3.1 Million Impacted by QualDerm Data Breach

Posted in Commentary with tags on March 24, 2026 by itnerd

Healthcare management services provider QualDerm is notifying more than 3.1 million people that their personal, medical, and health insurance information was stolen in a December 2025 data breach.

Brian Bell, CEO at FusionAuth had this to say: 

“Healthcare keeps struggling with identity because the industry has treated access management as a compliance exercise rather than a security architecture decision. The problem isn’t just that someone got in, it’s that once inside, there was nothing limiting what they could reach. Authorization controls, audit trails, isolated infrastructure; that’s what turns a catastrophic breach into a contained incident. Without it, you’re doing forensics on a disaster instead of preventing one.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy adds this:

“This is a concerning development for QualDerm patients, as the breach exposes quite a bit of personal, medical, and identification-related information, leaving them open to possible phishing and identity theft schemes. Affected patients should keep an eye out for phishing schemes using the gleaned info and should also immediately take advantage of the free identity theft and credit monitoring services offered by the company.”

Once again the heathcare sector gets pwned. The fact that this sector keeps getting pwned should be a wakeup call that something needs to be done to change the direction of travel. But sadly that does not seem to be happening.

Leave a comment »

Relyance AI Announces The Commercial Availability of Ly

Posted in Commentary with tags on March 24, 2026 by itnerd

Relyance AI today announced the commercial availability of Lyo, the industry’s first autonomous data defense engineer designed to monitor and secure how AI agents interact with enterprise data. 

Lyo emerges at an inflection point for the cybersecurity industry as autonomous AI agents spread across enterprise environments-gaining access to sensitive data, triggering workflows, provisioning infrastructure, and calling APIs at machine speed. The challenge is no longer locating sensitive data, but understanding how it is being used in real time; something legacy scanning tools, built to show where data lives, were never designed to do. Without context-identity, purpose, flow, and behavior-security teams are left with a dangerous blind spot and a false sense of control. Gartner predicts that by 2027, more than 40% of AI-related data breaches will stem from improper GenAI use alone. 

Lyo was built to address this new reality. Powered by Relyance’s AI Data Journeys™, Lyo continuously monitors and attaches business and behavioral context to data activity across code, cloud infrastructure, MCP servers, SaaS applications, identities, third parties, and AI agents. 

Meet Lyo: 24/7 Autonomous Data Security

AI agents introduce specific failure opportunities: overprivileged access, hidden non-deterministic data flows, poisoned inputs, third-party model exposure, ephemeral infrastructure, and unpredictable data behavior. Powered by Relyance’s Data Exposure Graph, Data Journeys, Lyo simultaneously monitors an entire data ecosystem, with the following capabilities:

  • Unified AI and Data Visibility: Provides comprehensive visibility into both AI and non-AI assets, creating a complete map of your technology stack showing how AI systems and data assets interact.
  • Identity-to-Data Intelligence: Maps relationships between AI agents and data assets to identify risky combinations. Identifies when AI agents have overprivileged access to sensitive data.
  • Enhanced Contextual Data Classification: Categorizes data sensitivity levels and tracks data flows. Identifies which assets house highly sensitive data and monitors how AI agents interact with that data.
  • 24/7 Monitoring & Policy Alerts: Continuously monitors for threats with proactive alerting for security policy violations with unified risk intelligence across data, identity, AI, and behavior
  • Conversational Investigation (Ask Lyo): Answers questions via a natural language query interface to help teams prioritize which issues require immediate action, what has the most potential damage/impact, and provides context for security decisions. 
  • Third-Party Vendor Risk Management: Identifies and monitors vendor-supplied AI components to manage vendor security risks, including third-party MCP servers.

Relyance AI will be demonstrating Lyo and its full platform at RSAC 2026, March 23–26, at the Moscone Center in San Francisco. To schedule a meeting or request a demo, visit relyance.ai.

Leave a comment »

The FCC In The US Has Pretty Much Banned All Wireless Routers From Being Sold…. But It’s Kind Of Complicated….

Posted in Commentary with tags on March 24, 2026 by itnerd

So it seems that the FCC in the United States has decided to ban pretty much every wireless router from being sold in the US. The FCC posted this PDF explaining the decision. But here’s the part that you need to care about:

The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”

And:

The National Security Determination states that “Production generally includes any major stage of the process through which the device is made, including manufacturing, assembly, design, and development.”

