More suspicious attempts to take over open source projects, a data theft at a Cisco Duo partner, and more.

Welcome to Cyber Security Today. It’s Wednesday, April 17, 2024. I’m Howard Solomon.

The recent takeover of an encryption utility used by Linux may not be an isolated incident. The OpenJS Foundation, home to open JavaScript projects, says it recently detected an attempt by a threat actor or actors to designate them as a new maintainer of a project to correct any vulnerabilities. After that the OpenJS recognized two other JavaScript projects not hosted by the Foundation had similar takeover attempts. This follows on the discovery by a Microsoft developer earlier this month of a three-year effort by a threat actor to persuade maintainers of the XZ Utils compression tool to take over that project. In that case some Linux distributors actually included a malicious version of that utility in development versions of Linux that contained a backdoor uploaded by the new overseer. If a threat actor takes over a JavaScript project they, too, could use their access to upload a malicious code that would end up in hundreds or thousands of IT systems. The OpenJS and Open Source Security Foundations are warning project maintainers to be wary of email requests from unknown members of the open source community to be elevated to maintainer status.

Another major company has been stung by a data breach at a partner. This time it’s Cisco Systems. According to Bleeping Computer, organizations using the Cisco Duo multifactor authentication platform for accessing corporate IT systems are being notified of an April 1st incident. A hacker compromised the system of a telecom provider Cisco uses to send MFA codes to individuals by SMS text or voice over IP calls. Cisco didn’t name the provider. Nor is it saying how many individuals were affected. How was the telecom provider hacked? An employee fell for a phishing email, allowing the attacker to get their login credentials. They then downloaded message logs. The logs don’t have personal information. But they include phone numbers of those who use Duo, including company employees. A hacker could use those numbers to call employees and trick them into giving out sensitive things like passwords.

Delinea has released security updates for its platform as well as for on-premise and cloud versions of its Secret Server access management suite. The updates plug a critical vulnerability in the SOAP messaging API that could allow an attacker to bypass access authentication to IT networks. This comes after a researcher published a report last week on discovering the flaw. He publicly released his findings because he’d been trying unsuccessfully since February to get Delinea’s attention. It wasn’t until last Friday the company acknowledged the finding. In a statement Delinea said patches for older versions of Secret Server are coming.

IT administrators whose firms use the open-source PuTTY utility for file transfer, or who use applications with the PuTTY client such as FileZilla, WinSCP and TortiseGit, are urged to update the applications immediately. This comes after the discovery of a critical vulnerability that could allow a threat actor to recover a private key and then forge digital signatures allowing access to any server the key is used for. Administrators should revoke their existing keys and generate new keys to replace them.

Omni Hotels, with properties in the U.S., Canada and Mexico, says “limited information” of a subset of customers was involved in last month’s cyber attack. The data doesn’t involve personal payment details, financial information or Social Security numbers. But, the company says, it may include names, email and mailing addresses. According to Security Week, the Daixin Team ransomware gang has claimed responsibility.

Three Canadian school boards have signed up for Fortinet’s Security Awareness Curriculum. The free, bilingual program has modules for K-12 students covering how to be safe online and how to protect privacy. The three boards are in Ontario.

Threat actors use multiple tricks to get login credentials to private Zoom video conferencing sessions of organizations. A report this week from Abnormal Security notes six tactics. These include creating fake login pages that look like the official Zoom website and then spreading links to them in phishing emails; tricking employees into downloading malware that steal Zoom credentials; and just plain credential stuffing with passwords bought on the dark web. The report could be used by IT departments in security training.

Automated bad bots are increasingly taking up internet traffic. That’s according to a new report from Imperva. Automated traffic is costing organizations billions of dollars by attacks on websites, APIs and applications. Bot do everything from web scraping, account takeovers, spreading spam and launching denial of service attacks. The report says IT leaders can blunt this threat by fortifying website defences, strengthening website employee and customer login processes; securing exposed APIs and mobile applications and watching for suspicious traffic.

Finally, a North Korean spying group is ramping up its activity. That’s according to researchers at Proofpoint. They issued a report this week on a group security experts call by a number of names including TA 427, Emerald Sleet, APT43, Thallium or Kimsuky KIM-SUCK-IE. Usually the group targets experts on American and South Korean foreign policy by impersonating a member of a think tank, a reporter or an academic. Targets are sent emails with the hope of starting an online conversation. One tactic: Taking advantage of an organization’s lax email protection, particularly failing to enforce the strict use of the DMARC protocol. That’s allowing this group to impersonate senders in email addresses.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, April 17, 2024 – More suspicious attempts to take over open source projects, a data theft at a Cisco Duo partner, and more first appeared on IT World Canada.

YouTube clamps down on third party apps that block ads. Experts predict a new cyber-war between Iran and Israel. Elon Musk backs down on his fight with the Brazilian government and Broadcom makes concessions in the face of customer outrage and European regulatory scrutiny of its new VMWare pricing.

All this and more on the “who blinks first” edition of Hashtag Trending. I’m your host, Jim Love. Let’s get into it.

YouTube is escalating its battle against ad-blocking software and extensions. The video streaming giant has announced it will now crack down on third-party apps that allow users to skip ads on YouTube videos.

If you watch YouTube videos through a third-party app specifically designed to block advertisements, you may start encountering some issues. In an update this week, YouTube says users accessing its content through these ad-blocking apps could face video buffering problems or even an error message preventing them from watching at all.

It’s an expansion of YouTube’s existing efforts to discourage viewers from using ad blockers when watching videos on the platform. Last year, YouTube started displaying error messages and disabling videos for users with ad-blocking browser extensions enabled.

The company argues that third-party apps stripping out ads prevents creators from being compensated for the content they produce. In a statement, YouTube says it only allows apps that follow its API terms of service, which require showing advertisements.

While the ad-blocking app AdGuard says it is not affected by this latest policy change since it doesn’t use YouTube’s API, many other apps that scrape ad-free YouTube videos could face blockages.

Of course, YouTube still offers its premium ad-free subscription as an alternative for viewers who want to skip commercials. But this crackdown likely won’t be welcomed by those who prefer watching YouTube through adblocking software and mobile apps.

As more entertainment shifts to streaming platforms, the tension between companies seeking ad revenue and users trying to avoid advertisements seems destined to escalate further.

Sources include:  The Verge

There’s been a reversal from Elon Musk’s social media company X, formerly known as Twitter, over its stance on complying with court orders in Brazil regarding content moderation. After initially vowing to challenge rulings by Brazil’s Supreme Court, lawyers for the platform have now told the court it will follow all its decisions.

A legal battle has been brewing between Elon Musk’s X company and Brazil’s top court over the removal of certain accounts accused of spreading misinformation and hate speech. Last week, Musk said he would challenge an order from Supreme Court Justice Alexandre de Moraes demanding X block some accounts in the country.

But in a letter to Moraes seen by Reuters, lawyers for X have now reversed course, stating the platform will comply with every ruling issued by the Supreme Court or Brazil’s top electoral authority.

This marks a shift from X’s Brazilian subsidiary, which had previously claimed it could not control whether the U.S. parent company followed the Brazilian court’s orders.

The Supreme Court justice has been leading investigations into alleged coup attempts and digital militias accused of spreading disinformation, particularly during the presidency of Jair Bolsonaro.

Musk, who has branded himself a free speech absolutist, had called Moraes’ orders unconstitutional and demanded he resign – prompting the justice to open an inquiry into Musk for potential obstruction.

The reversal by X’s lawyers likely aims to defuse tensions with Brazilian authorities. However, the U.S. House Judiciary Committee has now subpoenaed X for information about the Brazilian court’s content moderation orders.

As social media’s role in democracies remains hotly contested, US social media giants are finding that they are not immune to government regulation in other countries.

Sources include: Reuters

A former security executive at the ride-sharing company Uber is taking on a new role advising other corporate leaders on how to properly handle cyber-attacks and data breaches. Joe Sullivan was convicted last year for his actions in covering up a 2016 data breach at Uber and obstructing a federal investigation into it.

A federal judge sentenced him to three years probation and community service His case is believed to be the first time a U.S. security executive faced criminal charges related to mishandling a data breach.

Sullivan is now working with a cybersecurity firm to help prevent other executives from making the same mistakes he did.

Since then, Sullivan has been reflecting on his experiences and sharing advice with other security leaders on how to properly respond when cyberattacks happen. He’s now joining the cybersecurity firm BreachRx as a senior advisor.  The company provides a platform to automate and document a company’s response in the crucial first hours after a breach is detected.

