to trick victims out of their valuable information, funds, or social media accounts. 

Posing as a “friend” is an effective scam tactic, as people let their guard down when communicating with people they know. According to the survey, nearly half (49%) of social media account takeover victims clicked on a link in a direct message from a friend before losing access to their social media accounts. 

Cybercriminals also use “get-rich-quick” schemes to lure in unsuspecting victims and steal their personal data and accounts. A fifth (20%) of social media victims lost their accounts to cybercriminals by responding to cryptocurrency and other investment scams.

Moreover, over a tenth (13%) of social media takeover victims provided personal information, including 2FA codes, PINs, and one-time passwords, which led to them losing access to their social media accounts.

To read the full article, head over to:

https://atlasvpn.com/blog/revealed-instagram-users-are-most-likely-to-get-their-accounts-hacked

Leave a comment »

New Attack Targets Entrepreneurs Using Google Forms To Exploit Government Agency SBA Covid Loans In Email Phishing Campaign

Posted in Commentary with tags on October 12, 2022 by itnerd

As the medical threats of the pandemic wane, cybersecurity threats remain on solid footing. INKY has revealed the latest phishing attack that its cybersecurity researchers have discovered in which government loans and grants for small businesses are being used as bait by cyber criminals in a sophisticated credential harvesting and brand impersonation scheme that uses Google Forms.

The new research explores the attack campaign and flows overview of the origin of hijacked accounts, abused Google Forms websites payload, brand impersonation and free cloud resource abuse techniques, and targeted attacks against entrepreneurs.

You can read the full report from INKY here.

Leave a comment »

Russia Is Afraid Of Meta And Bans Them Under The Guise Of Being “Extremist”

Posted in Commentary with tags , on October 11, 2022 by itnerd

Clearly Meta and the companies under that umbrella has made Russia nervous. I say that because Rosfinmonitoring who is Russia’s Federal Financial Monitoring Service, has added Meta who owns Facebook, Instagram, and WhatsApp, to its list of terrorists and extremists. Keep in mind that Russia cut off Facebook in March, but this latest move by Russia is another step forward:

The battle lines between Western technology platforms and Russia were drawn months ago.

Facebook has not been missed as much as it might have been – because of the popular Russian clone, VK.

But Instagram remains huge in Russia – and the widespread use of virtual private networks (VPNs) means the ban on the platform has not actually stopped people accessing it.

This new official “terrorist” designation could change that though.

It might mean it is now a criminal offence to use Instagram, even via a VPN.

It is also unclear whether the designation includes WhatsApp. 

Banning this, the most popular messaging app in Russia, would cut citizens off from the outside world in a truly profound way.

Which is likely what Putin and his cronies want. And it’s also likely retaliation for removing all VK apps from the Apple App Store and Google Play Store.

It’s safe to say at this point that this is likely to escalate further and both sides are likely going to dig in for a much longer fight.

Leave a comment »

Google Makes A Number Of Announcements At Google Cloud Next ‘22

Posted in Commentary with tags on October 11, 2022 by itnerd

Today at Google Cloud Next ‘22, Google announced several new customers, partners, and product offerings to further demonstrate how Google Cloud is the cloud of the future. 

Here’s the key news: 

  • Google’s mission at Google Cloud is to accelerate the ability of every organization to digitally transform its business. Today, thave have a number of new global customer and partner announcements to demonstrate how they’re helping organizations in every industry accelerate their cloud journeys. 
  • Today, Google is announcing the addition of several new customers including the Australian Securities Exchange, Coinbase, Prudential PLC, Rite Aid, Twiga Foods, and more, in addition to momentum and expanded partnerships with existing customers like Accenture, Ford, HCLTech, Snap, T-Mobile, Toyota, and Wayfair
  • Google is also making a number of product announcements across 4 key pillars: 

Data Cloud: Through a series of deepened partnerships with data leaders like MongoDB, Elastic, and Palantir, Google confirms that Google Cloud offers the industry’s most open data cloud. Google is announcing support for major data formats including Apache Iceberg available now with Delta Lake, and Apache Hudi coming soon. Google is also offering a new integrated experience in BigQuery for Apache Spark and support in BigQuery for unstructured data. Additionally, Google is announcing new updates in Cloud BI, including Looker Studio, and brand new offerings from Cloud AI including Vertex AI Vision and Translation Hub

Open Infrastructure Cloud: Google is making a number of announcements across open infrastructure to deliver workload-optimized infrastructure, including enhancements to their Google Cloud Skills Boost learning offering for developers, Assured Open Source Software Service, and Open Source AI. To help IT teams build infrastructure for transformation, Google is also announcing a series of infrastructure and migration updates that include: the C3 machine series, and a new mainframe modernization solution called Dual Run, and plans to bring Google Cloud regions to five new countries.

Trusted Cloud: To provide Google’s customers with extensible cybersecurity solutions in the cloud, Google will advance partnerships with 20-plus software companies focused on digital sovereignty and cybersecurity. Google is also announcing Confidential SpaceChronicle Security OperationsSoftware Delivery Shield for end-to-end software supply chain security, and updates to their trusted cloud partner ecosystem with 20+ partners focused on cybersecurity and data controls. 

Collaboration Cloud: Google is taking the biggest steps yet in making Google Workspace the most open and extensible platform for users with new integrations, partnerships, and developer tools. Google is announcing several updates to Google Workspace, including new features that enable immersive connections, new smart canvas capabilities, and new ways to keep users and data safe across even more apps. Google is also announcing new integrations and developer tools to bring people closer together. 