Since no router that I am aware of is built in the USr, it means that anything that you could purchase from Best Buy, or get from your ISP, or from companies like Cisco or Ubiquiti is effectively banned. So what does that mean? Well, from what I read it means the following:

  • This ban applies to the importation and sale of routers.
  • You can continue to use your existing router.

Now there is a lifeline of sorts for router companies. They can apply for an exemption by proving that their devices are safe. What that entails is a bit of a question mark at the moment. But I pretty much assume that router companies are rushing to take advantage of that. On top of that, router companies could get around this by building their gear in the United States. But that could take years to scale up and since labour in the US is more expensive than labour in Asia for example, prices are sure to go up.

So why is the US doing this? It’s likely a reaction to companies like TP-Link having what is perceived to be insecure gear that could be leveraged by threat actors of various descriptions to launch attacks. I mention TP-Link because most of the noise around this has centered around TP-Link being accused of working for Chinese intelligence. But the US is said to have said similar things about other router companies.

What should you do in regards to this issue? Well, if you are in the US and you were considering upgrading to a new router to get say WiFi 7 or better performance or more features, now might be a really good time to upgrade given that the US banned drones from DJI using a similar rationale. Thus supplies may run out quickly whether it’s from your local Best Buy, your ISP, of from companies like Cisco.

This will be very interesting to watch as I am going to guess that this whole scenario may not play out the way that the FCC wants it to.

Leave a comment »

HP Leads Security for the Future of Work with Launch of HP TPM Guard: New Protection Against Physical Access Attacks that Steal PC Data

Posted in Commentary with tags on March 24, 2026 by itnerd

Today, at HP Imagine 2026, the company launched HP TPM Guard – the first hardware solution to stop physical TPM bus attacks, delivering the world’s first business notebook to prevent physical-access attacks that defeat BitLocker drive encryption. HP also announced enhancements to its HP Wolf Security PC portfolio and brought quantum resistance to a broader range of HP printers.

Closing the BitLocker Security Gap with HP TPM Guard

PCs are at the center of modern, hybrid work, storing vast amounts of sensitive information – from confidential documents and credentials to customer and employee data. With the rise of AI applications processing voice, video and screenshots, the volume of sensitive data held on PCs is only increasing.

BitLocker has been widely used by enterprises to protect this data if PCs are lost or stolen, but vulnerabilities uncovered in recent years can enable an attacker with physical access to a device to bypass BitLocker and extract the data. Commonly referred to as “TPM bus attacks”, this technique relies on attackers intercepting communication between the certified Trusted Platform Module (TPM) and CPU, and can be performed in under a minute, using just $20 of hardware with minimal training. 

HP TPM Guard protects against this threat by introducing an encrypted link between the TPM and CPU, preventing interception and probing attacks. The TPM is cryptographically bound to the device, rendering it inoperable if removed or tampered with – closing this industry wide security gap, without adding complexity for IT teams.

HP TPM Guard is the latest in a long series of security innovations to come out of the HP Security Lab over the last 20 years. HP proactively identifies emerging threats, creates solutions for HP products, and then works with industry standards bodies to ultimately raise the bar for the whole IT ecosystem. With this in mind, HP has already submitted a proposal to the Trusted Computing Group to contribute TPM Guard technology as an industry standard.

To read about the engineering behind HP TPM Guard please visit this blog.

New HP Wolf Security Capabilities to Reduce Cost and Risk for Businesses

HP is also strengthening security across its commercial PC portfolio by announcing new HP Wolf Security capabilities. They are focused on increasing the synergy between Workforce Experience Platform (WXP), HP Wolf Security, and the enterprise architecture to reduce operational overhead and cyber-risk. These new capabilities include:

  • Wolf Controller / WXP Integration to lower risk and operational friction
  • Next Gen Wolf Connect cellular card to deliver better accuracy with less power consumption
  • Broader Sure Recover platform support at lower cost
  • Centralized security log collection on the Wolf Controller

Quantum Resistance – The Future of Print Security

Experts predict that the possibility of a quantum computer breaking existing asymmetric cryptography is up to 34% by 2034 driving the urgency for quantum-resistant protections. With printers increasingly targeted as an entry point into networks, HP is expanding quantum-resistant cryptography to a wider range of devices:

  • New HP LaserJet Pro 4000/4100 Series: The world’s first SMB printers with quantum-resistant protection alongside tamper-resistant toner chips, firmware, and packaging. HP Workforce Experience Platform, and optional HP Security Manager, also enable streamlined security compliance and fleet-wide device management under one umbrella.
  • New HP LaserJet Enterprise 5000/6000 Series: The world’s first enterprise printers shipped from the factory with protection against quantum computer-based attacks[iv],reducing the risk of exposure. The series is also powered by HP Wolf Enterprise to detect, isolate, and automatically recover from cyberattacks and features the only printers with zero-day threat detection and recovery during memory code execution.

