Archive for May 13, 2025

IGEL Women Leaders Named to CRN’s 2025 Women of the Channel List

Posted in Commentary with tags on May 13, 2025 by itnerd

IGEL is proud to announce that Erin Ware, Director of Distribution-North America, Janice Savage, Director of Channel Sales-North America, Laura Hermans, Senior Manager of Global Channel Strategy and Operations, and Sarah Heibult, Senior Channel Sales Manager at IGEL, have been recognized by CRN®, a brand of The Channel Company, on the prestigious Women of the Channel list for 2025.

This prestigious list honors women leaders across the IT channel whose vision, strategy, and commitment drive meaningful change and partner success. The IGEL honorees exemplify the future of channel leadership — delivering value through innovation, enablement, and trust.

Four Women. One Mission. Partner Success.

  • Erin Ware, Director of Distribution, North America — Erin empowers IGEL’s distribution partners with data-driven performance strategies that streamline execution and accelerate market readiness.
  • Janice Savage, Director of Channel Sales, North America — Janice drives transformational partner relationships grounded in authenticity, resulting in powerful alignment and growth across IGEL’s ecosystem.
  • Laura Hermans, Senior Manager, Global Channel Strategy and Operations—Laura is the strategic architect of IGEL’s channel acceleration engine, scaling operations with a global-first mindset and programmatic execution.
  • Sarah Heibult, Senior Channel Sales Manager — Sarah uncovers new revenue pathways and leverages internal tools to deliver high-impact insights that elevate partner engagement and ROI.

A Platform for Innovation, Equity, and Excellence

IGEL redefines the endpoint as a strategic enabler of Zero Trust, sustainability, and modern work. At the heart of this transformation are IGEL’s people, especially the women driving outcomes for customers and partners worldwide. Today’s recognition is not only a celebration of individual achievement but also a reflection of IGEL’s commitment to inclusive excellence across the channel.

The 2025 Women of the Channel honorees are featured in the June issue of CRN® Magazine and online at www.CRN.com/WOTC.

Leave a comment »

Zoom Workplace Apps Vulnerabilities Enable Escalated Privileges Among Other Attack Vectors

Posted in Commentary with tags on May 13, 2025 by itnerd

It is being reported that Zoom has disclosed multiple vulnerabilities impacting its Workplace apps, across its various platforms, that pose significant risks such as privilege escalation, denial-of-service (DoS) and remote code execution.

Jim Routh, Chief Trust Officer at Saviynt had this to say:

“Cyber professionals are considering the need for deep fake detection and prevention impacting virtual meetings today. It turns out that the software defects/vulnerabilities announced recently in Zoom Workplace are far more critical at this time.

DoS and remote code execution vulnerabilities have the potential for significant business disruption with the potential for ransomware exploits. Software resilience for enterprise software companies is achievable with more maturity in the development process to identify and remediate race conditions.”

Erich Kron, Security Awareness Advocate at KnowBe4 follows with this:

“Given the number of people that use and rely on Zoom for their organizations’ day-to-day activities, this type of flaw could be very significant. Deepfake audio and video have already been an issue, and in this case having a Zoom meeting initiated from a legitimate account could be the difference between a person believing the caller and not believing them. Fortunately, in this case, exploiting is not something that can be done easily remotely, so physical access is required. However, it demonstrates what may be possible with other future vulnerabilities that could be remotely exploited. Due to the proliferation of deepfakes and live action scams, as opposed to just email phishing, organizations would benefit from ensuring their HDR program includes a focus on ways to ensure the caller is legitimate.”

This is really not good. Now that these are out there, threat actors will be trying to exploit those who do not update ASAP. And that’s the key to keeping safe. If you use Zoom, you should update your Zoom client ASAP.

