Category: News

Data may have been stolen in London Drugs cyber attack, Congressional testimony today by UnitedHealth CEO on ransomware attack, and more.

Welcome to Cyber Security Today. It’s Wednesday, May 1st, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.

 London Drugs, a Western-Canadian drug store chain, is still trying to recover from what it calls a cybersecurity incident that was discovered on the weekend. On Tuesday afternoon, when this podcast was recorded, the company said in a tweet that all of its stores were still closed and phone lines disconnected until it can get on top of the attack. But the company now says it is investigating if any data might have been compromised in the attack. That’s a change from Monday, when it said at that time there was no reason to believe that customer or employee data has been impacted. London Drugs is similar to Walmart in that it not only has pharmacies but also sells a wide range of consumer and electronic products. It has 80 stores across four Canadian provinces and more than 9,000 employees.

Expect fireworks this afternoon at a U.S. Congressional committee hearing. UnitedHealth Group CEO Andrew Witty is scheduled to testify about February’s ransomware attack. The AlphV/BlackCat gang hit a division called Change Healthcare that provides billing and data services to hospitals and clinics across the U.S., causing financial woes in the healthcare sector. When Witty appears committee members will be armed with a copy of his opening statement, which says the attackers used compromised credentials to break into a portal protected with a Citrix application. But portal logins weren’t protected with multi-factor authentication. UnitedHealth bought Change Healthcare two years ago. Witty also says the decision to pay a ransom to get access to stolen and encrypted data was his. The number of victims impacted by the incident would be equal to a “substantial portion of people in America,” Witty says.

(Livestream the hearing from here:  https://energycommerce.house.gov/ )

Developers using the R programming language are urged to update their version fast because of a vulnerability. Researchers at HiddenLayer say the open-source environment often used for statistical computing has a hole that could allow an attacker who creates a malicious RDS file to execute code. Developers should upgrade to version 4.4.0. R is widely used in healthcare, finance and government IT departments.

The U.S. Federal Communications Commission has levied almost US$200 million in fines against Sprint, T-Mobile, AT&T and Verizon for selling customers’ real-time location information to data brokers without subscribers’ consent. The fines had been proposed four years ago.

To comply with a European law, Apple is allowing users of its devices in the EU to get apps not only from the Apple store but also from other app marketplaces. However, researchers at an app maker called Mysk say the way Apple allows this through its Safari browser is clumsy. In fact, they argue Apple’s approach can expose iPhone users in the EU being tracked. That’s because the Safari solution doesn’t allow the origin of a marketplace website to be checked against the site’s URL. The Brave browser does that.

The United Kingdom’s new cybersecurity product protection legislation came into effect Monday. Manufacturers selling equipment in the U.K. are forbidden from allowing easy-to-guess default passwords, and have to provide a point of contact so people can report security issues. Is it time for your state or province to adopt a similar law?

J.P.Morgan is notifying almost 452,000 people of a data breach caused by employees or their agents. The financial giant acts as a benefit payments agent for an unnamed company. Three people used their access to create reports with plan participation information including names, addresses, Social Security numbers and certain personal financial information.

The Philadelphia Inquirer is notifying more than 25,000 people their personal information was copied in a hack just over a year ago. Information stolen included names, financial account or credit/debit card numbers, as well as security codes, passwords or PIN numbers for the accounts.

Governments in the U.S., Britain and elsewhere offer free cybersecurity tools for businesses. The Canadian Centre for Cyber Security has just released its latest: A platform called Howler. It’s an open-source application to help security operation centre (SOC) teams triage and investigate incidents, suspect files and alerts. In simple terms, it’s a workflow management system. A triage analyst watching for suspect actions can rank incidents and assign work for further investigation. Filters can also be created so teams can automatically dismiss known scenarios and focus on critical issues. You don’t have to be Canadian to get Howler. It can be downloaded by anyone with a Github account.

Finally, as I mentioned last week tomorrow is World Password Day. It’s a day that IT leaders should think about whether their organization uses the most effective password strategies to protect against logins by threat actors. That includes making a phishing-resistant multifactor authentication solution mandatory for all employees, giving each employee a password manager so they can create and store complex passwords without having to memorize them and looking at alternatives to passwords like biometric authentication.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, May 1, 2024 – Data may have been stolen in London Drugs cyber attack, Congressional testimony today by UnitedHealth CEO on ransomware attack, and more first appeared on IT World Canada.

Credential stuffing attacks are hitting firms using Okta ID management solutions, and more.

Welcome to Cyber Security Today. It’s Monday, April 29, 2024. I’m Howard Solomon.

Credential stuffing attacks on organizations that use Okta’s identity and access management solutions have spiked in the last nine days. The company issued that warning on Saturday. It comes after Cisco Systems warned last week that it is seeing large scale brute force attacks on a number of gateways and web application authentication services. These are attacks where hackers try to sign-in using large lists of usernames and passwords collected from data breaches, phishing or malware campaigns. The attacks use anatomizing tactics like being routed through TOR networks or residential proxies. Regardless of where the attacks come from, IT administrators have to take defensive steps. These include turning on security features in cloud-based authentication services for logins, insisting employees use phishing resistant multifactor authentication or passwordless authentication and creating network zones to block login requests from countries where your organization doesn’t operate.

Anyone looking online for a job should be careful they aren’t taken in by a scam. That includes software developers, who are being tricked into downloading malware under the guise of proving their coding abilities. That’s the warning from researchers at Securonix. Threat actors possibly from North Korea are setting up fake online job postings and interviews from legitimate-looking companies. To test their skills applicants are asked to download software from places that appear legitimate, like the GitHub open source code repository. However, what they download is malware that can steal information from developers’ computers. It’s been said before: Be careful answering job ads on the internet.

Kaiser Permanente, which operates hospitals and clinics across eight states and the District of Columbia, says information on about 13.4 million current and former members and patients was recently leaked. How? Through third-party data trackers installed on its websites and mobile platforms. The admission was made to the Bleeping Computer news service. The data was collected by Google, Microsoft Bing and X social media platform. The data would have IP addresses, names and details about searches. But it didn’t include passwords or financial information. Bleeping Computer notes usually tracker data is shared with advertisers and data brokers.

An American debt collection agency is notifying almost 2 million people about a data breach. Financial Business and Consumer Solutions says its IT system was hacked in February. Data stolen included names, Social Security numbers, dates of birth and individuals’ account information.

An accounting and consulting firm that does analytics for healthcare providers is notifying just over 1 million Americans of a data breach at its IT provider. Berry, Dunn, McNeil & Parker says that last fall a hacker got into the system of Reliable Networks of Maine, the managed service provider of the analytics unit. Data stolen included names, addresses, drivers licences and non-driver identification card numbers.

Twenty-three staff members of the Los Angeles County Health Services agency fell for a phishing scam in February that resulted in the theft of patient data. In a letter sent to affected people last week, the county said a hacker was able to get hold of the login credentials of 23 employees who clicked on a link in an email message. The notice doesn’t say how many people were victims. What the thief got was data that could have included names, dates of birth, home addresses, phone number(s), e-mail addresses and personal medical information.

A new Android malware that steals bank login information from smartphones has been discovered. Researchers at ThreatFabric call it Brokewell. It’s getting distributed by ads claiming to be an update for the Chrome browser. When you want to update any browser — or any application — don’t click on an ad, a text message or a popup claiming to be an update. Update only through the application’s settings.

