Archive for March 27, 2025

NIST Adds SandboxAQ’s HQC Algorithm to its List of Post-Quantum Cryptography Standards

Posted in Commentary with tags on March 27, 2025 by itnerd

 SandboxAQ has announced that the National Institute of Standards and Technology (NIST) has officially selected HQC (Hamming Quasi-Cyclic) as the fifth algorithm in its suite of post-quantum cryptographic (PQC) standards. Out of these five algorithms, three will be used for signatures. The other two, HQC and ML-KEM, will be the NIST-approved algorithms that will protect the confidentiality of communications across the Internet, cellular networks, payment systems, and more.

The selection of HQC marks SandboxAQ’s second major contribution to NIST’s post-quantum standardization effort, a key step in ensuring the protection of the world’s most critical data. This landmark decision represents a significant milestone in the global transition to a robust, quantum-safe encryption future and further solidifies SandboxAQ at the forefront of cryptographic innovation.

HQC is a key encapsulation mechanism designed to secure the exchange of encryption keys in a quantum-resistant manner. Unlike traditional public-key encryption systems such as the widely-used public key cryptosystem, RSA, and elliptic-curve cryptography (ECC), which quantum computers render obsolete, HQC is built on the well-established mathematical foundation of error-correcting codes, which is not vulnerable to quantum attacks. It provides strong security guarantees while balancing performance factors such as computational efficiency and key size, which are primary considerations for large-scale real-world deployments. In NIST’s final selection report, the HQC algorithm, co-invented by SandboxAQ team members, stood out as a robust and reliable candidate for wide-scale adoption across industries, following multiple rounds of global cryptanalysis and peer review.

Prior to HQC, the SandboxAQ team also played a significant role in the development of SPHINCS+, one of the initial algorithms already selected by NIST as part of its initial set of PQC standards in 2022. With HQC now formally accepted into the standardization process, SandboxAQ has contributed to two of the five critical PQC standards for key exchanges and signatures, demonstrating deep and sustained leadership in quantum-resistant cybersecurity and ushering in a safer digital world.

SandboxAQ has a unique position to improve cryptographic postures and ensure better compliance, fewer outages, and robust cybersecurity. It produces world-class cryptographic research, internationally recognized standards, and widely adopted cryptographic innovations. Leveraging this world-leading expertise, SandboxAQ also offers an industry-leading cryptography management product, uniquely positioning it within the global cryptographic landscape. Our flagship cryptographic offering, AQtive Guard, is trained on billions of cryptographic findings meticulously structured and enriched with supplemental data by our world-class cryptography team. By cross-referencing and augmenting our customers’ inventories, we empower efficient exploration and actionable insights. Leveraging our distinctive AI approach, seamless third-party integrations, and comprehensive 360-degree coverage sensors, AQtive Guard delivers unparalleled visibility and effectiveness for the protection of enterprises and governments.

Leave a comment »

Guest Post – How crypto scammers target the vulnerable: expert warns of romance scams

Posted in Commentary with tags on March 27, 2025 by itnerd

Provided by CoinLedger.io

The crypto market is rapidly growing in popularity, largely due to the emphasis Donald Trump placed on the industry during his presidential campaign.  

As more and more people begin to invest in cryptocurrency, scams are becoming more prevalent. It’s estimated that individuals lost $51.3 billion (£40.6 billion) after falling victim to crypto scams in 2024.  

Romance scams are becoming a point of particular concern, with the FBI estimating that there were over 40,000 victims of romance fraud in 2023.  

In order to clamp down on their increasing occurrence, experts at the cryptocurrency tax software site, Coin Ledger, have created a guide on some of the warning signs of romance scams and why it’s so important to be aware of them in the crypto sphere.  

What are crypto romance scams?  

Romance scams begin when the scammer creates a fake profile on social media to approach the intended victim. Scammers will typically approach victims on social media sites, such as Instagram and Facebook, dating sites, and LinkedIn.  

This will then be the beginning of a slow and calculated process in which the scammer maintains daily communication with the victim to win over their trust. In some cases, the talking stage of a romance scam can last several months or even years. This process has become known as ‘pig butchering,’ in which the scammer will win over the victim’s trust solely to steal their financial assets more easily.  

Scammers will often be complimentary and will express a desire to find out personal information about the victim. Once enough time has passed, the scammer will then start to bring up the topic of cryptocurrency, with many scammers claiming that their family has insider trading knowledge and have made thousands through crypto investments.  

