Archive for July 16, 2025

« Older Entries

Saviynt Announces Availability of Saviynt MCP Server in the New AWS Marketplace AI Agents and Tools Category

Posted in Commentary with tags on July 16, 2025 by itnerd

Saviynt, a leading provider of identity security solutions, today announced the availability of Saviynt MCP Server in the new AI Agents and Tools category of AWS Marketplace. Customers can now use AWS Marketplace to easily discover, buy, and deploy AI agents solutions, including Saviynt MCP Server using their AWS accounts, accelerating AI agent and agentic workflow development.

Saviynt MCP Server helps organizations extend the capabilities of Saviynt Identity Cloud by empowering customers to turn natural language prompts into precise identity actions—such as retrieving and analyzing access patterns, evaluating cross-application access, and initiating governance workflows including access approvals and revocations.

Saviynt MCP Server delivers essential capabilities including unified identity visibility that instantly visualizes access across cloud, hybrid and on-premises environments. With context-rich governance powered by MCP-based queries, organizations can link access to policies, approvals, and usage. Its AI-ready integration streamlines automation and accelerates compliance through seamless workflow orchestration.

With the availability of AI Agents and Tools in AWS Marketplace, customers can significantly accelerate their procurement process to drive AI innovation, reducing the time needed for vendor evaluations and complex negotiations. With centralized purchasing using AWS accounts, customers maintain visibility and control over licensing, payments, and access through AWS.

Available as a SaaS solution, Saviynt MCP Server leverages Model Context Protocol (MCP) to power intelligent agent interactions—bringing full-spectrum access visibility and automated governance to the forefront of AI-powered enterprises.

To learn more about Saviynt MCP Server in AWS Marketplace, visit the website. To learn more about the new AI Agents and Tools category in AWS Marketplace, visit https://aws.amazon.com/marketplace/solutions/ai-agents-and-tools/.

Leave a comment »

Adoption Agency Data Breach Exposed 1M+ Records

Posted in Commentary with tags on July 16, 2025 by itnerd

Cybersecurity researcher Jeremiah Fowler discovered and reported to WebsitePlanet a non-password protected database belonging to the Gladney Center for Adoption a Texas-based organization providing adoption and family services.

What happened:
The database containing 1,115,061 records and totaling 2.49 GB was found accessible to anyone with an internet connection. The data includes sensitive PII of children, adoptive parents, and internal employees, along with case notes, applications, decisions related to adoption cases and more.

Why it matters:
This kind of exposure raises serious privacy concerns, as the information could be exploited to run phishing scams, commit identity theft, impersonate agency staff, and more.

You can find the full report here: https://www.websiteplanet.com/news/gladney-breach-report/

Leave a comment »

KnowBe4 Wins 2025 Top Workplaces Industry Award

Posted in Commentary with tags on July 16, 2025 by itnerd

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, announced today that it is a 2025 Top Workplaces Industry winner. This recognition comes from Energage, a purpose-driven organization that develops solutions to build and brand Top Workplaces. The Top Workplaces program has a 17-year history of surveying and celebrating organizations nationally and across 60 regional markets. Top Workplaces Industry awards celebrate organizations that have built people-first workplace cultures within their sector. 

The award marks the winners as an employer of choice for those seeking employment in the industry. Top Workplaces awards are based on feedback from a research-backed employee engagement survey. Details about how KnowBe4 builds a great workplace culture are available on Top Workplaces.

To see open positions at KnowBe4, visit www.knowbe4.com/careers

Leave a comment »

Salt Typhoon Hacked National Guard for Nearly a Year…. WTF??

Posted in Commentary with tags on July 16, 2025 by itnerd

It is being reported that Salt Typhoon, an elite Chinese cyberspy group, hacked at least one US state’s National Guard network for nearly a year, the Department of Defense has found. Rather than quote anything, click the link and read for yourself. It will blow your mind.

Ensar Seker, CISO at SOCRadar:

“The revelation that Salt Typhoon maintained access to a U.S. National Guard network for nearly a year is a serious escalation in the cyber domain. This isn’t just an opportunistic intrusion. It reflects deliberate, long-term espionage designed to quietly extract strategic intelligence. The group’s sustained presence suggests they were gathering more than just files, they were likely mapping infrastructure, monitoring communication flows, and identifying exploitable weak points for future use. What’s deeply concerning is that this activity went undetected for so long in a military environment. It raises questions about visibility gaps, segmentation policies, and detection capabilities in hybrid federal-state defense networks. It’s another reminder that advanced persistent threat actors like Salt Typhoon are not only targeting federal agencies but also state-level components where the security posture might be more varied.”