Sullivan says security executives are facing growing legal risks as regulators crack down on poor cybersecurity practices and demand more accountability from companies hit by data breaches. But he argues chief security officers are often underfunded and understaffed, making it difficult to properly secure their networks.  Sullivan hopes his case will prompt companies to finally invest more in cybersecurity – though he’s concerned some recent regulatory actions may be prompting an overcorrection, with security chiefs now afraid to take responsibility during incidents.

And with that hanging over them, is it any wonder companies struggle to find senior security talent?

Sources include: Axios

Tensions are high between Iran and Israel following a missile attack over the weekend. As both sides weigh their next moves, cybersecurity experts are warning a cyberbattle could be looming as part of the conflict.

Israel and Iran have a long history of cyberwarfare, launching destructive computer viruses and hacking attacks against each other over the years. But this weekend’s missile strike from Iranian territory into Israel marks an unprecedented escalation in the overt hostilities between the two nations.

And as both sides now contemplate retaliation, cybersecurity analysts say we should brace for a potential onslaught of high-stakes cyberattacks.

Andrew Borene, a cyber analyst with the security firm Flashpoint says that “The overt hostility and the overt physical aspects of the state-on-state confrontation moved things into a different sphere.”

He says cyberattacks could allow Iran and Israel to strike back at each other without risking mass casualties from further missile launches.

Both countries have highly sophisticated cyber capabilities. Iran has used data-wiping malware against other nations. A decade ago, the U.S. and Israel jointly deployed the Stuxnet computer virus to disrupt Iran’s nuclear program.

The cyberwarfare has already begun spilling over from the latest missile exchange. Hacking groups linked to Iran, Russia and others have recently taken down Israeli emergency services apps and news websites as part of the ongoing conflict with Palestinian militants in Gaza.

Cyber warfare is increasingly used by nation states. Since that time there have been many examples of state sponsored attacks. Recently, after France committed greater support to Ukraine, they were hit by a massive cyber-attack. And now, we risk an all-out cyber war between Iran and Israel.

The problem is that these attacks often spill over to become a much wider threat. The malware that is created escapes into the wild and provides new tools for the armies of hackers who threaten our corporate and civic infrastructure.

While officials claim to have so far seen no major cyberattacks stemming from the weekend’s missile strike, analysts expect that could change quickly as Israel weighs its response and both sides enter uncharted territory in their bitter, long-running dispute.

Sources include: Axios

There’s been a potential reprieve for some VMware customers unhappy with the new licensing policies put in place by the company’s new owner, semiconductor giant Broadcom. The move comes as regulatory scrutiny of the changes intensifies in Europe.

When Broadcom acquired VMware last year in a massive $61 billion deal, it announced plans to shift VMware’s product licensing to a subscription model and bundle the virtualization software into a new enterprise IT platform.

The changes drew an angry backlash from many VMware customers accustomed to perpetual licensing and concerned about higher long-term costs. A number of them demanded Broadcom preserve perpetual licensing options.

Now, Broadcom’s CEO Hock Tan says the company is offering some concessions in response to that customer feedback.  In a blog post, Tan announced that Broadcom will provide free security patching for some supported versions of VMware’s products, even for customers persisting with older perpetual licenses rather than new subscriptions.

Tan also acknowledged Broadcom has granted renewal extensions to many VMware customers to give them more time to adapt to the new model.

The moves come as European antitrust regulators have started questioning Broadcom over its licensing changes following complaints from some tech associations. Analysts believe it could also be an effort by Broadcom to stem a potential mass customer exodus from VMware’s products.

The research firm Gartner recently predicted that VMware’s market share in hyperconverged infrastructure – which combines storage, computing and networking – is poised to plummet from 70% currently down to just 40% by 2029 as customers look to revirtualize and switch vendors.

As the tech world’s latest mega-merger continues shaking out, this could mark the first significant compromise by Broadcom in its controversial effort to overhaul the VMware business.

Sources include: The Register

And that’s our show for today.  Love to hear your opinions as always. You can reach me at therealjimlove@gmail.com or our new editorial address – editorial@technewsday.ca

Our show notes are now also posted at TechNewsDay.ca or .com take your pick – along with other stories. Check it out.

I’m your host Jim Love, have a Wonderful Wednesday..

The post Broadcom backs down on VMWare pricing: Hashtag Trending for Wednesday, April 17, 2024 first appeared on IT World Canada.

Solar power is the largest source of new US electricity generation for the sixth month in a row, Microsoft is hiking prices on Dynamics 365 business apps by up to 16.7%, VMware’s Desktop Virtualization products rebranded as “Omnissa”, Tesla is laying off over 10% of global workforce amid delivery slump and the U.S. government gets some scathing criticism over Microsoft’s cybersecurity failures

All this and more on the “price might not be right” edition of Hashtag Trending. I’m your host, Jim Love. Let’s get into it.

New data shows solar power is rapidly expanding its share of electricity generation capacity across the United States.

According to the latest figures from the Federal Energy Regulatory Commission or FERC, solar was the number one source of new utility-scale electrical generating capacity in the U.S. for the sixth straight month in February.

Solar accounted for over 83% of the new capacity added that month, with 29 new solar units totaling over 1,000 megawatts coming online. Wind took second place, making up 16% of the new additions.

For the first two months of 2024, solar represented almost 80% of all new generating capacity installed, with wind at over 20%. Natural gas lagged far behind at just 1%.

The new solar projects have increased solar’s share of total installed U.S. utility-scale generating capacity to 8.2% – surpassing hydropower for the first time and moving into fourth place behind natural gas, coal and wind.

Ken Bossong, Executive Director of the SUN DAY Campaign, says solar is clearly on a major growth trajectory that is exceeding official forecasts.

“Without question, solar is on a roll as it surpasses FERC’s expectations and leads all other energy sources in providing new generating capacity.”

According to FERC projections, if just their “high probability” projects proceed as planned, utility-scale solar capacity could triple by 2027 and surpass both coal and wind to become the second largest source after natural gas.

When factoring in distributed solar like rooftop installations, total solar capacity may reach close to 20% within three years.

Renewables as a whole, including wind, solar, hydropower, biomass and geothermal, could see their combined share rise from the current 29% to over 35% – rapidly closing in on natural gas.

Canada’s solar industry has also seen growth, although perhaps not a these levels, but for 2021, the latest numbers we could find solar power increased by 13.6%.

If there are any experts out there on how Canada is really comparing, we’d love to hear from you.

Sources include: Renewables Now

A major cybersecurity incident was narrowly avoided at LastPass, one of the world’s leading password management companies.

LastPass revealed this week that threat actors recently targeted one of its employees in a sophisticated voice phishing or “vishing” attack using deepfake audio technology to impersonate the company’s CEO

The employee received a series of calls, texts and at least one voicemail featuring an AI-generated audio replica of the CEO’s voice attempting to initiate an urgent request. However, the attack failed because the employee recognized hallmarks of a social engineering scam, such as the unusual communication channel of WhatsApp, and reported it.

Mike Kosak, a LastPass intelligence analyst, said quote: “Due to the employee’s suspicion…our employee rightly ignored the messages and reported the incident so we could mitigate the threat.”

While deepfake audio is still an emerging threat, experts warn these types of AI-enabled impersonation attacks are on the rise. A recent global study found 25% of people have encountered an AI voice scam or know someone who has.

The U.S. government issued alerts last week warning healthcare organizations about cybercriminals using deepfake voice cloning to target IT help desks. The FBI and Europol have also cautioned that deepfakes may become a common tool for fraud, evidence tampering and other cybercrimes.

LastPass says it shared details of this incident to raise awareness, as the attacker likely used publicly available videos of their CEO to train the deepfake model. The company was previously targeted in data breaches last year.

Security experts advise organizations to have robust verification protocols, require supervisor approval for sensitive requests, and provide training to help staff detect deepfake social engineering attempts.

Sources include: Bleeping Computer

VMware’s suite of end-user computing products for desktop and application virtualization is getting a new brand identity – “Omnissa” – following their recent $4 billion sale to private equity firm KKR.

The products, which allow delivery of remote desktop experiences to PCs, tablets and mobile devices, were divested by VMware’s new owner Broadcom, which deemed them non-essential after acquiring the virtualization giant.

Signs point to KKR pushing ahead with rebranding the former VMware offerings as “Omnissa”, with official documentation and online resources for users already referencing the new name.

The rebrand comes as the remaining VMware product lines brace for a major system migration initiated by Broadcom that will temporarily pause support, training and purchasing services over the first weekend of May.

According to VMware, numerous customer-facing tools and portals will go offline starting April 30th as the company transitions from SAP to Broadcom’s Oracle software environment – a migration window extending until May 5th.