The scammer will then encourage the victim to invest in a specific investment opportunity. Once the victim invests a considerable sum of digital assets into the illegitimate investment platform, the scammer will then shut the project down and will become untraceable, resulting in victims losing thousands.  

Romance scammers will typically target vulnerable people, which is why the majority of victims of these scams will be older and will often have little understanding surrounding the crypto market.  

The crypto market is becoming a go-to opportunity for romance scams, largely because scammers can transfer funds quickly, enabling them to disappear without the victim noticing. Unlike traditional currencies, crypto transactions are not monitored by any regulatory authorities, such as banks. This enables scammers to gain a sense of anonymity, with transactions being difficult to trace and recover.  

What are the signs that you’re falling for a crypto romance scam?  

Contacted out of the blue:  

If you have been contacted out of the blue by an unknown account online, then it’s important not to let your guard down. Social media sites are one of the most common ways in which romance scammers will contact potential victims.  

Rather than immediately engaging in conversation, take time to look through the person’s account and if it looks suspicious then block them immediately.  

Suspicious social media account:  

Romance scammers will often have a public account that uses other people’s images to catfish the victim. If a person’s social media account looks ‘too good to be true,’ then it often is. Scammers will typically have few followers on social media due to hastily building a fake profile, so it’s important to look out for this.  

Some romance scammers will create additional fake profiles on other social media sites, such as LinkedIn, so it’s important to do your research before engaging in conversation.  

Uses ‘AI-generated’ language:  

Romance scammers typically operate within a wider team, which means that they often follow a script to win over the victim’s trust. If the messages sent by the individual seem rigid or unrealistic, then it’s likely to be a scam.  

Are over-complimentary:  

When trying to win over a victim’s trust, scammers will typically use over-complimentary language and will frequently use phrases such as ‘honey’ and ‘baby’ in conversation.  

This type of language is intended to trick the victim into forming an emotional connection, which will then make it easier for scammers to later influence the victim into investing in a fake crypto project.  

Will frequently endorse cryptocurrency:  

If the individual frequently brings up the topic of cryptocurrency, specifically in the context of how much money they’ve made from it, then this should be seen as a red flag.  

Romance scammers will claim to have made thousands by investing in cryptocurrency and will often upload images on social media that seemingly adhere to this luxury lifestyle. Be wary if the individual continuously mentions cryptocurrency investments, as this is often planting the seeds for encouraging victims to invest in a fake project at a later date.  

Creates a sense of urgency: 

In order to try and coerce victims into investing in a fake crypto project, the scammer will typically create a false sense of urgency, advertising that this project is a ‘one-off’ and ‘unmissable’ investment opportunity. Romance scammers tend to play on the victim’s emotions to convince them to invest quicker.  

How can you avoid crypto romance scams?  

Do your research:  

If an unknown account contacts you out of the blue on social media, then do your research before initiating contact.  

Check out the account’s followers to verify whether they are being followed by real people or whether the social media account has been hastily made by a scammer.  

Use Google reverse image search:  

The majority of scammers use other people’s photos in an attempt to catfish potential victims, which is why it’s so important to use Google reverse image search to verify an individual’s identity.  

If the scammer has been using other people’s images, then the original source of the photo will be revealed by using Google reverse image search. If this is the case, then block the account immediately and do not engage in conversation.  

Ensure that you investigate every crypto project:  

Before investing in any cryptocurrency project, it’s important that you do your research. Scammers will often advertise these investment opportunities to be time sensitive, but this should not prevent you from looking into the project in more detail.  

If possible, check online reviews about the investment opportunity and seek outside advice from family and friends. If an investment opportunity seems ‘too good to be true,’ then it likely is.  

Report the scammer immediately:  

If you notice any suspicious activity, then it’s important to report the potential scammer to the relevant authorities. A lot of victims do not report that they’ve been the victim of a romance scam, but it’s important to flag any suspicious activity immediately to prevent others from becoming victims of the same romance scammer.  

As scammers typically operate within a wider team, it’s common that they will be scamming multiple people at once, which is why it’s so crucial to report any suspicious activity as soon as possible.  

David Kemmerer, the co-founder and CEO of Coin Ledger, commented:  

“Unfortunately, the crypto market is becoming a dominant space for romance scams, largely because of the anonymity associated with crypto investing. Because of this, it’s important to remain hypervigilant to reduce the risk of falling victim to a romance scam.  