Finally, should people and companies who provide cybersecurity services be licenced? Earlier this month Malaysia passed legislation requiring cybersecurity professionals and service providers to be licenced. Regulations on which providers of services will need to be licenced haven’t been worked out yet. But Malaysia follows Singapore and Ghana to require a licencing scheme. Ghana requires not only businesses but cybersecurity pros providing managed services, penetration testing and vulnerability assessments to be licenced. The news site Dark Reading quotes one expert worrying that licencing is a way to control researchers and journalists who want to blow the whistle on lax cybersecurity in businesses and government. Another expert says it could help develop cybersecurity specialists. A commentator with the SANS Institute notes that the idea is to help weed out unqualified people from being hired for cybersecurity work. But it will depend on what knowledge cyber pros are supposed to have.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, April 29, 2024 – Credential stuffing attacks are hitting firms using Okta ID management solutions, and more first appeared on IT World Canada.

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday April 26, 2024. From Toronto, I’m Howard Solomon.

In a few minutes David Shipley, head of Beauceron Security, will be here to discuss some of the biggest news of the past week. They include the latest developments in the ransomware attack on Change Healthcare, a vulnerability found in an abandoned open source project, the next step in Canadian cybersecurity legislation for overseeing critical infrastructure and the passing in the U.S. of a law demanding China’s TikTok become Americanzied.

But before we get to the discussion here’s a review of other headlines from the past seven days:

The Top 10 countries hosting the greatest cybercriminal threats are led by the usual suspects: Russia, Ukraine and China. That’s according to university researchers. Others nations in descending order are the U.S., Nigeria, Romania, North Korea, the United Kingdom, Brazil and India. The countries in the Cybercrime Index were ranked on the professionalism and technical skill of resident threat actors. Russia was easily ahead of number two Ukraine by more than 20 points.

A threat actor has been interfering with the software update mechanism of the eScan antivirus product. According to researchers at Avast, the goal is to install backdoors and coinminers on corporate IT networks by substituting a maliicous update for a real one. Based in India, eScan is also sold in the U.S., Latin America, Germany and Malaysia. The vulnerability was supposed to have been fixed last July. Avast says it is still seeing new infections, perhaps because some eScan software on corporate computers hasn’t been updated properly.

Among the continuing problems suffered by the city of Leicester, England from a ransomware attack seven weeks ago is the inability to shut some city street lights. A local news site reports the problem is a residue of having to shut municipal IT systems. The attackers stole and published city data.

Some brands of booze in Sweden may be hard to get hold of this weekend because of a ransomware attack on a liquor distributor, the company has warned.

Pressure from police to block end-to-end encryption on common apps continues. Last week European police chiefs issued a statement urging governments and industry to stop allowing end-to-end encryption of apps and social media platforms. They say it will stop law enforcement from obtaining evidence for criminal charges. Others say end-to-end encryption protects privacy.

A veterinary clinic in Marysville, Kansas is notifying almost 26,000 customers their data was stolen when the company’s online payments page was compromised. Credit card data was among the information copied earlier this year.

The public school board of Buffalo, New York is notifying just over 19,000 people some of their personal information was seen by a hacker. The incident took place in February when two email accounts were accessed. Names, contact information and Social Security numbers could have been seen.

And the Catholic Diocese of Cleveland is notifying almost 10,000 people that personal data was copied when a hacker compromised an employee’s email account early this year or late last year. Information included names and Social Security numbers. You may recall last Friday I reported that the Catholic Diocese of Phoenix was notifying people of a data breach.

(The following is an edited transcript of the first of four topics in the discussion. For the full discussion play the podcast)

Howard: Joining me now from Fredericton, New Brunswick is David Shipley, CEO of Beauceron Security.

Let’s start with the latest from the February ransomware attack on Change Healthcare, a technology and payments provider to hospitals and clinics across the United States. On Monday parent company UnitedHealth Group acknowledged that data stolen “could cover a substantial proportion of people in America.” That’s short for “this was a huge data breach.” Data stolen included protected health information or personally identifiable information, but not doctors’ charts or full medical histories. In addition, UnitedHealth told TechCrunch that a ransom was paid to the hackers “to do all it could to protect patient data from disclosure.” This lines up with claims by an affiliate of the BlackCat/AlphV ransomware gang that Change Healthcare paid US$22 million to the gang — but the gang leaders took all of the money and didn’t pay the affiliate their cut. Meanwhile, a second ransomware gang, RansomHub, is posting data it says is from Change Healthcare. It isn’t clear if that was part of the original data theft or a new hack.

David Shipley: Keep in mind that the previous high water mark for a substantial proportion of the population was the Anthem Blue Cross breach in 2015 in which 80 million people’s records were stolen and resulted in a $117 million dollar class action settlement in which Anthem did not admit any wrongdoing. The attack was allegedly tied to nation-state level espionage and was quite sophisticated. But it was the pre-ransomware cowboy era , not the that we’re in now. So my thoughts are, this one is going to be massive.

Howard: What did you think about the UnitedHealth announcement and this whole ransomware attack — in particular where the AlphV/BlackCat gang seems to have taken all the money and then announced they were disbanding?

David: It’s not the first time bad actors have taken the money and run exit scams. I think what we’ve just discovered is number 1, when you cripple the healthcare system to the level that they just did, when you mess with the pharmacy for the U.S. military, you start thinking, ‘Maybe it’s time to get out of Dodge.’ Yes, they are probably getting a whole lot of heat. So it made sense. Essentially these are little cockroaches, though. They just scurry they hide and then they reform and they come back again a rebranded group. But there’s still the awfulness.

What I’m dying to know is did UnitedHealth get the [data] unlock keys, because if they [AlphV/BlackCat] stiffed the affiliate and they ran with the money did they at least throw them [United Health] a bone so they can lock their data? Or did they just completely run? Even though healthcare data is the one area where I’ve given a hall pass on [allowing] paying ransoms, I kind of hope they didn’t give them the key because this might finally the nail in the coffin of people thinking, ‘Paying the ransom is the sanest option for our business.’

Howard: I want to go back to the huge numbers [of potential victims]. This is 2024. Maybe organizations can’t stop every cyber intrusion but shouldn’t IT leaders know enough that that systems have to be segmented so that no more than a small chunk of data can be stolen?

David: I don’t necessarily disagree. But I think what you’re saying presumes that people can accurately simulate or test chains of consequences in the digital environment. That each on their own is not catastrophic. But when combined in very unique ways, boom! What do I mean by that? Let’s just take a story: A server that was in the testing environment that never got switched off on its own, probably not that big of a deal [if it’s compromised]. Take that server and now it’s actually in production, problematic if it’s not getting patched, if it’s being over-provisioned with way too much access. See Microsoft’s recent pain. Think if people knew things like that, where big glaring red alerts are, would they do something about it? They absolutely would act on it. I am completely convinced that we cannot accurately deal with this [cybersecurity] because of cyber chaos theory … We presume with great arrogance that we have control over increasingly complex opaque systems or systems-in-systems and that we can somehow get a handle on all the possible permutations and combinations that can lead to cyber attacks. See Microsoft’s two very painful breaches this year [as evidence] that even the biggest of us can’t do it.

Howard: Also on Monday the Wall Street Journal said that whoever broke into Change Healthcare used a stolen username and password. That’s still a highly usable weapon [for threat actors].