The tight turnaround for the backend system overhaul coincides with Broadcom’s fiscal quarter close, putting added pressure on teams to complete the complex data migration without disrupting any sales or revenue activities.

It also represents one of the first major tests for Broadcom in delivering on its promised support model bundling VMware’s virtualization products with services.

Any missteps during the transition could prompt backlash from VMware customers already facing rising costs under Broadcom’s revised contractual terms.

As Omnissa emerges as KKR’s newly-acquired brand for end-user computing, the fate of its former VMware siblings rests on Broadcom’s ability to execute a challenging system integration without sacrificing the seamless support experience it’s pledged for its VMware portfolio.

Sources include: The Register

In a major round of job cuts, Tesla is reducing its global workforce by more than 10% according to an internal memo from CEO Elon Musk.

The electric carmaker, which employs over 140,000 people worldwide, is eliminating thousands of roles just weeks after disappointing delivery numbers raised concerns about slowing demand.

In the memo, Musk wrote the painful but necessary move will allow Tesla to become “lean” and hungry again for its next growth cycle.

It comes after Tesla’s first quarter deliveries fell 20% from the prior quarter and over 8% year-over-year – the company’s first annual sales decline since 2020.

Tesla blamed the slump on production challenges with its updated Model 3, as well as supply chain disruptions from the conflict in the Red Sea region and an arson attack at its Berlin factory.

The staff reductions follow months of rumors about impending layoffs, with reports Tesla had instructed managers to identify the most critical roles and delayed some employee performance reviews earlier this year.

It’s not the first time Musk has dramatically cut headcount at Tesla to reduce costs during leaner periods. The company conducted multiple previous rounds of layoffs, including cutting staff working on its self-driving software last year.

The latest cuts also mirror Musk’s move to slash around half of Twitter’s workforce after acquiring the social media platform in 2022.

As Tesla faces intensifying competition and tries to ramp up production of new models like the Cybertruck, and that Cybertruck has had some very bad early reviews, the company is turning to headcount reductions despite Musk previously warning 2024 could see a sales slowdown.

With concerns mounting over cooling demand for its electric vehicles, investors will be watching closely whether the staff purge helps reset Tesla’s cost base ahead of its next targeted wave of growth.

Sources include: Business Insider

VMware’s suite of end-user desktop and application virtualization products is getting rebranded as “Omnissa” following their $4 billion divestiture to private equity firm KKR.

The move comes as the remaining VMware portfolio braces for a major transition shifting customer services from SAP to new owner Broadcom’s Oracle software environment in early May – a migration window that will temporarily pause support, training and purchase capabilities for several days.

As Omnissa emerges under new ownership and VMware products integrate deeper into Broadcom’s operations, customers impacted by both the pricing changes and platform shifts will be watching closely for any disruptions that could hinder the seamless user experience both tech giants have committed to providing.

Sources include: The Register

Microsoft has announced significant price increases coming this fall for its Dynamics 365 suite of cloud-based business applications.

In an update last week, the tech giant said it will raise prices across its Dynamics product line by between 9.26% and 16.67%, representing the first hike in five years.

The highest increase of nearly 17% will apply to the Finance, Supply Chain Management, and Commerce editions of Dynamics 365.

Other products like Sales, Customer Service, Field Service and core operations licenses face bumps of around 10% when the new pricing takes effect October 1st.

Microsoft’s corporate vice president Bryan Goode justified the increases by citing ongoing upgrades like AI-powered customer insights, data analytics capabilities and process automation added to Dynamics annually.

However, the software maker did not explain the varying degrees of price inflation across its different Dynamics product SKUs.

For U.S. government customers, the price hikes will be staggered over two phases in compliance with regulations, with a 10% jump first in October followed by another increase in 2025.

The increases follow similar moves by rival Salesforce last year and come as Microsoft prepares a new wave of AI-driven feature updates across Dynamics 365 powered by technologies like its Copilot assistant.

While inflation has been a factor over the past five years, the extent of these latest price increases from Microsoft may prompt some reassessment from Dynamics customers on the overall value proposition, especially for products facing the highest percentage bumps.

Sources include: The Register

Here’s another Microsoft story where I want to walk lightly, because it’s easy to bash on large companies, but it is a story that raises some critical questions.

A recent article in Wired reports that security experts and critics are accusing the U.S. government of giving Microsoft a free pass, despite the tech giant’s long track record of major cybersecurity lapses that have exposed sensitive government systems to hacking threats.

The story quotes a new report from the federal Cyber Safety Review Board slams Microsoft’s “inadequate security culture” after a 2022 incident allowed Chinese state hackers to breach the company’s systems and access government email communications.

It’s just the latest in a string of high-profile breaches impacting Microsoft customers over several years, including Russian hackers stealing source code and corporate secrets earlier this year.

Though heavily critical of Microsoft, the report is unlikely to spur any meaningful accountability from the U.S. government, which relies overwhelmingly on Microsoft products to power its operations.

Microsoft has become effectively “untouchable” according to experts, due to the government’s deep dependence on its software, its critical role supporting federal cybersecurity efforts, and its sophisticated strategy of positioning itself as a defender of digital safety.

This has allowed Microsoft to sidestep any consequences even as lawmakers fume over its security failures and practices like charging extra for basic threat monitoring that experts say should be included.

Administration officials have refused to criticize Microsoft openly, with some experts accusing the government of lacking the leverage to compel real changes at a company that represents a potential single point of failure for essential services.

Others argue the White House’s own national cybersecurity strategy calls for shifting more security burden to major tech firms like Microsoft that have the resources to invest heavily in defensive measures.

But so far, the U.S. government has demonstrated an inability or unwillingness to stand up to one of the world’s largest tech companies and enforce accountability, despite the risks Microsoft’s vulnerabilities pose to America’s digital infrastructure.

So, here’s my question.  We did a story on “cloud lock-in” recently where the UK government was concerned that without a meaningful alternative, even a government was effectively “locked in.”  With Microsoft’s dominance in so many areas from productivity suites to cloud and now security and even AI, how is the “competitive market” – or how is anybody – supposed to keep it in check?

Sources include: Wired

And that’s our show for today.  Love to hear your opinions as always. You can reach me at therealjimlove@gmail.com or our new editorial address – editorial@technewsday.ca

Our show notes are now also posted at TechNewsDay.ca or .com take your pick – along with other stories. Check it out.

I’m your host Jim Love, have a Terrific Tuesday.

The post US government faces criticism over Microsoft security failures: Hashtag Trending, Tuesday April 16, 2024 first appeared on IT World Canada.

Solar power is the largest source of new US electricity generation for the sixth month in a row, Microsoft is Hiking Prices on Dynamics 365 Business Apps By Up to 16.7%, VMware’s Desktop Virtualization Products Rebranded as “Omnissa”, Tesla is Laying Off Over 10% of Global Workforce Amid Delivery Slump and the U.S. Government gets some scathing criticism over Microsoft’s Cybersecurity Failures

All this and more on the “price might not be right” edition of Hashtag Trending. I’m your host, Jim Love. Let’s get into it.

New data shows solar power is rapidly expanding its share of electricity generation capacity across the United States.

According to the latest figures from the Federal Energy Regulatory Commission or FERC, solar was the number one source of new utility-scale electrical generating capacity in the U.S. for the sixth straight month in February.

Solar accounted for over 83% of the new capacity added that month, with 29 new solar units totaling over 1,000 megawatts coming online. Wind took second place, making up 16% of the new additions.

For the first two months of 2024, solar represented almost 80% of all new generating capacity installed, with wind at over 20%. Natural gas lagged far behind at just 1%.

The new solar projects have increased solar’s share of total installed U.S. utility-scale generating capacity to 8.2% – surpassing hydropower for the first time and moving into fourth place behind natural gas, coal and wind.

Ken Bossong, Executive Director of the SUN DAY Campaign, says solar is clearly on a major growth trajectory that is exceeding official forecasts.

“Without question, solar is on a roll as it surpasses FERC’s expectations and leads all other energy sources in providing new generating capacity.”

According to FERC projections, if just their “high probability” projects proceed as planned, utility-scale solar capacity could triple by 2027 and surpass both coal and wind to become the second largest source after natural gas.

When factoring in distributed solar like rooftop installations, total solar capacity may reach close to 20% within three years.

Renewables as a whole, including wind, solar, hydropower, biomass and geothermal, could see their combined share rise from the current 29% to over 35% – rapidly closing in on natural gas.

Canada’s solar industry has also seen growth, although perhaps not a these levels, but for 2021, the latest numbers we could find solar power increased by 13.6%.

If there are any experts out there on how Canada is really comparing, we’d love to hear from you.

Sources include: Renewables Now

A major cybersecurity incident was narrowly avoided at LastPass, one of the world’s leading password management companies.