“If an individual is strongly influencing you to invest in a specific crypto project, then it’s important to take a step back. Scammers will often rely on a pre-established emotional connection to convince victims to invest, but it’s crucial that this doesn’t prevent you from doing your own research.  

“Romance scammers will often target vulnerable people who are uncertain about how social media and the wider crypto market works. Taking a few minutes to Google the name of both the individual and the investment opportunity in question can be the difference between financial protection and loss.”  

Leave a comment »

KnowBe4 Spots Surge in Phishing Attacks Hijacking Legitimate Microsoft Communication

Posted in Commentary with tags on March 27, 2025 by itnerd

Today, the KnowBe4 Threat Lab released a threat alert detailing a surge of phishing attacks that have been hijacking legitimate Microsoft communications. 

This spike comes amid a rise in the exploitation of trusted platforms like DocuSign, PayPal, Google Drive, and Salesforce for phishing emails. 

In this attack, cybercriminals hijacked a legitimate Microsoft invoice and used mail flow rules to auto-forward it to thousands of recipients. By setting up their own Microsoft domain, the attackers ensured the emails passed authentication protocols. They then embedded a fake organization name as their own, which appeared in the body of the email, to socially engineer the victim to call the number present in that ‘name’. Other than this the attacks had no other payload and all links present are legitimate. 

The alert can be read in full here: https://blog.knowbe4.com/surge-in-phishing-attacks-hijacking-legitimate-microsoft-communications

Leave a comment »

Leaseweb Powers the Future of European Cloud Sovereignty

Posted in Commentary with tags on March 27, 2025 by itnerd

Leaseweb, a leading cloud services and Infrastructure as a Service (IaaS) provider, today shared a major update on its contribution to the EU’s Important Projects of Common European Interest on Cloud Infrastructure and Services (IPCEI-CIS). With its European Cloud Campus project, Leaseweb is actively building the foundation for a sovereign European cloud – designed to protect sensitive data, comply with EU regulations, and ensure that Europe’s digital infrastructure is no longer dependent on US providers.

In the last nine months, Leaseweb has made an industry-leading contribution to the IPCEI-CIS initiative, including developing powerful and flexible cloud infrastructure. This includes creating a scalable compute platform with enhanced automation capabilities, including an open API to streamline automation initially for virtual machines, with plans to integrate physical servers and storage in 2025-26. The company has also developed data integration tools for interaction with public cloud compute services, with ongoing enhancements for greater efficiency and scalability. Additionally, Leaseweb has created a flexible, multi-tenant system for running applications, enabling independent operations within shared clusters. This incorporates backend services and a scalable container platform, currently in beta, with full integration expected in 2025. These activities form the foundation for new, sovereign cloud services in Europe.

As the platform expands, Leaseweb continues to enhance management tools, ensuring an intuitive and adaptable cloud environment, further expanding compute and storage capabilities with increased automation and flexibility. Strengthening the integration between compute and container platforms will be a key priority, allowing for more efficient operations. In addition, Leaseweb is committed to enhancing monitoring and self-healing features, ensuring the cloud infrastructure remains resilient, scalable, and future-proof.

Leave a comment »

OWC Launches Jellyfish B24 and Jellyfish S24 Storage

Posted in Commentary with tags on March 27, 2025 by itnerd

 Other World Computing today announced the general availability (GA) launch of the OWC Jellyfish B24 and OWC Jellyfish S24, two powerful new additions to its award-winning shared storage lineup. Designed to meet the evolving needs of media teams, the OWC Jellyfish B24 delivers a cost-effective, high-capacity solution for seamless collaboration and nearline backup, while the OWC Jellyfish S24 offers a full SSD production server with lightning-fast performance for demanding video workflows. With scalable expansion options and rock-solid reliability, these new OWC Jellyfish solutions give video editors, post-production teams, and content creators the tools they need to work faster, collaborate more easily, and keep their projects moving – without storage ever slowing them down.

Video editors, post-production teams, and content creators are constantly juggling massive file sizes, complex collaborations, and the need for seamless access to their media – all while making sure their work is safely backed up. But as video resolutions continue to climb to 4K, 8K, and beyond, many storage solutions just can’t keep up, creating frustrating bottlenecks that slow down the creative process. The OWC Jellyfish B24 and S24 are built to solve these problems, delivering high-performance, scalable shared storage that keeps workflows smooth, file transfers fast, and backups reliable. Whether a team needs affordable nearline storage – with plenty of capacity, or lightning-fast SSDs – for real-time editing, these solutions ensure creatives can focus on what they do best – telling great stories – without storage getting in the way.