David: Usernames and passwords have been in play in computing for 50-plus years. Mark my words they will be around for at least another 50 years. Change is hard in technology. Change is even harder in humans. We are not even through the beginning of the end chapter when it comes to passwords. This is why people, process and culture are the root of cyber events, not just technology.

Howard: Next Tuesday, UnitedHealth CEO Andrew Witty is scheduled to testify before a committee of the U.S. House of Representatives. They won’t be in a good mood.

David: Grab your popcorn. But also in a certain sense UnitedHealth is paying the price that all of us have incurred by not demanding better when it comes to cyber hygiene for critical infrastructure, by demanding increasingly digital systems and never anticipating the negative consequences that come from the use of technologies. As a species we have a damn near fatal blind spot when it comes to the risk side of technology. We are so overly hyper-focused on all the benefits all the rewards, all the gains, or all the coolness, of something bright and shiny that we never stop to think, ‘Just because we can do something doesn’t mean we should do something.’

Howard: And this attack has been hugely expensive for the company. Last week UnitedHealth estimated that costs so far for remediating this mess is US$872 million. On top of that, it’s provided billions of dollars in advance funding and no-interest loans to healthcare institutions, their customers, that were caught short when Change Healthcare systems had to be temporarily closed …

David: Maybe the best thing that comes from that is that people will invest [in cybersecurity] because you know that $800 million remediation cost? We have a term for that: We call it ‘technical debt’ …

Howard: What if they had spent, say, $10 million [more] on increased cyber security [before the attack]?

David: The lack of independent, academic peer-reviewed studies into root cause analysis [of incidents], like a CSRB [Cybersecurity Safety Review Board] report could point at that. That is the most important thing we’re missing. In this industry we love to haul around and scare the pants off people. “Six billion dollars is going to be lost to cybercrime!” But we don’t tell them how easy it could have been to avoid, or the massive amount of ROI [return on investment] that just comes from doing it [cybersecurity] proactively.

The post Cyber Security Today, Week in Review for week ending Friday, April 26, 2024 first appeared on IT World Canada.

Patch warnings for Cisco ASA gateways and a WordPress plugin.

Welcome to Cyber Security Today. It’s Friday, April 26th, 2024. I’m Howard Solomon.

Network administrators with Cisco Systems’ ASA security appliance on their networks are urged to install the latest security patches. This comes after the discovery of two zero-day vulnerabilities that are being exploited. Cisco says the attacker is likely a government-backed threat actor. Although compromised devices were first seen in January, attack activity may have started as early as last November. Cisco can’t say right now how devices were compromised. This attack deposits a backdoor on ASA gateway devices, which have combination firewall, antivirus, intrusion prevention, and virtual private network capabilities. Cisco also says network telemetry and information from intelligence partners indicate the actor is interested in — and potentially attacking — Microsoft Exchange servers and network devices from other vendors.

A threat actor is hiding behind the cache of a content delivery network to deliver information-stealing malware to organizations around the world. That’s according to researchers at Cisco’s Talos threat intelligence service. Firms hit so far are the U.S., the U.K., Germany, Norway, Poland, Japan and elsewhere. The researchers suspect the threat actor is a Vietnam-based group they call CoralRaider. It’s suspected employees are tricked by phishing emails into downloading and opening a malicious ZIP file that triggers infection. Inside the ZIP file is a shortcut file that starts a PowerShell command. It eventually downloads malware for vacuuming up credentials, cookies, credit card numbers and anything else it can find.

Last September researchers at Sekoia took over a command and control server distributing the worm version of the PlugX backdoor. The goal of the takeover was to sinkhole the distribution botnet — in other words, automated requests for the malware would disappear as if into a sinkhole. However, Sekoia said this week there are still tens of thousands of internet-connected devices trying to connect to the server every day. In other words, this worm can’t be completely stopped because it’s still replicating itself. Because Sekoia controls the distribution server it thinks it could issue a command to infected computers to delete PlugX, but there are legal implications. Deleting it from infected flash drives that spread it may be harder, especially if they aren’t plugged into a computer. Because infected USB keys and storage devices are still used to spread many types of malware Sekoia urges IT administrators to prevent any file from executing from a removable device, or set Windows to deny removable devices from being used by any employee.

Threat actors are actively exploiting unpatched installations of WordPress that use a vulnerable version of the WP Automatic plug-in. That’s according to researchers at WPScan. This plug-in allows the automated posting of content to any website. The hole in the plugin — a SQL injection flaw — was revealed weeks ago and a patch is available. Slow patchers are paying the price by seeing their WordPress accounts taken over.

Despite efforts of educators and job recruiters to boost the participation of women in cybersecurity, the number of females working in the sector hasn’t budged much. That’s one of the findings of a close look at data collected in the annual global cybersecurity workforce study by the ISC2. The full report was released in February, but the analysis of the survey responses of women was released this week. The number of women in the industry is estimated to be between 20 and 25 per cent. But there’s a higher representation among workers under the age of 44. On average, respondents said 23 per cent of their security teams are made up of women. However, 11 per cent of all survey participants said there were no women on their security teams. Twenty-one per cent of men surveyed couldn’t estimate how many women were on their security teams. By comparison 13 per cent of the women respondents said they couldn’t guess how many teammates were women. The salary gap between men and women still exists. On average it’s about $5,400. The report says there are several ways employers can help increase women’s participation in cybersecurity including setting hiring, recruitment and advance metrics in the organization, and making pay equity a priority.

That’s it for now. But later today the Week in Review podcast will be out. Guest commentator David Shipley of Beauceron Security will discuss the future of TikTok, the latest in the Change Healthcare ransomware attack, the latest progress in Canada’s proposed cybersecurity law regulating some critical infrastructure sectors and more.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, April 26, 2024 – Patch warnings for Cisco ASA gateways and a WordPress plugin first appeared on IT World Canada.

Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more.

Welcome to Cyber Security Today. It’s Wednesday April 24th, 2024. I’m Howard Solomon.



Security teams may be getting better at finding hackers lurking in their IT systems. That’s according to Mandiant’s latest annual M-Trends report. The mean time an attacker spent on Mandiant customers’ networks before being detected dropped last year to 10 days. That’s compared to 16 days before being detected in 2022. However, the report suggests ransomware played a key in the drop because it tends to be detected more quickly than other malware. Having a hacker in your system for 10 days, though, isn’t a lot to cheer about. Here’s something else to think about: Last year 54 per cent of those surveyed who were hacked said they first learned of the compromise from an external source, like a law enforcement agency, customer or a security researcher, and not their own staff. That’s an improvement from 2022. But that number jumped to 70 per cent who learned from an outside source they’d been compromised in cases of ransomware. That’s because most organizations only learn they were penetrated by the ransom note left by the attacker.

The parent company of American healthcare payment processor Change Healthcare has acknowledged it paid a ransomware gang that hit the company in February. UnitedHealth told the TechCrunch news service that a ransom was paid to protect patient data from disclosure. The company wouldn’t confirm reports that $22 million was paid to the AlphV/BlackCat gang. The gang reportedly took all the money and didn’t pay the affiliate that stole data. That data is up for sale by a gang called RansomHub. How much data was stolen? UnitedHealth didn’t say, but does admit it “could cover a substantial proportion of people in America.”

