Archive for May 7, 2025

« Older Entries

Google Uncovers New LOSTKEYS Malware Linked to Russia-Based Hacker

Posted in Commentary with tags on May 7, 2025 by itnerd

Google has uncovered a new piece of malware called LOSTKEYS, attributed to the Russian government-backed threat group Cold River (also known as UNC4057, Star Blizzard, and Callisto). The group is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker. LOSTKEYS marks a new development in the toolset of Cold River, a group primarily known for credential phishing against high-profile targets like NATO governments, non-governmental organizations (NGOs), and former intelligence and diplomatic officers.

More info can be found here. https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos 

Erich Kron, security awareness advocate at cybersecurity firm KnowBe4, commented:

“There can be no doubt that intelligence gathering and cyber warfare is taking place at the nation-state level and will probably do so for the foreseeable future. This is simply the digital version of a spy sneaking in a micro camera and taking pictures of sensitive information and then providing it to whomever they work for. While these attacks are targeting mostly non-governmental organizations (NGOs), many of them do have ties to government agencies and could have information useful to that government’s adversaries.

“Because it seems they prefer tactics such as social engineering through email phishing, organizations should ensure that they have a well implemented human risk management (HRM) program in place that includes training and education to help employees fend off social engineering attacks.”

The human element is always the weakest point. Thus improving that would go a long way in terms of heading off attacks.

UPDATE: Another comment has come in from Darren Siegel, Lead Sales Engineer at Outpost24:

“This is yet another example showing that credential theft is an ongoing area of risk, as even the strongest passwords can be captured by this kind of malware attack.  While obviously the ideal outcome here would be to prevent such attacks from occurring in the first place, it underscores the need for organizations to implement continuous monitoring for compromised credentials, ideally using tools that are informed by threat intelligence that can quickly identify and respond to new breaches.” 

Leave a comment »

Specops Analysis: Marks & Spencer Hack – Active Directory & Service Desk Security Lessons

Posted in Commentary with tags on May 7, 2025 by itnerd

The significant cyberattack on British retailer Marks & Spencer highlights the growing impact of sophisticated ransomware attacks on major corporations – as well as the ongoing need for strong Active Directory security.  

Specops Software has analyzed the attack in an updated post M&S ransomware hack: Active Directory & Service Desk security lessons.

The first critical lesson is that Active Directory (AD) environments must be treated as crown jewels and defended accordingly. While attackers getting access to the NTDS.dit file is obviously a serious breach, if your passwords are strong (long, not using common base words, not using existing breached passwords) it can still be quite expensive for an attacker to brute force those hashes to learn the users’ actual passwords. There also needs to be a focus on detecting and containing lateral movement in the event of a breach. Implementing certain measures will harden Active Directory environments against both offline-hash cracking and the misuse of elevated credentials—two of the primary enablers of the M&S attack. 

To vew the full Specops Software analysis, please see the report M&S ransomware hack: Active Directory & Service Desk lessons, which includes a summary of the attack, how it happened, who is Scattered Spider and what can be learned from the attack.   

Leave a comment »

New Telehouse report reveals infrastructure gaps slowing global AI adoption

Posted in Commentary with tags on May 7, 2025 by itnerd

Today, Telehouse released data from its AI Workload Strategies 2025 report, exploring how businesses around the world are navigating the complex infrastructure demands of AI deployment—while also contending with intensifying cyber threats that risk disrupting critical operations. 

The study comes at a pivotal time for global enterprises as AI initiatives scale across cloud, on-premises data centres, colocation facilities, and specialist GPU clouds—each posing unique performance, security, and connectivity demands. The findings underscore a fragmented but rapidly evolving AI infrastructure landscape, with no one-size-fits-all model. 

Some key findings from the survey include:  

  • AI workloads are widely distributed: Only 35 per cent are deployed in the public cloud, while on-premises data centers, third-party colocation and specialist GPU clouds each host about 10% of workloads. 
  • Network and infrastructure challenges are stalling progress: 55 per cent of businesses report significant networking issues with AI deployments, and 39 per cent have abandoned AI projects due to infrastructure-related barriers. 
  • Connectivity, skills, and GPU access drive venue decisions: Companies cite internal IT skills, network/fibre availability, GPU infrastructure, and cost considerations as key factors in selecting where to deploy AI workloads. 
  • Colocation providers gain appeal: Demand for AI-related services is boosting the role of colocation providers as businesses seek more tailored, high-density compute environments to support AI/ML workloads. 