LastPass revealed this week that threat actors recently targeted one of its employees in a sophisticated voice phishing or “vishing” attack using deepfake audio technology to impersonate the company’s CEO

The employee received a series of calls, texts and at least one voicemail featuring an AI-generated audio replica of the CEO’s voice attempting to initiate an urgent request. However, the attack failed because the employee recognized hallmarks of a social engineering scam, such as the unusual communication channel of WhatsApp, and reported it.

Mike Kosak, a LastPass intelligence analyst, said quote: “Due to the employee’s suspicion…our employee rightly ignored the messages and reported the incident so we could mitigate the threat.”

While deepfake audio is still an emerging threat, experts warn these types of AI-enabled impersonation attacks are on the rise. A recent global study found 25% of people have encountered an AI voice scam or know someone who has.

The U.S. government issued alerts last week warning healthcare organizations about cybercriminals using deepfake voice cloning to target IT help desks. The FBI and Europol have also cautioned that deepfakes may become a common tool for fraud, evidence tampering and other cybercrimes.

LastPass says it shared details of this incident to raise awareness, as the attacker likely used publicly available videos of their CEO to train the deepfake model. The company was previously targeted in data breaches last year.

Security experts advise organizations to have robust verification protocols, require supervisor approval for sensitive requests, and provide training to help staff detect deepfake social engineering attempts.

Sources include: Bleeping Computer

VMware’s suite of end-user computing products for desktop and application virtualization is getting a new brand identity – “Omnissa” – following their recent $4 billion sale to private equity firm KKR.

The products, which allow delivery of remote desktop experiences to PCs, tablets and mobile devices, were divested by VMware’s new owner Broadcom, which deemed them non-essential after acquiring the virtualization giant.

Signs point to KKR pushing ahead with rebranding the former VMware offerings as “Omnissa”, with official documentation and online resources for users already referencing the new name.

The rebrand comes as the remaining VMware product lines brace for a major system migration initiated by Broadcom that will temporarily pause support, training and purchasing services over the first weekend of May.

According to VMware, numerous customer-facing tools and portals will go offline starting April 30th as the company transitions from SAP to Broadcom’s Oracle software environment – a migration window extending until May 5th.

The tight turnaround for the backend system overhaul coincides with Broadcom’s fiscal quarter close, putting added pressure on teams to complete the complex data migration without disrupting any sales or revenue activities.

It also represents one of the first major tests for Broadcom in delivering on its promised support model bundling VMware’s virtualization products with services.

Any missteps during the transition could prompt backlash from VMware customers already facing rising costs under Broadcom’s revised contractual terms.

As Omnissa emerges as KKR’s newly-acquired brand for end-user computing, the fate of its former VMware siblings rests on Broadcom’s ability to execute a challenging system integration without sacrificing the seamless support experience it’s pledged for its VMware portfolio.

Sources include: The Register

In a major round of job cuts, Tesla is reducing its global workforce by more than 10% according to an internal memo from CEO Elon Musk.

The electric carmaker, which employs over 140,000 people worldwide, is eliminating thousands of roles just weeks after disappointing delivery numbers raised concerns about slowing demand.

In the memo, Musk wrote the painful but necessary move will allow Tesla to become “lean” and hungry again for its next growth cycle.

It comes after Tesla’s first quarter deliveries fell 20% from the prior quarter and over 8% year-over-year – the company’s first annual sales decline since 2020.

Tesla blamed the slump on production challenges with its updated Model 3, as well as supply chain disruptions from the conflict in the Red Sea region and an arson attack at its Berlin factory.

The staff reductions follow months of rumors about impending layoffs, with reports Tesla had instructed managers to identify the most critical roles and delayed some employee performance reviews earlier this year.

It’s not the first time Musk has dramatically cut headcount at Tesla to reduce costs during leaner periods. The company conducted multiple previous rounds of layoffs, including cutting staff working on its self-driving software last year.

The latest cuts also mirror Musk’s move to slash around half of Twitter’s workforce after acquiring the social media platform in 2022.

As Tesla faces intensifying competition and tries to ramp up production of new models like the Cybertruck, and that Cybertruck has had some very bad early reviews, the company is turning to headcount reductions despite Musk previously warning 2024 could see a sales slowdown.

With concerns mounting over cooling demand for its electric vehicles, investors will be watching closely whether the staff purge helps reset Tesla’s cost base ahead of its next targeted wave of growth.

Sources include: Business Insider

VMware’s suite of end-user desktop and application virtualization products is getting rebranded as “Omnissa” following their $4 billion divestiture to private equity firm KKR.

The move comes as the remaining VMware portfolio braces for a major transition shifting customer services from SAP to new owner Broadcom’s Oracle software environment in early May – a migration window that will temporarily pause support, training and purchase capabilities for several days.

As Omnissa emerges under new ownership and VMware products integrate deeper into Broadcom’s operations, customers impacted by both the pricing changes and platform shifts will be watching closely for any disruptions that could hinder the seamless user experience both tech giants have committed to providing.

Sources include: The Register

Microsoft has announced significant price increases coming this fall for its Dynamics 365 suite of cloud-based business applications.

In an update last week, the tech giant said it will raise prices across its Dynamics product line by between 9.26% and 16.67%, representing the first hike in five years.

The highest increase of nearly 17% will apply to the Finance, Supply Chain Management, and Commerce editions of Dynamics 365.

Other products like Sales, Customer Service, Field Service and core operations licenses face bumps of around 10% when the new pricing takes effect October 1st.

Microsoft’s corporate vice president Bryan Goode justified the increases by citing ongoing upgrades like AI-powered customer insights, data analytics capabilities and process automation added to Dynamics annually.

However, the software maker did not explain the varying degrees of price inflation across its different Dynamics product SKUs.

For U.S. government customers, the price hikes will be staggered over two phases in compliance with regulations, with a 10% jump first in October followed by another increase in 2025.

The increases follow similar moves by rival Salesforce last year and come as Microsoft prepares a new wave of AI-driven feature updates across Dynamics 365 powered by technologies like its Copilot assistant.

While inflation has been a factor over the past five years, the extent of these latest price increases from Microsoft may prompt some reassessment from Dynamics customers on the overall value proposition, especially for products facing the highest percentage bumps.

Sources include: The Register

Here’s another Microsoft story where I want to walk lightly, because it’s easy to bash on large companies, but it is a story that raises some critical questions.

A recent article in Wired reports that security experts and critics are accusing the U.S. government of giving Microsoft a free pass, despite the tech giant’s long track record of major cybersecurity lapses that have exposed sensitive government systems to hacking threats.

The story quotes a new report from the federal Cyber Safety Review Board slams Microsoft’s “inadequate security culture” after a 2022 incident allowed Chinese state hackers to breach the company’s systems and access government email communications.

It’s just the latest in a string of high-profile breaches impacting Microsoft customers over several years, including Russian hackers stealing source code and corporate secrets earlier this year.

Though heavily critical of Microsoft, the report is unlikely to spur any meaningful accountability from the U.S. government, which relies overwhelmingly on Microsoft products to power its operations.

Microsoft has become effectively “untouchable” according to experts, due to the government’s deep dependence on its software, its critical role supporting federal cybersecurity efforts, and its sophisticated strategy of positioning itself as a defender of digital safety.

This has allowed Microsoft to sidestep any consequences even as lawmakers fume over its security failures and practices like charging extra for basic threat monitoring that experts say should be included.

Administration officials have refused to criticize Microsoft openly, with some experts accusing the government of lacking the leverage to compel real changes at a company that represents a potential single point of failure for essential services.

Others argue the White House’s own national cybersecurity strategy calls for shifting more security burden to major tech firms like Microsoft that have the resources to invest heavily in defensive measures.

But so far, the U.S. government has demonstrated an inability or unwillingness to stand up to one of the world’s largest tech companies and enforce accountability, despite the risks Microsoft’s vulnerabilities pose to America’s digital infrastructure.

So, here’s my question.  We did a story on “cloud lock-in” recently where the UK government was concerned that without a meaningful alternative, even a government was effectively “locked in.”  With Microsoft’s dominance in so many areas from productivity suites to cloud and now security and even AI, how is the “competitive market” – or how is anybody – supposed to keep it in check?

Sources include: Wired

And that’s our show for today.  Love to hear your opinions as always. You can reach me at therealjimlove@gmail.com or our new editorial address – editorial@technewsday.ca

Our show notes are now also posted at TechNewsDay.ca or .com take your pick – along with other stories. Check it out.

I’m your host Jim Love, have a Terrific Tuesday.

