Archive for August 11, 2025

Over 29,000 Unpatched Exchange Servers Could Be The Targets Of Threat Actors

Posted in Commentary with tags , on August 11, 2025 by itnerd

Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise.

We added Microsoft Exchange CVE-2025-53786 detection to our daily scans (version based). See US CISA Emergency Directive 25-02: http://www.cisa.gov/news-events/…Over 28K IPs unpatched (2025-08-07). Top affected: US, Germany, RussiaDashboard world map: dashboard.shadowserver.org/statistics/c…

The Shadowserver Foundation (@shadowserver.bsky.social) 2025-08-08T14:21:30.322Z

Commenting on this is Martin Jartelius, CTO at Outpost24:

“The scale of unpatched Exchange servers is concerning, but not surprising. Initial guidance on this flaw included isolating end-of-life and end-of-support systems, and many organizations were already running far older, unmaintainable infrastructure before April’s patch was released.

This vulnerability affects hybrid environments. Many cloud-first businesses have already moved to Microsoft 365, and without deeper analysis it’s unclear how many of these identified servers are truly at risk. Some may determine the conditions for exploitation don’t exist in their setup and choose not to prioritize mitigation.

However, even if the exploitation risk is low, leaving a known vulnerability unpatched is an open invitation to attackers. We advise organizations to continuously assess and remediate such issues to reduce their attack surface and strengthen resilience.”

The CISA has a directive about this issue that you can find here. There’s also an interactive map here. And if you run a Microsoft Exchange hybrid-joined environment, you should follow the guidance in the CISA directive ASAP.

Leave a comment »

Connex Credit Union data breach impacts 172,000 members

Posted in Commentary with tags on August 11, 2025 by itnerd

Connex, one of Connecticut’s largest credit unions is warning tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June. The info that was swiped included names, account numbers, debit card information, Social Security numbers, and/or other government ID used to open the individual’s account.

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4:

“It does seem longish that the credit union waited over a month to notify impacted victims. Maybe it took them two weeks to figure out who exactly was impacted, but it sounds like they identified who was personally impacted and then still waited another two weeks to notify the victims. That’s two weeks that hackers and scammers could have been using the stolen information to better leverage spear phishing attacks against selected victims.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech

“Data breach victims should take advantage of the free credit monitoring offered by Connex to protect themselves from fraud and identity theft. Don’t get complacent because there’s “no evidence” of misuse. Connex doesn’t have the means to verify if your personal information is being abused. Assume the worst and keep a close eye on your accounts.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“It seems like we see data breaches on a weekly, if not daily, basis. This data breach appears to have served up quite the buffet of personal and financial information for the bad guys, including the ever popular Social Security Number and debit card number Daily Double. This information can be used to open accounts in victims’ names, so affected members need to stay a

It sucks to be Connex as they are the latest company to be the victim of a threat actor. It will be interesting to see who claims responsibility for this and what secondary attacks happen with the data that was stolen.

Leave a comment »

The City Of St. Paul, Minnesota Did Not Pay Interlock After Getting Pwned

Posted in Commentary with tags on August 11, 2025 by itnerd

Ransomware group Interlock today took credit for a July cyber attack on the city of St. Paul, Minnesota. The attack prompted governor Tim Walz to activate the national guard in response. And to top that off, the city didn’t pay up.

Commenting on this news is Rebecca Moody, Head of Data Research at Comparitech

“While the City of St. Paul should be applauded for not meeting its hackers’ ransom demands, it was inevitable that a claim from the responsible group would quickly appear. Interlock wasted no time posting the city to its site and alleges that 43 GB has been stolen. This is made up of 66,460 files across nearly 7,900 folders with the proof pack containing various IDs and documents.”

“Now, the City of St. Paul needs to respond to confirm what data has potentially been impacted and who has been affected. In the meantime, we highly recommend residents and employees remain on high alert for any potential phishing campaigns (e.g. emails, texts, or calls reporting to be from St. Paul) and monitor their accounts for any suspicious activity.”

“As our report for July 2025 has found, ransomware attacks on government entities are of particular concern as hackers remain focused on causing mass disruption via these organizations, with critical infrastructure also being targeted. St. Paul is a prime example of this as numerous areas have been affected, including public works and payments for water services.”

I am a big believer that you should not pay these threat actors as it only encourages them to keep doing this. The new problem is that the data that Interlock stole is now out there. And that will have far reaching effects on those people who are associated with that data.

Leave a comment »

Ransomware Attacks Increasing with Governments a Key Focus Says Comparitech

Posted in Commentary with tags on August 11, 2025 by itnerd

Today, Comparitech researchers released a study looking at the state of global ransomware attacks in July 2025. It was found that after three consecutive months of decline, July saw a four-percent uptick in ransomware attacks. Additionally, governments remain a key focus for hackers, with nine confirmed attacks on this sector carried out in nine different countries. 