There are many more findings in the full report, which can be accessed here.  

Leave a comment »

Trilliant and OZZ Electric Expand Next-Generation Utility Services in British Columbia

Posted in Commentary with tags , on May 7, 2025 by itnerd

Trilliant has partnered with OZZ Electric to roll out a commercial-grade electric vehicle (EV) charging energy management solution in British Columbia (B.C.), Canada.

Since 1995, OZZ Electric has provided services in Canada and the United States, including design/build, EV and solar, mixed-use residential, technology, and a B.C. apprenticeship program. With over 100 projects and more than 1,200 employees across B.C., Ontario, and Washington, D.C., OZZ Electric specializes in large-scale projects, high-profile design-build work, retrofit applications, and clean energy solutions, supporting residential, industrial, commercial, and institutional (ICI) spaces.

Trilliant and OZZ Electric B.C. have been partners since 2022 in sub-metering and energy management. This expansion will leverage Trilliant’s best-in-class sub-metering solution to help better manage the energy consumption data and capabilities of EV chargers as they become an important component of modern multi-residential buildings. In addition to providing accurate energy usage data and advanced control capabilities, Trilliant will also empower resident EV owners with information to make responsible energy-efficient decisions.

Leave a comment »

Scattered Spider service desk attacks: How to defend your organization

Posted in Commentary with tags on May 7, 2025 by itnerd

Scattered Spider is a disparate hacking collective that has surged to prominence by using sophisticated social engineering tactics. One of their key tactics is exploiting people – specifically, corporate service desks. They’ve recently hit the headlines by allegedly duping an IT help desk at Marks & Spencer into resetting a password that let them breach internal networks.

Today, Specops Software has published an analysis on Scattered Spider service desk attacks including a timeline of major attacks. Think: MGM Resorts, Caesars Entertainment, now M&S, Harrods, and Co-op. The deep dive also covers the why behind these Scattered Spider’s attack of choice, the how, and finally what organizations can do to protect themselves on the service desk front. 

For full details, the analysis can be read here: https://specopssoft.com/blog/scattered-spider-service-desk-defense-tips/

Leave a comment »

Pentera’s State of Pentesting Report Reveals Shift Towards Software-Based Pentesting

Posted in Commentary with tags on May 7, 2025 by itnerd

Pentera, the market leader in automated security validation, today announced the release of its fourth annual State of Pentesting survey report. Pentera surveyed 500 CISOs and senior security executives from enterprises with more than 3,000 employees across the United States, Germany, France, and the United Kingdom. The 2025 report offers data-driven analysis on the current state of security validation practices, budget priorities, and the key factors influencing the adoption of proactive risk management strategies.

Unthinkable a decade ago, today over 50% of enterprise CISOs report using software-based pentesting to support their in-house testing practices. Even more notable, 50% of CISOs now identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations. These trends signal a broader shift toward testing approaches that offer greater scale, cover the full attack surface, and enable continuous validation of the enterprise.

Key findings from the report include:

  • 67% of US Enterprises Experienced a Breach in the Past 24 Months – Enterprise CISOs manage an average of 75 security tools across their IT environments, with 45% reporting stack growth over the past year. Despite these investments, 67% experienced a breach in the past 24 months, underscoring the persistent challenges of securing complex environments.
  • Large Security Stacks: Increased Vulnerability Data Volume – While a larger security stack increases visibility of potential issues, it also increases operational complexity, making it harder to prioritize and respond to the most critical threats. Organizations with 11–50 security tools generate an average of 883 alerts per week. Enterprises with 76–100 tools face over 2,048 alerts weekly, while those with more than 101 tools see an average of 3,074 alerts.
  • Pentesting Represents Around 11% of the Total IT Security Budget – US enterprises spend an average of $187,000 annually on pentesting which is about 10.5% of their total IT security budgets. IT Security budgets are on the rise: Over 50% of CISOs report that they will be raising their pentesting budgets in 2025 and 48% will be raising their overall IT security budgets.
  • Software-based pentesting is gaining traction – 55% of enterprises now use software-based tools to support in-house testing programs, and 50% of CISOs cite software-based testing as a primary method for uncovering exploitable security gaps within their IT environments. This reflects a growing trust in the safety of software solutions. Enterprises are shifting toward scalable adversarial testing approaches.
  • Cyber Insurance Providers are a NEW Driving Force for Technology Adoption – Cyber insurance providers are driving security control technology adoption. In the US 58% of enterprises have implemented at least one cybersecurity solution at the request of their insurance provider. An additional 34% reported receiving recommendations for specific solutions.
  • Confidence in Government Support Is Not High – 22% of CISOs say they cannot rely on the government for cybersecurity support at all. Another 64% of US enterprises acknowledge government actions, but believe these efforts are insufficient. Only 14% believe the government is truly doing its part to help protect the private sector.

