Tech & Marketing News

Top 10 Website Design Companies in Toronto

When it comes to finding the right web design company for your business, it can be overwhelming to sift through the countless options available in Toronto. To help make the process a little easier, we’ve put together a guide on how to choose a web design company and a list of 10 top web design companies in Toronto, along with their pros and cons.

When looking for a web design company, it’s important to consider factors such as their portfolio, experience, and services offered. A company’s portfolio will give you a good idea of their design style and the types of projects they’ve worked on in the past. Experience is also important, as a company with more experience will likely have a better understanding of industry trends and best practices. Lastly, make sure the company offers the services that you need, whether it be website design, e-commerce solutions, or digital marketing.

  1. Ruckus Digital: Ruckus Digital is a digital agency based in Toronto that specializes in web design and development, e-commerce solutions, and digital marketing. Pros: Experienced team, diverse portfolio, and a full range of services offered. Cons: Not much information available on pricing.
  2. Edkent Media: Edkent Media is a and development company that offers services such as website design, mobile app development, and digital marketing. Pros: Experienced team, diverse portfolio, and a full range of services offered. Cons: No information about pricing available.
  3. Web3: Web3 is a full-service digital agency that specializes in website design and development, e-commerce solutions, and digital marketing. Pros: Experienced team, diverse portfolio, and a full range of services offered. Cons: No information about pricing available.
  4. Design Lab: Design Lab is a web design and development company that provides services such as website design, e-commerce solutions, and digital marketing. Pros: Strong portfolio and experienced team. Cons: Limited information available on pricing.
  5. Pixelcarve: Pixelcarve is a full-service digital agency that specializes in website design and development, e-commerce solutions, and digital marketing. Pros: Strong portfolio, experienced team, and a full range of services offered. Cons: No information about pricing available.
  6. BAMF Media: BAMF Media is a web design and development company that offers services such as website design, mobile app development, and digital marketing. Pros: Strong portfolio and experienced team. Cons: Limited information available on pricing.
  7. The Grid: The Grid is a full-service digital agency that specializes in website design and development, e-commerce solutions, and digital marketing. Pros: Strong portfolio, experienced team, and a full range of services offered. Cons: No information about pricing available.
  8. Caveni Digital: Caveni Digital is a web design and development company that provides services such as website design, e-commerce solutions, and digital marketing. Pros: Experienced team, diverse portfolio, and a full range of services offered. Cons: No information about pricing available.
  9. Global Graphics: Global Graphics is a full-service digital agency that specializes in website design and development, e-commerce solutions, and digital marketing. Pros: Experienced team, diverse portfolio, and a full range of services offered. Cons: No information about pricing available.
  10. Digital Shift: Digital Shift is a web design and development company that offers services such as website design, mobile app development, and digital marketing. Pros: Experienced team, diverse portfolio, and a full range of services offered. Cons: No information about pricing available.

In conclusion, choosing the right web design company for your business can be a daunting task, but by considering factors such as their portfolio, experience, and services offered, you can narrow down your options and find the company that best suits your needs. Additionally, it’s important to research and compare pricing, as well as to have a clear understanding of your own budget and goals for the project.

It’s also worth noting that the above list is not exhaustive and there are many other great web design companies in Toronto. We recommend taking the time to research and explore different companies to find the one that best fits your needs and budget. With the right web design company by your side, you can create a website that effectively showcases your business and drives results.

Top 10 SEO Companies in Toronto: A Comprehensive List to Choosing One Agency

When it comes to promoting your business online, search engine optimization (SEO) is an essential strategy. SEO is the process of optimizing your website to rank higher in search engine results pages (SERPs) for relevant keywords. This can help increase visibility, traffic, and ultimately, conversions. However, with so many SEO companies out there, it can be difficult to know where to start. In this blog post, we’ll take a look at 10 of the best SEO design companies in Toronto and what makes them stand out.

  1. Edkent Media: Edkent Media is a full-service and digital agency that specializes in SEO. They offer a wide range of services, including keyword research, on-page optimization, content creation, and link building. They also have a strong track record of delivering results for their clients. Cons: They are not a budget-friendly agency.
  2. Wisdek: Wisdek is a digital marketing agency that offers a range of services, including SEO. They have a team of experts who can help with everything from keyword research to technical optimization. They also have a strong track record of delivering results for their clients. Cons: They are not a budget-friendly agency.
  3. Digital Shift: Digital Shift is a full-service digital agency that specializes in SEO. They offer a wide range of services, including keyword research, on-page optimization, content creation, and link building. They also have a strong track record of delivering results for their clients. Cons: They are not a budget-friendly agency.
  4. Mouth Media: Ignite Digital is a digital marketing agency that offers a range of services, including SEO. They have a team of experts who can help with everything from keyword research to technical optimization. They also have a strong track record of delivering results for their clients. Cons: They are not a budget-friendly agency.
  5. Digital Ducats: Digital Shift is a full-service digital agency that specializes in SEO. They offer a wide range of services, including keyword research, on-page optimization, content creation, and link building. They also have a strong track record of delivering results for their clients. Cons: They are not a budget-friendly agency.
  6. Eccentric CBI: Ignite Digital is a digital marketing agency that offers a range of services, including SEO. They have a team of experts who can help with everything from keyword research to technical optimization. They also have a strong track record of delivering results for their clients. Cons: They are not a budget-friendly agency.
  7. The Best Media: Digital Shift is a full-service digital agency that specializes in SEO. They offer a wide range of services, including keyword research, on-page optimization, content creation, and link building. They also have a strong track record of delivering results for their clients. Cons: They are not a budget-friendly agency.
  8. Digital Chaabi: Ignite Digital is a digital marketing agency that offers a range of services, including SEO. They have a team of experts who can help with everything from keyword research to technical optimization. They also have a strong track record of delivering results for their clients. Cons: They are not a budget-friendly agency.
  9. You Rank Well: Digital Shift is a full-service digital agency that specializes in SEO. They offer a wide range of services, including keyword research, on-page optimization, content creation, and link building. They also have a strong track record of delivering results for their clients. Cons: They are not a budget-friendly agency.
  10. Wise Vu: Wise Vu is a digital marketing agency that offers a range of services, including SEO. They have a team of experts who can help with everything from keyword research to technical optimization. They also have a strong track record of delivering results for their clients. Cons: They are not a budget-friendly agency.

Conclusion: When it comes to choosing an SEO design company in Toronto, it’s important to consider a variety of factors, including the services they offer, their track record of delivering results, and their pricing. The companies listed above are all highly reputable and have a proven track record of success in the industry. However, it’s important to remember that the right company for you will depend on your specific needs and budget. We recommend reaching out to a few different companies and having a consultation with each one to determine which one is the best fit for your business. It’s also important to mention that the above list of companies are just examples and it’s important to do your own research and due diligence when selecting the right company for your business.

Cyber Security Today, March 18, 2024 – Fix this Python vulnerability, patch these industrial control system products, the latest data breaches and more

Fix this Python vulnerability, patch these industrial control system products, the latest data breaches and more.

Welcome to Cyber Security Today. It’s Monday, March 18th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.



 

I’m back after some time away. A big thanks to Jim Love for doing recent podcasts.

Developers and IT administrators overseeing servers running the aiohttp open-source Python framework should make sure they’re using the latest version. This is because the ShadowSyndicate ransomware gang is looking for vulnerable versions of this utility as an entryway for network compromise. According to researchers at Cyble, a patch was released at the end of January to close this hole. However, the researchers say that since February 29th threat actors, including ShadowSyndicate, are scanning the internet for vulnerable servers. If you haven’t looked for and patched this framework by now you’re asking for trouble.

The U.S. Cybersecurity and Infrastructure Security Agency has released advisories for a bunch of network-connected industrial control systems. These include 11 products from Siemens, two for Mitsubishi Electric’s MELSEC line, one for Delta Electronics and one for Softing.

You may soon be able to buy intent-connected home surveillance cameras, refrigerators, fitness trackers, baby monitors and other consumer products in the United States with a cybersecurity safety information sticker. That’s because the U.S. Federal Communications Commission has voted to create a cybersecurity labeling program for wireless consumer products. It will be voluntary for manufacturers to meet the yet-to-be-created standard to earn a U.S. Cyber Trust Mark. But it could help people make informed purchasing decisions — like, ‘If this product doesn’t have the label, why should I buy it?’

There’s good news and bad news in Sophos’ latest annual Threat Report. The good news is that technology for blocking the execution of malicious macros in documents is working. The bad news is that threat actors are responding by increasingly distributing malware through malvertising, like manipulating search engine results to ensure high placement of poisoned websites. Employees need to be warned about this tactic. A link to the report is here. 