Erich Kron, Security Awareness Advocate at KnowBe4

“In a time where we are often fooled into thinking cybercrime means somebody telling us that we missed jury duty, or convincing our loved ones of a long-distance romantic relationship, we sometimes miss the fact that this is more than a game and is played at the nation state level. Cybercrime has real dangers for real people and real governments as well.”

“The Typhoon groups, several different alleged Chinese-backed cybercrime groups that carry the ‘Typhoon’ moniker as part of their name, have been known to be very stealthy and very effective. This is just another example of the trouble they can cause and danger that they pose. While this was at the state level with the National Guard, it still goes to demonstrate that even our military forces are at risk from these cybercrime groups. As we’ve seen in several recent conflicts, cyberattacks play a critical role in military actions, often being coordinated with boots-on-the-ground actions as well.”

“These criminal groups must be taken seriously, which means that everyone from senior government leadership to the average citizen, needs to be at least somewhat aware of the threats, how to spot them, and who to report them to. Whether it’s stealing money from individuals to fund other operations, or trying to cripple infrastructure through cyberattacks, these bad actors are a clear and present danger

The fact that this group was able to basically stroll into this environment, pitch a tent, start a campfire and stay there for an entire year is crazy. It really shows that organizations seriously need to try harder to keep the bad guys out. Because who knows what these threat actors were able to do with the access that they had.

Leave a comment »

Sage and Stripe help small businesses get paid faster with Tap to Pay

Posted in Commentary with tags on July 16, 2025 by itnerd

Sage has today announced the launch of Tap to Pay in Sage Accounting. The new feature, powered by Stripe, is available to Canadian customers and enables small businesses and sole traders to take in-person payments using only their mobile phone, via the Sage Accounting app.

Tap to Pay removes friction from how businesses get paid. It forms part of a smarter, connected experience in Sage Accounting, where tasks like creating invoices, taking payments, reconciling accounts and tracking cashflow happen more seamlessly. Combined with Sage Copilot, it helps business owners stay on top of their cashflow with less effort and more confidence. Tap to Pay brings together Stripe’s trusted payments infrastructure with Sage’s deep understanding of how small businesses work to solve a real and everyday challenge: slow and inconsistent cashflow.

Research from Good Business Pays highlights that businesses in the last year are reporting a 20% increase in average payment times – now exceeding 80 days. The knock-on impact can be significant. With Tap to Pay, payment is automatically applied to the invoice and reconciled in the customer’s accounts, removing the need for manual input, hardware like card readers and chasing for invoices.

What Tap to Pay means for Sage Accounting customers

With support across the two main mobile operating systems, small businesses now have the flexibility to take payments in the moment, using the devices they already own.

The new feature supports mobile businesses and sole traders by making it easier to get paid at the point of service. From independent tradespeople and fitness instructors to market stallholders and consultants, customers can now take payment on the spot, without having to follow up later.

It means that customers can:

  • Take payments anywhere using a mobile device
  • Accept contactless cards and digital wallets
  • Automatically reconcile payments in Sage Accounting
  • No need for additional card readers or payment terminals
  • Secure and compliant processing, powered by Stripe

Strengthening Sage’s partnership with Stripe

This marks the latest step in Sage’s partnership with Stripe, following last year’s announcement to embed payment capabilities across its small business solutions. With Tap to Pay, small businesses and sole traders can now accept contactless payments from cards or digital wallets directly via the Sage Accounting app.

To find out more about Sage Accounting and Tap to Pay visit here: https://www.sage.com/en-ca/sage-business-cloud/accounting/

Leave a comment »

Flashpoint releases “The Flashpoint Method for Threat-Informed Vulnerability Prioritization

Posted in Commentary with tags on July 16, 2025 by itnerd

This morning, minutes ago, threat intelligence firm Flashpoint released a new report titled “The Flashpoint Method for Threat-Informed Vulnerability Prioritization.”  

The guide provides security teams with the following: 

  1. A clear framework for assessing which vulnerabilities demand immediate attention and why.
  2. A checklist of key prioritization criteria based on real-world exploitation, business impact, and threat intelligence.
  3. Insights into how Flashpoint’s vulnerability intelligence platform and analyst expertise can help put threat-informed vulnerability management into action, at scale.