The post US government faces criticism over handline Microsoft cybersecurity failures: Hashtag Trending for Tuesday April 16, 2024 first appeared on IT World Canada.

Act fast to a plug hole in Palo Alto Networks firewall, Canadian comedy festival loses over $800K in email scam, and more.

Welcome to Cyber Security Today. It’s Monday, April 15th, 2024. I’m cybersecurity reporter Howard Solomon.

A critical vulnerability in the GlobalProtect feature of Palo Alto Networks’ PAN-OS operating system has been exploited at several organizations at least as far back as March 26th. That’s the finding by researchers at Volexity who discovered the hole. A threat actor has in some cases deployed a custom backdoor written in the Python language by using the vulnerability. Then the attacker stole credentials and other files. Palo Alto Networks was expected to have delivered a patch yesterday. Volexity says the skill and speed used in the attacks suggest a highly capable threat actor with a clear playbook of what to access,. Network administrators using GlobalProtect firewalls should either install the patch or recommended mitigations. The vulnerability has a CVSS score of 10.

UPDATE: This issue is fixed in hotfix releases of PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and in all later PAN-OS versions. Hotfixes for other commonly deployed maintenance releases will also be made available this week.

The organization that produces Montreal’s Just For Laughs comedy shows was stung last year for just over $813,000 after falling for a business email compromise scam. The Quebec news service La Press discovered court documents showing the financial controller fell for emails pretending to be from a company shareholder instructing a switch of the bank account where management payments should go. The scammer was convincing because they created an email account with an extra ‘s’ at the end of the sender’s domain that came close to the spelling of a real email account. Unfortunately there are no protections in the global internet registry system to stop domains from being created with almost identical names to real companies. It’s imperative financial department employees confirm in independent ways any changes in payment procedures requested by email, voice mail or video calls. Staff shouldn’t use email messages or phone numbers in the email from the sender asking for the change to get confirmation.

A former senior IT security employee has been sentenced to three years in prison by an American judge for hacking into smart contracts of cryptocurrency exchanges two years ago. The man stole over US$12 million in digital coin. Shakeeb Ahmed received the sentence Friday after pleading guilty to computer fraud. According to the news site HackingButLegal, Ahmed worked for Amazon.

A threat actor has posted data stolen from a partner of Canadian retailer Giant Tiger. The BleepingComputer news service said the database was posted on a hacker forum with information allegedly on 2.8 million customers. It’s available to any hacker forum member for the price of eight credits. Members get credits for doing something as simple as commenting on a post or contributing a new post.

Are you worried about the recently discovered compromise of the maintainer of a critical Linux package? That’s the scheme where a threat actor took three years to gain the confidence of those helping to oversee the package before switching it for a malicious version. Well, the U.S. Cybersecurity and Infrastructure Security Agency issued a reminder that it has been working on improving open-source security for a while. It backs the Secure by Design initiative with steps for developers on building safe applications using open-source components.

The city of Toronto has budgeted $1 million to cover the costs of last October’s ransomware attack on the Toronto Public Library system. Reporter John Lorinc says the number includes almost $770,000 for cybersecurity experts and related IT system remediation and restoration costs. It also includes $160,000 in legal costs and $74,000 for credit monitoring services for employees who had their data stolen. All of the library system’s 500 computers had to be wiped and rebuilt. Meanwhile the city also has to deal with a January ransomware attack on the Toronto Zoo. In that attack data of current and former employees was stolen.

Speaklng of ransomware, one of the ways of crushing ransomware gangs is to take the money out of their attacks. The problem is forbidding — or even begging — unprepared organizations not to pay a ransom isn’t working. So last week the Ransomware Task Force, a group of public and private sector experts, released a plan to reduce the need to ban ransomware payments. It will take several years, the Task Force admits. But only after all the steps in its plan have been met should governments think about prohibiting ransomware payments. Briefly, the plan says ‘Don’t institute a payment ban until organizations have cybersecurity maturity.’ Here are some of the recommended steps:

–Develop a ransomware framework to provide a national standard for ransomware preparation. The framework would be adapted for organizations of different sizes, maturity and risk profiles;

–provide financial incentives for organizations to comply with the framework;

–mandate limited baseline security measures for critical infrastructure providers including utilities, banks and hospitals;

–form an international law enforcement partnership to target ransomware gangs;

–require cryptocurrency exchanges and over-the-counter trading desks to comply with existing financial transaction tracking controls;

–create a ransomware response fund to help victim organizations recover from attacks;

–work with cyber insurers;

–and end the tax deductibility of ransomware payments.

The Task Force believes things like this could take two years to implement. Only then should governments think about banning ransomware payments.

Meanwhile, nothing stops your organization from toughening its cybersecurity defences.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, April 15, 2024 – Act fast to a plug hole in Palo Alto Networks firewall, Canadian comedy festival loses over $800K in email scam, and more first appeared on IT World Canada.

Early Saturday morning listeners may have missed my weekend interview segment with Senator Colin Deacon. If you did, it was totally my fault. A typo in my posting instructions meant we didn’t get it online til late Saturday morning. But if you didn’t get a chance to listen, it’s still there, and it’s really worthwhile.

Google Enhances Browser Security with AI and announces a New Paid ‘Premium’ Version, Google users report account lock outs that beat their two-factor authentication. Google Blocks California News Access Amid Fight Over a Journalism Payment Bill and Gen Z Ditching Google for TikTok and YouTube Searches**

All this and more on the “too much Google” edition of Hashtag Trending. I’m your host, Jim Love. Let’s get into it.

Before we start, I have to say, I didn’t set out to write an all Google edition, maybe it’s because of Google’s major event last week, but when I evaluated the tech stories over the weekend, these hit the top of the pile.

Google is rolling out major new security enhancements for its hugely popular Chrome web browser used by billions worldwide.

At its Cloud Next conference last week, the tech giant revealed it has developed custom artificial intelligence language models specifically trained to detect and block spam, phishing and other malicious content targeting Gmail users.

Deployed late last year, Google says these AI defenses are already yielding big results – catching 20% more spam in Gmail, reviewing 1,000% more reported spam each day, and responding 90% faster to new phishing threats in Google Drive.

The company says the AI models are uniquely adept at identifying semantically similar malicious content at a massive scale across over 3 billion Google Workspace users.

While highly effective so far, Google admits it is “very focused” on innovating further to tackle the remaining 0.1% of spam and malware that slips through its advanced filters.

In a separate move, Google is introducing a new premium version of its Chrome web browser specifically geared towards enterprise user

Called Chrome Enterprise Premium, the paid tier adds enhanced data loss prevention controls as well as deep malware scanning missing from the existing free Chrome browser.

While the core free version will continue receiving general malware and anti-phishing protections, the premium edition aims to provide businesses with an extra level of security and administrative features.

This new AI-powered data protection will cost $10 per user per month on top of existing Workspace subscriptions.

The launch comes as Google also explores giving all Chrome users more control over limiting website permissions like access to keyboard, mouse and other device inputs.

Sources include:  Android Police and Forbes

The need was never greater – another story in Forbes this week reported that a number of users were reporting that their two factor authentication had been by-passed giving away access to the their Google accounts.

How do they do this? Apparently they don’t hack the two factor authentication process itself, but the employ something called “session cookie hijacking”

The technique typically starts with a phishing email delivering malware designed to capture the authentication cookies that allow users to seamlessly resume active sessions on sites like Gmail.

If attackers manage to steal these session cookies after a user has logged in, they can then replay the cookies to impersonate the legitimate user – tricking the service into letting them bypass any further 2FA prompts.

As far as Google’s systems are concerned, the attacker has already successfully authenticated using the hijacked cookie data.

Once they gain access to the account, the hackers can lock the real owner out of the account.

These attacks are reported to start with phishing lures, most notably crypto get rich schemes. But the attacks can also potentially leverage vulnerabilities that expose session cookies or allow session hijacking on unpatched systems.

Security experts warn session hijacking remains a critical risk capable of undermining popular multi-factor authentication protections relied on by billions.

Remedies include more widespread use of hardware 2FA security keys, as well as shorter lifespans for session cookies to reduce hijacking windows.

Major providers are also working on other mitigations, but users remain advised to stay vigilant against phishing and keep software patched to prevent falling victim to these attacks subverting account two factor authentication.

Sources include: Forbes

And can you stand one more Google story?

In a battle that will seem eerily familiar to our Canadian listeners, Google is now wrangling with. California lawmakers. Google has started restricting access to news articles from the state for some users in a hardball tactic against a proposed law that would force tech companies to pay publishers for content.

The move comes as the California Journalism Preservation Act, which cleared the state assembly last year, is being revived. The bill would require digital giants like Google and Meta to compensate news outlets when their articles and links get displayed on the tech platforms.

