Archive for January 28, 2025

« Older Entries

Threat Actors Mimic Amazon Prime Membership to Steal Credit Card Data 

Posted in Commentary with tags on January 28, 2025 by itnerd

Researchers have uncovered a new hacking campaign using PDF documents announcing an expired Amazon Prime membership with links to phishing pages that impersonate Amazon and request credit card data:

Javvad Malik, lead security awareness advocate at KnowBe4, commented:

“The initial attack vector, where users are beguiled into opening an email attachment containing a PDF file, is a stark reminder of the importance of remaining vigilant of emails. Emails still remain the most popular attack avenue for phishing, so it’s important that people have the right education and tools at their disposal to be able to effectively identify and report any suspicious activity. 

“Amazon’s proactive steps, including the takedown of numerous phishing websites and the implementation of advanced email verification technology, are commendable. However, the incident is a reminder that takedowns are like a game of whack-a-mole and more malicious sites will continue to crop up. So it’s important that users remain ever vigilant and informed about the potential threats we face online.”

This serves as a reminder that you need to treat anything and everything that hits your inbox with suspicion. On top of that, you should never click on links from any random email because bad things may happen to you.

Leave a comment »

KnowBe4’s Top 10 Tips to Take Charge of Your Data on Data Privacy Day

Posted in Commentary with tags on January 28, 2025 by itnerd

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, celebrates Data Privacy Day with practical and impactful recommendations to help individuals and organizations take charge of their data security.

In an age where data is constantly collected, shared, and monetized, Data Privacy Day serves as an annual reminder about the importance of protecting and facilitating online privacy. Data Privacy Day began in the United States in January 2008 as an extension of the Data Protection Day celebration in Europe and is officially led by NCSA in North America. The National Cybersecurity Alliance has expanded it into Data Privacy Week, with the 2025 theme ‘Take Control of Your Data’, which encourages individuals to reclaim their digital autonomy through simple, actionable steps to make informed privacy choices. For organizations, the message emphasizes the need to respect and prioritize users’ data privacy.

Data privacy is more critical than ever, especially when social media platforms, AI chatbots and connected devices have increased publicly available digital footprints. This creates opportunities for the misuse of personal information and data traces which can lead to incidents of identity theft, financial fraud, and even psychological harm.

Recognizing the shared responsibility of safeguarding data, DePaula shares the 10 top tips for individuals and organizations to help take control of their data in 2025:

Tips for Individuals

  1. Vet your apps and tools: Before using new apps, check their data usage policies, control options, and origin to ensure they are trustworthy.
  2. Optimize IoT device privacy: Adjust settings in your IoT device apps to enhance privacy, such as disabling voice recordings, limiting data storage, or controlling ad preferences.
  3. Educate your family: Discuss online safety with family members, especially children, covering topics like avoiding sharing personal information, recognizing suspicious links, and managing location sharing.
  4. Set up a reputable password manager: Use it for critical accounts and generate strong, unique passwords.
  5. Enable multi-factor authentication (MFA): Activate MFA, preferably with a FIDO token, for critical accounts as an added layer of protection.

Tips for Organizations

  1. Minimize data collection: Only collect and store data that is essential for business operations. Eliminate unnecessary personal or payment information.
  2. Communicate transparency in privacy policies: Clearly explain what data is collected, how it is used, and with whom it is shared.
  3. Train employees: Educate all employees on data protection regulations, while training them to recognize the latest social engineering attacks and other security risks.
  4. Encrypt personal data: Protect personal data—at rest and in transit—from unauthorized access or exposure.
  5. Vet vendors and partners: As a ‘responsible party’, your organization is responsible and accountable for protecting the data of its subject – even if the processing is outsourced to third parties. Ensure that any external parties handling your organization’s data maintain a high standard of privacy and protection.

For more insights and best practices on data privacy, visit www.knowbe4.com.

Leave a comment »

Cyware Launches Industry’s First Pre-Configured Threat Intelligence Platform with Team Cymru

Posted in Commentary with tags on January 28, 2025 by itnerd

Cyware, the leading provider of threat intelligence management, low-code/no-code security automation, and cyber fusion solutions, today announced an important collaboration with Team Cymru to pre-configure Team Cymru’s industry-leading threat feeds into Cyware’s Threat Intelligence Platform (TIP). This packaged solution delivers real-time visibility into botnets, malware, command and control (C2) infrastructure, and external malicious activity, empowering organizations to detect and respond faster to even the most sophisticated adversaries.