The HP LaserJet Enterprise 5000/6000 Series will also feature Automated Guided Redaction, which detects and removes sensitive information, such as personal data or financial details, helping organizations support compliance requirements without adding extra review steps for IT.

More information on today’s news at HP Imagine can be found here

Leave a comment »

Zalos gets $3.6M for its computer agents to help CFOs

Posted in Commentary with tags on March 24, 2026 by itnerd

Modern finance teams run on a fragmented stack of ERPs, CRMs, spreadsheets, email, and banking platforms that were never designed to talk to each other. APIs between these systems are often missing or incomplete, which means finance teams become the human API themselves, manually stitching data across systems to complete billing cycles, close the books, and produce reporting their business depends on. Zalos was built on the belief that the next leap in productivity will not come from replacing that stack, but from agentic software that can operate it the same way humans do and understands the deep business context. 

Today Zalos, the leader in Computer Agents for Finance Operations, announced a $3.6 million seed round to realize this vision. The funding round was led by 14 Peaks with participation from Cohen Circle, 20VC and notable angels*.

Computer Agents are the defining AI technology for 2026. 2023 was generative AI, 2024 brought multi-modal, and in 2025, AI learnt reasoning. Now AI will take over our computers. OpenAI and Anthropic have both moved into the space with generalist Computer Agents, but Zalos is purpose-built for finance operations, where the stakes of getting it wrong are categorically higher. Finance teams cannot operate on 90% accuracy, the agents need finance specific skills, and they need every automated action logged in a format auditors can follow. The Computer Agent market is still in its early stages; comparable to where large language models were at GPT 3.5. Zalos’s purpose-built infrastructure and evaluation systems are designed to push reliability to the accuracy levels that CFOs need to automate finance operations at scale.

Zalos converts screen recordings of finance workflows into Computer Agents that log in, navigate screens, enter data, and check against controls across ERPs, Excel, email, and internal tools. The platform works inside NetSuite, Sage, and SAP S/4HANA today, with no heavy integrations required. Every agent action is captured in an auditable log, and the platform is built to enterprise security standards including SOC 2 Part II certification, enterprise single sign-on, role-based access controls, and on-premise deployment options. Use cases being most actively used by clients include billing automation across multiple systems, month-end reconciliations, and cross-system KPI reporting across multiple ERP instances.

The company was founded by CEO William Fairbairn and CTO Hung Hoang after intersecting paths led them to the same conclusion. Fairbairn spent years at Agicap speaking with hundreds of CFOs, and heard the same frustration consistently: ERP implementations take more than twelve months, deliver limited upside when they go well, and carry real career risk when they go wrong. Hoang left Apple Pay after five years and became focused on Computer Agents specifically because they avoid the API problem that has stalled so many automation efforts in finance. The two began building Zalos last October after joining Y Combinator, with a focus on specialized agents that emulate how finance teams actually operate inside their tools.

The rise of reliable Computer Agents creates a third path: automation that sits on top of the existing stack and operates it as a human would. These agents are trained once with screen recordings, then the process is automated forever, never taking a holiday, and at a speed and consistency a person cannot match.”

Looking ahead, Zalos plans to expand beyond the major midmarket ERPs where it already has customers and into enterprise ERPs and on-premise systems. By building a wide-reaching context graph across the finance stack, the company aims to help CFOs deploy a swarm of agents and drive a step-change in their finance team’s impact.

* Notable angels included: Mike Lenz (CFO Fedex), Ian Sutherland (CFO Tide), Long Dinh (CFO Ada), Nancy Casey (Global Vice President, Oracle, SAP), Paul Forster (Founder, Indeed), Henri Stern (Founder, Privacy), Ed Woodford (Founder, zerohash), James Beshara (Founder, Tilt Payments), Long Lu (Founder, Misa Accounting), Catherine Dahl (Founder, Beanworks Accounts Payable), Pablo Palafox (Founder, Happy Robot), Hasan Sukkar (Founder, 11x), Chris Smoak (Founder, Atrium), Ooshma Garg (Gobble), Minh Pham (Head of Browser Infra, Perplexity), Jon Langbert (Founder, Alight), Mandeep Singh (Founder, Trouva), Thai Duong (Founder, Calif), Ash Rush (Founder, Sterling Road), Jake Klamka (Founder Insight Data Science), Jonathan Meeks (Board, TA Associates).