Application developers must make sure their software doesn’t include code from abandoned open-source projects. The warning comes from researchers at Legit Security, who recently discovered a dependency confusion vulnerability in the Apache Cordova App Harness project. That project is no longer supported, but last month was still available in some open-source code repositories. Briefly, if an application included this code it could have been swapped for a malicious version with the same name that had been planted in an open-source repository. Apache has been notified and taken action. But the incident is a warning to developers to audit their codebase and replace archived or unmaintained third-party code.

The U.S. is offering a reward of up to US$10 million for the location of four Iranians who allegedly hacked American government departments, defence contractors and two New York based companies. An indictment naming the four was released Tuesday.  The attacks allegedly took place between 2016 and 2021. In one case the group compromised more than 200,000 employee records of an organization.

Separately, the U.S. is imposing visa restrictions on 13 people involved with or family members of developers or sellers of commercial spyware. This is part of a promised crack-down on the misuse of commercial spyware announced in February.

Microsoft has published new research about the tool used by a Russian gang that has been exploiting a vulnerability in the Windows Print Spooler service. The threat actor is called Forest Blizzard, Strontium and APT28 by some researchers. The tool used to exploit the vulnerability is called GooseEgg. Security teams may find the background report to help defend their environments. This hole was discovered and patched in 2022, but the gang may have been using it since 2019.

University of Calgary computer science professor Ken Barker has been named scientific director of Canada’s National Cybersecurity Consortium. He has held the position in an interim role for the past 12 months. The coalition works with the public and private sectors to encourage cybersecurity education and innovation in higher education and businesses. The consortium is currently funding 20 research projects ranging from finding ways to better protect critical infrastructure to supporting a masters degree in cybersecurity management.

Finally, a week today will be World Password Day. So start thinking if your passwords are safe. Make sure your passwords — or better, passphrases — are at least 14 characters long and include a number, a capital letter and a symbol. Use a password manager to keep track of them. That way you aren’t tempted to create a simple password that can be guessed. And IT managers should set up multifactor authentication for employees to guard against a hacker guessing or cracking passwords. Think about this: it will take 22 hours in a brute-force attack to crack an eight-character password made up of only lower-case letters. That’s according to a new calculation by Hive Systems. Twenty-two hours might deter a threat actor who wants fast results. It might not. However, the analysis assumes an organization stores the password using the latest protection algorithms. If not, a brute force attack will crack any password faster. A 14-character password with a mix of upper and lower case letters, a number and a symbol would take 805 billion years to crack in a brute-force attack. Even if it was made up of lower-case letters, it would take 766 years to crack. Passwords should never be common words like ‘elephant’ or ‘Susan’ — or ‘Susan123’ — but a phrase with two or more words that can’t be guessed. And never use the same password on different sites. This advice, of course, applies to home computers as well.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more first appeared on IT World Canada.

Vulnerability found in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more.

Welcome to Cyber Security Today. It’s Monday April 22nd, 2024. I’m Howard Solomon.

A warning is going out about a vulnerability in another file transfer platform. The hole is in CrushFTP servers, which run on Windows, Linux, Unix and macs. Versions below 11.1 are open to compromise. The exceptions are servers that have a DMZ in front of their main CrushFTP servers.

Cisco Systems has released security updates to close vulnerabilities in its Integrated Management Controller, a web interface used in a number of products. A remote hacker could exploit one of these vulnerabilities to take control of a system. Products affected include 5000 series Enterprise Network Compute Systems, UCS-C, E and S series servers, and Catalyst 8300 series edge servers.

LastPass, which makes a password manager used by companies and individuals, says a phishing campaign to trick users into giving up their passwords has begun a new phase. People get a phone call claiming their LastPass account has been compromised and are asked to press 2 to block the attack. Then the victim gets a second phone call from a person pretending to be a LastPass employee, who sends them an email with a supposed link to reset their account. The link, though, goes to a fake LastPass web page where the victims’ passwords are copied so the crook can enter their LastPass account and change the access password. From there the crook can do nasty things like access bank accounts. No one will call you claiming to be from LastPass support. Or Microsoft. Or your bank. Or the government.

A new variant of the Redline information stealer has been spotted. Researchers at McAfee don’t say how it’s being distributed. But it seems to be aimed at gamers because the malware tries to install an application called Cheat Lab. But network defenders should note two things: The malware appears to be hosted on Microsoft’s official GitHub repository. As researcher Ax Sharma notes in a tweet, that takes advantage of a GitHub flaw. Defenders should also note the malware includes a Lua just-in-time compiler to help evade detection.

Administrators that use Ivanti’s Avalanche mobile device management software should consider the application as well as the laptops, smartphones and other devices they manage to be compromised. That’s the advice from commentators at the SANS Institute. It follows the release by Ivanti of security updates to patch more 17 vulnerabilities.

Separately, last week the MITRE Corp., which creates cybersecurity frameworks, admitted a threat actor used two zero-day vulnerabilities in its Ivanti Connect Secure gateway earlier this month to get past defences. Using session hijacking, the attacker was able to get past multifactor authentication. Then they dug deep into MITRE’s VMware infrastructure using a compromised admin account to steal credentials.

The latest list of American organizations notifying customers or employees of data breaches includes

–The Township of Montclair, New Jersey is notifying almost 18,000 people that some of their information was stolen in a data breach last May. Among the information copied were names, driver’s licence numbers and non-driver ID card numbers;

–Kisco Senior Living, a chain of seniors’ residences in 12 states, is notifying over 26,000 people of a data breach that happened last June. Data copied included names and Social Security numbers;

–Green Diamond Resource Company, which logs forests in five states, is notifying almost 28,000 people about a data breach last June. Data copied includes names, Social Security numbers, financial account information, full-access credentials, and driver’s license numbers or state identification numbers.

Finally, cyber defenders may be interested in a background report released last week by several law enforcement agencies on the Akira ransomware gang. It includes a list of the gang’s tactics and indicators of compromise.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

The post Cyber Security Today, April 22, 2024 -Vulnerability in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more first appeared on IT World Canada.

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, April 19th, 2024. I’m Howard Solomon.

In a few minutes Jen Ellis, a member of the Ransomware Task Force will be here to talk about the group’s recent report on what governments need to do before banning ransom payments. But first a look at some of the headlines from the past seven days:

Sophisticated cyber attacks aren’t new. But old-fashioned brute force credential attacks are still being used by threat actors. Researchers at Cisco Systems’ Talos threat intelligence service say brute force attacks have increased since March. The targets are wide and include virtual private network services, web application authentication interfaces and SSH services. IT leaders should make sure this type of attack is made difficult by having all employees use multifactor authentication and other defensive tactics to block brute-force logins.

Russia’s Sandworm cyber group has been upgraded to an advanced persistent threat actor by researchers at Mandiant. An arm of the Russian military, Sandworm is linked to the NotPetya data wiper that was aimed at Ukraine but escaped around the world, as well as cyber attacks in 2015 and 2016 on Ukraine’s energy grid. But Mandiant also warns this group has tools for collecting intelligence, spreading disinformation and sabotaging IT networks in any country to support Russia’s political aims.

Separately, Microsoft warned in a report that Russia has increased its anti-Ukraine disinformation messages to Americans online in the run-up to this year’s U.S. elections. This includes video commentary spread by websites that are covertly managed by Russia. The report also says China is in the game, using artificial intelligence applications to create videos and manipulated images.

At the same time the U.S. Director of National Intelligence issued an eight-page report on the latest tactics by Russia, China and Iran to undermine confidence in the upcoming U.S. elections through fake online personas on social media.