By incorporating Team Cymru’s threat feeds—including the Botnet Analysis and Reporting Service (BARS) feed and the Controller (C2) Feed—into Cyware’s advanced TIP, organizations gain access to more accurate and up-to-date intelligence. This enhanced intelligence is designed to allow security teams to identify, analyze, and mitigate malware and botnets with precision and speed to help fortify their defenses against cyberattacks.

With this solution, customers benefit from approximately 10,000 unique IPs daily and the processing of approximately 6-7 million unique events, providing detailed threat indicators and attributes that are often missing in traditional threat feeds. When combined with Cyware’s operationalized threat intelligence capabilities, it is designed to enable security teams to:

  • Stop malware and DDoS attacks before they impact networks and infrastructure
  • Harden network defenses by integrating threat indicators with firewalls, intrusion prevention systems (IPS), and intrusion detection systems (IDS)
  • Automate threat hunting for DNS-based attacks and monitor malicious communications
  • Gain geolocation, victimology information, and detailed campaign histories to contextualize threats

The combined solution also offers unique and critical insights into malware families, unique control protocols, and encryption mechanisms, allowing organizations to prioritize and block malicious activity more effectively. With these capabilities, Cyware and Team Cymru are redefining what it means to stay ahead of cyber threats as global adversaries gear up for disruption.

For more information on Cyware and Team Cymru’s integration, visit https://www.cyware.com/partners/technology-alliances/team-cymru.

Leave a comment »

Deepseek Is Apparently Under Attack

Posted in Commentary with tags on January 28, 2025 by itnerd

Chinese AI startup Deepseek says it is temporarily limiting registrations due to large-scale malicious attacks on its services. Here’s a look at their status page which can be found at https://status.deepseek.com/:

Erich Kron, security awareness advocate at KnowBe4, commented:

“One of the key tenets of cybersecurity is availability. Combined with confidentiality and integrity of data, these make up what is known as the CIA triad. Although most people think of confidentiality and battling data breaches when it comes to cybersecurity, the lack of availability can be just as crippling to an organization if they are not able to provide the services they promise to their customers. With the popularity of DeepSeek growing, it’s not a big surprise that they are being targeted by malicious web traffic. These sorts of attacks could be a way to extort an organization by promising to stop attacks and restore availability for a fee, it could be rival organizations seeking to negatively impact the competition, or it could even be people who have invested in a competing organization and want to protect their investment by taking out the competition.

“The cybersecurity world has become global, with attacks originating from any continent on the planet and targeting any organization with a web presence. Unfortunately many counter moves, such as pausing new user registration to allow computing resources to be freed up for other services, can bring back the use of the platform for some, but also makes for a bad experience for potentially new subscribers and can be very damaging to the organization. In a time where internet outages can impact organizations to the tune of millions of dollars lost per hour, or more, the threat of attacks such as this is very real and should be carefully considered and planned for.”

I find it interesting that Deepseek is under attack given how much “noise” that they’ve made in the last few days. Ignoring the fact that no citizen of a western country should sign up for this service, it will be interesting to see if an how they recover, and how they defend against attacks like this in the future.

1 Comment »

EnGenius Technologies Unveils EnGenius Cloud Advisory Board to Streamline Advanced Feature Discovery and Best Practices

Posted in Commentary with tags on January 28, 2025 by itnerd

EnGenius Technologies, a leading provider of cutting-edge networking solutions, is proud to announce the launch of EnGenius Cloud Advisory Board, an innovative new feature within the EnGenius Cloud platform. Designed to empower Managed Service Providers (MSPs), system integrators, network engineers, and IT professionals, EnGenius Cloud Advisory Board is an innovated tool that simplifies the discovery of advanced features tailored to various industry verticals. With its focused recommendations and best practice guidelines, this addition redefines how users optimize network performance across sectors such as chain stores, business offices, hotels and resorts, student housing, senior living, and multi-family units.

Streamlining Feature Discovery

Navigating the diverse ecosystem of cloud networking features can be a demanding task for IT professionals striving to deliver scalable, secure, and efficient solutions. Recognizing this, EnGenius has developed the Cloud Advisory Board to function as a dedicated resource that eliminates the guesswork in locating features best suited for specific industries. The tool intelligently filters through EnGenius Cloud’s rich set of functionalities, directing users to solutions that optimize network operations in their unique environments.