Leave a comment »

EnGenius Brings AI-Powered Analytics and Sophisticated Cloud Management to Existing ONVIF Cameras

Posted in Commentary with tags on March 24, 2026 by itnerd

EnGenius Technologies Inc., a global leader in advanced connectivity and cloud-managed networking solutions, is pleased to announce the expansion of its AI-powered Network Video System (NVS) lineup with two tower-based SKUs designed to bring intelligent analytics, centralized cloud management, and enterprise reliability to existing ONVIF & RTSP camera deployments. This transformative solution brings AI intelligence to existing camera systems without the need for a full hardware replacement, significantly reducing upgrade costs, minimizing the risk of evidence loss, and accelerating investigations. The company also announced that its EnGenius EVS1004D has been honored with a Best of Show award at Integrated Systems Europe 2026, where industry judges recognized the platform’s innovation in AI-driven video surveillance and seamless cloud management designed to simplify enterprise security deployments.

The new lineup includes:

  • EVS1004D — Cloud Managed AI 4-Bay Network Video System Tower
  • EVS1002D — Cloud Managed AI 2-Bay Network Video System Tower

Both systems enable organizations to upgrade existing ONVIF-compatible cameras with advanced AI capabilities—without costly camera replacements— capable of supporting up to 16 non-AI channels, or a maximum of 4 channels when 2 AI-enabled cameras are included, for intelligent, real-time video analysis.

Recognizing the stringent legal and regulatory compliance requirements faced by multi-site SMBs and enterprise organizations across the retail, hospitality, healthcare, education, and finance sectors, the EnGenius NVS Series delivers reliable, 24/7 video availability and playback. By combining edge-based storage with unified cloud management, the EVS Series provides a secure, scalable, and resilient surveillance ecosystem designed to meet the operational and compliance demands of modern, distributed environments.

Intelligent AI Upgrade for Existing Cameras

EnGenius Cloud Managed AI NVS platforms enhance third-party ONVIF or RTSP cameras with powerful edge and cloud-based intelligence. Supporting FHD to 4K resolutions, both tower models deliver 24/7 continuous recording, intelligent metadata-driven analytics, and centralized cloud management across single or multi-site deployments.

AI processing is performed locally while leveraging EnGenius Cloud AI for advanced search, alerts, and insights. Natural language search powered by multimodal AI/LLMs allows operators to locate critical video evidence using simple descriptions—dramatically reducing investigation time.

Two Tower Options for Flexible Deployments

Designed to fit a wide range of surveillance needs, both SKUs share a desktop tower housing optimized for professional environments:

  • EVS1004D (4-Bay Tower)

Provides enterprise-grade RAID-protected storage (RAID 1/5/6) for high availability and long-term video retention, ideal for larger or compliance-driven deployments.

  • EVS1002D (2-Bay Tower)

A compact, cost-efficient solution delivering centralized AI-enabled recording and analytics, with RAID 1–protected storage for added data reliability, for small to mid-size installations.

Both models feature:

  • Maximum video backup capacity: up to 30 channels with EnGenius AI cameras; 16 channels with third-party, non-AI-enabled cameras; or up to 4 channels when two AI-enabled cameras are used for intelligent, real-time video analysis.
  • 1× 10-Gigabit Ethernet + 1× Gigabit Ethernet ports
  • USB 3.0 ×4 and USB 2.0 ×1 connectivity
  • SA2.5″ or 3.5″ SATA 3 drives; includes 1× HDMI port and 1× Kensington lock slot.
  • ONVIF Profile S and RTSP compatibility
  • Cloud-managed access anytime, anywhere

Secure, Bandwidth-Efficient, and Future-Ready

Security is built into every layer of the EnGenius AI NVS architecture. By transmitting AI metadata instead of continuous video streams, both systems significantly reduce WAN bandwidth usage—making them ideal for scalable, multi-location environments.