The FBI is investigating a ransomware attack that hit at least three of 14 district attorney’s offices in New Mexico last week. According to Source New Mexico, impacted servers belonged to the Administrative Office of the District Attorneys, which supports the DAs. One server affected is used by prosecutors and public defenders to share court records. Those records would include names of people accused of crimes, evidence and prosecutors’ case notes. The attack started last Wednesday. It was hoped things would have been back to normal on Friday.

Here’s the latest data breach news:

Personal data on as many as 43 million residents of France may have been stolen in a recent attack on France Travail, the nation’s job search site. A database with information of people registered over the past 20 years including names, dates of birth, the equivalent of social security numbers and email addresses was copied.

Missouri’s Saint Louis University is notifying over 93,000 students, faculty and employees that their email accounts were hacked over a seven-month period.

Nations Direct Mortgage, an American mortgage lender, is notifying over 83,000 people of a data breach. Information copied included names, addresses, Social Security numbers and individuals’ loan numbers.

Someone is pedaling a huge database of three-year-old information that claims to be from American communications provider AT&T. According to Security Affairs, this database was stolen in 2021 by a group called ShinyHunters. At the time AT&T denied the data had been stolen from its system, leading to speculation that it was copied from a third-party data processing firm.

The International Monetary Fund has acknowledged that 11 email accounts of staff were compromised earlier this year. It released no other details. The IMF provides short and medium-term loans to troubled nations around the world.

Over 18,000 people are being notified by a Texas oil and gas exploration company that personal data it holds about them was stolen in January. In a filing with the Maine attorney general’s office, Eland Energy said a hacker got into its virtual server and stole people’s names, dates of birth, Social Security numbers and addresses.

Over 11,000 people who bought wine and other items on the website of the Biltmore estate, a North Carolina tourist attraction, are being notified their credit or debit card information was stolen last month. The company says data-stealing code was inserted into the website application it uses to process online orders. This application is hosted by a third-party vendor.

Finally, people with older wireless devices that no longer get security updates should always think of moving up to newer hardware for security reasons. This is more important than ever because of a recently-discovered family of 5G vulnerabilities called 5Ghoul. They can knock the devices off the air or force downgrading to the slower 4G cellular service. As an article from the SANS Internet Storm Centre points out this can affect anything running 5G — laptops, industrial sensors, internet-connected TV cameras, and smartphones and tablets. Patches for many devices have been released, but if a 5G wireless modem on your network or your mobile device can’t be updated any more you could be hit by this malware.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, March 18, 2024 – Fix this Python vulnerability, patch these industrial control system products, the latest data breaches and more first appeared on IT World Canada.

Apple buys Canadian AI startup: Hashtag Trending for Monday March 18, 2024

Apple buys a Canadian artificial intelligence startup, a new chip could promises to decrease costs and reduce the environmental footprint of AI, Citrix angers its partners and clients as rumours of new pricing and product bundling hit the street and are tech layoffs the “new normal?”

All this and more on the “how to lose friends and influence people” edition of Hashtag Trending. I’m your host, Jim Love, CIO of IT World Canada and TechNewsDay in the US.

Apple has acquired DarwinAI, a Canadian artificial intelligence startup focused on using AI for quality inspections in manufacturing. The acquisition highlights Apple’s growing investments in generative AI technology, an area the iPhone maker has said will be a major focus area.

While Apple has been tight-lipped about its specific plans, CEO Tim Cook recently teased that the company will share more details on its generative AI initiatives later this year. Cook described generative AI as a “huge opportunity” for Apple.

The DarwinAI deal follows Apple researchers publishing an academic paper just yesterday exploring multimodal large language models – focusing on computer vision and pattern recognition – Apples clearly has some deep research going on.

Though the financial terms were not disclosed, Apple confirmed the acquisition with its standard statement about buying smaller tech firms from time to time. But the move signals Apple is ramping up its AI capabilities, likely to integrate generative AI across its hardware, software and services offerings.

As one of the world’s most valuable companies, Apple’s moves in the generative AI space are worth watching.

Sources include Axios and Cornell University

While tech giants like Nvidia and Intel dominate the headlines in artificial intelligence hardware, a startup called Groq  is quietly positioning itself as a powerful new player in this chip design and manufacturing for AI.

This is not Elon Musk’s AI chat bot, which is spelled G R O K.  This is G R O Q – the names are similar, but this is a totally different company.

 

Based in Mountain View, California, Groq has developed specialized AI chips it calls “language processing units” or LPUs. The company, backed by investors like Tiger Global and Lee Fixel’s Addition, claims these LPU chips can run AI models 10 times faster than conventional hardware at just one-tenth the cost.

As the recent explosion in generative AI drives skyrocketing demand for computing power, Groq’s founder and CEO Jonathan Ross says his startup’s technology could reshape the economics of the industry. He estimates that while OpenAI has projected needing $7 trillion for a new chip business, Groq could achieve similar capabilities for just $700 billion thanks to its more efficient chips.

With about 4,500 LPU chips already deployed and plans for 1.5 million by the end of next year, Groq is betting big that its technology will be a key enabler as AI goes mainstream across industries. The company is not only selling cloud access to developers, but also pitching its hardware directly to enterprises running their own data centers.

So while Nvidia’s annual conference next week will likely capture outsized attention, this Silicon Valley startup could emerge as an unexpected disruption in AI’s critical chips race.

As concerns grow over the technology’s immense capital requirements and carbon footprint, Groq represents a tantalizing prospect – bringing the same cutting-edge AI capabilities at a fraction of the cost and environmental impact.

 

There are emerging reports that Citrix has made sweeping changes to its partner program that have left many in the channel stunned and outraged.

According to sources briefed on the new arrangements, Citrix plans to double the price for monthly partner licenses starting September 1st, unless partners commit to paying for an entire year upfront. The impacted products will be bundled into a new “Citrix Universal for CSP” offering.

Citrix has reportedly justified the price hike by claiming a flexible monthly model introduces too much cost uncertainty. But partners who were present at the unveiling described the atmosphere as “stunned silence followed by anger and disbelief” over the changes.

Not only will monthly licenses essentially double in price, but Citrix is also alleged to be slashing rebates paid to its channel partners. This one-two punch could force many to raise prices for customers or shift focus to rival services like Microsoft’s Windows 365 Cloud PCs.

And if those two weren’t enough, Citrix is  also rumoured to be unveiling a new “Platform License” that many see as adopting the same controversial bundling strategy employed by semiconductor giant Broadcom after their takeover of VMWare

The Platform License is reported to be an invitation-only offering that bundles all of Citrix’s existing products like its virtual desktop infrastructure, application delivery controllers, analytics tools and more.

 

This mirrors the recent moves by Broadcom after acquiring VMware, where it stopped selling certain VMware offerings individually in order to drive adoption of more comprehensive bundles.

The reported moves come as Citrix’s parent Cloud Software Group is facing intensified competition, including VMware’s desktop virtualization products potentially being spun out under new Broadcom ownership.

With over 2 million active Citrix subscribers, the pricing shakeup could trigger a significant disruption across the virtual desktop infrastructure space.

Citrix has so far declined to confirm or deny these changes, leaving partners anxiously awaiting official word on the controversial new program.

One thing is for certain. If you are dependent on partner support and Citrix is a critical part of your technology stack, it would be worth having a discussion with your support partner and also looking at your alternatives – not as a panic decision, but to take the time to educate yourself in advance of potential cost and support impacts.

Sources include:  The Register (Story 1 and Story 2)

The tech industry is facing a harsh new reality – mass layoffs may becoming the norm, not the exception.

According to an article in TechSpot in this first quarter of 2024, an astonishing 209 tech companies have already cut over 50,000 employees, according to data tracked by Layoffs.fyi. This comes on the heels of nearly 270,000 tech workers losing their jobs in 2023.

 

And it’s not just startups feeling the squeeze. Industry giants like Alphabet, Amazon, Microsoft and Meta have all implemented major workforce reductions in recent months. If these numbers are correct, this is second only to the dot-com bust of 2001.

While companies initially blamed over-hiring during the pandemic and inflation, that story is wearing thin this year as many of the big tech companies sit on significant cash reserves. Experts suggest the real reason for the layoffs is that it props up stock prices.

Not only are jobs insecure, but generous tech salaries and benefits appear to be stagnating after years of increases. According to compensation data, an entry-level AI role still commands six figures, but raises are no longer a given.

For tech workers accustomed to being heavily recruited, the landscape has shifted drastically. Some are leaving the industry entirely or settling for less lucrative positions with fewer perks.

With companies continuing to prioritize cost-cutting to please Wall Street, the new normal of cyclical layoffs looks poised to persist across Silicon Valley and beyond. As one professor warns – tech employees and investors have largely accepted this harsh reality, so the job cuts are likely here to stay for some time.