Key findings include: 

  • 464 attacks in total — 35 confirmed attacks
  • Of the 35 confirmed attacks:
    • 18 were on businesses
    • 9 were on government entities
    • 3 was on healthcare companies
    • 5 were on educational institutions
  • Of the 429 unconfirmed attacks:
    • 383 were on businesses
    • 12 were on government entities
    • 21 were on healthcare companies
    • 12 were on educational institutions
  • The most prolific ransomware gangs were Qilin (62), INC (55), SafePay (43), Akira (37), and Play (22). INC had the most confirmed attacks (5), followed by Qilin (4), SafePay (3), and Rhysida (2)
  • Where hackers provided the data theft size (in 222 cases), nearly 105 TB of data was allegedly stolen, giving an average of 476 GB per breach
  • Several new gangs appeared this month, including Payouts King, Beast, and D4RK 4RMY. BlackByte also resurfaced after a 10-month hiatus

For full details, the full research can be found here: https://www.comparitech.com/news/ransomware-roundup-july-2025/

Leave a comment »

ESET Research: Russian RomCom group exploits new vulnerability, targets companies in Europe and Canada

Posted in Commentary with tags on August 11, 2025 by itnerd

ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. According to ESET telemetry, malicious archives were used in spearphishing campaigns between July 18 to July 21, 2025, targeting financial, manufacturing, defense, and logistics companies in Europe and Canada. The aim of the attacks was cyberespionage. This is at least the third time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild

Disguised as an application document, the weaponized archives exploited a path traversal flow to compromise its targets. In the spearphishing email, the attackers sent a CV hoping that a curious target would open it. According to ESET telemetry, none of the targets were compromised. The attackers, however, had conducted reconnaissance beforehand and the emails were highly targeted. Successful exploitation attempts delivered various backdoors used by RomCom group – specifically, a SnipBot variant, RustyClaw, and the Mythic agent.

ESET Research attributes the observed activities to RomCom with high confidence based on the targeted region, tactics, techniques, and procedures  (TTPs), and the malware used. RomCom (also known as Storm-0978, Tropical Scorpius, or UNC2596) is a Russia-aligned group that conducts both opportunistic campaigns against selected business verticals and targeted espionage operations. The group’s focus has shifted to include espionage operations collecting intelligence, in parallel with its more conventional cybercrime operations. The backdoor used by the group is capable of executing commands and downloading additional modules to the victim’s machine. It is not the first time that RomCom has used exploits to compromise its victims. In 2023-06, the group performed a spearphishing campaign targeting defense and governmental entities in Europe, with lures related to the Ukrainian World Congress.

For a more detailed analysis and technical breakdown of RomCom’s latest campaign, check out the latest ESET Research blogpost “RomCom exploits a new vulnerability in the wild, this time in WinRAR” on WeLiveSecurity.com.

Leave a comment »

Bell partners with Perplexity

Posted in Commentary with tags , on August 11, 2025 by itnerd

Bell today announced a new partnership with Perplexity, a leading AI-powered answer engine, becoming the company’s exclusive telecommunications partner in Canada. Through this partnership, eligible Bell customers will receive 12 months of complimentary access to Perplexity Pro, a premium AI research and productivity tool valued at nearly $300.

This offer marks a key milestone in Bell’s focus on delivering artificial intelligence solutions to customers in meaningful and practical ways. By bringing best-in-class AI offerings like Perplexity to Canadians over Canada’s fastest Internet1 and fastest and best 5G and 5G+ networks2, Bell is enhancing how customers search, learn, and create – whether at home or on the go. These AI experiences require powerful networks capable of handling large volumes of data in real-time, and Bell’s networks are positioned to meet that need.

Perplexity offers a conversational, AI-powered search experience that delivers fast, accurate answers with source citations – helping users save time and get to the information they need, quickly. With Perplexity Pro, customers can access leading AI models like GPT-5, Claude 4.0, and Gemini 2.5 Pro to support tasks ranging from research and writing, to content planning and data analysis. The speed and performance of Bell’s networks help accelerate this AI-driven experience, ensuring customers can fully benefit from Perplexity’s capabilities.

Launching just in time for the busy back-to-school season, this offer will give millions of Canadians the opportunity to experience the best of AI, supporting them as they return to their routines – whether they’re heading back to class, back to the office, or are simply looking to stay organized and informed.

What Perplexity Pro has to offer

Perplexity Pro is an AI-powered platform that goes beyond traditional search by synthesizing information from multiple sources and delivering real-time answers with citations. Key features include:

  • Access to top AI models: GPT-5, Claude 4.0, Gemini 2.5 Pro and others
  • 600 daily pro searches
  • Unlimited file upload and analysis
  • Image generation tools
  • Advanced summarization, citation, and research functionality
  • Early access to Comet, a new agentic browser from Perplexity

Eligible Bell Mobility customers will begin receiving their redemption codes in the coming days, while Bell Internet customers will have access starting in fall 2025. Codes will be sent via email and text, and will also be available in customers’ MyBell account.

