Archive for June 9, 2025

Optima Tax Relief Pwned By The Chaos Group

Posted in Commentary with tags on June 9, 2025 by itnerd

Optima Tax Relief was hit by a ransomware attack by Chaos group threat actors who are now leaking 69 GB of data stolen from the company. Bleeping Computer has details:

Today, the Chaos ransomware gang added Optima Tax Relief to its data leak site, claiming to have stolen 69 GB of data. 

This data contains what appears to be corporate data and customer case files. Tax documents commonly contain sensitive personal information, such as Social Security numbers, phone numbers, and home addresses, which can be used for malicious activity by other threat actors or identity theft.

Sources with knowledge of the attack told BleepingComputer that this was a double-extortion attack, with the threat actors not only stealing data from the company but also encrypting servers.

Ensar Seker, CISO at SOCRadar:

“The Optima Tax Relief breach underscores the growing interest of ransomware groups like Chaos in targeting high-trust financial service providers that handle sensitive personal data. This isn’t just a business disruption issue, it’s a national identity risk.

Tax resolution firms like Optima are rich targets because they aggregate the full spectrum of personally identifiable information (PII): Social Security numbers, tax documents, financial disclosures, and often even power-of-attorney authorization records. When exfiltrated, this data doesn’t just enable identity theft, it fuels secondary fraud operations for years.

“The fact that this was a double-extortion attack, involving both encryption and data theft, is unfortunately now the standard playbook. What’s more concerning is that Chaos ransomware has only recently emerged, yet already demonstrates the operational maturity of a seasoned group. Their ability to launch effective attacks and publicize breaches so quickly suggests they’re leveraging pre-existing access-as-a-service networks or recycled stealer logs for rapid compromise.

“From a defender’s standpoint, this is a call to action: Organizations that handle financial or tax data need to treat endpoint telemetry, privileged access management, and data exfiltration detection as minimum baselines. And more broadly, this reinforces the importance of having not only an incident response plan but a breach communications plan tailored for sensitive customer-impact scenarios.”

Erich Kron, Security Awareness Advocate at KnowBe4:

“The Chaos ransomware group is fairly new on the scene but has claimed a few victims already. This victim is an interesting one due to the significant amount and types of data that were collected and likely stolen. The customers will have provided not only Social Security numbers and other personal information, but also a lot of personal and sensitive financial information that may be embarrassing and that they may not want to be made public. The type of information stolen could also be used by social engineers to convince victims that they are from Optima and may lead to future scams and financial losses.

“The specific attack vector has not been released, but generally speaking, ransomware is most often spread through attacks on the humans within organizations, such as email phishing, vishing, or smishing. For this reason it is very important for organizations to have a robust and well-planned human risk management (HRM) program in place.”

This is an attack that will not end well. Not for Optima, and not for their customers. Expect this hack to reverberate for months or longer.

Leave a comment »

Destructive NPM Packages Disguised as Utilities Enable Remote System Wipe

Posted in Commentary with tags on June 9, 2025 by itnerd

Researchers have discovered two malicious NPM packages that register hidden HTTP endpoints to delete all files on command. The packages masquerade as legitimate utilities while implementing backdoors designed to destroy production systems.

You can get more details on this rather nasty malware here: https://socket.dev/blog/destructive-npm-packages-enable-remote-system-wipe

Jim Routh, Chief Trust Officer at Saviynt, commented:

“This is a case of a software supply chain compromise using malware designed to appear to be benign that then activates a back door once it is embedded. The key for enterprises is to improve the identity access management for everyone with access to the software build process including employees and contractors.”

This pretty much highlights why you need to sanity check anything and everything that goes into software so that you don’t become an unwitting transit mechanism for this type of attack.

Fun times.

Leave a comment »

Grocery wholesale giant United Natural Foods hit by cyberattack

Posted in Commentary with tags on June 9, 2025 by itnerd

United Natural Foods (UNFI), North America’s largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack. The Rhode Island-based company operates 53 distribution centers and delivers fresh and frozen products to over 30,000 locations across the United States and Canada:

On June 5, 2025, United Natural Foods, Inc. (the “Company”) became aware of unauthorized activity on certain of its Information Technology (IT) systems. The Company promptly activated its incident response plan and implemented containment measures, including proactively taking certain systems offline, which has temporarily impacted the Company’s ability to fulfill and distribute customer orders. The incident has caused, and is expected to continue to cause, temporary disruptions to the Company’s business operations. The Company is working actively to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals and has notified law enforcement. Pursuant to its business continuity plans, the Company has implemented workarounds for certain operations in order to continue servicing its customers where possible. The Company is continuing to work to restore its systems to safely bring them back online.

The investigation to assess the impact and scope of the incident remains ongoing and is in its early stages.

Erich Kron, Security Awareness Advocate at KnowBe4

“Operations such as this often work on a very tight timeline, so the pressure can be high to get systems up and running as soon as possible. This is what attackers hope for as they dangle the idea in front of the victims that paying the ransom will get organizations back online quickly. While decrypting the data could possibly restore operations more quickly, there is a huge danger that back doors are left in place to be exploited again, or that after payment, encrypted files turn out to be corrupted and unrecoverable.”