We did a story on the weekend edition where we talked about how some cybersecurity pros are now moonlighting on the dark web to find new employment or to make up for what they feel are inadequate wages.

I want to stress that I’ve had to let people go not so our shareholders could make more, but to try to ensure the survival of the company. It’s been agonizing and I think, no matter how we tried to handle it, it angered employees – even when I explained I hadn’t taken a salary in a year.

Imagine the resentment that is building in companies that have huge cash reserves, but are letting people go for no other reason that a few percentage points on their stock price in the short run. This is not a recipe for employee engagement and, while we don’t condone it in any circumstance, it’s also causing employees to take actions which might ultimately damage the tech industry.

We are smart people. There has to be a better way to handle this.

 

That’s our show for today.

Thank you to all of the people who got back to me in my attempt to do a census of our listeners. I have to say that Western Canada rocks! We got twice the response from the West and I answered every email that had a question or a comment personally. If I somehow missed you, my apologies, but you folks were great!

And if listeners in Toronto and Montreal and the east coast would like to redeem yourselves, here’s how to do it. Simply send me an email with hashtag yes in the subject line, include your position and the city you are in. The results are confidential, will never be shared except as a summary to report to potential sponsors so we can get the funding we need to continue the podcast.

Send it to jlove@itwc.ca

Subject line hashtag yes.  Job title. City.

jlove@itwc.ca

That’s all it takes to help ensure that we can keep bringing you this podcast.

 

 

Hashtag Trending goes to air five days a week with a daily news show and on the weekends we have an interview show we creatively named the Weekend Edition.

We love your comments you can also send those to jlove@itwc.ca

Thanks for listening and have a Marvelous Monday.

 

 

 

 

 

 

 

 

The post Apple buys Canadian AI startup: Hashtag Trending for Monday March 18, 2024 first appeared on IT World Canada.

Bug in Kubernetes allows remote code execution on Windows’ nodes: Cyber Security Today for Friday, March 15, 2024

Google adds real time phishing protection to Chrome. A security bug is found in Kubernetes that allows attackers to remotely execute code on Windows nodes. The French government suffers an enormous cyber-attack and vulnerabilities in ChatGPT plug-ins.

Welcome to Cybersecurity Today for Friday March 15th, 2024. I’m your host Jim Love, filling in for Howard Solomon.

Google is set to enhance Chrome’s Safe Browsing feature with real-time phishing and malware protection later this month. Safe Browsing was first introduced in 2005 and has evolved to be a useful tool to block harmful domains and social engineering attacks.

“Safe Browsing already protects more than 5 billion devices worldwide, defending against phishing, malware, unwanted software and more. In fact, Safe Browsing assesses more than 10 billion URLs and files every day, showing more than 3 million user warnings for potential threats,” according Google’s Jasika Bawa and Jonathan Li.

An optional Enhanced Protection mode now offers AI-driven, proactive defense by conducting deeper scans of downloads. When I tried to enable it on our corporate account, it gave me a message that it was not available but my personal Gmail enabled it, so there may be something the Google admin has to do or maybe it’s baked in to the corporate Gmail. But I’ll post a link in the show notes, I can’t see why anyone wouldn’t authorize this.

Traditionally, Safe Browsing compared sites, downloads, and extensions against a locally stored list of malicious URLs updated every 30 to 60 minutes from Google’s servers. The update shifts this process to real-time checks against a server-side list, addressing the challenge of malicious sites that appear and vanish quickly.

This upgrade is expected to block 25% more phishing attempts by verifying sites in real-time. It also extends to Android devices, employing encryption and privacy-enhancing techniques to prevent Google or anyone else from knowing which websites users visit.

A new API uses Fastly Oblivious HTTP (OHTTP) relays for added privacy, obfuscating site URLs and hiding IP addresses, again ensuring that even Google and Fastly cannot link browsing activity to user identities.

Sources used include this article from Bleeping Computer.

A security bug has been found in the Kubernetes container-management system. It allows attackers to remotely execute code with system privileges on Windows endpoints. It could potentially lead to a full takeover of all Windows nodes in a Kubernetes cluster.

This was discovered by an Akamai security researcher Tomer Paled and is tracked as CVE-2023-5528 and it has a CVSS score of 7.2

The exploit allows manipulation of the Kubernetes volumes via a feature that supports sharing of data between pods in a cluster or for storing data persistently outside of a pod’s lifecycle.  You can read the full details in the Akamai blog post published on March 13th.

“It is very easy to exploit this vulnerability because an attacker would only need to modify a parameter and apply 3 YAML files to gain RCE over the Windows endpoints,” according to Peled as the Kubernetes framework “uses YAML files for basically everything.”

Default installations of Kubernetes earlier than version 1.28.4 for both on prem and Azure Kubernetes Service are vulnerable. There is a patch available.

And according to Peled, the vulnerability is in the source code so even if you do not currently have Windows nodes you should still get the patch.

Sources include an article in Dark Reading

The French government has been subjected to cyberattacks of “unprecedented” intensity, affecting several departments. These attacks, which began on Sunday, prompted the activation of a crisis unit to address the situation. Although the prime minister’s office reported that the impact of the attacks had been mitigated and access to some government websites restored, the attacks are still ongoing.

The attacks utilized conventional technical methods but were notable for their unprecedented intensity, targeting many ministerial services. The interministerial digital affairs department (DINUM) and France’s cybersecurity agency (ANSSI) are actively working to counter the attacks.

The identity of the attackers remains unclear, but the pro-Russian hacker group Anonymous Sudan has claimed responsibility for a “massive cyberattack” on the French Interministerial Directorate of Digital Affairs via their Telegram channel.

Anonymous Sudan is known for politically motivated “distributed denial-of-service” (DDoS) attacks, which flood websites and services with massive amounts of internet traffic, causing them to go offline. While DDoS attacks do not breach IT systems, they can significantly disrupt communications and services and are often accompanied by hacking attempts.

Sources include an article in Politico.

Research conducted by the Salt Labs team has identified three significant vulnerabilities in ChatGPT plugins, posing security risks to users:

Plugin Installation Vulnerability: The process of installing new plugins, which requires users to approve a code on a website, was found to be exploitable. Malicious actors could trick users into approving malicious plugins, potentially gaining access to their accounts.

PluginLab Framework Vulnerability: A flaw was discovered in PluginLab, a framework for developing plugins, where user accounts were not properly authenticated during the installation process. This vulnerability could allow attackers to insert unauthorized identifications into accounts, effectively impersonating the user.
Open Authorization Redirection Vulnerability: Several plugins were found to be susceptible to open authorization redirection manipulation. This issue could lead to account takeovers if a user clicked on a malicious link sent by an attacker, compromising user credentials.

The researchers notified OpenAI and the relevant third parties about these vulnerabilities, and the issues have since been addressed.

OpenAI has noted that it has addressed the bug and that intends to deprecate plug-ins in the next month. But these will be replace with the new user generated GPTs which can be developed by anyone and ChatGPT has not said how it will address security and quality concerns for the millions of GPTs that have already been developed, let alone for those yet to be developed.

And that’s it for this episode of Cybersecurity Today.  As always, links to stories and other information will be included in the show notes posted at itworldcanada.com/podcasts. Look for Cybersecurity Today

And we always love to hear our listeners, even if it is to correct us. If you have comments, please send me a note at jlove@itwc.ca or under the show notes at itworldcanada.com/podcasts

And if you want to catch up on other tech news, check out my daily news podcast Hashtag Trending which you can find in all the same places you find Cybersecurity Today – Apple, Google, Spotify or at itworldcanada.com/podcasts.

I’m your host Jim Love, filling in for Howard Solomon. For those busy applying patches from Patch Tuesday, may all your servers come back up quickly – you are doing valuable work. And to everybody, thanks for listening and have a great weekend.

 

 

 

 

 

The post Bug in Kubernetes allows remote code execution on Windows’ nodes: Cyber Security Today for Friday, March 15, 2024 first appeared on IT World Canada.

Google’s enhanced protection from phishing in Chrome: Hashtag Trending for Friday, March 15, 2024

Google announces enhanced protection from phishing and malware in the Chrome browser. Australian computer scientist Craig Wright is not the creator of Bitcoin as he has claimed for the past 8 years. Most subscription software doesn’t make money and the opposing argument for banning TikTok.

All this and more on the “open your mind” edition of Hashtag Trending. I’m your host, Jim Love, CIO of IT World Canada and TechNewsDay in the US

Google is upgrading the Safe Browsing feature in Chrome, introducing enhanced protection against phishing and malware this month. Initially launched in 2005, Safe Browsing is used for preventing access to dangerous domains and thwarting social engineering attacks.

