Archive for June 4, 2025

Google Issues A Warning About A Threat Actor Going After Salesforce Data

Posted in Commentary with tags , on June 4, 2025 by itnerd

Threat actor “UNC6040” is impersonating IT support personnel at organizations via vishing (voice phishing) attacks to trick employees into granting them access to sensitive credentials, ultimately facilitating the theft of an organization’s Salesforce data.

Google has put out a warning about this which you can read here: https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion

James McQuiggan, security awareness advocate at KnowBe4, commented:

“You wouldn’t blindly open your front door to a stranger, so we must consider whether you should pick up the phone and trust the voice on the other end.
Ask yourself: Were you expecting this call?

“Think about it. If someone knocked at your door and you weren’t expecting anyone, would you swing it open? Probably not. Most of us would peek through the window, check the camera, or at least ask, “Who is it?” The phone shouldn’t be any different. If you weren’t expecting a call from your IT support team, cloud service provider, or a software vendor, don’t assume the call is real. Cybercriminals are banking on that assumption. They’re hoping you’ll pick up the phone and follow instructions without pausing to think. If you do pick up, always verify. Sometimes, we do answer the door. The same goes for the phone. But once the conversation starts, stay skeptical. If the caller says they’re from a tech company and need access to your system, pause. Ask for their name, case number, and callback number. Then, hang up. Go to the company’s official support page or contact your tech team using another communication method. Contact them directly. See if there’s a case with your name on it. Assuredly, there isn’t.

Remember: legitimate tech companies don’t call you to fix an issue with your computer or application. That’s not how it works.

“There’s often a moment of hesitation. You don’t want to seem rude. You think, “What if this is real?” But being polite shouldn’t cost you your security when it comes to your data and username or password. Hanging up isn’t rude. It’s responsible.

Treat unexpected phone calls like you treat an unexpected knock at your door. Stop. Look. Verify. And if something feels off, it probably is. Stay cautious. Stay curious. And remember, security starts with a simple question: “Do I know who’s calling?”

Any organization that uses Salesforce should heed Google’s warnings and take action to educate their users so that they are not victims of this campaign. And I think it’s safe to say that we’ll be seeing more of this type of campaign going forward as threat actors wouldn’t do this if it were not effective.

Leave a comment »

Lee Enterprises Discloses That Almost 40K People Have Had Their Information Stolen In A Ransomware Attack

Posted in Commentary with tags on June 4, 2025 by itnerd

Newspaper giant Lee Enterprises has reported that personal information belonging to 39,779 people was stolen in a February 2025 ransomware attack which you can read about here.

Jim Routh, Chief Trust Officer at Saviynt had this to say:

“Sophisticated threat actors continue to target enterprises with a high likelihood of making an extortion payment to resume critical operations. Often the threat actors will target an enterprise data replication and recovery infrastructure to create great disincentive to avoid a ransom payment. 

“The key for enterprises to avoid these types of attacks is to supplement their privileged access user monitoring system (PAM) with continuous validation based on user behavior analytics. Any significant deviation of pattern by a privileged user results in an automatic revocation of the entitlement operating in milliseconds. Continuous validation is not common for enterprises today, but it offers an essential control to reduce the risk of a ransomware attack causing significant business disruption.”

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 adds this:

“This seems like a standard, run-of-the-mill ransomware event. It is a little concerning that the breach happened in early February and impacted victims are just learning about the breach 4 months later. That isn’t timely.

“Second, this is the second data breach they suffered. What can they tell customers and employees to allay fears of another breach? Do they know how this breach happened, or the last? What steps are they taking to make sure that further breaches using the same methods or other hacking methods don’t happen again?

“Every company is given one breach forgiveness. But not two. When the second breach happens, customers and victims need to know how the breach happened (likely social engineering, unpatched software or firmware, or weak credentials), and what steps the company is taking to prevent it from happening again. Customers won’t likely give automatic forgiveness for the third breach.”

I will be interested in finding out what actually happened here and what Lee Enterprises will do to stop it from happening again. Hopefully those details actually see the light of day seeing as almost 40,000 people have been affected in this attack.

Leave a comment »

Sage Announces A Number Of Items At Sage Future

Posted in Commentary with tags on June 4, 2025 by itnerd

Sage made several major announcements at its annual conference, Sage Future, in Atlanta today, which largely focuses on their vision and roadmap to empower professionals with new AI capabilities to drive efficiencies and greater value for their customers.

Today’s announcements Include:

Sage Copilot for Sage X3

Most notably, Sage announced the global availability of Sage Copilot for Sage X3, which marks the first time the company’s advanced generative AI productivity assistant, Sage Copilot which is designed to transform business management and operations is available to Canadian businesses.  Sage Copilot for Sage X3 will first focus on empowering sales managers and representatives to easily query customer orders, shipping timelines, and fulfilment issues.  Now with Sage Copilot, Sage X3 users will benefit from

  • Conversational interaction
  • Real-time operational alerts
  • Sales intelligence that anticipates risk
  • A unified 360° view

AI Trust Label

Sage also announced the development of its AI Trust Label – a first-of-its-kind initiative to bring greater clarity and accountability to how AI is developed and used in business software.  The AI Trust Label is designed to provide customers with clear, accessible information about the way AI functions across Sage products. 