As organizations expand their digital footprints, the number of vulnerabilities discovered each year climbs, growing faster than the ability of most security teams to respond effectively. With more than 31% of vulnerabilities rated high or critical using CVSSv3, and exploit code publicly available for nearly 42% of all disclosures, teams that rely solely on severity scores realize that it is no longer enough. 

This guide offers a smarter, data-driven approach that helps security teams focus on the vulnerabilities that pose the greatest real-world risk to their specific organizations. Backed by Flashpoint’s proprietary intelligence, this method moves beyond static scoring to incorporate exploit activity, threat actor behavior, business context, and more – so you can cut through the noise and take decisive action faster. 

There will be a two-part blog series as part of the release with the first blog post live at this link.

Leave a comment »

iOS Fitness app Fitify exposes 138K user private photos 

Posted in Commentary with tags on July 16, 2025 by itnerd

The Cybernews research team has uncovered data leak involving Fitify, a popular fitness app with over 25 million installs globally. Researchers discovered that 373,000 sensitive user files — including 138,000 progress photos — were stored in a publicly accessible Google Cloud bucket — with no password protection or encryption at rest, meaning anyone could access them.

Among the leaked files were:

  • 206,000 user profile photos
  • 138,000 progress pictures uploaded by users to track fitness changes
  • 13,000 AI coach message attachments, which may include images or text
  • 6,000 body scan files, including photos and AI-generated metadata (e.g., lean mass, body fat, posture)

Key research highlights 

  • Many of the exposed photos were semi-nude body scans, captured by users trying to document weight loss or muscle growth.
  • Fitify promises encryption in transit, but the lack of basic access controls poses serious privacy risks.
  • Researchers also found hardcoded secrets embedded in the app’s code — including Google API and Client IDs, Firebase database URLs, Facebook tokens, and even an Algolia API key, which wasn’t disclosed in the privacy policy.
  • These exposed credentials could let attackers access backend infrastructure, impersonate users, or inject malicious content.

To read the full research report and see samples of screenshots, please click here.

Leave a comment »

EnGenius Announces Affordable ECW520 Access Point

Posted in Commentary with tags on July 16, 2025 by itnerd

EnGenius Technologies is pleased to announce the release of the ECW520, the latest addition to its Wi-Fi 7 portfolio. Engineered to provide enterprise-grade wireless performance at a highly cost-effective price point, the ECW520 is designed to empower small and medium-sized businesses (SMBs) with next-generation connectivity—without the traditional enterprise cost.

EnGenius ECW520: High-Performance Wi-Fi 7, Optimized for SMBs

Powered by the Qualcomm® Networking Pro 1220 Wi-Fi 7 platform, the ECW520 delivers robust tri-band 2x2x2 performance with combined throughput capabilities of up to 10.8 Gbps. At an MSRP of $189, the ECW520 redefines value in the wireless networking space, offering a professional-grade solution for IT professionals, managed service providers (MSPs), and integrators seeking high-capacity, reliable connectivity for SMB deployments.

The ECW520 is equipped with essential features including:

  • License-free EnGenius Cloud management for centralized visibility and control.
  • Mobile-first provisioning via the EnGenius Cloud To-Go app.
  • Advanced security protocols with WPA3 Enterprise support.
  • An industry-leading 5-year warranty that underscores long-term reliability.

Strategic Affordability Meets Technical Excellence

ECW520 incorporates the latest Wi-Fi 7 innovations, including:

  • 320 MHz and 240 MHz channel widths4096-QAM, and Multi-Link Operation (MLO) to enhance throughput, reduce latency, and improve spectrum efficiency.
  • Multi-RU puncturing to optimize channel utilization in congested environments.
  • 2.5 Gigabit Ethernet interface with PoE+ support and a maximum power consumption of just 21W, ensuring compatibility with existing infrastructure.
  • Backward compatibility with legacy Wi-Fi standards, simplifying transitions from older networks.

This combination of technical sophistication and affordability makes the ECW520 an ideal solution for high-density environments such as multi-family, educational institutions, hospitality, and professional office settings.

Operational Efficiency Through Cloud-Driven Simplicity

Through integration with the EnGenius Cloud platform, the ECW520 enables IT teams to monitor, configure, and troubleshoot networks remotely and at scale—without ongoing licensing fees. Its zero-touch provisioning and intuitive interface significantly reduce deployment time and operational complexity.