About the OWC Jellyfish B24

The OWC Jellyfish B24 is an adapted version of the powerful OWC Jellyfish R24, designed as a cost-effective collaboration solution for smaller teams using workflows that don’t need high throughput but require large storage capacities. The OWC Jellyfish B24 can also be used as a fully expandable nearline backup server for any OWC Jellyfish to ensure that your media are always safe and immediately available in case anything happens to your online production system.

The B24 has four dedicated SAS ports to which you can connect B24-E expansions via a mini-SAS cable, included with every expansion chassis. If the drives in the B24-E have the same capacity per drive as the drives in the B24, you can easily merge the media pools into a single pool using OWC Jellyfish Manager. This will increase the aggregate performance of the system. Adding four B24-E expansion chassis to a B24 head unit, storage capacity for a full-blown B24 configuration can go up to 2.8 Petabytes.

About the OWC Jellyfish S24

The OWC Jellyfish S24 is a high-performance Full SSD production server for media teams who need the responsiveness of full flash while still being able to easily expand their storage in the future. The SSDs in the S24 are the powerful OWC Mercury Extreme Pro SSDs. The S24 can be combined with an OWC Jellyfish S24-E SSD expansion chassis for up to 736TB of fast SSD storage.

The OWC Jellyfish S24 easily scales both in performance and in storage capacity. Add an OWC Jellyfish S24-E expansion for up to 736TB of powerful Full Flash shared storage. If the drives in the S24-E have the same capacity per drive as the drives in the S24, you can easily merge the media pools into a single pool using OWC Jellyfish Manager. This will also increase the aggregate performance for the system.

Leave a comment »

51% of Canadian shoppers abandoned purchases due to ordering friction: Salesforce

Posted in Commentary with tags on March 27, 2025 by itnerd

Salesforce’s latest Connected Shoppers Report highlights how retailers are feeling pressure as costs mount, customer expectations rise, and technology gets increasingly complex.

Canadian retailers are turning to AI agents to improve customer experiences and beat the competition. In fact, 60% of Canadian retailers say AI agents will be essential to compete within a year. A seamless shopping experience is critical for retailers as they face economic uncertainty and more complex shopping behaviour. With more unified data, AI agents can provide more personalized and real-time responses – improving efficiency and shopper experience.

Further findings include:

Shoppers show readiness for the AI era

  • 35% of Canadian shoppers have used AI for product discovery.
  • Canadian shoppers are interested in using AI agents for:
  • (72%) optimizing loyalty points 
  • (67%) answering questions for faster customer service
  • 63% of Gen Z global shoppers are interested in agents purchasing items on their behalf.

Retailers see AI agents as a way forward

  • 65% of Canadian retailers say they’re increasing AI investment this year.
  • As AI agent adoption continues, customer service emerges as retail’s top agent use case followed by merchant assistance and marketing.
  • Over three quarters (81%) of Canadian retailers say inefficient processes and technology drain store associate productivity.

Methodology

Data in this report is from two double-anonymous surveys conducted November 27 through December 26, 2024. The surveys generated responses from 8,350 shoppers and 1,700 retail industry decision-makers across 21 countries in North America, Latin America, Asia-Pacific, and Europe, including 500 shoppers and 100 retail decision-makers in Canada.

1 Comment »

Cybernews Researchers Uncover 1.5M private photos exposed from LGBTQ+, BDSM & sugar dating apps

Posted in Commentary with tags on March 27, 2025 by itnerd

The Cybernews research team has uncovered a massive privacy oversight: iOS dating apps catering to the LGBTQ+, BDSM, and sugar dating communities have leaked nearly 1.5 million private user photos – including explicit images sent in private messages.

Apps developed by M.A.D Mobile Apps Developers Limited, including BDSM People, CHICA, TRANSLOVE, PINK, and BRISH, were found exposing sensitive user data due to publicly accessible hardcoded secrets in their code. 

This flaw allowed unauthorized access to storage buckets containing highly sensitive content, putting users at risk of extortion, social engineering attacks, and, in some cases, even persecution in countries where LGBTQ+ identities are criminalized.