Organizations using SAP’s business applications continue to be targeted by threat actors. That’s according to researchers at Onapsis and Flashpoint. No doubt it’s because some of the biggest companies in the world use SAP software. How valuable is it to an attacker? The prices hackers are paying to buy a remote exploit for SAP applications increased 400 per cent in the past four years. What’s of concern is that many victims have SAP installations without the latest patches. IT staff in charge of patch management have been warned.

UnitedHealth, the American parent company of Change Heathcare, said in a regulatory filing that the first quarter cost of handling February’s ransomware attack came to US$872 million. The news service The Register notes that’s on top of perhaps as much as US$6 billion in advanced funding and interest-free loans UnitedHealth had to give many support care providers using its services.

An arm of the United Nations has admitted being hit recently by ransomware. The UN Development Programme told the cybersecurity news service The Record that data on current and past employees was stolen from a server. The 8Base ransomware gang has taken credit for the attack. The same gang is taking credit for a ransomware attack on the Atlantic States Marine Fisheries Commission.

A cyber attack on New York state has disrupted work printing legislation and the upcoming budget.

A Michigan health care provider is notifying over 184,000 people their data was stolen last December. Cherry Street Services, which provides primary, dental, vision and other services, says data stolen included names, dates of birth, Social Security numbers, diagnosis and treatment information, health insurance information and more.

And the Roman Catholic Diocese of Phoenix, Arizona is notifying over 23,000 people, including those in the dioceses’ employee benefits plan, their data was stolen. In the incident discovered in January, people’s names, addresses, dates of birth and Social Security number were copied.

(This transcript is an edited version of the conversation. To hear the full discussion play the podcast)

Howard: Joining me now from Cambridge, England to talk about fighting ransomware is Jen Ellis, a co-chair of the Ransomware Task Force and host of the Distilling Cyber Policy podcast.

I’ve asked you to be on the show because last week the Task Force, which is an international group of experts, issued its third report since 2021. A Roadmap to the Potential Prohibition of Ransomware Payments, outlines a roughly two-year plan for what ought to be done if governments want to institute a ban on ransomware payments. We’ll talk about that report in a minute. First tell us about yourself.

Jen Ellis: As you can probably tell [from my accent] I’m British, but I started doing policy engagement when I lived in the U.S., which I did for many years. I worked very, very closely with security researchers for a long time and started to understand that the legal environment in the U.S. was chilling research and hurting both the security industry, but also much more importantly, society as a whole by holding back security information from society. So I started to get involved in policy. It expanded really quickly from there into looking at all sorts of different areas around policy connected to cybersecurity, and also looking at how we could bridge the gap between the policy community and the technical community so that as the policy community is looking at policy around technical topics, we’re plugging in people who are actually working on the front lines who have the real technical knowledge and they understand what’s coming.

I think that bridge is super important. So fast forward to 2020 when we started looking at this ransomware issue, in the RTF [Ransomware Task Force] and pulled that together. These days I work with non-profits and with governments to one bridge that gap and to help sort of assist with developing policy positions around cyber.

Howard: It seems that because the number of reported successful ransomware attacks continues to increase that little progress is being made. The Task Force’s recent report says “the majority of organizations globally are still under-prepared to defend against or recover from a ransomware attack.” Why?

Jen: I wish there was a really simple answer. If I wanted to be flippant, the simple answer is life: Because there’s so much layers of complexity around competing demands on resources, on time and on attention, a lack of true understanding about what’s going on, there’s an inability for organizations to respond appropriately.

There’s so much noise out there, and so little of it helps organizations really understand what to do. Incentives work in the wrong direction, in many cases — for example, the incentives around companies that make technology to constantly be building really quickly and moving on to the next thing. It’s not taking your time doing it right, making sure you’ve tested for everything, going back and acknowledging vulnerabilities in your technology. All of the incentives work in the wrong direction for security to work. And so we have an ecosystem where we have the vast majority of companies can’t afford, haven’t invested, don’t have the capacity to have good preparedness or resilience. We have opportunities for attackers abounding both in terms of opportunities in the technology itself — vulnerabilities — or just the fact that it’s really easy for them to manipulate human behaviour. So there’s a lot of different factors at play.

That mean it [cybersecurity] is really hard, which is why when the [first] report came out it had 48 recommendations. We would have loved to come up with one, if we could have all agreed that this one thing would do it.

But the problem is, as we always say in security, there are no silver bullets. What we were looking at are incremental things you can do, and if you do them all together will hopefully create an impact. And while there has been progress on a number of those things, often it isn’t just about pulling the lever. It’s about maintaining focus and maintaining investment and commitment over time, which actually often is much harder than taking that first step. So we haven’t had long enough yet to see this stuff come to fruition.

I don’t know what the percentage is in the U.S., but in the U.K. our economy is 98 per cent small to medium businesses. Most of them are well below the cybersecurity poverty line. They have not invested to the degree that they need to. Meanwhile, the attackers are making big money. They’re able to invest every day if they want to. So those are some of the challenges at play.

Howard: If you’re an IT leader in a company, or in a county or municipality, are there three, five things that you really should do that that will make a real impact?

Jen: There are plenty of documents out there that will provide guidance. The RTF created one in partnership with CIS [the Center for Internet Security] aimed specifically at small to medium businesses called the Blueprint for Ransomware Defence which tries to make it more bite-sized for small to medium businesses.

I’m going to tell you five things. When we rattle them off as a list of five things it sounds really straightforward. But the reality is each one of them is a really time-consuming major thing. And it’s not like one and done. You don’t do it and then you’re done. It’s an ongoing commitment, so it’s not like you get up and say, “On Monday I’m going to institute patching, and on Tuesday I’m going to institute identity and access management, and on Wednesday I’m going to make sure that I’ve got offline backups, and I’m going to check that they’ve not been poisoned in some way.” It’s more like, “My major goal for this year is going to be to get a proper, functioning vulnerability management program off its feet. That’s going to be a big investment of time and effort and understanding and configuration and buy-in across my organization and talking to the IT team.”

So it is really important to understand when we go through what the things are [to be done] that they’re not simple easy lifts. But I’ll give you three:

— patching. You need to have a vulnerability management program. If you’re listening to this and you’re wondering about how to get started, a really good resource for you is CISA’s Known Exploited Vulnerabilities Catalogue, which specifically highlights the vulnerabilities that they know are being exploited in the wild;

— an identity and access management program. You want to make sure that people [employees] only have the ability to access things that they need to access. The program also has to have a secondary factor of [login] authentication; so that if somebody gets tricked into giving away credentials, that it’s not easy for the attackers to use those credentials.

–resilience. Having backups of all of the stuff that you care about the most, not just your data but your systems as well. You backups have to be offline so they’re not easy to access [by a hacker]. You also need to check backedup data regularly to make sure that there’s no sign of any dodgy behaviour …

Howard: What are the biggest roadblocks you hear from business and IT leaders about not being able to implement Task Force recommendations for fighting ransomware in their firms?

Jen: You could put it very simply and say it’s about capacity or capability. What that boils down to is a lack of understanding or a lack of resources. Either the organization that doesn’t really understand the threat, doesn’t really understand its relevance to that organization. Or it is unable to invest. Sometimes you have organizations that both are true or one affects the other …

You [as management] can’t do everything you want to do, and you have a responsibility to your employees, your customers and your investors to not do everything that you want to do. So they have to make difficult decisions. They have to decide how to prioritize. And because they don’t understand the threats, they may choose other, more urgent, pressing priorities in other areas, they make choices away from spending on cybersecurity …

Howard: Why are some organizations still paying ransoms?