A Google spokesperson noted that “Over 5 billion devices globally are safeguarded by Safe Browsing, which combats phishing, malware, unwanted software, and more. Remarkably, Safe Browsing evaluates over 10 billion URLs and files daily, issuing upwards of 3 million warnings to users about potential dangers.”

Previously, Safe Browsing would match websites, downloads, and extensions against a local database of known malicious URLs, which was refreshed every 30 to 60 minutes from Google’s servers. The latest update transitions this process to instantaneous server-side checks, effectively countering the rapid emergence and disappearance of malicious sites.

With the introduction of real-time site verification, the update is anticipated to prevent 25% more phishing attempts. It also expands coverage to Android devices, incorporating encryption and techniques to enhance privacy, ensuring that neither Google nor anyone else can track the websites user’s access.

Moreover, a novel API incorporating Fastly Oblivious HTTP (OHTTP) relays enhances privacy by concealing site URLs and masking IP addresses, thereby preventing Google and Fastly from associating browsing activities with specific user identities.

In addition to this, an optional Enhanced Protection mode now offers AI-driven, proactive defense by conducting deeper scans of downloads. When I tried to enable it on our corporate account, it gave me a message that it was not available but my personal Gmail enabled it, so there may be something the Google admin has to do or maybe it’s baked in to the corporate Gmail.  I went over to my wife’s computer immediately and had her enable it as well using this link in the show notes.

I can’t see why anyone wouldn’t authorize this as an added layer of defence for private use.

Will it help? I’m guessing it will and if not, it’s like chicken soup. Can’t hoit.

Sources include: Bleeping Computer.

Britain’s high court has ruled that Australian computer scientist Craig Wright is not the creator of Bitcoin, as he has claimed for eight years. Wright asserted he was “Satoshi Nakamoto,” the pseudonym used by the person(s) who developed Bitcoin. The case was brought to court by the Crypto Open Patent Alliance (Copa), a group of technology and cryptocurrency firms, which disputed Wright’s claim.

Justice James Mellor concluded that Wright did not invent Bitcoin, was not behind the pseudonym Satoshi Nakamoto, nor the author of the initial Bitcoin software. Mellor stated, “Having considered all the evidence and submissions presented to me in this trial, I’ve reached the conclusion that the evidence is overwhelming.”

Copa accused Wright of creating an “elaborate false narrative” and forging documents to support his claim as Satoshi, and of “terrorizing” those who doubted him. A spokesperson for Copa celebrated the verdict as a “win for developers, for the entire open source community, and for the truth,” highlighting the relief it brings to the Bitcoin community.

The ruling not only addresses Wright’s claim but also impacts the control of intellectual property rights associated with Bitcoin. Wright’s assertion had led him to file litigation aimed at deterring developers from further developing the open-source technology. The court’s decision is expected to influence three pending lawsuits filed by Wright based on his claim to Bitcoin’s intellectual property rights.

Bitcoin traces back to 2008, during the financial crisis, with a paper authored by someone under the Nakamoto pseudonym. Despite speculation and several candidates emerging over the years, the true identity of Bitcoin’s creator remains a mystery. Bitcoin, the most high-profile digital currency, allows for anonymous transactions and is not tied to any bank or government, raising both trust and skepticism globally.

Sources include: AP News

A recent analysis titled “State of Subscription Apps” by RevenueCat, a leading mobile subscription toolkit provider, reveals that most mobile apps with subscription models do not generate significant revenue.

Despite nearly 30,000 apps using RevenueCat’s platform for monetization management, the study, which examined data from over 29,000 apps and 18,000 developers responsible for more than $6.7 billion in revenue and over 290 million subscribers, found that the median monthly revenue for apps after one year is less than $50.

Only 17.2% of apps surpass the $1,000 monthly revenue threshold, a critical milestone for financial growth.

Health and fitness apps outperform other categories, generating at least twice the revenue.

In contrast, travel and productivity apps struggle the most, with top performers in these categories barely making over $1,000 per month after a year.

Despite these challenges, the subscription app market continues to expand, with the average price for monthly subscriptions rising by 14% from $7.05 to $8.01. However, the report also highlights a 14% drop in subscriber retention over 12 months, indicating shifting consumer behavior.

Something interesting to consider before you build a dependency on a particular subscription app either personally, or corporately.

Sources include: Macrumors

 

I had a chat with a US cybersecurity professional the other day. She’s highly knowledgeable and said that she was in favour of the TikTok ban as she regarded TikTok as a security threat.

I had to agree with her and I noted that no country would ever allow a foreign adversary to have a controlling ownership of its television, radio or print media. But, I pointed out, that as far as trust goes, I’m not sure I trust Mark Zuckerberg or Elon Musk with my data or to protect us from foreign influencers and misinformation.

But I think it’s really important, especially when we feel we are totally certain of a position, and more especially when everyone agrees with us – it is really important to listen to dissenters with an open mind. There are just too many times when the thing that everyone supports has turned out to be not well thought out.

And especially since being opposed to a TikTok ban would find us supporting a position now also supported by Donald Trump, it is more difficult to listen, but we should.  We can still be in favour of a ban, but if it’s a good decision, it will stand up to alternate points of view.

Rep. Jim Himes, D-4th District, a senior member on the House Intelligence Committee, opposes the bill aimed at potentially forcing ByteDance to sell TikTok.

Despite the bill’s focus on preventing Chinese authorities from accessing TikTok user data or influencing opinions on sensitive issues, Himes voted against it, emphasizing the importance of freedom. He stated, “The United States government would be shutting down a hugely robust venue for protected expression,” expressing his concern over government interference in freedom of expression.

Despite recognizing TikTok as a “possible threat,” Himes underscored the lack of concrete evidence from intelligence briefings that the Chinese government has misused the platform as feared.

He also considered the impact on young voters, stating, “This is where young people live and young people are easily disenchanted from the political process…I tread carefully with young people,” acknowledging the importance of engaging young people in the political process without alienating them.

They say democracy dies in darkness. Good decisions die when we stop listening to dissenting opinions. It’s taken me more years than I want to admit, but now, when I’m totally convinced I’m right, and when everyone else agrees, I especially go looking for someone to give me the other side of the argument.

That’s our show for today. Hashtag Trending goes to air five days a week with a daily news show and on the weekends we have an interview show we creatively named the Weekend Edition.

We love your comments.

Thanks for listening and have a Fabulous Friday.

 

 

 

The post Google’s enhanced protection from phishing in Chrome: Hashtag Trending for Friday, March 15, 2024 first appeared on IT World Canada.

Okta says that leaked data is not their clients: Cyber Security Today for March 13th, 2024

A new phishing scam uses car insurance savings as to lure its victims, a report by Sophos shows that small businesses are being targeted by cybercriminals at an increasing rate.  Okta says that data claiming to be from hacking them is not their customer data. These stories and more…

Welcome to Cybersecurity Today for Wednesday March 13th, 2024. I’m your host Jim Love, filling in for Howard Solomon.

A new phishing scam targets savings on car insurance and it’s apparently working well.

We all talk about the increasing sophistication of phishing scams, but sometimes in life it’s the simple things that work best, and this apparently applies to phishing.

A new phishing campaign uncovered by experts from Cofense has threat actors impersonating a car insurance company. The email is short and to the point and doesn’t distribute anything malicious. In some cases its even carried by a Google Ad link. This explains how it gets by secure gateways and filters.

In the email, victims are told that they are eligible for a credit of up to 10% of the value of the latest value of their car.

To learn more, they are given a link to a website that was once legitimate but was recently compromised and repurposed for this attack. The site has “downloadable instructions” on how to claim their funds, but what is downloaded is a JavaScript that will deploys the NetSupport Remote Access Trojan or RAT.

NetSupport is actually a genuine application designed for remote access by support technicians and has been in use for 20 years or more, but in this altered version, it gives the attacker unauthorized access to the user’s device.

It’s a reminder corporate users need to be trained that any offer, no matter how seemingly innocuous, cannot be responded to on a corporate device even if that offer comes by what is regarded as a legitimate channel, such as a Google ad.

Link to the full story from TechRadar.

Over three-quarters of cyber incidents hit small businesses in 2023, with ransomware having the biggest impact. This is according to a new report from Sophos. As the Sophos report points out, these businesses, with under 500 employees make up almost 90% of the world’s business and account for 50% of employment world-wide.  But they have fewer resources to effectively protect themselves versus larger enterprises, making them much easier targets.

One of the key attacks on these SMBs last year was ransomware.

The LockBit group was most active and they made up the highest number of small business ransomware incidents handled by Sophos at 27% of incidents but there were other groups involved including Akira 15%, BlackCat 13% and Play at 10%

The notorious LockBit group made up the highest number of small business ransomware incidents handled by Sophos Incident Response last year, at 27.59%.

The report also talked about some of the new tactics including the increased use of remote encryption, where attackers were using unmanaged devices to encrypt files on other systems in the client network.