Leave a comment »

Sage Intacct helps finance teams drive higher performance with greater intelligence, speed, and simplified industry workflows

Posted in Commentary with tags on May 13, 2025 by itnerd

Sage today announced a new wave of AI-powered automation and industry innovations for Sage Intacct. With updates that improve accuracy, reduce reconciliation effort, and simplify contract, fundraising and project workflows, Sage Intacct is helping finance teams make smarter decisions with less manual effort.

As finance teams face growing pressure to do more with less, Sage Intacct continues to evolve to meet the needs of modern, high-performing finance functions. This release brings together innovations that accelerate the close, streamline processes, reduce manual work, and integrate key operational systems, while helping leaders drive better outcomes for their organisations.

Empowering High-Performance Finance Teams Under Pressure

According to Sage’s The Secrets of Successful CFOs report, 69% of CFOs say they are juggling too many responsibilities, 87% regularly feel stressed, while more than half (51%) are already leveraging AI-powered tools built for financial workflows. The path forward is clear, automation is key to reducing pressure, unlocking greater efficiency, and giving finance leaders the visibility and confidence to lead proactively and plan for the future. These latest enhancements deliver AI-powered automation that supports high-performing finance teams by reducing friction, streamlining the close process, and equipping leaders with the clarity and confidence to act decisively.

Delivering AI-powered automation and industry-specific innovations

This release brings a range of updates that show how Sage is continuing to invest in a smarter, more connected experience for modern finance teams. From strengthening fundraising capabilities for nonprofits to simplifying healthcare reporting and automating reconciliation for growing businesses, Sage Intacct’s latest updates are designed to empower finance teams with the time, clarity, and confidence needed to drive smarter financial decisions. These updates Include:

  • Copilot Close Assistant: Simplifies the month-end close with proactive tracking and a centralized summary view of all critical tasks. This gives finance teams real-time visibility into close progress across subledgers and general ledgers, enabling faster issue resolution, smoother collaboration, and a more efficient, predictable close.

Availability: GA in the US and UK

  • Copilot Subledger Reconciliation Assistant: Automates reconciliation reporting, highlights variances and provides drill-down insights for faster issue resolution. With improved transparency and reduced manual checks, teams can catch discrepancies earlier and close books with confidence.

Availability: Early Adopter in UK and US

  • Sage Intacct Fundraising powered by DonorPerfect: Connects donor data and financials to optimize fundraising strategies and build donor relationships. Nonprofits using the solution have reported an average 25% increase in funds raised in their first year and double-digit growth for years thereafter, driven by unified reporting and real-time visibility into campaign performance.

Availability: GA in US and Canada

  • Automated WIP Relief: Automatically moves WIP balances upon project completion, improving alignment of costs and revenue. For service businesses, this reduces the risk of misstatements and speeds up the financial close with accurate, automated journal entries.

Availability: US, UK, Canada, South Africa, Australia

  • Sage Intacct EMRConnect Dashboards: Offers operational and financial insights for healthcare providers. With real-time access to key metrics like clinician efficiency and occupancy rates, finance leaders can proactively manage costs and drive operational efficiencies with data-driven decisions.

Availability: US only

  • Contract Summary Tab: Consolidates key contract data into a single view, giving teams clear insight into billing, purchasing, and project details. This reduces inefficiencies, mitigates risk, and empowers faster, more informed decision-making.

Availability: US, UK, Canada, South Africa, Australia

  • Tessitura Ticketing Connector: Integrates ticketing and financial data for arts and culture organisations. With this connected solution, billing and payment data flow effortlessly between systems, eliminating manual entry, improving accuracy, and providing a 360-degree view of an organization’s financial health.

Availability: US only

  • Goods and Services Tax support for New Zealand and Singapore: Delivers local tax setup and reporting capabilities. With automated GST configuration, businesses can maintain compliance with ease and scale confidently into new markets.