The survey was conducted by Global Surveyz, an independent research firm, from December 2024 through January 2025.

Click here to access the full report.

Leave a comment »

ServiceNow introduces Core Business Suite with AI-powered solutions built to quicklytransform key business functions and scale with growing companies

Posted in Commentary with tags on May 7, 2025 by itnerd

Today, at ServiceNow’s annual customer and partner event, Knowledge 2025 the company introduced its new Core Business Suite—an AI-powered solution that quickly transforms core business functions like HR, procurement, finance, and more. Available on the single, intelligent ServiceNow AI Platform, Core Business Suite connects employees, suppliers, systems, and data in one place, enabling efficiency and faster time to value for organizations of all sizes. Within Core Business Suite, ServiceNow also launched a new Finance Case Management solution to orchestrate finance department requests with AI-driven processes, eliminating manual tasks and reducing errors.

ServiceNow brings together AI, data, and workflows on a single, powerful platform, allowing ServiceNow Core Business Suite to accelerate transformation across business operations, drive better outcomes, reduce costs, and improve service experiences.

Simplifying the work experience for every team

ServiceNow Core Business Suite brings together proven capabilities across business functions into one unified experience, representing a new way to scale enterprise-grade intelligence, efficiency, and productivity to mid-sized and commercial customers. It provides a single-entry point where employees can resolve everyday workplace needs—whether it’s requesting workplace accommodation, seeking help with a procurement request, or submitting a compliance concern without navigating multiple systems. By seamlessly connecting employees, suppliers, systems, and data from both inside and outside the ServiceNow AI Platform, the suite eliminates silos and unifies requests and processes across finance, IT, HR, procurement, legal, facilities, and more.

Built for speed and simplicity, Core Business Suite is optimized for fast deployment—often in just weeks—with AI agents that assist with setup and automation from day one. This means faster time to value, lower cost to serve, and consistent experiences, even for smaller teams or companies without large IT departments. Employees gain quick, hassle-free access to critical information, powered by AI that’s as smart as the data behind it. By tapping into rich contextual data across the enterprise, business experts can swiftly resolve cases with complete context, while team leads gain visibility into performance metrics, enabling continuous improvement. The suite rapidly automates tasks, streamlines complex interactions, and accelerates productivity—delivering greater transparency and operational efficiency throughout the enterprise.

Transforming finance with ServiceNow Finance Case Management

As part of the launch of Core Business Suite, ServiceNow introduced Finance Case Management, a new solution built specifically for finance departments to manage their day-to day work and requests. While traditional finance tools focus on recording transactions, ServiceNow Finance Case Management addresses the unstructured work that leads to inefficiency—such as creating a new cost center, checking the status of a vendor invoice, or escalating a payroll issue—bringing visibility, structure, and automation. Instead of navigating a maze of disconnected systems, employees now have a single, intuitive interface to initiate, act on, and track finance-related requests with AI agent assistance.

Core Business Suite marks the next step in ServiceNow’s mission to simplify work across the enterprise—streamlining IT, HR, finance, procurement, legal and workplace operations, eliminating silos, and transforming how employees get things done. By automating requests and connecting workflows across departments, it delivers faster outcomes and better experiences for teams at every level.

Additional information: 

Learn more about ServiceNow Knowledge 2025 here.

Leave a comment »

Critical Oil and Gas Sectors Actively Targeted by Unsophisticated Threat Actors CISA Warns 

Posted in Commentary with tags on May 7, 2025 by itnerd

The CISA yesterday warned critical infrastructure organizations of “unsophisticated” threat actors actively targeting the U.S. oil and natural gas sectors.

CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage

Ensar Seker, CISO at SOCRadar had this comment:

“CISA’s warning about unsophisticated actors targeting ICS and OT systems in the oil and natural gas sectors should not be underestimated. The level of technical sophistication doesn’t always correlate with the level of impact, especially when it comes to operational technology. In many cases, even basic scanning tools, default credentials, or exposed interfaces can lead to catastrophic outcomes when ICS and SCADA environments are not properly segmented or monitored.”

“What makes this alarming is the growing accessibility of industrial-specific exploits and open-source ICS scanning tools, which are now circulating not only in underground forums, but even in open GitHub repositories. This lowers the barrier to entry for less capable threat actors including ideologically driven groups or lone wolves with potentially disproportionate physical effects, such as fuel distribution disruptions or pipeline shutdowns.”

“The real issue here isn’t just threat actor sophistication, it’s systemic exposure. Many ICS environments were designed decades ago, without cybersecurity in mind, and continue to rely on legacy protocols like Modbus and DNP3 with little to no authentication, encryption, or tamper detection.”

“This isn’t just about defending against advanced persistent threats. It’s about recognizing that even a simple script, when aimed at an unprotected valve, sensor, or controller, can have very real-world consequences.”

“CISA’s alert is yet another signal that the line between cyber and physical security has dissolved. It’s time for energy and transportation operators to treat every node on their ICS networks as a critical attack surface regardless of how sophisticated the attacker may seem.”

James McQuiggan, Security Awareness Advocate at KnowBe4:

“Critical infrastructure must move from “if” to “when” thinking. Eight years after NotPetya disrupted global operations, we’re still seeing attackers rely on tactics that should no longer be effective, yet they are. That clearly indicates that many critical infrastructure organizations haven’t hardened their defenses fast enough.”

“These attacks aren’t carried out by sophisticated state actors. They’re using well-known techniques like stolen credentials, unpatched vulnerabilities, and remote access misconfigurations, all items blue teams should be able to stop. Too many organizations operate under the assumption that they won’t be targeted, or that their OT environments are “isolated enough.” That’s the same logic as leaving your front door unlocked because no one’s robbed your neighbors yet.”

“If you can’t see your attack surface, you can’t secure it. Organizations should run tabletop exercises specific to OT scenarios. Include ransomware in your simulations and work to identify single points of failure before attackers do.”

“Leaders, including boards and the C-suite, must stop treating cybersecurity as an IT line item, as this is an operational risk. And in many cases, it’s a matter of national security. We’re not in the “what if” phase anymore. We’re in the “how bad will it be when it happens” phase.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech

“Cybercriminals are always looking for low-hanging fruit, and that includes ill-prepared critical infrastructure. These threats are easy to spot but persistent, so vigilance is key. An organization can avoid it 1,000 times but only needs to slip up once to allow cybercriminals into their network. Once inside, they can steal data and deploy ransomware, among other attacks.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“Unfortunately, the infrastructure in the U.S. is an attractive target for the bad actors of the world. The rise of malware-as-a-service allows unsophisticated hackers to wreak havoc with little effort, often causing unintended consequences in some cases. U.S. oil and gas companies need to modernize and harden their systems. While this won’t be cheap, it will still be more economical than trying to clean up the mess left behind by the bad guys.”

This illustrates that the amount of threat actors looking to launch attacks are only increasing. Thus it’s incumbent on defenders to make sure that potential attacks are mitigated or stopped before they happen.

Leave a comment »

Sage and Amazon Web Services Collaboration Powers AI Innovation in Accounting and Compliance

Posted in Commentary with tags on May 7, 2025 by itnerd

Sage today announced significant progress in its ongoing collaboration with Amazon Web Services (AWS). Building on its role as an AWS partner holding the SMB Software Competency, and recognised for its expertise in developing solutions for small and medium-sized businesses, Sage is working with AWS to develop innovative AI solutions ideally suited for the accounting and compliance needs of SMBs.

By leveraging AWS AI services like Amazon Bedrock and purpose-built AI chips like AWS Trainium and AWS Inferentia, Sage has been able to accelerate development, scale innovation, and deliver AI-powered solutions more efficiently. This collaboration ensures Sage can rapidly test, refine, and deploy AI models that are tailored to the complex needs of accounting and compliance, providing businesses with reliable, accurate, and intuitive financial tools.