Jen: Because it’s so hard. Say you’re the CEO of a regional, smallish manufacturing company and you’re a third-generation owner, right? The company’s been in your business for three generations, and you have dedicated your entire life to this business. You employ a bunch of people in your region. You don’t have a lot of money to invest in cybersecurity. It’s probably not something you really think about a huge amount. and you’re super reliant on five major customers that you’ve got contracts with to create whatever widget for them. You get hit by a ransomware attack and it takes your business offline, and all of a sudden your business grinds to a halt. Your customers have deadlines and those deadlines can’t be shifted just because you can’t provide that service. So all of a sudden, the situation [attack] is existential for your business. If you cannot provide the service, you’re going to lose those contracts. Customers are going to go elsewhere. Your reputation is shot, you might get sued by them … People who are in a situation like that say, “How do I make this problem go away as quickly, as painlessly as possible?”

… Nobody says, “What I really want to do with my hard-earned money is give it to a criminal in a foreign state who doesn’t care about anything to do with me, and takes pictures of himself riding around in his Lamborghini …They’re doing it out of desperation.”

Howard: What are the pros and cons of a ransomware payment ban?

Jen: The first theory is ransomware is a crime that exists in interests of making money for criminals. If you take away the money, then you take away the impetus for doing it and it goes away. Number two, is because giving money to these criminals is disgusting, unethical. And lot of these organized criminal gangs are involved in other types of organized crime. Nobody wants to think that they’re funding the drug trade or the weapons trade or human trafficking.

The third reason that policymakers want a ban is because they have tried to push the needle on building [business] preparedness but it’s not going quickly … so they think, “We’ve tried the carrot and the carrot hasn’t got anywhere. Maybe now we try the stick in the form of saying to people, ‘You will not be able to pay a ransom.’ Therefore you [governments] have to get ahead of this. You have to have preparedness [for a payment ban] because there is no parachute ..

I don’t think gangs will suddenly turn away from illegal activity. I think it’s far likelier that before they do that they will test the mettle of organizations. If I was a ransomware attacker what I would do is shift to focusing specifically on critical infrastructure and small businesses because I know that they’re the least likely to withstand my demands for ransom … So I think there has to be a plan for how to help them get themselves ready for a ban.

Howard: Which do you think of the recommendations [for preparing businesses for a payments ban] are the easiest and which are the hardest to implement?

Jen: The ones that are somewhat easier are the stuff that government does itself. For example, collaborate with other governments … The government can institute sanctions. They can clarify [incident] reporting [to regulators]. You can have law enforcement work with law enforcement around the world. The takedown of the LockBit gang was a collaboration of law enforcement around the world. What’s much, much, much harder is stuff that is outside of the government’s direct operational field. Things like reaching into millions of small to medium businesses and driving them to take action is really hard because you don’t want to make it a regulatory thing

… The other thing that’s really hard is that cyber criminal gangs have for a long time thrived in what we call safe havens or harbour nations — countries that protect them.

Howard: Among the recommendations is to create a ransomware response fund to help victims organizations recover. Another is to end the tax deductibility of ransomware payments. Doesn’t it seem a little bit nuts to you that you can give money to criminals and then you can take that as a tax writeoff?

Jen: I can’t think of another space where that would be the same thing, right? Like when I do my tax return, I’m like, “Here’s all the money I gave to charity this year.” And, “Here’s all the money that I gave to criminals this year. I would like a [tax] benefit for both, please.” That seems kind of crazy to me … If you had to pay tax on it [ransomware payment] maybe that money could be used to help with the fund [for victims].

Howard: Finally, I’m an IT or security leader. I don’t have enough money or people to fight cyberattacks, including ransomware. How do I persuade my boss to give me more?

Jen: There is a saying that we use in security, which is, never let a crisis go to waste.

You can do a lot by scouring the headlines and highlighting relevant [cybersecurity] stories [for management]. There has to be a little bit of education. But also, if you seem disconnected from the realities of the business, your business leaders will never take you seriously. So if you want to tell them all the things going on in security and you completely ignore the fact that the business is also worried about the economy or facilities or investors, employee well-being, changing laws then you’re going to have a conversation that is so far removed from what they actually focus on and think about that they’re not going to take you seriously. Education is a two-way street. You have to educate yourself on what the business cares about, get to know the business leaders in the organization and talk to people who are leaders of sub-areas in the business …

Maybe you could take lower-down department heads for lunch and learn what it is they focus on and what their priorities are. Then you’ll get a view of how the business goes together and what the competing priorities are. That gives you a much better position to have that conversation with your leadership, because you understand a lot more about what they’re weighing. This is also an opportunity to help them understand why you care about what you do and why they should care about it …

One of the things that can be helpful is find stories [in the media or from cybersecurity research] about people. It helps to make it real to your leaders to say, “This is what a cyber crime gang looks like. Here’s this guy and he has been doing this for this long. These are the things that he’s accused of. Here he is driving around in his Lamborghini.

The post Cyber Security Today, Week in Review for week ending Friday April 19, 2024 first appeared on IT World Canada.

Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more.

Welcome to Cyber Security Today. It’s Friday, April 19th, 2024. I’m Howard Solomon.

The Europol European police co-operative says one of the largest phishing-as-a-service platforms has been severely disrupted. This week law enforcement agencies from 19 countries including the U.K., the United States and Canada shut the IT infrastructure of LabHost. They also arrested 37 suspects. For a monthly subscription the site sold access to phishing kits, infrastructure for hosting phony web pages and more. An estimated 10,000 crooks around the world used its services. Singapore-based cybersecurity firm Group-IB says there was a Canadian angle to LabHost. The service was actively promoted in a Canadian channel on the Telegram messaging service by three users. One of those users owns the service LabHost Refunds, which only operates in Canada. This user also sold profiles of Canadians for creating credit cards or opening bank accounts. Europol said four of the 37 people arrested were in the U.K. and allegedly ran the site, including the alleged original developer.

A virus has been sitting undetected since 2015 on some Windows systems in Ukraine, say researchers at Cisco Systems. As part of a regular threat hunting in open-source repositories for infected documents, Cisco found over 100 infected documents with potentially confidential information about government and police activities in Ukraine. The documents could only be spread by being shared through removable media like USB memory sticks. It isn’t known who created the virus.

So you’ve got cyber insurance. But do you have enough? Maybe not, says CYE, a company that measures cyber risk of organizations. Looking at a dataset of 101 data breaches, CYE says 80 per cent of those with insurance didn’t have sufficient coverage to pay for their full data breach costs. On average three-quarters of insurable costs weren’t covered.

Finally, a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international. That’s according to researchers at Kaspersky. It says organizations in the U.S., Canada, Japan, the Netherlands, Luxembourg and South Korea have submitted examples of the malware to a virus scanning service, suggesting IT people in those countries have come across it. Kaspersky calls this campaign DuneQuixote. The goal is to install a memory-only backdoor using either a regular dropper or tampered installer files for a legitimate tool called Total Commander. What’s unique is the use of snippets from Spanish poems in the code to help evade detection by anti-malware tools.