You can read more from Google Cloud CEO Thomas Kurian here about what’s next for digital transformation in the cloud, Google Cloud’s recent acquisition of Mandiant, and much more. 

Leave a comment »

Armorblox Appoints Illumio Co-founder and CEO Andrew Rubin To Its Board Of Directors

Posted in Commentary with tags on October 11, 2022 by itnerd

Armorblox, a cloud delivered email security platform company, today announced the appointment of Andrew Rubin to its board of directors. Rubin, who currently serves as the Chief Executive Officer of Illumio, joins Armorblox in its efforts to protect organizations against email-based, sophisticated and targeted cyberthreats.

Rubin brings deep insights that are drawn from a very successful career that spans decades of experience taking new ideas from inception and building them into category-defining companies. Goldman Sachs has named Rubin as one of the “100 Most Intriguing Entrepreneurs” each year since 2015 as part of its Builders & Innovators program. Under Rubin’s leadership, Illlumio has  built the industry for zero-trust security segmentation and has raised over $500M in venture capital, achieving unicorn status and servicing more than 15% of Fortune 100 companies — including Morgan Stanley, BNP Paribas SA, and Salesforce. 

The Armorblox platform connects over APIs and analyzes thousands of signals to understand who users are, what they do, and how they communicate. With this context, Armorblox protects against advanced email attacks like business email compromise, and also helps organizations stay compliant by preventing sensitive data from falling into the wrong hands. Armorblox protects over 58,000 customers including several Fortune 500 and Cloud 100 organizations.

Leave a comment »

Review: Kensington Pro Fit Ergo Vertical Wireless Mouse

Posted in Products with tags on October 11, 2022 by itnerd

Seeing as I am largely working from home, I am always on the lookout for new gear to help me to improve my work from home setup. As part of that setup, I’ve been using this Kensington mouse for the last few months and it’s been fine. But I’ve decided to give another mouse a try to see if it could make things better for me. And that mouse is the Kensington Pro Fit Ergo Vertical Wireless Mouse.

As you can see, this is a pretty unique looking mouse which is clearly aimed at those who are right handed. When I hold the mouse, it really feels like someone took the time and effort to create a mouse that fit my hand. And the angle that the mouse places my wrist is very comfortable. It actually feels that this is the angle that my wrist should be in.

Besides having the usual left and right buttons and scroll wheel, you also get an extra button that increases the DPI of the mouse to up to 1600 DPI which is how I run this mouse.

There are two other buttons on the left side of the mouse that your thumb can use. All the buttons can be programmed using the KensingtonWorks software for PC or Mac. Since I’m a Mac user I have my mouse programmed like this:

I have the middle button set to activate the Launchpad so that I can get quick access to apps.

The two buttons on the side are set to Mission Control and Show Desktop. What this means for me is that I can do a lot of the things that I used to need my trackpad on my MacBook Pro to do from the mouse. If I wanted to, I could also set things up on a per application basis which means that control enthusiasts out there can use this mouse to control everything.

All of this connects to your computer using a 2.4 GHz USB dongle. I wish that this mouse had the option to use Bluetooth instead as I have to burn a USB-A port on my dock to use this mouse. But the flip side to that is that this mouse tracks extremely well and is very responsive because of the fact it uses that dongle. So I am mostly fine with that.

The big question is how does the mouse feel in my hands? Well as I mentioned earlier, the mouse places your wrist in a position where it feels very comfortable. I’ve been using it for the last few days and I have had no issues with it thus far. Though I will note that I am still getting used to it as I find myself trying to hold it like a regular mouse. To enhance the comfort, I am continuing to use my DeltaHub Carpio 2.0 wrist rest with it. Which makes this combo a win for me. I can see this mouse also being a win for those who have issues using a regular mouse because they have wrist problems, or because it doesn’t give them a comfortable position to work in. I’d also recommend it if you want to avoid having issues in the future with your wrist.

The Kensington Pro Fit Ergo Vertical Wireless Mouse goes for about $30 CDN. That’s not a lot of money to get a comfortable mouse that you can use all day. If you’ve had problems with regular mice, I’d recommend that you give this one a shot as I think it can work for you. Plus because of the programmable buttons, it will enhance your productivity as well.

1 Comment »

BREAKING: Lufthansa Now Says That It Is NOT Banning AirTags After Saying That It Was Banning AirTags

Posted in Commentary with tags on October 10, 2022 by itnerd

So…. Let’s recap. German airline Lufthansa put out some very public statements via its Twitter feed saying that it is banning AirTags. But they cited a regulation that does not cover AirTags at all. Thus many including yours truly to say that Lufthansa is only banning AirTags because they have a propensity for losing passenger luggage, and passengers have a propensity for using AirTags to make the airline look like a dummkopf.

Now it seems that they might have changed course. Maybe. The airline is now claiming that they aren’t banning AirTags:

But wait… Lufthansa said this on their Twitter feed:

At this point, it’s pretty clear that the airline can’t keep their story straight. Which means the level of blowback is so huge that they cannot construct a coherent walk back narrative from this train wreck next to a dumpster fire. So Lufthansa, which is it? Are you banning AirTags or not? A message that makes sense acknowledges and walks back your original public statements would be welcome at this point. Because right now you do look like a dummkopf when it comes to how you’ve handled this whole situation,

Leave a comment »

« Older Entries
Newer Entries »