Transforming Industry Verticals

The EnGenius Cloud Advisory Board offers tailored recommendations for a wide array of industries, ensuring network solutions are optimized for their distinct operational requirements. Key benefits include:

  • Efficient Decision-Making: Quick access to reliable, organized information allows for faster and more informed decisions, reducing time spent on research or consultations.
  • Enhanced Accuracy: By compiling data from credible sources and offering real-time updates, the database ensures that decisions are based on the most accurate and current information available.
  • Cost-Effective: An advisory database reduces the need for external consultancy services, saving businesses money while still providing expert insights and advice.

By aligning advanced features with industry’s best practices, EnGenius Cloud Advisory Board positions users to achieve superior operational efficiency, customer satisfaction, and competitive edge.

Empowering Professionals with Best Practices

In addition to pinpointing advanced features, Cloud Advisory Board provides users with actionable insights and best practice guidelines for deploying EnGenius Cloud solutions in their respective industries. These expert recommendations cover critical areas, including network design, security, scalability, and performance optimization. As a result, IT professionals can confidently deploy tailored networking solutions that meet the highest standards of reliability and effectiveness.

Enhanced Value for MSPs, System Integrators, and IT Teams

EnGenius Cloud Advisory Board is particularly valuable for MSPs, system integrators, and IT teams who manage networks across diverse environments. By reducing the time spent on trial and error and simplifying the deployment of advanced features, the tool ensures these professionals can:

  • Deliver superior results to clients more efficiently.
  • Address industry-specific networking challenges with precision.
  • Keep pace with technological advancements in cloud networking.

Leave a comment »

Guest Post: Only 6% of S&P 500 companies scored an A for their cybersecurity

Posted in Commentary with tags on January 28, 2025 by itnerd

ccording to the latest Cybernews Business Digital Index analysis, only 6% of S&P 500 companies achieved an A rating, while 89% of analyzed companies scored a D (almost 49%) and F (40%) for their cybersecurity efforts. 

The new analysis results reflect weak cybersecurity postures and show that most organizations haven’t raised their security standards. 

Detailed data collected from multiple sources, including IOT search engines, IP and Domain name reputation databases, and custom scanners, shows the digital security posture of S&P 500 companies.

Manufacturing and real estate industries are the most vulnerable

According to the Business Digital Index, which grades businesses based on their online security measures, the Manufacturing, Real Estate and Development industries have the weakest digital security. 

The biggest S&P 500 category is Manufacturing, with 138 companies on the list. 40% of the scored companies received a D rating, and 53% received an F rating. Only 3% of analyzed organizations earned an A rating for security measures. 

The second-biggest category on the list is Finance and Insurance. According to the analysis, 94% of companies analyzed received a security rating of D or worse, with 22% falling into the F category. 

A very similar situation exists with companies in the Healthcare and Pharmaceuticals category. Almost 10% of the companies analyzed in this category achieved an A grade. 52% of the healthcare sector scored D and 38% F. 

40% of Real Estate and Development category companies received D and 48% F scores. Most (48%) of Retail and Wholesale category companies were rated D, and 38.5% got an F

The report also shows that almost 86% of companies in the Energy and Natural Resources category analyzed scored a D or worse for their cybersecurity efforts.

The Technology and IT industry has the largest share of A-level security companies (almost 13%). However, 42% of analyzed Technology and IT category companies worldwide scored D, and 39% got a barely passing grade of F. 

Data breaches are one of the top issues 

Researchers found that the top three issues across industries are data breaches, secure sockets layer (SSL) configuration, and system hosting issues.

Even 96% of all analyzed companies had data breaches. This is an alarming systemic issue, with Real Estate and Development, Finance and Insurance, and Manufacturing leading the way in these incidents.

Nearly every S&P 500 company (almost 98%) suffers from poor SSL practices, reflecting weak encryption standards. 

Furthermore, 88.5% of companies have system hosting issues, and this problem is particularly prevalent in the Healthcare and Pharmaceuticals (97.6%) sector. 

The Manufacturing industry consistently ranks among the highest in vulnerabilities across all categories, particularly in software patching total vulnerabilities (63%), data breaches (97.8%), and SSL configuration issues (100%).

Meanwhile, the least affected industry is Real Estate and Development. This industry has lower incidence rates across categories, such as software patching critical vulnerabilities (16%) and web application security issues (48%).

Research Methodology

The Cybernews research team analyzed 485 companies on the S&P 500 list. Fifteen companies could not be analyzed to evaluate an organization’s cybersecurity posture. 

The report evaluates risk across seven key areas: software patching, web application security, email security, system reputation, SSL Configuration, system hosting, and data breach history. The report’s Methodology is here.