They also note that ransomware attackers are  building malware which targets macOS and Linux operating systems. Sophos researchers have seen leaked versions of LockBit ransomware targeting macOS on Apple’s own processor and Linux on multiple hardware platforms.

90% of the attacks reported by Sophos involve data or credential theft. Close ot half of all malware targeting SMBs last year involved data theft from password stealers, keyboard loggers and other spyware.

The most prominent stealers include  RedLine (8.71%), Raccoon Stealer (8.52%), Grandoreiro (8.17%) and Discord Token Stealer (8.12%).

Christopher Budd, director of Sophos X-Ops research at Sophos, commented: “The value of ‘data,’ as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation.”

The report also talked about a rise in malware-as-a-service operators spread by web advertising and SEO poisoning. SEO

The report highlighted a rise in malware-as-a-service (MaaS) operators using malicious web advertising and search engine optimization (SEO) poisoning to infect victims.

SEO poisoning uses legitimate services to increase the searchability and prominence of websites on search engines such as Google and Bing ads. This gives them an illusion of authenticity. These fake websites can use legitimate company’s branding to fool victims into downloading software.

But using email in what are termed Business Email Compromises or BEC are still extremely popular and as an attack vector, second only to ransomware. But the BEC attacks are extremely creative and attackers may have several contacts and even engage in conversations before they send malicious links.

As well as being creative in their approach, attackers are experimenting with various ways to evade security detection tools, high messages in images, using QR codes, fake invoices – but the all-time favourite is still the humble compromised PDF file.

Attackers moved to PDF file attachments “almost exclusively” last year, the report found. These primarily link to malicious scripts or sites, and sometimes used embedded QR codes.

A link to the full Sophos report is included in the show notes.

Researchers have created a knowledgebase to share information on misconfiguration of Microsoft’s Configuration Manager or SCCM or MCM.

The repository shares both attack and defence techniques and ways to avoid improper setup of Microsoft’s Configuration manager which attacker can exploit.

Configuration Manager that used to be known as System Center Configuration Manager has been around since 1994 and is present in many Active Directory environments. It’s used to help administrators manage servers and workstations in a Windows network.

It’s also been highly studied as, particularly if misconfigured, it is an effective way for attackers to gain admin privileges on a Windows domain.

SpecterOps researchers Chris Thompson and Duane Michael announced the release of Misconfiguration Manager at the SO-CON security conference. MCM or SCCM, whatever acronym you use, is not easy to set up and the default configurations have lots of ways that attackers can mount exploits.

Because of the difficulty in setting up MCM, one of the most frequent issues is the creation of network access accounts or NAA’s with too many privileges.  The researcher’s noted that “it’s overwhelming to configure, and a novice or unknowing administrator may choose to use the same privileged account for all of the things.”

The researchers also demonstrated a series of use cases from using a Sharepoint account of a standard user and turning that into a domain controller and how they were able to get into the central administration site and give themselves full administrator access.

The repository currently has descriptions of 22 different techniques that can be used to attack MCM/SCCM or to use it in “post-exploitation” activities.  There’s a link in the show notes for those who want to check it out.

Link to Misconfiguration Manager

And identity management company Okta has said that data leaked on a hacking forum is not theirs.

For those who might not know the Okta is a San-Francisco-based cloud identity and access management solution provider. They provide solutions for Single-Sign-On, multifactor authentication and API access management.

In October of last year Okta’s support systems were breached by hackers using stolen credentials. It may not have been as big as SolarWinds, but it was not only embarrassing but it the attack did impact all customers on Okta’s support systems.

And there was an impact. One breach that made the news was the compromise of one of Cloudflare’s self-hosted Atlassian servers, which had hackers employing access tokens stolen during the Okta breach.

Now, as the company has attempted to repair the damage done to customers and reputation, a group of hackers has leaked data files they claim are from the Okta attack. The cybercriminal who uses the alias Ddarknotevil released what they claimed was information on 3,800 customers that were stolen during last year’s breach.

The leaded data looked authentic and included IDs, names, company names, addresses, phone numbers, email addresses, titles and more.

But Okta told Bleeping Computer, who broke the story, that this is not their data. They said that they had conducted a rigorous investigation and determined that  “this is not Okta’s data, and it is not associated with the October 2023 security incident,” Further, they stated, “We cannot determine the source of this data or its accuracy, but we noted that some fields have dates from over ten years ago. We suspect that this information may be aggregated from public information sources on the Internet.”

Full story in Bleeping Computer

And that’s it for this episode of Cybersecurity Today.  As always, links to stories and other information will be included in the show notes posted at itworldcanada.com/podcasts. Look for Cybersecurity Today

And we always love to hear our listeners, even if it is to correct us. If you have comments, please send me a note at jlove@itwc.ca or under the show notes at itworldcanada.com/podcasts

And if you want to catch up on other tech news, check out my daily news podcast Hashtag Trending which you can find in all the same places you find Cybersecurity Today – Apple, Google, Spotify or at itworldcanada.com/podcasts.

I’m your host Jim Love, filling in for Howard Solomon. Stay safe.

 

 

The post Okta says that leaked data is not their clients: Cyber Security Today for March 13th, 2024 first appeared on IT World Canada.

Is your connected car “ratting you out” to your insurer? Hashtag Trending for March 13th, 2024

Optical fibre cables in the UK are under attack. Meta sues a Vice President for stealing information when he moved to a competitor. ChatGPT uses in a day enough electricity to power 17,000 households and is your connected car ratting you out to your insurance company?

All this and more on the “what else does my car know about me” edition of Hashtag Trending. I’m your host, Jim Love, CIO of IT World Canada and TechNewsDay in the US.

Network providers in the UK are urging the government to help protect against an increasing number of physical attacks on fiber infrastructure.

These attacks, ranging from cutting through fiber-optic cables to setting fires in access chambers, have caused significant disruptions, leaving entire streets or communities offline until repairs can be made.

The group is looking for greater police engagement and tougher sentences for perpetrators.

The attacks, thought to be acts of vandalism or carried out by individuals with grievances against specific providers, have raised concerns about the security of the UK’s digital infrastructure.

Some incidents have been attributed to 5G protesters, who used to attack cell towers who might now be targeting any form of digital infrastructure.

There have been reports of significant damage to networks requiring extensive repairs.

The Department for Science, Innovation and Technology (DSIT) has responded, stating that the UK has one of the toughest telecoms security regimes globally and is working closely with providers and authorities to ensure the security and resilience of telecoms network infrastructure.

And in case you don’t think it can happen here, we did a series showing attacks by 5G protesters on Canadian and US cell towers and our fibre infrastructure is fairly exposed to anyone who knows where to look.

Sources include: The Register

Meta is suing its former Vice President of Infrastructure, Dipinder Singh Khurana, accusing him of stealing proprietary and confidential information. The lawsuit, filed in late February in a California State Court, alleges that Khurana misappropriated data related to Meta’s data centers, supply chain, and employee compensation details, and took this information to a new employer at a Stealth AI startup, where he now holds a similar position.

The suit claims Khurana had access to highly sensitive documents and information at Meta, which was restricted to a limited number of employees. The unauthorized disclosure of such information, Meta argues, could significantly harm the company’s competitive advantage in critical areas such as AI, data center technology, supply chain operations, and talent retention.

Meta accuses Khurana of several legal violations, including Breach of Contract, Breach of Duty of Loyalty, Breach of Fiduciary Duty, Unjust Enrichment, and violation of California’s Computer Data Access and Fraud Act.

Specifically, during his final days at Meta, Khurana allegedly requested confidential agreements with suppliers from subordinates, obtaining sensitive pricing information and preliminary pricing for specific computing hardware.

Furthermore, the lawsuit claims Khurana took a “Top Talent” dossier containing detailed information about Meta’s top performers, including performance reviews and compensation data. This information, according to Meta, offers an insider view of the company’s compensation decisions and key insights into the employees’ levels, performance, and skills.

Meta’s complaint also mentions that Khurana prepared a slide deck for his new employer, emphasizing a proactive approach rather than a learning-as-you-go mentality, which Meta suggests may have contributed to his alleged wrongful behavior.

We’ve mentioned this in the past, but this caught my eye.

ChatGPT, OpenAI’s popular chatbot, reportedly consumes over half a million kilowatt-hours of electricity daily to respond to approximately 200 million requests, according to The New Yorker. This level of consumption is significantly higher than the average U.S. household, which uses around 29 kilowatt-hours daily. When comparing ChatGPT’s daily electricity usage to that of an average household, ChatGPT uses more than 17,000 times the amount of electricity.