Availability: Early Adopter in New Zealand and Singapore

Leave a comment »

Steam Gets Pwned Via Third Party Service Getting Pwned

Posted in Commentary with tags on May 13, 2025 by itnerd

If you have a Steam account, it’s time to change your password. Here’s why:

This Tweet was then followed with this:

So the net result is that 89 million Steam accounts are basically compromised. But the bad news doesn’t end there. The company that was pwned was Twillo. If that name sounds familiar, it is because that is the company behind the Authy authentication app. And that company was pwned last year with the details behind the app being kind of murky. None of this has been confirmed by Twillo. But it should not stop Steam users from dropping what they are doing and changing their passwords right now as well as being on the lookout for suspicious emails, phishing attacks and the like.

1 Comment »

Stackpack Raises $6.3M to Solve the $475B Vendor Chaos Problem

Posted in Commentary with tags on May 13, 2025 by itnerd

Stackpack, the first intelligent Vendor Stack Management platform helping companies regain control over their growing network of third-party vendors, has raised $6.3 million. Freestyle Capital led the investment, with additional participation from Elefund, Upside Partnership, Nomad Ventures, Layout Ventures, MSIV Fund and strategic angels from Intuit, Workday, Affirm, Snapdocs and xAI.

Modern businesses are powered by a vast web of third-party providers — AI tools, SaaS platforms, contractors, and managed services. Yet most teams still manage these critical partnerships with spreadsheets, scattered documents, and crossed fingers. Stackpack is changing that.

Founded in 2023 by Sara Wyman, a veteran of Etsy and Affirm, Stackpack emerged from firsthand experience with the chaos and cost of unmanaged vendors. Wyman saw how missed renewals, redundant tools, and growing compliance risks could quietly drain budgets and introduce operational risk — and recognized that the vendors powering a business were as essential to its success as its internal team.

With Stackpack, finance and IT teams get a single source of truth for all third-party vendors – automatically surfacing renewal dates, contract owners, shadow IT, compliance gaps, and savings opportunities. The platform uses AI to not only uncover blind spots, but also acts on behalf of customers as an agent to ensure nothing falls through the cracks. Ultimately, Stackpack turns vendor sprawl into strategic advantage.

The early team behind Stackpack includes early leaders from PayPal, eBay, Adobe, Asana, Twilio, and Google — operators uniquely positioned to build a networked platform and scale it from early stage to market leadership.

Stackpack enters the market at a critical moment: Over $475 billion is spent annually on third-party software and services in the U.S. alone, with an estimated 25% of it going unused. Payroll budgets are shifting to outsourced contractors and AI expense. Compliance risks are multiplying as third-party vendors handle sensitive data. A lack of transparency in renewal dates and pricing are wrecking budgets and forecasts. Today’s finance and IT teams need real-time visibility, automated guardrails, and tighter controls more than ever, and Stackpack is building the platform for this new era.

Just months after launch, Stackpack is already managing over 10,500 vendors and $510 million in spend across more than 50 customers, including Every Man Jack, Rho, Density, HouseRx, Fexa, and ZeroEyes.

Alongside its core Stack Management platform, Stackpack is now expanding beyond visibility with a second product: Requests & Approvals, currently in beta. Designed as a lightweight, affordable alternative to platforms like Zip and Coupa, it gives teams a faster way to evaluate and approve vendor requests. Over time, Stackpack also plans to help customers discover and evaluate new partners.

Looking ahead, Stackpack’s mission is to help companies connect with the right partners, at the right time, on the right terms – transforming vendor management into a strategic capability. 

Leave a comment »

New Specops Research: FTP Ports Under Attack: Which Passwords are Hackers Using

Posted in Commentary with tags on May 13, 2025 by itnerd

A just-published Specops Software Research Report reveals passwords being used to attack FTP ports over the past 30 days, in live attacks happening against real networks.

The Specops Software research team found the most common passwords being used in brute force attacks, as well as the frequencies of password lengths and complexities.

This research coincides with the latest addition of over 133 million compromised passwords to the Specops Breached Password Protection service. These passwords come from a combination of our honeypot network and threat intelligence sources.