The Trust Label focuses on key trust indicators such as compliance with privacy and data regulations, how customer data is used, the presence of safeguards to prevent bias and harm, and the systems in place to monitor accuracy and ethical performance. This initiative allows SMBs to understand how AI impacts them – without needing a technical background.

Agentic AI

Sage announced its vision for the next wave of artificial intelligence with the potential of agentic AI and autonomous agents helping SMBs in a third wave of innovation.  The company discussed its next phase of AI strategy and how Sage is building on its AI heritage and expanding into the emerging space of Agentic AI.


Sage Intacct Roadmap

The company also announced how Sage Intacct will leverage AI, automation and deep industry insights to propel finance teams into a new era of high performance by unveiling the Sage Intacct product roadmap, giving customers a clearer view of what’s coming next.  As part of the roadmap, organizations can expect more AI capabilities coming to Intacct, including:

  • Close Workspace
  • Enhanced AP Automation
  • Continuous Assurance
  • Cash Flow Prediction & Optimization
  • Developer Tools for Sage Copilot

CPA AI Collaboration

Sage announced a first-of-its-kind collaboration with CPA.com, the business and technology subsidiary of the American Institute of CPAs (AICPA), to license select AICPA resources to train Sage Copilot. The collaboration is about building trusted connections between the technology sector and the accounting profession, between innovation and governance, and between local leadership and global consistency. It signals Sage’s commitment to responsible, industry-aligned AI development and its ambition to help shape the future of finance with transparency and rigour.

High Performance Finance Software

Sage unveiled “High-Performance Finance Software”, a new brand mission to empower modern CFOs with the tools, skills, and community they need to lead in today’s economy. As part of the program, Sage will launch a CPE accredited training program for high-potential finance leaders, providing them the strategic tools and competencies to be the catalysts of growth.

Sage Supply Chain Intelligence

Sage announced Sage Supply Chain Intelligence to help operating teams reduce delays by 35%, protect margins, and scale faster without overhauling their existing systems. Since acquiring Anvyl in 2024, Sage has rebranded and expanded the solution to create Sage Supply Chain Intelligence, an offer that gives more SMBs greater control and collaboration across the first mile of their supply chain.

Leave a comment »

Nelson’s Platform, Edwin, Named “Digital Learning Platform of the Year” In 2025 EdTech Breakthrough Awards Program

Posted in Commentary with tags on June 4, 2025 by itnerd

EdTech Breakthrough, a leading market intelligence organization that recognizes the top companies and solutions in the global educational technology market, today announced that Nelson, Canada’s leading education content provider, has been selected as winner of the “Digital Learning Platform of the Year” award in the 7th annual EdTech Breakthrough Awards program.

The 2025 EdTech Breakthrough Award recognizes the breakthrough innovation of Nelson’s digital learning platform, Edwin, which combines curriculum-aligned content, interactive tools, and dedicated support. The curriculum-aligned resources help educators save time with lesson planning, student assessment, and engaging supports. Edwin’s relevant and differentiated content builds classroom equity, while various modes of content such as text audio, and video, help students demonstrate their progress.

An Edwin license provides access to core curriculum content across subjects like Math, English Language Arts, Social Studies, and Science. Beyond core subjects, Edwin Essentials equips students with life skills including financial literacy, digital citizenship, cultural competence, global awareness, and personal growth. The content is designed to be flexible, engaging, and can be delivered as whole-class lessons, small groups or independently based on student interest. This approach supports the development of well-rounded learners in a rapidly changing world.

Edwin has been recently updated with the addition of a math progress check tool. The new user-friendly tool seamlessly integrates with the existing curriculum, making it easier for teachers to track student performance, identify areas for improvement, and prepare students for provincial testing. By measuring student progress, educators can easily tailor instruction to meet the needs of each learner.

In addition to the progress check tool, Edwin also offers new supports and resources that are regularly updated to ensure content is timely, engaging and curriculum-aligned. Other recent updates to Edwin include changes to its “browse by curriculum” feature where teachers can easily access the latest curriculum-linked content for their subjects with the click of a button.

The mission of the EdTech Breakthrough Awards is to honor excellence and recognize the innovation, hard work and success in a range of educational technology categories, including Student Engagement, School Administration, Adaptive Learning, STEM Education, Remote Learning, Career Preparation and many more. This year’s program attracted thousands of nominations from over 15 different countries throughout the world.

Leave a comment »

App-Building Platform Exposed 3.6M+ Creators, Influencers & Entrepreneurs Records

Posted in Commentary with tags on June 4, 2025 by itnerd

vpn Mentor just published cybersecurity researcher Jeremiah Fowler’s latest findings, revealing a non-password protected database linked to an app-building platform designed for creators, coaches, influencers, celebrities, and entrepreneurs.