In a blog post, Google executive Jafar Zaidi said the legislation represented an “unworkable” tax on linking to news sources that has already prompted “significant changes” to services it can offer Californians.

Zaidi wrote that the company has temporarily blocked news from appearing in search results for an unspecified “small percentage” of California users in anticipation of the bill potentially passing.

Google claims the proposal is the “wrong approach” to bolstering the struggling U.S. news industry, which has suffered waves of layoffs and newspaper closures amid skyrocketing digital ad revenues for big tech.

Bill supporters argue it would provide a crucial lifeline to California’s publishers, with over 100 outlets shuttering in the state over the past decade as advertising income plummeted.

The legislation aims to direct a slice of the billions in digital ad revenues captured by technology giants like Google and Meta toward compensating journalists and publishers for reusing their content.

With over 70% of digital ad dollars now going to just those two companies, advocates say they have a responsibility to support the news industry they have disrupted and profited from.

Critics, however, argue such link taxes represent an unworkable model that undermines principles of the open internet.

The aggressive move by Google mirrors past tactics deployed when facing similar pay-for-journalism rules in Canada and Australia. After initial threats to block news, the company ultimately struck deals with publishers.

As California’s bill regains momentum, the fight over compensating news outlets appears headed towards an increasingly acrimonious showdown between lawmakers and the tech giants dominating digital advertising markets.

And although Google ultimately reached a deal of sorts with Canada, Meta continues to block Canadian news stories on its platform. This story may continue for some time to come.

Sources include: Axios

It turns out while Google was top of the news last week, the giant may want to watch where it’s search engine dominance is going. There is no doubt that Chrome is the dominant browser by a country kilometre – okay, a country mile still sounds better.

But it has some threats to its dominance. We did some stories last week to show that when given a real choice, people in Europe were opting for other browsers.

And although Google is trying experiments in the UK to add AI to its search, the early reviews on that are not spectacular with reports that junk content is more likely to hit the top of search.

For others, using AI search like Perplexity.ai is proving to be far more reliable and informative than Google. But now, a generational divide is evolving.

For Gen Z, it turns out even Canadians call the GenZ, Google is no longer the default starting point when searching for information online. Instead, many young people are turning to social media platforms like TikTok and YouTube as their go-to search engines.

New data from youth research firm YPulse reveals a stark generational divide emerging. While 58% of millennials aged 25 to 39 still begin their internet queries on Google, that falls to just 46% among those aged 18 to 24.

For Gen Z, 21% are initiating searches directly on TikTok, with another 5% heading straight to YouTube – a clear break from the Google-centric behavior of older demographics.

The shift highlights how social media has evolved from just connecting with friends into a vast “information superhighway” for the first truly digital native generation.

Gen Z users cite a preference for the more relatable, authentic results surfaced through human-curated videos and posts compared to Google’s algorithms heavily featuring sponsored content.

There’s also an innate comfort and affinity with social platforms fostered by younger users having no memory of Google’s earlier era of search dominance.

The trend represents a growing headache for Google and its parent Alphabet, which derives the bulk of its nearly $2 trillion valuation from digital advertising tied to search traffic.

In response, Google has rolled out new features aimed at Gen Z, including AI tools to generate more personalized search feeds and better highlight social media conversations.

However, many remain dissatisfied with the quality of Google results plagued by excessive ads and search engine optimization tactics.

As Gen Z increasingly eschews traditional search engines, established tech giants will be forced to adapt to changing behaviors ushering in a generational shift in how information is discovered and consumed online.

Picture this – sometime in the future, somebody born in 1990 will be my age, they’ll mention some 90’s rock group, get a blank stare and say “TikTok” it.

Hey, there’s no longer a Kleenex tissue. There could be a world where search is not Google.

And that’s our show for today…

And tomorrow, I promise, unless the sky falls in with a monumental story, we’ll be Google free.

I’m your host Jim Love, have a Marvelous Monday.

The post Google users say two-factor authentication didn’t protect them. Hashtag Trending for Monday, April 15th first appeared on IT World Canada.

Welcome to Hashtag Trending The Weekend Edition. I’m your host, Jim Love. I can understand that many of you might get frustrated about politics. What we see for the most part is a lot of BS.

Ask a politician a simple question. You get a lot of non answers, talking points, ways their political opponents have it wrong. Yep. That’s true. Even in Canadian politics. So what can we do? We can get involved and try to change the process. I’ve certainly done that. I worked for every political party at one point. I’ve worked for the NDP, Neil Young, not the musician, unfortunately. He was a great guy though.

And Bob Ray. I’ve worked to support the Liberals under Stéphane Dion, one of the most incredible people I’ve ever met. I’ve been a writing president for a progressive conservative riding which led me to have the honour to meet Joe Clark and to understand the authentic person he is,  I know what you’re thinking.

What’s wrong with this guy? Can’t he take a side? And the clear answer is no, I, I can’t take sides. There’s only one side and that’s what’s best for Canadians. I’ve never been a believer in party labels. I wanted to work with authentic people who wanted to make Canada a better nation and make a better future for our children.

And the need was never greater. Canada is in crisis. Our productivity numbers are plummeting. Regardless of what you get fed from government sources, we are not a leader in AI, or in digital governance, or anything else digital for that matter. But equally, the stuff that the opposition parties are feeding you?

It’s nonsense as well. The reality is, if you strip away the party lines, if you talk to the smartest people in Ottawa, you’d know the truth. We are in crisis. Our future standard of living is in real jeopardy, and yet, We are an incredibly resilient people. We have so much going for us in multiculturalism, in diversity, in intelligence, and in many other areas that if we could just get it together, we could fulfill that quote of Wilfrid Laurier.

The 21st century belongs to Canada. So what do we do? Fortunately, we have a structure in our government where parties don’t really have to matter. It’s called the Senate. For my American listeners, you have a Senate as well. It’s called the same thing as ours, a body of sober second thought. The difference in Canada is our senators are actually sober.

I say that in jest, but in our Senate,

and I’m not taking political sides, but credit where credit is due, our Prime Minister Justin Trudeau said he would no longer make political appointments to the Canadian Senate. He would appoint knowledgeable people and challenge them to challenge the government’s thinking. In other words, he would make the Senate truly a body of sober second thought.

A place where nonpartisan citizens could join with only the best interest of the country at heart. A place where people who weren’t politicians could offer their experience and their expertise to the government of our nation. And there’s nobody that you will meet that embodies this more than my guest, Colin Deacon.

Senator Deacon is a serial entrepreneur and someone who knows technology and knows how to build businesses that export to the world in a digital economy. And we are lucky to have them both in the Senate and for this interview. I met Senator Deacon at the Digital Governance Council, another group of nonpartisan business and government leaders who also only have one objective to help Canada become a leader in the digital economy. I was totally impressed by him and I asked if he’d sit for an interview with us. I hope you’ll be as inspired by it as I was. . My guest today is Senator Colin Deacon.

There is a link mentioned in this article to the Digital Governance Council  Check it out.

Our sponsor for this week is Performance Advantage

You can find the full transcript on YouTube.

The post Senator Colin Deacon and our digital future: HashTag Trending, the Weekend Edition, April 13, 2024 first appeared on IT World Canada.

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, April 12th, 2024. I’m Howard Solomon.

In a few minutes David Shipley, head of Beauceron Security, will be here to discuss recent news. We’ll talk about more hot water for Microsoft, a second look at the scare facing the Linux community, an alert to the healthcare sector on IT help desk scams and a warning to LG smart TV owners.

Before we get to the discussion, here are other highlights from this week:

LastPass released a report describing a deepfake audio call to an employee impersonating its CEO.

Classes at New Mexico Highlands University remain cancelled because of a ransomware attack that started April 3rd. Classes will resume this coming Monday, April 15th. Despite the loss of over a week of classes the university term won’t be extended. Graduation ceremonies will continue as scheduled.

On Tuesday the social media site that used to be Twitter began automatically modifying links in tweets that mention “twitter[.]com” to read “x[.]com.” It was another step in the re-branding of the service now called X. But the link modification strategy backfired. According to security reporter Brian Krebs, at least 60 new domains were quickly registered with names that end in “twitter[.]com.” The goal for some of these new domains was to scam internet users. So someone was smart enough — or devious enough — to create “fedetwitter[.]com”, which became “fedex.com” in tweets. Most of the new domains were registered by people who realized this mess was possible and wanted to prevent the domains from being created by scammers. But as a result of the mess X stopped truncating any domain ending in “twitter[.]com.”