The potential for increased electricity consumption by the AI industry raises concerns, especially as generative AI technologies become more widely adopted. For instance, if Google were to integrate generative AI technology into every search, it could lead to an annual consumption of about 29 billion kilowatt-hours. This amount surpasses the yearly electricity consumption of countries like Kenya, Guatemala, and Croatia.

The rapid growth of the AI sector and its considerable variability in operation make it challenging to precisely estimate its overall electricity consumption. However, research by a data scientist at the Dutch National Bank suggests that by 2027, the AI sector could consume between 85 to 134 terawatt-hours annually, potentially accounting for half a percent of global electricity consumption.

This comparison puts into perspective the high electricity usage of some of the world’s most energy-intensive businesses, with Samsung using close to 23 terawatt-hours, Google a little more than 12 terawatt-hours, and Microsoft slightly over 10 terawatt-hours for their data centers, networks, and user devices.

Sources include: Business Insider

Connected cars are sharing more data with insurance companies than customers might realize, according to a report by the New York Times.

This sharing of data, particularly about customer driving habits, is not just an invasion of privacy, it could potentially impact insurance rates and privacy.

While some automakers, like Tesla, openly monitor driving behavior for their insurance services, the transparency and consent around data sharing vary across manufacturers.

General Motors, has been specifically mentioned for sharing data with third parties with little or ambiguous documentation. GM’s OnStar Smart Driver service, which tracks customer driving habits, does not clearly disclose that the collected statistics may be shared with databases accessible to insurance companies.

This has allegedly led to instances where owners of high-performance GM vehicles faced insurance rate hikes after taking their cars to tracks, possibly without realizing they were enrolled in the service at the dealership as part of a larger OnStar bundle.

Other automakers, such as Subaru, Acura, Honda, Hyundai, Kia, and Mitsubishi, also engage in data collection and sharing with insurance databases, but they require explicit customer consent for insurance tracking or limit the shared data to odometer readings unless used for generating insurance quotes.

As our cars become another device that collects a lot of data on us,  we many need to be particularly aware of the data our connected car may be collecting and sharing, especially if you own a vehicle from manufacturers like GM.

Customers may need to read the terms of any connected services they opt into, to protect their privacy and maybe avoid unexpected consequences with their insurance rates.

Sources include: Autoblog.com

That’s our show for today. Hashtag Trending goes to air five days a week with a daily news show and on the weekends we have an interview show we creatively named the Weekend Edition.

We love your comments.

Thanks for listening and have a Wonderful Wednesday.

 

 

 

 

 

 

 

 

The post Is your connected car “ratting you out” to your insurer? Hashtag Trending for March 13th, 2024 first appeared on IT World Canada.

AI presents an “extinction level threat” – US Gov’t Report: Hashtag Trending for Tuesday, March 12, 2024

A new US government report warns that AI presents an “extinction level threat to the human species. Elon Musk is outsourcing his Grok AI code. Hackers have breached the Cybersecurity and Infrastructure Security Agency in the US and a researcher shows how to steal a Tesla by leveraging a feature of the Tesla charging stations.

All this and more on the “end of the world as we know it” edition of Hashtag Trending. I’m your host, Jim Love, CIO of IT World Canada and TechNewsDay in the US.

A government-commissioned report warns that the United States must act “quickly and decisively” to address significant national security risks posed by artificial intelligence (AI), which could potentially lead to an “extinction-level threat to the human species.” This report, obtained by TIME ahead of its publication, emphasizes the urgent and growing dangers AI development presents to national security, drawing parallels to the destabilizing impact of nuclear weapons.

The report, titled “An Action Plan to Increase the Safety and Security of Advanced AI,” was produced after more than a year of research, including discussions with over 200 government employees, experts, and workers at leading AI companies such as OpenAI, Google DeepMind, Anthropic, and Meta. It outlines a comprehensive set of policy actions aimed at significantly altering the AI industry’s current trajectory.

Key recommendations include making it illegal to train AI models using more than a specified level of computing power, a threshold to be determined by a new federal AI agency. This measure aims to moderate the competitive race among AI developers and slow down the chip industry’s progress in manufacturing faster hardware. The report also suggests that the publication of powerful AI models’ “weights” or inner workings could be outlawed, with potential violations subject to criminal penalties. Additionally, it calls for stricter controls on the manufacture and export of AI chips and increased federal funding for research focused on making advanced AI systems safer.

The report also addresses the risks associated with the weaponization of AI systems and the potential loss of control over advanced AI, highlighting the industry’s race dynamics that prioritize development speed over safety. It suggests that regulating the hardware used to train AI systems could be a crucial step in safeguarding global safety and security from the threats posed by AI.

The State Department commissioned the report in November 2022, with Gladstone AI, a company specializing in AI technical briefings for government employees, producing the 247-page document. Despite the groundbreaking nature of its recommendations, the report clarifies that its suggestions do not reflect the official views of the U.S. Department of State or the U.S. government.

Sources include:  Time and Gladstone.ai

Elon Musk apparently didn’t get the memo about not publishing your AI code. His AI startup, xAI, plans to open-source Grok, its chatbot that competes with ChatGPT, within the week. This announcement comes shortly after Musk filed a lawsuit against OpenAI, accusing the Microsoft-backed company of straying from its open-source origins and prioritizing profit over accessibility. Grok, which was released last year, offers features like access to real-time information and opinions that are, according to Musk, not constrained by “political correctness.” It is currently available to subscribers of X’s $16 monthly service.

Musk, who co-founded OpenAI with Sam Altman as a means to balance Google’s AI dominance, criticized OpenAI for becoming a closed-source entity focused on benefiting Microsoft. This move has sparked a debate among technologists and investors regarding the value of open-source AI.

By deciding to open-source Grok, xAI joins other companies like Meta and Mistral in making their chatbot codes publicly available. Musk has consistently supported open-source initiatives, as demonstrated by Tesla’s decision to open-source many of its patents and X (formerly Twitter) open-sourcing some of its algorithms. Musk’s recent actions and statements reinforce his commitment to open-source principles and his critique of OpenAI’s current direction.

Sources include: TechCrunch

Hackers breached the Cybersecurity and Infrastructure Security Agency (CISA), forcing the agency to take some systems offline. The breach occurred in February through vulnerabilities in Ivanti products, impacting two systems with critical ties to U.S. infrastructure. CISA responded by immediately shutting down the affected systems and has since been working on upgrading and modernizing its systems, stating there is no operational impact at this time.

The compromised systems were part of the Infrastructure Protection (IP) Gateway, which houses critical data and tools used to assess critical U.S. infrastructure, and the Chemical Security Assessment Tool (CSAT), containing sensitive industrial information. The breach was facilitated by recent vulnerabilities affecting Ivanti Connect Secure VPN and Ivanti Policy Secure products, discovered by CISA itself. Ironically, CISA had previously warned about vulnerabilities in Ivanti software and ordered all U.S. government agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure products in early February.

CISA has not confirmed or denied whether these specific systems were taken offline. The agency emphasizes that any organization can be affected by cyber vulnerabilities and highlights the importance of having an incident response plan in place as a component of resilience. The hack did not impact operations at the agency, according to a CISA spokesperson.

Sources include: 9to5Mac

Security researchers Tommy Mysk and Talal Haj Bakry of Mysk Inc. have demonstrated a new potential threat for Tesla owners: a social engineering attack that could allow hackers to steal Teslas parked at charging stations. The researchers created a fake Tesla WiFi network named “Tesla Guest” using a Flipper Zero device—a $169 hacking tool.

And before someone runs off to the Canadian government and says “you were right to ban this,” the Flipper Zero was just a convenience, they could have used a Raspberry Pi or a number of other devices with a wireless connection.

Their fake network, regardless of technology, simply mimics the official Tesla charging station WiFi, leading victims to a counterfeit Tesla login page where their username, password, and two-factor authentication code are stolen.

Once the hackers obtain the Tesla owner’s credentials, they can quickly log into the real Tesla app and set up a new phone key, enabling them to unlock and potentially steal the car. They just have to be quick and get it done before the code expires.The kicker is that they don’t have to steal the car right away. Once they’ve got access, they could do it at a later time without the owner’s knowledge.

Mysk says that he repeated the exercise a number of times including with an iPhone that had never been paired to the Tesla vehicle and it worked every time. There is a simple fix which would require verification of a physical key and notifying the owner if the key is changed.

Mysk, who does not recommend stealing cars and did this purely for experimental purposes, reported this vulnerability to Tesla, but the company responded that it had investigated and decided it wasn’t an issue.

This stance has raised concerns, especially considering the simplicity of the attack and the potential for significant loss. Those Teslas don’t come cheap.

Sources include: Autoblog.com

And just so there’s one good news story today…

Chrome users now have a new tool to protect themselves from the potential subversion of their browser extensions, thanks to a new Chrome add-on called “Under New Management.”