“Not only do attacks such as these really put the pressure on the victim, but the organizations that rely on the products are also put in a spot as well. If the wholesaler can’t get items to the retailer, the retailer suffers greatly as well and might look for other options to make future purchases, costing the wholesaler customers and their reputation.”

“Since the vast majority of ransomware attacks are started by exploiting employees, organizations should have a robust human risk management program in place to address threats such as social engineering, poor credential hygiene, and other human-centric threats.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech

“Although UNFI hasn’t stated as much, this attack has all the hallmarks of ransomware. Ransomware attacks can lock down computer systems, forcing companies to pay a ransom or face extended downtime and permanent data loss. These attacks can cripple companies and even force them to shut down permanently in some cases, so they should not be taken lightly. This attack could have knock-on effects including higher food prices for consumers.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“Cyberattacks like the one UNFI has been hit with can cause delays in deliveries, product shortages, and even store closings and temporary layoffs, due to organizations’ reliance on computer systems. While we don’t know exactly what type of attack has been launched against UNFI or how it was launched, it does emphasize how companies need to ensure that their internal systems, as well as those of their suppliers and partners, are kept up to date to plug security holes.”

I for one would would like to see more details disclosed. As in what happened, what the downstream effects are, and what UNFI will do to ensure that it doesn’t happen again. Because that will enable it’s business partners and the public to trust them going forward.

Leave a comment »

Ricoh brings greater efficiency to light-production segment with its next generation of sheet-fed digital printers

Posted in Commentary with tags on June 9, 2025 by itnerd

Ricoh today announced the launch of its newest color light-production sheet-fed digital printers, the RICOH Pro C5400S and RICOH Pro C5410S (RICOH Pro C5400S Series). With professional color consistency and precise front-to-back registration, the RICOH Pro C5400S Series offers the powerful production print quality of higher-volume presses in a more compact and versatile design, allowing businesses such as marketing agencies to outsource less work, and commercial printers to keep shorter-run print jobs from tying up larger production systems.

Building on the strengths of its predecessors, the RICOH Pro C5300S and RICOH Pro C5310S, the RICOH Pro C5400S Series inherits key features, such as high-speed output and excellent paper handling while delivering significant improvements in core performance. The warm-up time has been drastically reduced from 120 seconds to 26 seconds for the Pro C5410S, and 30 seconds for the Pro C5400S, greatly boosting user productivity. The scanning speed has also increased, and the adoption of capacitive touch significantly enhances usability and response of the 10.1” Smart Operation Panel. Additionally, the Series features an industry-first staple-less binding option for the SR5130 and SR5140 finishers that uses water to moisten and press pages together, enabling staple-less binding up to 16 sheets (80 gsm/20lb bond), reducing injury and waste from staples, and making it easier to shred and recycle documents.

With high-image quality, versatile media handling capabilities, and print speeds up to 80 ppm, the RICOH Pro C5400S Series meets a wide range of promotional material applications in light-production printing, supporting customers to drive revenue growth. In-plant and franchise print shops can expand their services with greater media support for coated, specialty, and synthetic stocks up to 360 gsm, adding immediate value to their operations with a system that can serve as the center of their production environment. Moreover, expanded core specifications heighten ease of use in office settings, contributing to greater operational efficiency.

For print service providers and commercial printers, the RICOH Pro C5400S Series serves as high-quality, light-production print devices with improved image registration accuracy, achieved through refined paper feeding stability and more precise image adjustment functions. Additionally, an upgraded user interface for paper settings ensures consistent print quality, providing strong support for professional printing operations.

The RICOH Pro C5400S Series is currently on display at IPMA 2025, June 8-12, at the Davenport Grand Hotel in Spokane, WA. Attendees can visit Ricoh’s booth to learn more about the new Series, as well as Ricoh’s full lineup of production and commercial print technology and solutions.

Key features and benefits of the RICOH Pro C5400S Series

For Enterprise

Enhanced usability and efficiency for office environments.

  • Faster startup and output: Warm-up time of just 26 seconds for the Pro C5410S and 30 seconds for the Pro C5400S. First copy output in full color as fast as 6.5 seconds for the Pro C5410S and 7.2 seconds for the Pro C5400S.
  • Improved scanning speed: Duplex scanning up to 300 pages per minute. New AI-powered orientation detection and support for continuous scans of small-format documents, such as business cards, enhancing workflow efficiency.
  • New capacitive touch: Android-based 10.1” Smart Operation Panel upgraded with capacitive technology for improved touch response, enhancing user experience.

Versatile media capability and advanced finishing options. 

  • Supports various types of media, including coated paper, waterproof paper, envelopes, clear files, and long sheet printing up to 51 inches or 1,300 mm to increase output possibilities.
  • Industry-first staple-less binding function: Uses water to moisten and press pages together, binding up to 16 sheets, ideal for safety-conscious environments, such as food services and educational institutions like kindergartens and nursing care facilities. It does not require consumables and is designed to allow easy waste separation at the time of disposal, showing consideration for the environment.
  • Compact folding unit: The paper folding option has been reduced in width to about 8.22 inches, less than half of the previous model, achieving a space-saving design. It supports the folding of coated paper and tri-folding of long sheets, expanding the range of compatible tasks and business for customers.