Leave a comment »

Atomicwork Secures $25M in Series A Funding

Posted in Commentary with tags on January 28, 2025 by itnerd

Atomicwork, a leading innovator in agentic service management solutions for Enterprise IT, today announced that it has raised $25 million in their Series A funding round. The round was led by Khosla Ventures and Z47, with participation from Battery VenturesBlume Ventures, and Peak XV Partners. This new infusion of capital accelerates Atomicwork’s mission to transform IT service management (ITSM) with its innovative AI-native platform that modernizes how businesses operate and drive growth.

A New Era for Enterprise IT Service Management

Today’s enterprises face a pivotal moment. As operations expand globally and digital systems multiply, traditional ITSM tools are reaching their limits. These legacy solutions – built for an earlier era of process management – can’t keep pace with modern business demands. 

CEOs and CIOs recognize the need for transformative change. The challenge isn’t just about managing IT anymore – it’s about empowering organizations to thrive in an increasingly dynamic digital landscape. 

Atomicwork’s agentic service management platform combines an enterprise knowledge graph with agentic AI to offload work from IT teams, allowing them to focus on driving business impact rather than managing everyday processes. By radically simplifying enterprise workflows, managing incidents in real-time, and enabling self-healing, Atomicwork is helping businesses stay ahead in today’s fast-moving digital business environment. 

Global businesses like Zuora and Pepper Money use Atomicwork to empower their teams with seamless service, intelligent automation, and actionable insights, driving productivity and transforming their digital workplace experience. 

Backing by Industry Leaders

The funding round comes on the heels of strong product adoption and backing from 40+ global CIOs, CTOs and industry veterans. 

Future growth and expansion

These Series A funds will be used to further scale and deploy Enterprise AI agents and invest in GTM expansion. The company plans to enhance its platform support for key enterprise integrations and ensure seamless scalability. 

Leave a comment »

Hammerspace Achieves 10x Revenue Growth in 2024 Fueled by AI Storage and Hybrid Cloud Computing Demand

Posted in Commentary with tags on January 28, 2025 by itnerd

Hammerspace, the company orchestrating the next data cycle, today announced that it has achieved record-breaking 2024 results and business momentum with 10X revenue growth and a 32% increase in the number of customers for the full-year ended December 31, 2024. Hammerspace also posted strong customer retention and account expansion metrics while growing its leadership position in new geographies. The demands for high-performance data storage, global data access and the paradigm of an orchestrated data world are driving rapid adoption. 

Two seismic shifts are fueling unprecedented growth at Hammerspace and across the industry: the rising need for cost- and power-efficient infrastructure to support GPU computing at scale and the rapid adoption of hybrid cloud and multi-data center architectures.

With AI, Enterprise HPC and other data-intensive workloads increasing worldwide, Hammerspace unveiled its Tier 0 capabilities and MLPerf®1.0 benchmark results in November 2024. Tier 0, a new tier of ultra-fast shared storage that uses the local NVMe storage in GPU servers as shared storage, is gaining traction quickly. Designed to eliminate storage bottlenecks and maximize GPU performance, Tier 0 transforms GPU computing infrastructure by improving resource utilization and power efficiency while reducing AI storage costs.  
 

Exceptional Customer Retention and Growth Efficiency

Hammerspace posted notable customer satisfaction, retention and growth efficiency metrics, with Gross Revenue Retention (GRR) > 95%, reflecting strong customer satisfaction and retention strength, and Net Revenue Retention (NRR) > 330%, highlighting growth efficiency and the company’s ability to grow organically within its customer base. The outstanding GRR and NRR metrics are a testament to the demand for users to consolidate workloads and data into a single data platform, as well as the strength of the Hammerspace platform’s capabilities.

The company also expanded its workforce by 75% in 2024, with the most significant growth concentrated in its go-to-market and customer support teams.

2024 was a breakout year in market and use case expansion. Hammerspace customers now span markets ranging from hyperscalers and supercomputing to government, enterprise, and media and entertainment. A few notable new accounts in 2024 included Meta for Llama large language model training, the National Science Foundation (NSF) and Department of Defense (DoD) for aggregating and analyzing research data, and Mathematic Studio for visual effects design in multiple global sites while completing production in France.
 

Meta’s engineering team said in its ‘Building Meta’s GenAI Infrastructure’ blog, “We have also partnered with Hammerspace to co-develop and land a parallel network file system (NFS) deployment to meet the developer experience requirements for this AI cluster. Among other benefits, Hammerspace enables engineers to perform interactive debugging for jobs using thousands of GPUs as code changes are immediately accessible to all nodes within the environment. When paired together, the combination of our Tectonic distributed storage solution and Hammerspace enable fast iteration velocity without compromising on scale.”