Flexible Video Backup Mechanism

Designed for multi-site enterprise environments, the EVS Series enables seamless video backup across distributed networks within the same organization to EnGenius NVS units. Featuring customizable retention policies, administrators can define recording duration or storage limits to align with legal, regulatory, and operational requirements.

Unified Cloud Management in a Single Ecosystem

Eliminating system silos, the EVS Series seamlessly integrates with all cameras within the EnGenius Cloud platform, enabling IT teams to centrally manage storage, video access, and device health from a single interface. This cloud-native architecture delivers streamlined monitoring and actionable insights—without the complexity of on-premises server deployments.

Designed for Every Industry

The EnGenius Cloud Managed AI NVS solutions are purpose-built for education, retail, hospitality, student housing, senior living, corporate offices, and warehousing, delivering actionable intelligence such as people and vehicle detection, tracking, counting, and real-time Cloud-AI alerts for incidents including bullying, fights, accidents, or restricted-area access.

Availability

The EnGenius Cloud Managed AI Network Video System Tower lineup—including the EVS1004D (4-bay) and EVS1002D (2-bay) models, will be available through EnGenius authorized resellers and distribution partners beginning in March 2026. For additional product specifications and purchasing information, visit: EnGenius AI NVS

Leave a comment »

Minimus to Launch Open Source Program, Bringing Hardened Images to Critical Infrastructure Projects 

Posted in Commentary with tags on March 24, 2026 by itnerd

Minimus today announced the Minimus Open Source Program, an initiative to help open source maintainers strengthen the security and integrity of their software supply chains. Eligible projects will receive access to Minimus secure container images, Software Bill of Materials (SBOM) generation and analysis, and threat intelligence tooling at no cost.

Open source software underpins a vast share of the world’s critical digital infrastructure, yet most maintainers lack access to the security tooling enterprises take for granted. This program aims to close that gap, putting modern supply chain security directly in the hands of the communities that need it most.

Projects accepted into the program can integrate Minimus images into their build pipelines, immediately reducing attack surface for their users. Maintainers will also gain visibility into dependencies and potential vulnerabilities through Minimus’s threat intelligence dashboard.

The Open Source Program builds on a period of rapid growth for Minimus. Since launching publicly at RSAC in April 2025, the company has grown revenue by 285%, expanded its Image Gallery to over 1,200 hardened container images, and shipped major new capabilities, including Image Creator, which enables enterprises to build and manage their own hardened images on the Minimus platform. Minimus images are now supported by major cloud security platforms, including Aqua Security, AWS, Google Cloud, Orca Security, Snyk, and Wiz.

The program is open to open source projects using an OSI-approved license that meet minimum project health criteria. Accepted projects receive:

  • Access to hardened, compliant images from the Minimus Image Gallery
  • Custom image creation, Helm charts, and automatically generated SBOMs
  • Real-time exploit intelligence to prioritize CVE remediation and patch efforts
  • Image updates in accordance with Minimus’ commercial SLAs

Applications open March 24, 2026. Open source maintainers can learn more and apply at minimus.io/open-source

Leave a comment »

DH2i Launches DxEnterprise v26.0 and DxOperator v2

Posted in Commentary with tags on March 24, 2026 by itnerd

DH2i, a leading provider of always-secure and always-on IT solutions, today announced the general availability (GA) launch of DxEnterprise v26.0 and DxOperator v2, featuring significant high availability (HA), disaster recovery (DR), and operational resilience capabilities enhancements for SQL Server deployments across Windows, Linux, and Kubernetes environments. Together, the releases introduce meaningful advances in availability group (AG) protection, security controls, observability, and automation for both traditional and containerized SQL Server deployments.

In today’s enterprises, a perfect storm has emerged where applications have become direct revenue channels, infrastructure complexity has increased while IT staffing has not, modernization initiatives are no longer optional, security and compliance requirements are tightening, and software update velocity has accelerated. Together, these forces expose the limits of traditional HA approaches. What once worked for small, static clusters no longer scales when SQL Server deployments span hybrid, multi-platform, and containerized environments that demand continuous availability, stronger safeguards, and higher levels of automation. DxEnterprise v26.0 and DxOperator v2 address these challenges head-on.

DxEnterprise v26.0 focuses on improving cluster resilience, visibility, and administrative confidence through enhanced monitoring, stronger safeguards against split-brain scenarios, expanded credential support, and platform modernization. DxOperator v2 extends those capabilities into Kubernetes environments, giving users greater control over scale, updates, and network configuration for SQL Server AGs running in containers.