For Commercial Printing

Advanced functionality for stable and high-quality output.

  • New optional envelope fusing unit: Operator installed and easy to use, it offers improved print quality and printing speed of envelopes, reducing waste associated with envelope printing and boosting productivity.
  • Improved paper transport stability: Redesigned Vacuum Feed Large Capacity Input Tray (LCIT) improves paper transport stability and significantly enhances image registration accuracy for duplex and long sheet printing.
  • Advanced image alignment: Trapezoidal and right-angle correction functions for even higher precision in image alignment.
  • Enhanced paper setting user interface: Operators can easily adjust and program paper settings for optimal print performance based on their print application, which further enhances the overall output quality.
  • Simplified transfer conditions adjustment: Outputs adjustment charts (sample prints) for multiple transfer conditions, allowing users to select their desired result, streamlining setup and minimizing pre-printing adjustment time.
  • Expansive selection of inline finishers: Option to add new GBC Steampunch Plus to support more binding and punch applications, and new Plockmatic 435e series finishers for saddle stitch booklet making.

Environmental qualities

The use of post-consumer recycled materials has increased by more than five times compared to the previous models, contributing to customers’ environmental management and sustainability initiatives.

For more information, please visit: https://www.ricoh-usa.com/en/products/commercial-industrial-printing.

Leave a comment »

Samsung Canada’s Sweetheart Hotel at STACKT Market Announced

Posted in Commentary with tags on June 9, 2025 by itnerd

In an era of online dating, finding love seems harder than ever. This is partly because crafting a profile that represents you is not as easy as it looks.  

That’s why between June 21st and July 6th, Samsung and Gemini Live are saving hopeful singles and giving their dating lives a boost by opening up the Samsung Sweethearts Hotel – a dreamy pop-up hotel where guests go hands-on with the new Galaxy S25 Edge to create the perfect dating profile, their ideal dream date, and even have the chance to win seeing their dreams come to life! 

At this limited time pop-up, you’ll also have the chance to: 

  • Bio Glow-Up: Create a fake dating profile on a custom microsite app called “Samsung Connections” and describe yourself to Gemini Live. It will then generate a fun and customized bio. You can also grab a bracelet to indicate your relationship status 
  • Red Flag Detect: Use Gemini Live to browse others’ dating profiles for red flags  
  • Fit Check: Upon entering a hotel room, use Gemini Live to suggest the perfect look based on your date  
  • Who said romance is dead? Use Gemini Camera to create a meaningful bouquet. Then use Sketch to Image to create a card that goes with the bouquet  
  • Free Gifts: Stop by the Sweetheart Shop to pick up a souvenir and redeem a prize  
  • Sweet Treat: Be sure to stop by the bar and order a sweet treat using Live Translate  

When: June 21 – July 6, 2025 

Where: STACKT Market , 28 Bathurst St, Toronto, ON M5V 0C6 

Admission: Free! 

Leave a comment »

Black Kite Introduces AI-Powered Cyber Assessments,

Posted in Commentary with tags on June 9, 2025 by itnerd

Black Kite, today announced AI-powered cyber assessments, an automated solution for streamlining third-party cyber risk assessments. With its automation-led approach, Black Kite is redefining how enterprises assess risk across their vendor ecosystems to make informed decisions and bring cyber resilience to their supply chain.

Purpose-built to empower enterprises by eliminating manual effort, compressing assessment timelines from months to minutes, and delivering more accurate, intelligence-driven insights, Black Kite parses vendor documentation, leverages trust center data, and maps everything to industry frameworks. If gaps remain, teams can choose to send a focused questionnaire. Additionally, AI-powered cyber assessments integrates directly into the Black Kite platform, transforming traditionally tedious and inconsistent assessment workflows into automated, auditable, and scalable processes.

Key features and benefits include:

  • Automation at every step: Initiates cyber assessments instantly using readily available intelligence and documentation, eliminates manual review tasks by leveraging AI to read, extract, and summarize documents, and accelerates risk workflows by automating document-to-control mapping and response generation.
  • Accurate, risk-driven insights: Analyzes robust, audit-quality documents written by practitioners to extract trustworthy data, maps technical findings to assessment controls using AI and embedded intelligence, surfaces risks that are actionable and verifiable, not just self-reported by vendors, and quantifies vendor risk using Open FAIR™ to inform business decisions.
  • Collaboration and tracking: Shares findings with internal teams and vendors through The Bridge™ workspace, establishes persistent workspaces to centralize documentation, findings, and communication, and monitors changes over time and documents actions for audit-readiness.

With this new offering, Black Kite is flipping the traditional model by starting with automation and leveraging AI from the outset to streamline and scale vendor risk assessments. Now, assessments kick off with intelligence rather than a spreadsheet.

Black Kite AI-powered cyber assessments is available as a component of a package, including Assess, Extend, and Monitor. Check it out now.

Leave a comment »