The database exposed 3,637,107 records totaling 12.2 TB, including names, emails, physical addresses, profile images, internal documents, invoices, payment files, and other sensitive data.

This breach raises major concerns about privacy and platform security. With so much sensitive data exposed, the risks of phishing, fraud, and identity theft are high.

You can find the full report here: https://www.vpnmentor.com/news/report-passionapps-breach/

Leave a comment »

Cobalt Launches New Product Innovations to Enhance Pentest Transparency, Automation, and Risk Prioritization

Posted in Commentary with tags on June 4, 2025 by itnerd

 Cobalt today announced a set of powerful product enhancements within the Cobalt Offensive Security Platform aimed at helping customers scale security testing with greater clarity, automation, and control. These innovations further the company’s commitment to deliver expert-driven, fast-to-launch pentesting, now with even richer data and streamlined workflows.

The Cobalt Platform centralizes access to security services from a team of expert pentesters, making it easier to find and fix vulnerabilities across an organization’s environments. By enabling faster pentest launches, real-time collaboration with testers, continuous scanning, and seamless integration with remediation workflows, Cobalt helps security teams of all sizes identify their critical issues and accelerate risk mitigation. With these new enhancements, pentesters can:

  • Gain clearer risk prioritization. By having standardized CVSS v3.1 scores alongside OWASP ratings for every finding, users get a clear, objective understanding of vulnerability severity. This allows users to focus their remediation efforts on the most critical issues first, saving time and resources while strengthening their security posture. CVSS data will also be readily accessible via reports, CSV exports, the public API, and integrations.
  • Achieve deeper insight and trust in their pentest results. Final pentest reports will now feature a detailed Coverage Checklist with associated findings. This enhancement increases transparency by providing a holistic overview of testing scope and methodology, while linking findings directly to test activities—making it easier for users to analyze results and take action.
  • Simplify recurring vulnerability workflows. A new configuration option will streamline workflows for recurring or retested vulnerabilities. Users can choose to automatically associate carried-over findings with existing tickets or generate new ones for separate tracking—saving time and reducing confusion in vulnerability management workflows.
  • Launch pentests with unprecedented ease and speed. Launching a pentest is as simple for pentesters as ordering a pizza. With an intuitive new flow, users can select from a full menu of pentest options, customize requirements, such as requesting a debrief call, and place their order in minutes—improving usability and accelerating test launches.

Cobalt continues to lead the offensive security market by making pentesting more actionable, transparent, and scalable. Whether launching a test within 24 hours, integrating insights directly into development pipelines, or enabling compliance reporting with precision, the Cobalt Platform is purpose-built for today’s security and DevOps teams.

Leave a comment »

Interlock Claims Kettering Health Cyber Attack

Posted in Commentary with tags on June 4, 2025 by itnerd

This morning, ransomware gang Interlock posted Kettering Health to its data leak site. It alleges to have stolen 941 GB of Kettering’s data, which includes 732,490 files across 20,418 folders and appears to contain ID cards, payment data, financial reports, and more.

In a blog post today, Rebecca Moody, Head of Data Research at Comparitech, commented:

“Interlock first began adding victims to its data leak site in October 2024. As with most ransomware gangs today, it seeks a ransom payment for the decryption of systems and the deletion of stolen data. Since October 2024, we’ve tracked 17 confirmed attacks via this group and a further 22 unconfirmed attacks that haven’t been acknowledged by the organizations in question. Interlock was also responsible for the April 2025 attack on kidney dialysis firm DaVita. This too caused widespread disruption to patient care and saw a large breach of 1.5 TB of data.”

“2025 has already seen 26 confirmed attacks on US healthcare companies, as well as a further 92 unconfirmed. Other recently confirmed attacks include Marlboro-Chesterfield Pathology, P.C. which was hit by SafePay in January 2025. This resulted in a data breach involving 235,911 people.”

“Over the last week, Bradford Health Services and Next Step Healthcare, LLC have started notifying patients of breaches stemming from older ransomware attacks. Bradford Health Services suffered an attack via Hunters International in December 2023 and has now confirmed 22,465 people were affected. Meanwhile, Next Step Healthcare, LLC has just started notifying 12,090 people of a breach following an attack via Qilin in June 2024.”

“As we are seeing with Kettering Health, ransomware attacks on healthcare companies have the potential to cause widespread disruption. Not only can they result in patient care being impacted after systems are encrypted, but the consequences are often felt months, and even years, afterward when data is stolen by hackers. In 2024 alone, nearly 27.3 million records were breached across 163 individual ransomware attacks on US healthcare companies.”

Once again, health care is the victim of a cyberattack. This isn’t a trivial event as any attack can cost lives potentially. More focus is needed to change this paradigm and that needs to happen fast.

Leave a comment »