To view the full research report, please see this link FTP ports under attack: These Passwords use hackers [New Research

Leave a comment »

Black Kite Releases 2025 Ransomware Report, Revealing 123% Increase in Ransomware Attacks Over Two Years

Posted in Commentary with tags on May 13, 2025 by itnerd

Black Kite today announced its newest report, 2025 Ransomware Report: How Ransomware Wars Threaten Third-Party Cyber Ecosystems, which provides a deep analysis into evolving ransomware trends and threats. The report found that threats have escalated with more actors, less predictability, and deeper entanglement in supply chains, underscoring an urgent need for organizations to implement intelligence-driven defenses and proactive vendor monitoring.

Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. As uncovered by Black Kite’s Research & Intelligence Team (BRITE), the number of publicly disclosed victims saw a 25% increase from the previous year. This follows a steep rise in the previous period with an 81% surge, amounting to a 123% increase over two years. The year also saw a noticeable uptick in attacks against small and mid-sized businesses (SMBs) due to their less robust cybersecurity defenses and lower risks of retaliation, and a rise in supply chain warfare with attackers focused on third-party vendors where just one compromised provider can disrupt dozens to hundreds of downstream organizations. These incidents, often called silent breaches, can go unnoticed until their ripple effects halt operations across industries.

Leveraging data and machine learning, Black Kite’s Ransomware Susceptibility Index® (RSI™) proved to be a critical signal. A numerical score between 0.0 and 1.0, with a higher score representing greater susceptibility to a ransomware attack, RSI goes beyond cyber risk metrics and provides a composite score that incorporates technical indicators and intrinsic risk factors. In fact, for those with RSI above 0.8, nearly half (46%) were attacked, and most organizations showed rising RSI trends well before a breach.

The report’s key findings include:

  • Publicly disclosed ransomware victims climbed to 6,046, a 24% increase year over year, and more than doubled since 2023
  • 52 entirely new groups emerged in the last year, resulting in 96 active ransomware groups
  • Under-resourced, understaffed, and underprepared, SMBs ($4M-$8M) were the most frequently targeted
  • Ransomware was responsible for 67% of known third-party breaches
  • 46% of organizations with RSI greater than 0.8 experienced ransomware attacks
  • With smaller, less sophisticated operators that often lack the infrastructure to run complex extortion operations, ransom payment values declined by 35%, but the overall impact has widened

Ransomware is no longer dominated by large syndicates. Today’s organizations must contend against smaller groups that have less experience but the same intent – disrupt, extort, and repeat. While the tactics lack the sophistication of their predecessors and the targets are smaller, the volume and unpredictability of this new era of ransomware presents a new set of challenges. Organizations must also defend against AI-driven ransomware that enables attackers to bypass existing security systems and could evade detection, like analyzing EDR logs or monitoring incident response communications to adjust ransom demands.

Access the full report here.

Methodology

The findings in this report are the result of a comprehensive year-long investigation conducted by the Black Kite Research & Intelligence Team (BRITE), covering the period between April 1, 2024 and March 31, 2025. The methodology combines continuous monitoring of ransomware operations with detailed victim analysis and dark web intelligence gathering:

  • BRITE monitored activity from over 150 ransomware groups, tracking their leak sites, extortion posts, and public disclosures. A group was considered “active” if it published at least one victim within the last 12 months. By March 2025, 96 groups met this threshold.
  • A total of 6,046 victims were identified through leak site monitoring, cross-validated with open-source intelligence and internal telemetry. For each victim, BRITE analysts determined industry classification using NAICS codes, headquarters location by country, and estimated company size based on publicly available financials or trusted databases. BRITE also leveraged the Black Kite platform to assess each victim’s cybersecurity posture before and after the incident, helping to identify patterns in susceptibility and exposure.
  • To complement leak site tracking, BRITE actively monitored ransomware blogs, Telegram channels, and dark web forums to identify group narratives, affiliate activity, and coordination patterns. This enabled the team to detect new groups quickly and contextualize victim disclosures beyond surface-level postings.

Leave a comment »