What’s New in DxEnterprise v26.0 

Deeper SQL Server and Availability Group Intelligence

  • Database-level health monitoring is now enabled by default, allowing faster detection of issues affecting individual databases within an AG
  • Split-brain scenarios are prevented via automatic per-availability-group quorum enforcement by demoting or shutting down replicas when quorum requirements are not met
  • Improved replica connectivity alerts provide real-time notification when replicas disconnect or when SQL Server replica configurations diverge from expected cluster state

Improved Security and Credential Resilience

  • Support for secondary SQL Server backup credentials enables automatic fallback if primary authentication fails, reducing downtime caused by credential changes or expirations
  • Administrative sessions are automatically disconnected when the cluster passkey changes, ensuring only authorized users with current credentials retain access
  • The DxAdmin user interface now includes clearer prompts, stronger validation, and improved feedback for passkey configuration

Greater Stability and Observability

  • Core monitoring services, including DxLMonitor, DxCMonitor, DxStorMonitor, and DxHealthMonitor, have received reliability and stability improvements to reduce unexpected restarts and improve overall cluster resilience
  • Basic anonymous telemetry is now available to help improve product quality and diagnostics, with opt-out configuration for customers who prefer not to participate

Platform and Usability Enhancements

  • DxEnterprise’s Linux version now runs on the .NET 8.0 runtime, delivering improved performance, security, and long-term support alignment
  • Virtual hosts can now be renamed using a new rename-vhost command, simplifying cluster management and reorganization
  • Additional safeguards prevent accidental overwriting of existing data stores during SQL Server high availability virtualization
  • Enhancements to DxCLI and DxPS improve command-line usability, including human-readable XML output and new PowerShell cmdlets
  • The DxCollect utility now includes expanded command-line options for more targeted diagnostics and log collection.

What’s New in DxOperator v2 

Flexible Scaling Up and Down

  • Availability group clusters can now be expanded or reduced dynamically
  • Unlike the previous version, DxOperator v2 can safely de-configure and remove replicas from a running cluster, enabling true scale-down operations

Automated Rolling Updates

  • Administrators can automate rolling updates of SQL Server or DxEnterprise container images, allowing pods to be updated one at a time without manual intervention
  • Updates can also be performed manually when desired, giving operators full control over rollout strategy
  • DxOperator does not automatically check for new container versions, ensuring that administrators remain in control of when and how updates are applied

Advanced Network and Service Configuration

  • Flexible service templates allow load balancers and other network services to be fully specified and automatically deployed per availability group replica
  • This enables more consistent connectivity across different Kubernetes environments and cloud providers

Redesigned Custom Resource and StatefulSet Adoption

  • The custom resource definition has been redesigned for greater flexibility and now leverages Kubernetes StatefulSets
  • By delegating pod creation, storage allocation, and rolling upgrades to Kubernetes, DxOperator v2 simplifies internal logic while benefiting from native Kubernetes reliability and lifecycle management

DH2i’s DxEnterprise v26.0 and DxOperator v2 are now generally available (GA) – to learn more, please visit: https://dh2i.com/dxenterprise-high-availability/ and https://dh2i.com/dxoperator-sql-server-operator-for-kubernetes/ respectively. 

To dive even deeper, please join DH2i’s upcoming webinar: “High Availability, Simplified: What’s New in DxEnterprise v26 & DxOperator v2”, on April 16 at 12:00 pm EDT. Save your seat by registering here: https://dh2i.com/webinar-simplified-high-availability-solution/

The Infographic can be found here: https://dh2i.com/blog/v26-simplified-sql-server-high-availability/

Leave a comment »

Detectify launches IP Range Scanning to uncover hidden infrastructure before attackers do 

Posted in Commentary on March 24, 2026 by itnerd

Detectify today announced the launch of IP Range Scanning, a new capability designed to help organizations continuously discover and monitor entire blocks of IP addresses. The technology automates the identification of exposed infrastructure, helping security teams find forgotten assets and hidden risks before attackers exploit them.

Organizations across all sectors are sitting on forgotten IP addresses that have become primary entry points for modern cyberattacks. While millions have been spent securing public-facing websites, legacy tools often struggle with noise and stale data, leaving modern organizations with a massive, unmonitored blind spot. Recent research from Detectify highlights this gap, with SSH found on non-standard ports nearly as often as on port 22 (49.3% vs. 50.7%), indicating that organizations focused only on standard ports risk missing a substantial portion of exposed services.