AT&T is notifying over 51 million customers that personal information being pedaled on the internet came from the company. It had said in March that information on 73 million customers was involved. The difference, AT&T told Bleeping Computer, is that some people had multiple accounts.

The U.S. National Security Agency released an information sheet to help organizations implement a zero trust data protection strategy. I’m not going to repeat all of the recommendations, but it does remind IT leaders that a zero trust strategy is “centred on protecting an organization’s data through constant verification.” An essential element of this is effective cataloging, labeling and encrypting of data to limit data breaches. There’s a link to the document in the text version of this podcast at TechNewsday.com.

The U.S. Cybersecurity and Infrastructure Security Agency’s malware analysis service is now open to any IT department and security researcher who wants to submit suspect code. Until now the Malware Next-Gen portal was available only to governments and the U.S. military. You do have to register to use it.

Finally, Fortinet released security updates for multiple products including its FortiOS operating system, and the FortiProxy and FortiClient Linux applications. The vulnerability in FortiClient Linux is rated as critical and needs to be patched fast.

(The following is an edited transcript of the first of four discussion topics. To get the rest of the talk play the podcast)

Howard: Last week as, you may recall the Cyber Safety Review Board released a report highly critical of Microsoft into the ability of a threat actor to forge a counterfeit authorization token that was used to compromise Microsoft Exchange online email accounts. This week Microsoft was in the spotlight again, A cyber security company in turkey called SOCRadar discovered Microsoft employees had left an Azure storage server open to the internet that had Microsoft code, passwords and other sensitive material. It isn’t known how long the cloud server was unprotected or if anyone other than the researchers discovered it. David, there’s a couple of things here: Both of these incidents involve cloud services — the forged tokens let the attacker get into Exchange online. The open server was hosted on Microsoft’s Azure platform. What did these incidents say about cloud security in general and Microsoft security in particular?

David Shipley: Number one, cloud security is hard, even if you’re the person that makes and sells the cloud environment. That should be something we all take a moment [to think], ‘Even the people that can struggle with it.’ That’s just the reality of the situation. It is big, it is complex, and it’s also the nature of the threat environment and the ability to just find every single little flaw. Cyber is almost like that a mouse infestation in your house: You just can’t figure out all the different ways these these things can get in and just ruin your day.

I hope it’s part of the beginning of the end of the narrative that. ‘Just because it’s in the cloud it’s safer than on-prem.’

I think for Microsoft, let’s be clear — it’s easy to beat up on Microsoft. They’re the big kid in town. They’ve got the largest, most ubiquitous footprint. They’ve got the biggest target on their back. But it’s been very clear that with the great tremendous growth and success of Azure and cloud and Microsoft 365 has come with it a security liability, a cost that’s clearly starting to catch up. This is almost like a law of physics of modern day digital business: For every great business opportunity there seems to be increasingly an equal and opposite security and cost and liability side that is a tricky thing to balance. It’s a bad year for Microsoft. The hits just keep on coming, more that’s going to come out of some of these reviews, so they’re probably not going to get out of this year without a few more punches.

Howard: I’ll get deeper into Microsoft in a minute but first I want to note that the Cyber Safety Review Board Report had very pointed things to say about security to all cloud providers as well as those using cloud-based services.

David: This is not a unique problem for Microsoft. AWS has its share of problems, Google has its share of problems. We’re talking about massive, complex systems and levels of power and connectivity. We don’t really even have a track record to fully understand. It’s never been more important to fully and absolutely understand the shared responsibility model [for buyers and producers of cloud services] and to understand what your risk appetite is if you’re surrendering control over certain aspects of the threat pyramid to a cloud provider. Are you comfortable with that? Do you have the assurances from that cloud provider and the strategy of resilience if that cloud provider lets itself and you down?

Howard: On last week’s show Terry Cutler and I discussed the Cyber Safety Review Board report into the Microsoft forged token attack. As a reminder, the emails of about 500 people around the world — including the U.S. Commerce Secretary, the U.S. Ambassador to China and other important people — were compromised. The attacker downloaded about 60,000 emails over six weeks from the U.S. State Department alone. The Review Board had blunt criticism of Microsoft: It said the hack was preventable and should never have occurred. It calls Microsoft’s security culture inadequate and requires an overhaul. And it complained that Microsoft hasn’t been upfront with the public in that it still doesn’t know how or when the hacking group obtained the signing key that allowed this attack to happen. Was the board too gentle?

David: I don’t think it was too gentle. This is probably among the most severe call-outs I have ever seen from a group of a failure. But it’s not about blame. What I really love about the Cyber Safety Review Board model is it’s based off the aviation industry, which makes sure that we share transparently the key lessons learned from every air disaster. This was a cyber disaster, and we’re now picking up the pieces and telling the tale. What I thought was pretty harsh about the report was saying [to Microsoft], ‘Stop focusing on developing new features and your revenue funnel and your sales targets right now and clean your house up.’ For Microsoft this is probably one of the last off-ramps they’re going to get before they land themselves in some pretty serious heat that potentially could end up in antitrust territory around the conflict between their core businesses: Azure, Microsoft 365, the [Windows] operating system and their security business. Because there may come a time when large cloud providers like Microsoft need to be regulated because they have quasi-monopolistic levels of power. So they probably should face more additional scrutiny. Whether they should charging additional dollars for security products to fix what may in turn be fundamental flaws that should never have happened in their products in the first place, I’m going to leave that to smarter people than me. But I think if they if [Microsoft] they listen, if they act, if it’s not just a PR response to this, if they do what they did 22 years ago with Trustworthy Computing … and redo and re-plan and reinvest, they can come out of this. If they ignore this it will be at their peril.

Howard: What struck you as the worst of Microsoft’s failures in that incident?

David: The hardest part is it’s always the [failure to follow the]basics that get everybody … It’s a learning opportunity for all of us to say, ‘All of this [cybersecurity] is really, really hard and that we sometimes need to slow down how fast we’re running.’ We are running at breakneck speed to roll out new products, services, hit revenue margins. These are the pressures of running a business in a capitalist economy. But if we ignore these basics they always come back to bite us.

Howard: The incident where somebody left a server open without protection, that happens to many organizations: Someone creates and stores data in the cloud and they forget — or ignore — corporate rules on properly securing it. How how do we stop that?

David: You don’t. That’s humans and technology. You you try and create better processes, better procedures, better monitoring, better education for the people responsible for creating these things. But there is no technological silver bullet that can prevent a series of really dumb things happening because each of those dumb things on their own is likely very innocuous — and probably a very necessary part of the [business] process is to build systems and infrastructure. It’s just that sometimes we don’t even understand the full consequences of what we start and what it eventually becomes … The amount of hidden servers and data and other things that just get lost [it an IT environment] is stunning … Cloud asset and monitoring and permissions and tracking and all of this stuff isn’t sexy. It’s the basics. It’s paying attention to the details The fact that we don’t have a cyber code for companies with a set of basic standards and proof of due diligence leads to this continuous cycle.

The post Cyber Security Today, Week in Review for week ending Friday, April 12, 2024 first appeared on IT World Canada.

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more.

Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon.

Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the U.S. Cybersecurity and Infrastructure Security Agency after the discovery by independent researchers of a compromise at Sisense. IT leaders are also urged to report suspicious access to their Sisense platform to the CISA. Sean Deuby, principle technologist at Semperis, said the fact that the CISA had to issue a warning is ominous because Sisense has a number of large customers. Among them are Verizon and Philips Healthcare.

Crooks have found a new way to spread the Raspberry Robin worm for Windows systems. According to threat researchers at HP, the malware is now being delivered through Windows WSF Script Files. The scripts use a range of techniques to evade detection. Up to now usually Raspberry Robin was spread through removable media like USB drives, RAR files and 7-zip files hosted on Discord. The malware acts as an intial foothold into systems allowing the download of other nasty attack tools. It isn’t clear how crooks are spreading the bad .wsf files. Probably it’s through phishing messages. Regardless, IT administrators should watch for unusual or unexpected .wsf files.

Threat actors are manipulating GitHub’s search function to distribute malware. That’s according to researchers at Checkmarx. Here’s the scam: Attackers create repositories with popular names and topics on GitHub. These hold malicious code in Visual Studio project files. Using tactics like automated updates and fake stars, they boost search rankings to attract unwitting victims to download the infected files. I regularly warn developers to be cautious when downloading files from public repositories. This is another example of why. Be suspicious of repositories with high commit frequencies in recently created accounts.

The cyber attack that hit Japanese optics manufacturer Hoya Corp. last week was ransomware. That’s according to several news media. The French website LeMagIT quotes Jbpress saying the Hunters International gang is responsible, and is demanding US$10 million after stealing 2TB of data.