Key Benefits at a Glance

  • Cost-Effective Enterprise Performance: Brings Wi-Fi 7 to SMBs at a disruptive price point.
  • Comprehensive Cloud Management: Remote visibility, control, and automation from anywhere.
  • Streamlined Deployment: Quick setup via Cloud To-Go app in under five minutes.
  • Secure and Scalable: WPA3 Enterprise Encryption, multi-AP cloud scalability.
  • Installation Flexibility: Includes click-and-twist mounting system and Kensington lock slot.
  • Extended Product Assurance: Backed by a limited 5-year warranty.

Availability

The ECW520 will be available from EnGenius authorized resellers and distribution partners by the end of July. For additional product specifications and purchasing information, visit:
https://www.engeniustech.com/high-performance-wifi7.html

Leave a comment »

A New And Dangerous #Scam That Uses The Names Of Rogers & The CRTC To Further The Scam Is Making The Rounds

Posted in Commentary with tags , on July 16, 2025 by itnerd

It appears that a new scam involving Rogers is making the rounds. And it uses the CRTC to get you to fall for the scam. Here’s the scam:

  • You get a phone call from a number that starts with 416-935-xxxx
  • When you pick up the phone, the scammer will claim to be someone from Rogers calling on behalf of the CRTC.
  • They will have some basic information about you or a relative, and claim that a suspicious SIM activation has been traced back to you or a relative.

Now the person who got this call hung up as they clued in that it was a scam. Thus I do not know what their endgame was. But here’s some random thoughts based on what was told to me.

First of all, the CRTC has nothing to do with investigating “suspicious” SIM activations. In fact they don’t really investigate much at all. If you want to see what the mandate of the CRTC is, click this link. But what the scammers are counting on is that you don’t know what the CRTC actually does and fall for the scam.

Second, the scammers are spoofing a phone number that starts with 416-935-xxxx. Why is that important? Using a random number may result in someone either not answering the call, or hanging up very quickly. But by using 416-935-xxxx make the call appear to come from Rogers because that is the local phone number of Rogers HQ in downtown Toronto. And more importantly it will appear in a Google search. Meaning that they are counting on the fact that at worst, you will Google the number, see that it comes back to Rogers, and be more likely to fall for the scam. Assuming that you don’t recognize the number immediately and just get sucked into the scam as a result.

Third, the fact that the scammers have some basic information about you implies that that this is a targeted attack via customer data belonging to Rogers making its way into the hands of scammers. I’ve personally experienced something like this before. And what it tells me is that Rogers really needs to investigate the handling of their customer data as this is the second time that I have seen scammers utilize Rogers customer data to try and scam their customers.

This is really dangerous as I can see people easily falling for this scam. As I said earlier, I don’t know what the endgame of these scammers is, but it can’t be good for you. Thus if you get a call that fits this description, your best course of action is to hang up and move on with your life.

Leave a comment »

Today Is AI Appreciation Day

Posted in Commentary on July 16, 2025 by itnerd

AI Appreciation Day, celebrated every July 16, is kind of like a love letter to the invisible magic shaping our daily lives. From the playlists that somehow know our moods to the voice assistants helping us juggle busy mornings, AI is everywhere, often quietly working behind the scenes to make things a little smoother, a little smarter. But this day isn’t just about the tech; it’s about the people behind it, the dreamers, coders, scientists, and ethicists who pour their energy into building systems that (hopefully) make the world better. Whether you’re marveling at a new breakthrough or just grateful your email spam filter didn’t let chaos in, AI Appreciation Day is our chance to step back and say: wow, look how far we’ve come, and let’s keep going… thoughtfully.

Executives from Deepgram, DH2i, Foxit, Leaseweb USA, and Leaseweb Canada have offered commentary on AI Appreication Day:

Natalie Rutgers, VP of Product, Deepgram

“Artificial Intelligence Appreciation Day is an easy day to celebrate given the pace of innovation we’re witnessing across the AI landscape — from generative art to predictive analytics to robotics. Nonetheless, among all the buzzy advancements, voice AI continues to emerge as the most exciting and impactful, particularly for enterprises.