Leave a comment »

Surfshark launches FastTrack to deliver up to 70% faster VPN connections

Posted in Commentary with tags on August 11, 2025 by itnerd

Surfshark, a leading VPN (Virtual Private Network) provider, introduces FastTrack, an innovative technology that optimizes users’ traffic paths for improved speed and performance. Built on Nexus infrastructure, this solution routes traffic through a network of servers rather than a single VPN tunnel, boosting internet speeds by up to 70%. As a result, users can now experience enhanced VPN connectivity to Sydney, Seattle, and Vancouver.

Optimized network for better VPN speed and performance

Many people believe their internet connection follows a direct, straightforward path, just as it appears at first glance when looking at a world map. However, this is a common misconception, similar to the belief that ISPs (Internet Service Providers) will always optimize user connectivity through the best routes.

In reality, data often travels across a complex web of overground and submarine cables located around the globe. These cables define the actual physical routes that data packets take, which can be very different from what we might think. For example, due to the layout of global network infrastructure, a data packet traveling from one city to another may be routed through multiple cities, countries, or even across continents and oceans.

There’s a similar misconception about ISPs. While they generally prioritize delivering acceptable speeds, they often do not focus on optimizing the actual network routes your data follows. Instead, ISPs typically choose paths based on cost, selecting the most economical routes for them rather than the fastest or most efficient ones for user data.

How does FastTrack work?

FastTrack is built on Surfshark Nexus infrastructure, a unique multi-server routing system that connects users to an entire network of servers — rather than a single VPN tunnel — and then routes the connection to a chosen location. This also works as an additional protection layer because the user’s connection is rerouted via different hops, so no single entity can link a single IP (Internet Protocol) address with the user’s activity.

At the moment, Surfshark is releasing FastTrack to three key destinations — Sydney, Seattle, and Vancouver on macOS, with plans to expand to more destinations in the future. Users can now find enhanced locations marked with a connection route icon in the main list of all VPN locations.

Leave a comment »

Hisense Forms Strategic Partnership with The Watershed Group

Posted in Commentary with tags on August 11, 2025 by itnerd

With a commitment to improve the customer experience and provide end-to-end service and support, Hisense Canada is partnering with The Watershed Group to distribute and install its premium range of televisions and home entertainment products across Canada.

This collaboration will encompass Hisense’s flagship home entertainment technologies, including its premium laser projector televisions, large-panel LEDs, Mini-LED TVs and its line of soundbars. Consumers will benefit from enhanced access to Hisense’s industry-leading TVs and will be supported by expert installation services to ensure optimal performance and ideal viewing.

The Watershed Group is a Canadian leader in home theatre design, full room acoustics, room isolation and in-house screen design. It provides best-in-class products and expertise to ensure customers get the best solution for their desired project.

Originally established in 1995 as The Rep Company, The Watershed Group began as a regional representative firm for the A/V channel. Driven by extensive technical expertise, The Rep Company transitioned in 1999 from a conventional rep firm to a Canadian distribution firm, quickly earning a reputation for outstanding technical support across all its represented brands. By 2011, recognizing that its name no longer accurately reflected its diversified operations and market approach, the company rebranded as The Watershed Group.

For more information, please visit hisense-canada.com. Join the conversation and connect with Hisense on FacebookTwitter and Instagram @HisenseCA, using the hashtag #HisenseCanada.

For more information on The Watershed Group, please visit www.thewatershedgroup.ca.

Leave a comment »

AOL To Kill Dial Up Service In September…. Wait… Dial Up Is Still A Thing?

Posted in Commentary with tags on August 11, 2025 by itnerd

From the “This is still a thing?” department comes the news that AOL is finally killing their dial up service in September:

AOL routinely evaluates its products and services and has decided to discontinue Dial-up Internet. This service will no longer be available in AOL plans. As a result, on September 30, 2025 this service and the associated software, the AOL Dialer software and AOL Shield browser, which are optimized for older operating systems and dial-up internet connections, will be discontinued.

This change will not affect any other benefits in your AOL plan, which you can access any time on your AOL plan dashboard. To manage or cancel your account, visit MyAccount.

Now, for those of you who are wondering why dial up is still a thing in the era of broadband, the reason is simple. There’s parts of the country that simply don’t have broadband access. Be it over cable, fibre, DSL, or even 5G due to cost or lack of infrastructure or both. Thus dial up is pretty much the only option. If you combine that with the fact that for however many people still connect to the Internet using dial up, this is pretty much the end of an era.

RIP dial up Internet.

Leave a comment »