Industry Recognition

Hammerspace’s robust growth, leading technology innovation and market success have gained significant customer and industry-wide recognition, making it the most highly awarded unstructured data platform in 2024. Among its notable achievements in 2024 and recent accolades, the company’s awards and recognitions include:
 

Global and Management Team Expansion
Hammerspace has jump-started 2025 by expanding its global footprint and hiring Jeff Giannetti as Chief Revenue Officer to spearhead international growth. In January 2025, Hammerspace launched operations in Asia, establishing resources in China, South Korea, Japan, Singapore and India. Hammerspace is currently scheduling meetings at the at the upcoming Supercomputing Japan in Tokyo on February 3-4, 2025.

Leave a comment »

Leaseweb Boosts AI-focused Infrastructure Portfolio with Launch of New NVIDIA GPU Solutions

Posted in Commentary with tags on January 28, 2025 by itnerd

Leaseweb Global, a leading cloud services and Infrastructure as a Service (IaaS) provider, today announced a significant expansion of its processing solutions with the addition of NVIDIA L4, L40S and H100 NVL GPUs to its infrastructure portfolio. By offering powerful new NVIDIA GPUs at scale, Leaseweb is meeting the compute needs of a wide variety of sectors – including the Artificial Intelligence (AI), Media & Entertainment and Gaming industries – at a price point that enables significant cost savings when compared to the wider marketplace.  

Available across Leaseweb’s entire global network, spanning the European, North American and Asia Pacific regions, the expanded GPU offering supports customers with a scalable, efficient deployment framework optimized for high-performance computing (HPC), ranging from AI model training and video analytics to graphics processing and video rendering functionality. Leaseweb’s new NVIDIA GPU solution aims to help customers improve their operations, reduce costs, and enhance computational speed for demanding workloads. The announcement also underlines Leaseweb’s commitment to meeting the demand for powerful infrastructure solutions with industry benchmark performance chips that can be deployed within hours to ensure high availability service provision.

This marks the next step in Leaseweb’s journey to providing a complete AI offering for its customers, which will include integration into Leaseweb’s public cloud and broader set of infrastructure solutions. By providing a comprehensive, scalable solution for a wide variety of workloads, Leaseweb is reinforcing its position as a trusted partner for organizations focused on balancing price with performance and availability. With further plans to integrate this offering into its broader solutions suite, the company is strongly positioned to become a leading provider of GPU infrastructure, supporting customers as they invest in these transformational technologies.

For further information, please visit: https://www.leaseweb.com/en/products-services/dedicated-servers/gpu-server

Leave a comment »

Trump Destroys America’s Cybersecurity Agenda

Posted in Commentary with tags on January 28, 2025 by itnerd

Over the past week, President Donald Trump repealed former President Joe Biden’s AI-focused executive order, issued in October 2023. The order had mandated that developers of advanced AI submit safety reports to the federal government. It also outlined plans for setting standards, revising procurement processes, and establishing the U.S. AI Safety Institute.

The new Trump administration also terminated all existing members of advisory committees that report to the Department of Homeland Security which includes members of CISA’s Cyber Safety Review Board (CSRB) in alignment with DHS’s “commitment to eliminating the ‘misuse of resources and ensuring that DHS activities prioritize our national security.”

The CSRB’s purpose has been to examine and assess cyber incidents and construct recommendations for improved security within private and public sectors, providing advise to the Secretary of Homeland Security and the President. At the time of dismissal, the board was apparently deep in the investigation of the Salt Typhoon hacking incident, the Chinese hacking campaign that penetrated telecommunications companies, spying on the calls and messages of US citizens.

Other advisory boards that have been dismantled include the Artificial Intelligence Safety and Security Board, Critical Infrastructure Partnership Advisory Council, National Security Telecommunications Advisory Committee, National Infrastructure Advisory Council, and the USSS Cyber Investigations Advisory Board.

Dismissed members are welcome to submit reapplications for their posts.

Willy Leichter, CMO, AppSOC

  “As the Trump administration continues to throw wrenches into anything the Biden administration championed, there will inevitably be negative repercussions. This will delay or eliminate any proactive role for the US government in guiding AI technology. While you can argue that the private sector should drive this, the government has a legitimate role in issues around privacy and security. Gutting expertise and funding from federal agencies will inevitably put critical infrastructure, cyber security, and individual privacy at risk.”

Trump is putting the nation at risk. And this will come back to haunt the US sooner rather than later. There’s simply no other way to say it. You might want to remember that in four years time.

Leave a comment »

« Older Entries