That’s it for now. But later today the Week in Review podcast will be available. My guest will be Jen Ellis, a member of the Ransomware Task Force, who will talk about its recent report on steps governments should take before passing laws forbidding organizations from paying ransoms.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more first appeared on IT World Canada.

Just how real is quantum computing? We have an amazing guest on our Weekend Edition who will talk about how she is helping people prepare for IT careers using quantum computing.

Meta’s new AI release sparks a debate about open versus closed source AI, major legislation expanding US government surveillance capabilities goes largely unnoticed, big questions about how accurate these AI launch videos are, and before you book that next business trip, a former Boeing manager says he won’t fly on some Boeing planes.

All this and more on the “flying under the radar” edition of Hashtag Trending. I’m your host, Jim Love. Let’s get into it.

Meta has released a compact version of its latest open-source AI model called Llama 3, as well as an updated version of its AI assistant that can now answer questions using real-time web information.

These launches have reignited the debate around the future control and accessibility of powerful AI systems.

The company says the new Meta AI assistant, available across its apps like WhatsApp and Instagram as well as a website, is the “most intelligent” free AI aid of its kind. It includes new capabilities like generating custom images and animated GIFs based on text prompts.

But in a separate but related interview, Meta’s chief AI scientist Yann LeCun argued for these types of AI platforms and models to remain open-source and decentralized – warning of the dangers of having a small number of companies control everyone’s “digital diet.”

LeCun said “Eventually all our interactions with the digital world will be mediated by AI assistants…this means they will constitute a shared infrastructure like the internet. We cannot have a small number of AI assistants controlling what everybody sees – this will be extremely dangerous for diversity of thought, for democracy, for just about everything.”

LeCun advocated for a future with many different open AI models that can be customized for various cultures, languages and use cases – preventing what he called monopolistic “echo chambers” over AI-powered knowledge.

The push reflects a philosophical divide in the AI industry, with some firms like OpenAI keeping their models closed and proprietary, while others position themselves as open-source champions.

Meta stated goals include not just making their model open, but making its latest model more multilingual over time. LeCun also argued the importance of diverse AI assistants emerging to reflect society’s diversity.

As these systems become conduits for how people interact with digital information and services, the debate around centralized control versus democratized access of this transformational technology will certainly intensify.

Sources include: Axios and Analytics India

For anyone following US political news you may have missed this story in the light of the trials, impeachment inquiries and the crisis over Ukraine funding, but there is a major debate and the U.S. Senate is set to vote on Thursday on renewing and potentially expanding controversial government surveillance powers.

Privacy advocates are sounding alarms over proposed changes that could compel a vast range of companies and individuals to hand over electronic communications to intelligence agencies.

At issue is the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act, or FISA. This provision currently allows U.S. spy agencies to conduct warrantless surveillance of communications involving foreigners outside America who may pose national security threats.

FISA has long been criticized for also sweeping up data on American citizens, which intelligence agencies can then search domestically without a warrant – a practice that civil liberties groups consider unconstitutional.

Last week, the House passed a bill reauthorizing Section 702 for 8 more years. But it contained an amendment drastically broadening who could be legally defined as an “electronic communications service provider” – a classification that can compel companies to share private user data.

Oregon Senator Ron Wyden warned this could conscript millions into becoming “agents for Big Brother” – from office cleaners to any business with computer servers or wifi routers on their premises.

Wyden noted “The legislation gives the government unchecked authority to order millions of Americans to spy on behalf of the government…anyone with access to a server, wire, cable box, router, phone or computer.”

Privacy advocates like the American Civil Liberties Union and tech industry groups are urging the Senate to reject this provision, citing risks to digital privacy and US competitiveness if user data is exposed by government demands.

The White House and others maintain that in a world full of terrorist threats and instability that FISA provides tools necessary to intercept threats and protect American citizens.

As the Senate deliberates the renewal, it will need to weigh enhanced national security powers against public unease over eroding civil liberties protections in the digital age.

Given the other hub-bub and the speed at which this is moving, it’s unlikely that anyone will get a chance to hear a clear and reasoned debate of these exceptionally important issues.

Sources include: The Register

And for those whose job or even personal lives take them into airplanes for travel, we’ve covered apps that tell you which type of plane you might be one.

For those who think that’s just alarmist, you might want to check out another US senate subcommittee where a former Boeing manager, Ed Pierson has repeatedly talked about safety issues on the Boeing 737 Max jet like the one involved in the recent Alaska Airlines incident where a door blew off in midair.  He said that, once, when he realized he had been booked on a 737 Max, he got off before the plan could take off.

When the 737 Max 9 lost its door in midair, leaving a gaping hole in the plane, the National Transportation Safety board found that bolts designed to secure it were missing. The same report said that they door plug had been removed in a Boeing factory to fix some broken rivets but Boeing told the board that it didn’t have documentation for this work.

Pierson testified that a whistle-blower at Boeing gave him documents that indicate a “criminal cover-up” related to the door incident. Boeing has reportedly claimed that there’s no documents of work done on the door plug that came off the 737 Max jet.

Pierson said on Wednesday: “Records do in fact exist. I know this because I personally passed them to the FBI.”

Pierson was a senior manager at Boeing’s 737 factory and retired in 2018 before the first Boeing 737 Max 8 crash.

Pierson said, “I’m not gonna sugarcoat this, this is a criminal conspiracy.”

The FBI is looking into whether criminal charges should be brought in this case and passengers from the Alaska Airlines flight were reportedly sent letters from the FBI saying they might be victims of a crime.

For anyone who has ever sat beside an exit door, it adds a totally different meaning to that speech the flight crew makes when they ask if you are “prepared to act in the event of an emergency.”

Sources include: Business Insider

Major tech companies like Amazon are facing scrutiny over claims that some of their highly touted artificial intelligence systems are actually relying heavily on offshored human labor. Critics argue this amounts to traditional outsourcing being repackaged under the banner of AI. Meanwhile, the companies deny the allegations, saying their AI capabilities are indeed automated and that human reviewers play only a limited role.

Controversy erupted recently when reports emerged that Amazon’s “Just Walk Out” cashier-less checkout system utilizes human workers in India reviewing surveillance footage to verify purchases. This raised accusations that the tech giant had overstated the AI automation behind this system that was marketed as allowing customers to simply grab items and leave the store.

In a recent article, author Janet Vertesi argues that much of what is being branded as AI is really just old-fashioned labor outsourcing in a new guise.

Vertesi said, “AI is just today’s buzzword for outsourcing, and it comes with the same problems that have plagued outsourced companies for decades…behind the curtain is the familiar phenomenon of outsourcing – expensive skilled labor traded for cheap, unskilled labor abroad.”

However, Amazon has forcefully pushed back on this perception. The company’s VP overseeing Just Walk Out, Jon Jenkins, told Axios in a recent interview that human reviewers in India only analyze a “small percentage” of cases after the fact to improve the AI’s accuracy – not watch live shoppers.

Jenkins said, “This notion that there are human reviewers watching live shoppers – that is completely not true…way less than 1,000 people help make sure automatically generated receipts are accurate.”

Jenkins argues Just Walk Out utilizes advanced sensors, cameras and AI to enable the grab-and-go experience, while admitting there’s still work to do in scaling the technology efficiently across more locations.

The debate speaks to the broader challenge of separating AI hype from reality. A number of AI products, not just Amazon, have let’s say “enhanced the performance of their systems” by editing the video. Google got caught editing one of its AI launches to enhance the appeared performance. Yesterday, we covered scathing reviews of a of Humane’s AI pendant where the actual performance of the device was nothing like what the video demo showed – and this infuriated reviewers. When you start digging, there are many examples to be found.