Advancing AI in Accounting: Delivering Value to SMBs
With the support of AWS over the past year, Sage has successfully developed and deployed purpose-built Large Language Models (LLMs) and Small Language Models (SLMs) for accounting and compliance. These models improve the accuracy, reliability, and efficiency of Sage’s AI-powered financial solutions, enabling SMBs to operate with greater confidence and efficiency. This work also lays the foundations for advanced agentic capabilities within Sage Copilot – Sage’s AI powered assistant, supporting more intelligent automation and proactive financial assistance. Sage Copilot is currently available in the UK, US, France, Spain, and Germany, embedded within Sage Accounting, Sage for Accountants, Sage 50 and Sage Intacct.


Key advancements include:

  • Enhancing trust with domain-specific AI – The Accounting Filtering Model ensures AI-generated responses remain strictly relevant to financial and compliance-related queries, preventing inaccurate or misleading information.
  • Expanding AI-driven financial assistance – These models help enhance SageCopilot,  enabling it to provide real-time insights, automate workflows, and reduce the burden of manual financial tasks.
  • Optimising efficiency through intelligent automation – New endpoint detection models improve AI’s ability to interpret user intent and dynamically retrieve relevant financial data, ensuring more precise responses and streamlining financial decision-making.

Unlocking Business Insights with AI-Powered Search

In addition to advancing AI-driven accounting models, Sage is also leveraging AWS technology to transform how SMBs access and interpret financial information. The new Semantic Search API, powered by Amazon Bedrock, enhances the way Sage products retrieve, rank, and generate responses from financial and compliance data, making insights more accessible, relevant, and actionable.

This innovation enables SMBs to:

  • Find the right financial information faster – AI-powered search capabilities reduce the time spent navigating financial data, improving productivity and decision-making.
  • Access up-to-date and relevant insights – A new self-service content hub enables Sage’s product teams to continuously refine and manage knowledge sources, ensuring AI-generated responses reflect the latest financial regulations and business trends.
  • Support businesses globally – Semantic search is being expanded to support multiple languages, ensuring that SMBs worldwide benefit from intelligent, AI-driven assistance.


As Sage continues to expand its AI capabilities, it remains committed to responsible AI innovation, developing solutions that are transparent, secure, and designed to meet the specific needs of SMBs.

Leave a comment »

Hyundai Motor Group Delivers Enhanced In-Car Experience Through Equinix Data Centers Globally

Posted in Commentary with tags , on May 7, 2025 by itnerd

Hyundai Motor Group (the Group) is deploying its dedicated private cloud platform, HCloud, within Equinix data centers globally to enhance customer experience and improve service quality for its more than 10 million connected car service subscribers.

HCloud is the Group’s proprietary cloud platform that was developed in response to the growing demand for real-time data processing, seamless connectivity and scalable infrastructure, driven by rapid advancements in connected and autonomous vehicles.

The Group is leveraging Equinix International Business Exchange™ (IBX®) data centers across Asia, the United States and Europe, as well as Equinix Fabric®, to interconnect HCloud to multiple public cloud providers, including Amazon Web Services (AWS). This hybrid multicloud architecture accelerates the global rollout of connected car serviceswhile ensuring reliable connectivity, consistent service coverage and reduced latency.

Hyundai Motor Group is a global enterprise that comprises the mobility brands—Hyundai Motor, Kia and Genesis. The Group’s CCS provides in-car infotainment and mobile applications via wireless networks. Since its launch in 2003, the Group has acquired over 10 million global CCS subscribers as of 2023 and is aiming to reach 20 million by 2026. To continue the growth, it is making significant investments in the development and expansion of HCloud to deliver enhanced in-car services, including a personalized driving experience.

As 95% of new vehicles are expected to be connected by 2030, the Group recognized the need for distributed data processing and proximity to cloud and network ecosystems to ensure an excellent user experience. This led to the deployment of the HCloud in Equinix IBX data centers in Seoul, Los Angeles and Frankfurt, strategically selected for their global reach, carrier density and high operational standards backed by service-level agreements (SLAs). Equinix’s proximity to major cloud and network providers will enable the Group to connect with key partners, while supporting robust performance and scalability.

Through its deployment at Equinix, the Group has enhanced app responsiveness and improved the quality of its remote services. The collaboration supports the company’s transition to software-defined vehicles (SDVs) and lays the foundation for smarter, safer and more connected mobility solutions.

Leave a comment »

« Older Entries