We are now witnessing voice AI quickly reframe how entire sectors operate. This is especially true across industries like quick-service restaurants (QSRs), hospitals, banks, and really any business that depends on natural conversation, a help desk, or contact center to help ensure a positive customer experience (CX). Of course not only customers benefit. Voice AI is making conversations faster, more natural, and less frustrating for everyone involved – including employees. Voice is how we connect as humans, and now, it’s becoming one of the most critical factors in how businesses connect, too. 

So, on AI Appreciation Day and all year long, if you’re trying to figure out which AI trends are worth watching, voice should be at the top of your list.”

Don Boxley, CEO and Co-Founder, DH2i

“I feel like lately, every day is Artificial Intelligence Appreciation Day. You can find new headlines daily that talk about the transformative impact of AI. The appreciation shouldn’t stop with the frontend applications and their capabilities though. The industry needs to maintain a realistic understanding of what it takes for an AI application to succeed with longevity. The truth is, unless your AI tech is built on a rock-solid foundation focused on uptime, resiliency, and security, all that AI potential goes out the window. Think about it like trying to win a race with a Ferrari… except the car has bald tires and no brakes.

The companies that are going to win the AI race aren’t the ones that are only throwing money at the flashiest models. They are equally focused on investing in uptime, resilience, and robust security for the underlying platforms and infrastructure powering their AI applications. Yep – the unsexy stuff, but it’s what really makes the difference between AI that impresses in a demo, and AI that actually delivers in the real world.” 

DeeDee Kato, VP of Corporate Marketing, Foxit:

“AI Appreciation Day is more than a nod to clever algorithms – it’s a recognition that we’ve crossed a line. AI isn’t just something happening ‘out there’ anymore. It’s in our everyday workflows, our inboxes, our documents – and the businesses leaning into it are starting to pull ahead. You can feel the shift: the companies still managing documents manually are beginning to look like they’re moving in slow motion.

AI is giving knowledge workers a real advantage. It’s summarizing, redacting, translating, and understanding in seconds, instead of spending countless hours painfully combing through contracts, reports, or research papers. But, it’s about working smarter, with fewer mistakes and more confidence, not just working faster. In our space, the companies that are quietly embedding AI into the way people handle documents aren’t just future-proofing, they’re setting the new standard.”

Richard Copeland, CEO, Leaseweb USA

“Artificial Intelligence Appreciation Day is a reminder of just how quickly innovation can change the landscape of entire industries. However, despite the breakthroughs in large language models, computer vision, and real-time analytics, one foundational truth remains: none of it works without robust infrastructure. Too often, organizations get stuck investing time and capital into building physical environments when their real competitive edge lies in algorithm development and application design. For the most forward-thinking teams, I’m seeing a shift in mindset. They recognize that offloading the burden of physical infrastructure is critical in order to stay focused on what truly moves the needle: the models, the insights, and the end-user experience.

This approach does more than save time, it unlocks speed, agility, and experimentation. When AI teams can access scalable compute and storage exactly when needed without being hindered by procurement delays or legacy systems, they’re able to iterate faster and deploy smarter. A much shorter path from proof of concept to production is the result. Of course, in a competitive AI landscape, that agility is often the difference between a promising idea and a market-defining product. We’re entering an era where infrastructure is no longer a blocker. It’s a launchpad.”

Roger Brulotte, CEO, Leaseweb Canada:

“Artificial Intelligence Appreciation Day gives us a moment to pause and recognize not just the dazzling pace of AI innovation, but the quiet, powerful infrastructure that makes it all possible. As AI moves from curiosity to a critical business tool, we’ve watched the demands behind the scenes skyrocket. What once powered research labs now drives customer service, diagnostics, logistics, and more. Of course, progress at this pace presents significant challenges. Take the constant push to scale, meet regulatory demands, manage budgets, and deliver results. Add to that, an environment that never slows down. This is forcing organizations to take a moment to step back and ask a more thoughtful question: How do we grow in a way that’s not just fast, but smart, sustainable, and aligned with what we actually need?

This is where the real shift is happening… Forward-thinking teams are stepping back to focus on what really matters. In other words, they aren’t trying to wedge their workloads into inflexible systems. They’re seeking infrastructure that meets them where they are and grows with them. For some, that might look like adding more compute power right now. Still for others, it’s about tightening security or being ready to scale globally when the time comes. Bottom line, business and technology leaders are done chasing technical specs for their own sake. It’s time now to build environments that leave room to adapt, grow, and evolve with purpose. In an AI-powered world, that kind of flexibility is everything.”

1 Comment »

« Older Entries