Developed by Matt Frisbie, a software developer and author, this extension alerts users when installed extensions have changed owners. This feature is crucial because, while extensions may start with innocent and useful purposes, new owners can maliciously adjust the code to steal information or inject ads, affecting millions of users.

Developers of extensions often receive offers to buy their creations, usually with the intent to exploit existing users.

There have been instances where buyers have tried to insert dubious or malicious code. Google is pretty good at detecting malicious code, but a challenge remains when new owners send out updates that may not be outright malicious but could simply misuse user data or inject ads.

Ownership changes in browser extensions also pose a unique risk due a lack of detailed developer information in the Chrome Web Store, automatic updates, and the ease of transferring ownership without meaningful oversight.

Frisbie is also working on an extension promotion platform called ExBoost to improve the extension ecosystem and make it safer. Google is also working on solutions to the problem. But until such time, the “Under New Management” extension aims to give users notice of ownership changes, allowing them to make informed decisions about the software they’re using.

That’s our show for today. Hashtag Trending goes to air five days a week with a daily news show and on the weekends we have an interview show we creatively named the Weekend Edition.

We love your comments.

Thanks for listening and have a Terrific Tuesday.

The post AI presents an “extinction level threat” – US Gov’t Report: Hashtag Trending for Tuesday, March 12, 2024 first appeared on IT World Canada.

Cyber Security Today for Monday, March 11, 2024 – Breaking Bad in Cyber Security

Breaking Bad in cybersecurity – UK companies are warned that cybersecurity employees may moonlight on the dark web.  Microsoft reveals that Russians hackers’ attack is still ongoing. A system used by US government states and agencies has a critical flaw and a new attack vector using fonts has been detected by marketing software Canva.

Welcome to Cybersecurity Today for Monday March 11th, 2024. I’m your host Jim Love, filling in for Howard Solomon.

A research report in the UK has uncovered highly skilled cybersecurity workers moonlighting on the dark web.  Cyber security support body CIISec commissioned a study run over a six-month period from June to December 2023 and carried out by a former police office and covert operative who trawled dark web forums for job advertisements.

He found that cybersecurity professionals ranging from developers to pen testers were looking for additional work to increase their pay or filling in for jobs lost.

According to the research, the people advertising their services fell into three groups:

highly skilled professionals with a decade of experience in security or IT. He found evidence of individuals currently working for a “global software agency”, professional pen testers offering to test cybercrime products, AI prompt engineers, and web developers.
those who needed a “second job” or even made comments like “Christmas is coming, and my kids need new toys”.
Some were just getting started in IT or security and were looking for work or further education

Some presented a portfolio of work as evidence of their skills.

Various hacking groups were also seeking to hire students and offered training services.

The research even uncovered an out-of-work voice actor advertising for phishing campaign opportunities, a “creative wizard” offering to “elevate your visual content”, a PR for a hacking group, and content writers.

But it’s not just people looking for additional pay.

Gartner research shows that 25% of security leaders will leave the security industry by 2025 due to work-related stress – and that’s just leaders,” according to Amanda Finch, CEO of CIISec the company that did the report.

Further, Finch notes, “given the number of people projected to leave the industry, many of those will be desperate enough to seek work in an area that promises large rewards for their already-existing skills and knowledge. Preventing this means ensuring we are doing all we can as an industry to attract and retain talent.”

Could this situation apply to Canada and the US? Cyber security salary, pay, and conditions are low in the UK compared with Canada and the US, but there is still a trend of cybersecurity professionals leaving the industry due to stress and working conditions.

Listeners might remember that earlier this year, Russian state-sponsored hackers were caught spying on email accounts of some of Microsoft’s senior leadership team.

Now, Microsoft has disclosed that the attack continues, and that source code has also been stolen in what Microsoft is calling an ongoing attack.

The Nobelium Group or “Midnight Blizzard” as Microsoft now calls them is reported to be attempting to use “secrets of different types it has found” to further attack Microsoft and possibly its customers.

According to Microsoft, “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”

The blog post goes on to state that this has included access to their source code repositories and internal systems. The company also states that “to date, we have found no evidence that Microsoft-hosted, customer-facing systems have been compromised.”

The initial attack last year gained access to Microsofts systems and apparently source code by a “password spray attack” – where hackers use a dictionary of potential passwords. While this should normally be detected or rendered ineffective, Microsoft had configured a “non-production” test account without two-factor authentication enabled which allowed the Nobelium group to gain access.

Ironically, this attack took place just a few days after the company made a announcement that it planned to overhaul its security after a serious Azure cloud attack.

Microsoft has noted that they are continuing to investigate the ongoing attack and are committed to sharing what they learn.

A popular tool used by state and local governments in the US to handle public record request has defects that might have allowed hackers to download a files that are attached to record inquiries. That would include highly sensitive personal data including ID’s, fingerprints, child welfare documents and even medical reports according to a report in NextGov.

The platform is called GovQA. It’s a public records querying system designed by IT services provider company called Granicus. It is used by hundreds of government management centers in the U.S. to help offices sort records delivered to requesters through official public access channels.

The vulnerabilities, which have reportedly now been fixed, were discovered by an independent cybersecurity researcher Jason Parker who has previously discovered and reported security weaknesses in court record systems.

Parker reported the findings to the developer and to the Cybersecurity and Infrastructure Security Agency.

The vulnerabilities were related to access for Freedom of Information requests. These requests require the requestor to verify their identity so it is possible that information about the requestor could have also been divulged in addition to the records from the government systems, even the request was denied.

The system is used by at least 37 states and the District of Columbia, including courts and schools.

The developer assessed the vulnerabilities as “low severity” and it says it is “working with customers to encourage them to minimize the information they are collecting and disclosing” and has also “initiated a full review of the data elements that our customers have chosen to include” in the records request process.

Two cybersecurity experts who reviewed this disagreed and  described the flaws as much greater than a “low severity”.

Matt “Jaku” Jakubowski, one of the organizers of the THOTCON hacking conference in Chicago, said the vulnerability is one of the worst he has ever encountered.

“[Fixing the flaws] wouldn’t be a complete rewrite of the software, but you find things like this, it makes me wonder what else is in there,” Jaku said in a recent interview for Next Gov

He added that what Parker had discovered would be hard to detect and these errors wouldn’t show up on vulnerability scanners. More troubling, according to Jaku is that this type of flaw allows hacker can edit or manipulate records without even having to login to the system.

Other experts state that these types of vulnerabilities may be fairly common in government systems which are increasingly being targeted by cybercriminals.

And finally a report in the Register notes that Canva, a very common application used in social media and marketing, has found three security vulnerabilities in fonts.

CVE-2023-45139 is a high-severity bug (7.5/10) Canva found this in FontTools – a library for manipulating fonts, written in Python. The flaw allows an untrusted XML file to be used.

CVE-2024-25081 and CVE-2024-25082 are both rated 4.2/10. They relate to tools like FontForge and ImageMagick.

Researchers put together a simple proof of concept in the form of a shell execution that allowed FontForge to open files to which it shouldn’t have access.

Chock this up to one more area of vulnerability to watch for.

And that’s it for this episode of Cybersecurity Today.  As always, links to stories and other information will be included in the show notes posted at itworldcanada.com/podcasts. Look for Cybersecurity Today.

And normally when I fill in for Howard, he’s already written the stories for me, but this time he’s really taking time off and I’m on my own, so if you have comments, please send me a note at jlove@itwc.ca or under the show notes at itworldcanada.com/podcasts

And if you want to catch up on other tech news, check out my daily news podcast Hashtag Trending which you can find in all the same places you find Cybersecurity Today – Apple, Google, Spotify or at itworldcanada.com/podcasts.

I’m your host Jim Love, filling in for Howard Solomon. Stay safe.

The post Cyber Security Today for Monday, March 11, 2024 – Breaking Bad in Cyber Security first appeared on IT World Canada.

IT World Canada fights for survival

Facing an unprecedented crisis, IT World Canada, a beacon of technology journalism, is on the brink of closure. This poses a critical question: Without IT World Canada, who will narrate Canada’s tech story?

After decades of serving the Canadian tech industry, IT World Canada needs help to survive.

As of midnight tonight, the company is suspending publication for the first time in its more than 40-year history, announcing that unless the company finds an investor in the next few days or weeks, it may have to shut down for good. 

For more than 40 years, IT World Canada and its publications have told the story of the Canadian tech industry.  More than 30 years ago it launched what is now CanadianCIO, to tell the story of the emerging new role of technology as a strategic force in Canadian business. The company was the first major technology publication to go fully digital. It has launched the careers of several top journalists and it is a media partner that supports the efforts of many groups that are serving the Canadian technology industry.