The most common tactic threat actors use is a malicious script to automate action. That’s according to researchers at D3 Security. They recently paired incident data to the Mitre Att&ck framework and found just over 50 per cent of attacks used a command and scripting interpreter to execute malicious payload on victims’ systems. The second most common tactic was email phishing for initial access. That was used in just over 15 per cent of attacks. One lesson: watch for unusual and unexpected scripts on your network.

Finally, it can be hard for outsiders to measure the maturity of a country’s cybersecurity status. But consider these numbers from a survey by Cradlepoint of over 500 technology decision-makers at Canadian organizations: Only 45 per cent of respondents said their organization was using or familiar with multifactor authentication. Other endpoint or network security solutions with less than 50 per cent usage or knowledge include Secure Access Service Edge (also called SASE), web browser isolation, mobile device management, zero trust network access and edge security.

That’s it for now. But later today the Week in Review podcast will be out. Guest commentator David Shipley and I will discuss another cybersecurity issue at Microsoft, how IT help desks should be prepared for scammers, and more.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more first appeared on IT World Canada.

US Internet providers must now display clear pricing and product information. HP Ink controversy continues to stain the company’s reputation with consumers. Is the EU’s competition legislation working? Early numbers seem to show it might be. And there’s a 10 million dollar bet that Elon Musk is wrong about AI.

All this and more on the “all bets are off” edition of Hashtag Trending. I’m your host, Jim Love. Let’s get into it.

New regulations from the Federal Communications Commission have taken effect yesterday, mandating that all broadband internet service providers clearly display labels detailing the prices, speeds, data caps and other key information about their service plans.

The rules are aimed at helping consumers make more informed choices by requiring ISPs to disclose this data in a simple, standardized format akin to nutrition labels on food products.

In addition to fees charged, the labels must also now list any monthly data caps or overage fees, upfront costs like equipment rental fees, a provider’s customer service contact information, and any other plan limitations like throttling policies.

Despite this progress, consumer advocacy group Next Century Cities   continued to push for even more information, saying that these broadband “nutrition labels” often overstate the real-world speeds customers can expect or obscures caps and fees.

Speaking to the FCC last month, one group urged that in addition to maximum speeds, the labels should show the average speeds users actually experience, as estimates of “typical” speeds are frequently overly optimistic.

While comprehensive, some experts warn the amount of required disclosures could overburden smaller ISPs with limited resources compared to industry giants. For now, only providers with more than 100,000 subscribers must comply and smaller providers have been given an additional year to comply.

The FCC is still gathering feedback on whether to mandate the display of promotional pricing periods and expiration dates, as well as taxes and fees beyond the base rate.

Next Century Cities is further advocating for a streamlined complaint process to report issues like digital discrimination in broadband deployment to the commission.

With the labeling rules now in place, the hope is that customers will be better equipped to comparison shop for broadband and avoid being misled about the true costs and capabilities of different internet packages.

Sources include: ArsTechica, Engadget, and BroadbandBreakfast

Of all of the emails I get about stories, the HP printer issue is near the top of the list. People write me, with their frustrations. And it turns out, they take these to the courts as well.

Printer owners are pushing back against HP Inc. in an ongoing class action lawsuit over firmware updates that allegedly disabled their devices from using third-party ink cartridges.

In a filing this week in an Illinois court, the plaintiffs accused HP of using software changes to monopolize the replacement ink market and “take advantage of customers’ sunk costs” in HP printers.

The consumers claim that despite never agreeing to only use HP-branded ink, recent firmware updates prevented their printers from accepting more affordable third-party cartridges.

They allege HP violated several anti-competitive statutes through this “tying scheme” accomplished via unauthorized software changes solely aimed at blocking rival ink suppliers.

The plaintiffs are seeking damages covering the cost of now-useless non-HP cartridges, as well as an injunction forcing HP to undo the firmware lockout.

For its part, HP insists it went to “great lengths” to inform buyers that its printers are designed to exclusively use HP cartridges containing security chips.

The company says the updates represent legitimate “dynamic security” measures to combat counterfeit ink, and that it does not conceal or block remanufactured cartridges reusing official HP chips.

HP also argues the plaintiffs cannot claim overcharge damages from the manufacturer under federal antitrust laws when they purchased through intermediaries.

As printer makers increasingly push subscription models, the controversy highlights long-standing tensions over the high costs of proprietary ink replacements versus third-party alternatives.

The bitter legal battle seems primed to further antagonize HP’s customer base over what critics condemn as anti-competitive practices designed to sustain lucrative ink sales.

Sources include: The Register

We’ve done a number of stories on legisltation and regulation from the EU that is aimed at increasing customer choice and promoting real competition. Is it working? In one case it seems to have had an impact.

It turns out that some alternative web browsers are reporting an uplift in user interest and downloads in the European Union following the recent enforcement of a new digital regulation called the Digital Markets Act or DMA.

The landmark rules, which took effect last month, require dominant tech gatekeepers like Apple and Google to present mobile users with choice screens displaying alternative browsers and other core apps.

The goal is to shake up competition against pre-installed defaults and make users more aware of their options beyond Safari on iOS or Chrome on Android.

While it’s still very early days, several smaller browser makers have already shared positive metrics pointing to increased attention from EU users.

Norway’s Opera says new user growth was up 63% from February to late March, while fellow Norwegian browser Vivaldi reports a 36.7% jump in EU downloads, rising to nearly 70% in the eight countries where it appears on Apple’s choice screen.

The privacy-focused Brave browser also cited a doubling of daily iOS installs in the EU compared to pre-choice screen levels.

And little-known Cyprus-based rival Aloha claimed to have seen 250% growth in new users as it jumped from the 4th to 2nd biggest EU market.

However, not all alternative browsers are seeing clear gains yet. Veteran players like Mozilla’s Firefox, DuckDuckGo and Ecosia say it’s too early to accurately assess the DMA’s impact as choice screen rollouts are still ongoing, although some claim that these browsers are purposely holding back from reporting success because they want to keep the pressure on to make the choices even more clear and easier to adopt.

For example, the are complaints that Apple’s iOS implementation in particular has significant design flaws hampering users’ ability to make meaningful choices about switching browsers.

The European Commission has open investigations into suspected cases of improper compliance by the tech giants, including Apple’s choice screen methodology.

With this continued pressure from the largest alternative browsers, and given the EUs track record, it is likely they will be monitoring closely to ensure dominant gatekeepers are genuinely opening their platforms to greater competition and consumer choice as intended.

Sources include: TechCrunch

Some tech industry CEOs are putting their money where their skepticism is when it comes to Elon Musk’s ambitious predictions about artificial intelligence surpassing human intelligence in the next few years.

During a recent interview, the billionaire claimed AI will likely exceed the cognitive capabilities of any single human by the end of 2024, with AI as a whole outstripping the combined intelligence of all humans within just five years.

But those bold forecasts are being met with raised eyebrows and big bets from some AI experts who view Musk’s timeline as wildly unrealistic.

Gary Marcus, CEO of machine learning startup Geometric Intelligence, publicly offered up $1 million to anyone, including Musk, who can prove him wrong.

That prompted Damion Hankejh, CEO of ingk.com, to raise the stakes even further, saying he’d cover a $10 million wager against Musk’s AI predictions coming true.

Marcus said Musk has not responded to the million-dollar challenges yet, but added the Tesla CEO has previously ignored Marcus’ smaller $100,000 bet that artificial general intelligence was not actually imminent, as Musk claimed.

For Marcus, the bets are about more than just money. He wants to spark a public discussion with Musk about what artificial intelligence can realistically achieve in the near-term versus the almost utopian promises that have become common from tech leaders.

Marcus argues many in the industry have a track record of making scientifically implausible claims and missing self-imposed deadlines, pointing to the ongoing challenges with self-driving cars as one example.

While large language models have made rapid advances, Marcus contends the notion they could exceed human-level general intelligence within just a couple of years is fanciful, estimating that milestone may still be decades away.

As CEOs literally gamble over contrasting AI outlooks, the high-stakes bets underscore an intensifying debate over whether too much hype is obscuring the real state and timeline of artificial intelligence development.

I don’t know. Just this once and only once. I’m putting my money on Elon being right.

As always, love to hear what you might think.

And that’s our show for today…

Thanks for those who’ve written in with comments including the person who wrote me about their trials and tribulations HP printers and ink purchases.

Keep it coming.  And don’t forget, you can find us on YouTube now. If you check us out there, please give us a like or even a subscribe as we try to build and audience there as well.

I’m your host Jim Love, have a Fantastic Friday.

The post Is EU competition working? One company shows a 250 percent increase. Hashtag Trending for Friday April 12, 2024 first appeared on IT World Canada.