Key takeaways:

  • 1.5 million private images exposed, including verification photos, chat images, and moderator-removed content.
  • BDSM People app alone leaked 541,000 private images, including 90,000 from direct messages.
  • Sugar dating app CHICA leaked 133,000 photos, including private chats.
  • Three LGBTQ+ dating apps exposed over 1.1 million images, with BRISH, PINK, and TRANSLOVE all compromised.
  • Hardcoded API keys and storage credentials allowed full access to Google Cloud storage, requiring no authentication.

Given the sensitive nature of these dating platforms, these weak spots could have severe personal and legal consequences for affected users. Cybernews researchers have reached out to the developers, but no response has been received.

Read the full report here

Leave a comment »

Fortra’s 2025 Email Security Report Is Out

Posted in Commentary with tags on March 27, 2025 by itnerd

Fortra has published the results of its 2025 Email Threat Landscape report which describes how the email threat landscape evolved in 2024 and forecasts what defenders should expect in 2025. Fortra analyzed more than 1 million email threats, many of which bypassed traditional email security measures.

Some of the main findings include:

  • 99% of email threats reaching corporate user inboxes in 2024 were response-based social engineering attacks or contained phishing links, without delivering malware.
  • Scammers are exploiting leaked personal data, such as home addresses, to craft highly personalized attacks and extortion schemes.
  • Legitimate services are being heavily abused to get malicious emails into user inboxes. Misuse of developer tools grew sharply, increasing more than 200% in 2024.
  • Multichannel attacks are luring victims out of secure email environments. Methods include malicious QR codes and hybrid vishing, which surged in Q4 2024 to account for 40% of response-based email threats.

You can read the report here.

Leave a comment »

Datadobi Announces StorageMAP 7.2

Posted in Commentary with tags on March 27, 2025 by itnerd

Datadobi has announced the general availability of the next version of its software platform, StorageMAP 7.2. The latest release introduces powerful new metadata insights and expanded data reporting, giving Infrastructure & Operations (I&O) leaders the ability to unlock and maximize data value with unparalleled visibility and control over their sprawling data environments. StorageMAP 7.2 lowers cost, optimizes storage, reduces risk, and aligns data strategies with evolving business and regulatory demands.

With unstructured data growing at an annual rate of 30–50%, I&O leaders face mounting challenges across cost management, security and governance. According to Gartner® “By

2028, over 70% of I&O leaders will implement hybrid cloud storage strategies, a significant increase from just 30% last year”. StorageMAP 7.2 has been designed to meet this demand by helping businesses make more effective data-driven decisions.

Among the improvements delivered by StorageMAP 7.2 are enhanced metadata query capabilities, which enable organisations to track cost, carbon emission levels, and StorageMAP tags with greater precision. The update also introduces automated discovery for Dell ECS™ and NetApp StorageGRID™ object stores, allowing enterprises to instantly identify tenants and their associated S3 buckets, simplifying the management of large-scale object storage environments.

Building on its existing orphaned data reporting functionality over the SMB Protocol, StorageMAP 7.2 now extends support to NFS environments, enabling businesses to identify and report on orphaned data for all data accessed over SMB and/or NFS protocols. This approach enables quick identification of data that is not currently owned by any active employee. Additionally, an enhanced licensing model provides organisations with the flexibility to scale their use of StorageMAP’s features according to their specific requirements.

StorageMAP 7.2 also optimizes the storage of data by helping businesses free up primary storage capacity and optimize AI data workflows. This includes new archiving capabilities that allow organizations to identify and relocate old or inactive data to archive storage, ensuring that high-value primary storage remains efficient and cost-effective. Additionally, the platform enhances AI readiness by finding and classifying data suitable for GenAI processing, enabling businesses to feed data lakes with relevant, high-quality datasets.

Leave a comment »

Financial Records & PII Exposed in Australian Fintech Data Leak 

Posted in Commentary with tags on March 27, 2025 by itnerd

A data breach involving Vroom by YouX an Australia-based Fintech company specializing in automotive financing, was discovered and reported to Website Planet by cybersecurity researcher Jeremiah Fowler.

What happened:
non-password-protected Amazon S3 database containing 27,000 records was publicly exposed. The leaked files included images of driver’s licenses, Medicaid cards, bank statements including account numbers and partial credit card numbers, employment statements, and more.

Why it matters:
Exposing this kind of sensitive financial and identification data poses serious risks, including identity theft, impersonation, financial social engineering, and other forms of fraud involving identification documents or financial information.

Read their full report here: https://www.websiteplanet.com/news/vroom-report-breach/

Leave a comment »