With millions of visits and over 250 thousand subscribers, this iconic company publishes on four daily news sites including ITWorldCanada.com, ITBusiness.ca, ChannelDailyNews.com, and a French language publication in Quebec, DirectionInformatique.com.

It also publishes CanadianCIO and a number of other targeted publications and newsletters. It has many hit podcasts, including CybersecurityToday and Hashtag Trending, both of which are consistently in the top 5 per cent of podcasts in North America. Its articles are also syndicated on several other major publishers and association sites in Canada and worldwide.

Despite all of these accomplishments, the company continues to struggle for survival. But somehow, stubbornly, it has held on while other publishers have failed. 

“I never even thought that I’d be in the publishing industry,” Jim Love, the remaining owner of IT World Canada reflected, “but I met this incredible person, Fawn Annan, more than a decade ago and she convinced me that somehow two individuals, neither of them with any large amount of capital, could rescue this iconic firm from bankruptcy. And somehow we did.”

“And in those 10 years under Fawn Annan’s leadership, we defied all odds and managed to survive. After her death last year, the team and her vision carried on. But it is possible that this time, our luck has run out.”

“We still have a strong readership and we’ve evolved new approaches that have gained huge interest,” Love noted, “but without additional investment, we simply cannot ‘thread the needle’ to get through this incredibly tough period.”

“How little we need to survive would surprise you,” said Love. “But with one individual as owner of a private company, there are limits to the funds we can raise.”

Love also noted the new move from American tech companies to bring their marketing spending back to their U.S. head offices, ignoring the Canadian market.  

“As well, the Canadian government has been of no help at all,” said Love. “Ironically, we are asked to be a media partner for government programs and many organizations that get government funding, but we are routinely neglected in government programs, even those that fund much larger publications.”

Last year, Love notes that the company was asked to be a media partner for a large event in Montreal with a budget of close to a million dollars, funded by the federal government. “We didn’t get a cent in support and they even asked us to pay our own expenses in covering this event. Everyone else – the venue, the caterers, the staff – all of them got paid. Not a cent for a publisher. They didn’t even place an ad.” 

The company is struggling to negotiate with its bank and creditors, but without a surprisingly modest investment, the company simply cannot survive.  Love has reached out to potential investors and the company has published this open letter appealing to the government, the tech industry, and other potential sources of investment. Failing that, the company may have to shut down for good.

“If that happens,” Love noted, “who will tell the stories of the Canadian technology community? Time and again, the audience we’ve attracted and the awards and accolades we’ve won have proven the need for a strong Canadian voice and those unique stories that our audience wants to hear, not some ‘maple-washed’ version from a large U.S. publisher.”

Will that voice be missed? As Love noted. “Ask yourself. Is a U.S. publisher with a page on Canada going to tell the stories we tell? Not likely.”  

Will this iconic Canadian voice survive? Stay tuned.

For more information, you can contact me at jlove@itwc.ca and at least for the next few weeks, I’ll be continuing what is now my personal podcast, Hashtag Trending. 

The post IT World Canada fights for survival first appeared on IT World Canada.

OpenAI hits back at Elon Musk: Hashtag Trending for March 7, 2024

OpenAI hits back at Elon Musk, 90 percent of statistics published on the Internet aren’t true, 30,000 Fidelity customers in the US have their data stolen and those hospital alarms sounds may not save lives – and they are responsible for a lot of deaths.

All this and more on the “lies, damned liars and internet statistics” edition of Hashtag Trending. I’m your host, Jim Love, CIO of IT World Canada and TechNewsDay in the US.

So, it turns out that Elon Musk’s lawsuit might have left out a few details. A big part of Musk’s lawsuit accuses OpenAI of changing from a not for profit to a for profit company and of giving Microsoft control of AI.

But documents released by OpenAI claim that the board didn’t want to try to become a for profit company, because a not for profit could not raise the amount of money that would be required to pursue their mission of Automated General Intelligence. They also maintain that Musk knew that all along an didn’t object.

Not only did he not object, but again, according to the documents released by OpenAI, Musk actively wanted to merge the company with Tesla, a company he controls.

The board was concerned about turning over control to any one person, especially if that person is Elon Musk.

As to Musk’s claim that the board has given away the rights to Artificial General Intelligence and made Microsoft a “defacto owner” of AGI, OpenAI has already pointed out in a staff memo yesterday, that Microsoft’s agreement does not entitle that company to any ownership or right to AGI. Further, that memo indicated that it was in the board’s sole discretion to say what was AGI and what was not.

It does have access to the “standard” generative AI products produced by OpenAI, like GPT 4. But without the 10 billion dollars brought in from Microsoft, everyone, including Musk, knew that OpenAI would not have been able to have the computing power to pursue their AI research and development.

Or as ChatGPT would have said if we asked it to summarize Musk’s position as if they were William Shakespeare, “methinks the Elon doth protest too much.”

Source: AIGrid (YouTube) and the Verge

A recent set of takeaways from a Europol report has received widespread quotation across the internet, including a statement that 90% of Online content will be AI-Generated by 2026.

The only problem is, that quote is nowhere to be found in the report, according to an article published by a company called Oodaloop.

The article also contains some very interesting stats from a report by the UK based firm Public First.

62% of respondents supported the creation of a new government regulatory agency, similar to a medical regulatory agency, to regulate the use of new AI models.

Overall, 32% thought advanced AI would make us safer, compared to 18% who thought it would make us less safe. When asked about specific risks from advanced AI, the most important were perceived to be increasing unemployment (49%)

Even though this is a UK report, it has some interesting research in it. We’ll post a link to those in the show notes.

But as someone who puts together a daily newscast, there was a real lesson here. Just because a lot of people say a statistic exists, doesn’t mean that it does.

Sources include: Oodaloop

Nearly 30,000 Fidelity Investments Life Insurance customers’ personal and financial information is feared stolen in a suspected ransomware attack, following a breach into Infosys’ IT systems last fall. The compromised data likely includes bank account and routing numbers, credit card numbers and security codes, names, Social Security numbers, states of residence, and dates of birth. This breach could potentially enable identity theft scams or unauthorized financial transactions.

Infosys, an Indian tech services giant, experienced the cybersecurity incident affecting its US subsidiary, Infosys McCamish Systems (IMS), which led to the shutdown of some applications and IT systems. LockBit, a notorious ransomware gang, claimed responsibility for the intrusion. This incident marks another significant data breach involving Infosys, following a similar disclosure last month related to a Bank of America data leak.

The cyberattack occurred between October 20 and November 2, disrupting services provided by Infosys to both Fidelity and Bank of America. Fidelity has been working with IMS to investigate and contain the event, implement remedial measures, and safely restore services.

Sources include: The Register

Hospital workers are exposed to up to 1,000 alarm noises per shift, leading to a phenomenon known as “alarm fatigue.” This sensory overload has been linked to hundreds of deaths annually. A new study suggests that replacing standard monotonous hospital alarms with more musical ones could significantly reduce alarm fatigue while making key equipment less annoying.

The study, which involved experimenting with different musical sounds for hospital alarms, found that only 15% of all alarms in the critical care unit environment were clinically relevant. The high number of false alarms contributes to alarm fatigue, a desensitization caused by sensory overload, potentially leading to missed alarms. Between 2005 and 2010, the US FDA reported 566 alarm-related deaths.

Researchers Joseph Schlesinger, an anesthesiologist at Vanderbilt University Medical Center, and Michael Schutz, a music cognition researcher at McMaster University, have been exploring how timbres might allow softer sounds to command the attention of busy medical personnel. They discovered that sounds with a “percussive” timbre, containing short bursts of high-frequency energy, stand out even at low volumes. In contrast, loud, “flat” tones without high-frequency components tend to get lost.

In their study, 42 participants were presented with six alarms: half designed according to a standard alarm and half with a new timbre based on the sound of a xylophone. The researchers assessed participants’ perceived annoyance with the different alarms and their ability to recognize them. The results showed that complex percussive timbres were considered less annoying in 88% of instances compared to standard tones used in medical devices. Alarm melodies in an acoustically rich timbre were no more difficult to identify than standard hospital beeps.

This research indicates that musical timbres can significantly reduce perceived annoyance without harming alarm learnability. It represents a step towards improving alarm design while addressing the issue of excessive alarm sounds among medical devices. Future research will explore how different timbres affect other important perceptual issues, such as alarm detectability.

Sources include: NewAtlas.com

The study was published in the journal Perioperative Care and Operating Room Management.

That’s our show for today.

Love your comments.

Send us a note at jlove@itwc.ca or drop us a comment under the show notes at itworldcanada.com/podcasts – look for Hashtag Trending.

Thanks for listening and have a Thrilling Thursday.

 

 

 

 

 

 

 

 

The post OpenAI hits back at Elon Musk: Hashtag Trending for March 7, 2024 first appeared on IT World Canada.