This digital basement can be filled with orphaned servers, legacy hardware, and unauthorized shadow IT. To a security team, these assets are invisible. To a hacker, they are an unlocked window. Identifying assets across large IP blocks often results in fragmented data or noisy snapshots that fail to integrate with modern AppSec workflows. High-risk services like Redis and MongoDB are frequently exposed on raw IP addresses without associated domains, making them invisible to traditional tools.

Detectify’s IP Range Scanning prioritizes high-fidelity discovery across large network segments, giving security teams accurate, actionable visibility into previously overlooked assets and reducing blind spots at scale. With this release, customers can benefit from: Onboarding entire CIDR blocks in seconds: Gain continuous visibility into the infrastructure behind their networks, from legacy systems to rapidly expanding environments. Identifying hidden services: Uncover everything from remote desktops and databases to web applications, powered by Protocol Discovery that goes beyond simple port detection. Bridging the gap to testing: When a web application is detected, Detectify automatically transitions to deep security testing, evaluating it against more than 922 quintillion payload-based permutations to uncover any potential for exploitation.

For organizations operating their own networks, such as government agencies and other large enterprises, IP ranges are often among the least understood areas of the attack surface. The ability to scan entire IP blocks in the same way as domains provides a clearer, more comprehensive view of what is actually exposed. Continuous discovery of services and applications across these ranges helps security teams identify forgotten or unmanaged assets early, improving visibility and reducing the risk of overlooked weaknesses being exploited.

Leave a comment »

FBI Warns Of Iran-Linked Threat Actors Using Telegram For Attacks

Posted in Commentary with tags , on March 23, 2026 by itnerd

The FBI has warned of Iran-linked Handala hackers using Telegram in malware attacks:

The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate information on malicious cyber activity conducted by actors on behalf of the Government of Iran Ministry of Intelligence and Security (MOIS). Specifically, MOIS cyber actors are responsible for using Telegram as a command-and-control (C2) infrastructure to push malware targeting Iranian dissidents, journalists opposed to Iran, and other opposition groups around the world. This malware resulted in intelligence collection, data leaks, and reputational harm against the targeted parties. The FBI is releasing this information to maximize awareness of malicious Iranian cyber activity and provide mitigation strategies to reduce the risk of compromise.

Due to the elevated geopolitical climate of the Middle East and current conflict, the FBI is highlighting this MOIS cyber activity. The FBI assessed MOIS cyber actors are responsible for using Telegram as a C2 infrastructure to push malware targeting Iranian dissidents, journalists opposed to Iran, and other oppositional groups around the world. This FLASH warns network defenders and the public of continued malicious cyber activity by Iran MOIS cyber actors and outlines the tactics, techniques, and procedures (TTPs) used in this malware campaign.

Commenting on this news is Ensar Seker, CISO at SOCRadar

“The use of Telegram as command-and-control infrastructure is not surprising, it reflects a broader shift where threat actors deliberately blend malicious traffic into trusted, encrypted platforms. By leveraging a widely used application like Telegram, groups such as Handala significantly reduce the likelihood of detection, because security controls are often tuned to allow this traffic by default.

What makes this particularly concerning is the targeting profile. These operations are not opportunistic; they are highly intentional, focusing on journalists, dissidents, and opposition voices. This aligns with state-sponsored objectives, where cyber operations are used as an extension of intelligence gathering and influence campaigns rather than purely financial gain.

From a defensive standpoint, this highlights a critical gap: many organizations still rely too heavily on traditional indicators like IP blocking or domain reputation. When attackers operate inside legitimate platforms, defenders must shift toward behavioral detection, monitoring anomalies in application usage, data flows, and endpoint activity rather than trusting the platform itself.

The bigger implication is that encrypted messaging platforms are becoming dual-use infrastructure for both communication and covert operations. Security teams need to reassess their trust assumptions and implement visibility controls around sanctioned apps, including logging, anomaly detection, and strict access policies.

Ultimately, this is not about Telegram specifically, it’s about the normalization of “living off trusted services.” Organizations that fail to adapt to this model will continue to miss early-stage intrusions, especially those tied to advanced persistent threat actors with geopolitical motivations.”

This highlights the fact that warfare is different now because the battlefield has expanded to the cyber world. Thus you need to keep that in mind in order to keep your organization safe from this new generation of threats.

Leave a comment »

« Older Entries