But the Amazon case also raised concerns around tech firms cutting costs by outsourcing labor overseas under the veneer of automation.

As AI enables even more sophisticated simulations, look for this problem to intensify. In answer to what Groucho Marx said, “are you going to believe me or your lying eyes?” Maybe there is another saying, “there ought to be a law…”

Sources include: Techpolicy.press and Axios

And that’s our show for today…

Hashtag trending goes to air five days a week with a weekend interview show. And we are also on YouTube.

Find us at our new home at technewsday.ca or .com – you pick. And you can reach me with comments, suggestions or even criticism at therealjimlove@gmail.com or at editorial@technewsday.ca

I’m your host Jim Love, have a Fabulous Friday.

The post Meta’s new release sparks debate about open versus closed source AI: Hashtag Trending for Friday, April 19, 2024 first appeared on IT World Canada.

More Windows PCs previously blocked are now able to upgrade to Windows 11. Apple has fallen to number two in terms of iPhone market share. Salesforce makes news with a possible acquisition of Informatica. And a new AI wearable device gets savage reviews.

All this and more on the “winners and losers” edition of Hashtag Trending. I’m your host, Jim Love. Let’s get into it.

Some Windows users who were previously blocked from upgrading to Windows 11 may finally be able to make the switch. Microsoft has lifted a compatibility hold that prevented certain PCs with 11th generation Intel processors from installing the latest version of its operating system.

The hold was put in place over two years ago due to an issue with Intel’s Smart Sound Technology drivers causing problems when running Windows 11 on those chips. But now, with updated drivers from Intel to resolve the bug, Microsoft says affected systems should be offered the option to upgrade in the next 48 hours.

However, this doesn’t represent a change to the strict minimum hardware requirements for Windows 11 that have left many older but still capable PCs unable to officially update. The move from Microsoft comes as it is beginning to phase out support for Windows 10, with commercial customers soon having to pay increasing fees for security patches after the October 2025 end-of-support date

For users with computers stuck on the previous operating system version, upgrading hardware may be the only path to Windows 11, unless Microsoft expands the update eligibility in the future.  But for that subset affected by this specific driver issue, the path to Microsoft’s latest OS is now clear after over two years of waiting.

Sources include: Windows Central

Apple is facing more troubling signs for its iPhone business. Global shipments of the company’s flagship smartphone dropped nearly 10% in the first quarter of 2024 compared to a year ago. It has once again lost the number one position to rival Samsung, but this time, they have a tougher struggle to regain leadership in terms of sales.

Market intelligence firm IDC reports that in Q1 global iPhone shipments fell to just over 50 million units. Apple’s share of the worldwide smartphone market also slipped from 20.7% down to 17.3%.

The declines come despite an overall recovery in the broader smartphone market.  It represents an ongoing challenge for Apple in the face of rising competition from Chinese manufacturers like Xiaomi and Transsion. Xiaomi’s shipments surged nearly 34% in the quarter, while Transsion’s jumped 85%.

We often forget that China was and still remains a major market for iPhones and with greater competition and tension with the US at an all time high, Apple continues struggling in the critical Chinese market.  iPhone revenues expected to drop again in the current quarter as Beijing workers are increasingly pressured to avoid foreign-branded phones.

The iPhone maker is also contending with a series of other issues – from declining iPad and wearables sales to high-profile antitrust battles with regulators in the U.S. and Europe over its tight control of the App Store ecosystem.

Apple’s stock is down more than 8% so far in 2024 as investors grow concerned about the tech giant’s near-term outlook and challenges from rivals abroad.

Some potential relief could come later this year if Apple impresses with its expected unveiling of new AI capabilities at its developer conference in June. But for now, the latest shipment numbers underscore the mounting pressures facing Apple and the all-important iPhone business.

Sources include: Yahoo Finance

A potential major acquisition could change the landscape with regard to company data and artificial intelligence. Salesforce, the cloud computing giant known for its customer relationship management software, is reportedly in advanced talks to buy data integration firm Informatica for $11 billion.

If completed, the Informatica acquisition would be the latest in a string of major purchases by Salesforce aimed at expanding beyond its core CRM business into a comprehensive data management and AI platform.

Founded in 1993, Informatica specializes in integrating data across different sources like databases, applications and social media. Its software enables companies to combine this disparate information while ensuring accuracy and quality.

Salesforce has already rolled out its new generative AI product called Einstein Copilot to automate tasks using conversational prompts. But analysts say adding Informatica’s data integration capabilities could significantly elevate Salesforce’s AI innovations by improving the quality of data being fed into its models.

The acquisition would complement Salesforce’s previous billion-dollar deals for companies like Tableau for data visualization, MuleSoft for application integration, and most recently its purchase of Slack.

Tying it all together, Salesforce aims to create an end-to-end “data journey” platform that collects information, cleans and transforms it, then allows businesses to analyze it through products like Tableau while leveraging generative AI like Einstein.

In an AI-driven future, ensuring high quality and properly integrated data will be crucial to developing accurate predictive models and natural language processing tools. If the Informatica deal goes through, it could give Salesforce a powerful advantage over rivals like Oracle and SAP in the enterprise AI market.

Sources include:  Analytics India

And there’s proof that just because it’s AI enabled, not every product is going to work.

A much-hyped new artificial intelligence wearable device from a startup founded by former Apple executives has been absolutely and even brutally panned by tech reviewers.

The AI Pin, a smart brooch that can answer questions, take photos and send messages through voice commands, is being criticized as an outright flop that fails to deliver on its promised reimagining of how we interact with technology.

The $700 device made by the company Humane has been scorched by prominent reviewers like Marques Brownlee, who said in a 25-minute video critique that the AI Pin is “bad at almost everything it does, basically all the time” – describing it as the worst product he’s ever reviewed.

Issues cited include poor battery life requiring constant recharges, visible heat buildup while wearing it, and a hand projection display that’s difficult to see, especially in bright light. While meant to operate independently of a smartphone, reviewers found the AI Pin lacking basic functions and integration.

Writing for The Verge, David Pierce bluntly stated “the one and only thing I can truly rely on the AI Pin to do is tell me the time.”

The startup raised nearly $250 million to develop the gadget, which was aimed at pioneering new AI-driven hardware experiences beyond the smartphone. But based on the scathing initial reviews, it appears to have missed the mark.

Humane’s founders have acknowledged the software needs significant updates, vowing not to be deterred by the negative coverage as they continue refining the AI Pin throughout the summer.

This should be a warning for every AI product developer out there. You can’t have automatic success just by saying you have AI in your product. People are looking for the solutions to real problems and expecting a phenomenal user experience. Without, there could be a backlash.

But even if this one device fails, the idea of a wearable device won’t go away, another AI firm called Limitless just announced a new wearable device at the amazing price of 99 dollars. We’ll cover that device and its different approach in the next few days.

And that’s our show for today…

Hashtag trending goes to air five days a week with a weekend interview show. And we are also on YouTube.

Find us at our new home at technewsday.ca or .com – you pick. And you can reach me with comments, suggestions or even criticism at therealjimlove@gmail.com or at editorial@technewsday.ca

I’m your host Jim Love, have a Thrilling Thursday.

The post first appeared on IT World Canada.