Archive for September 26, 2025

NEW FROM FORCEPOINT X-LABS: XWorm RAT Delivered via Shellcode

Posted in Commentary with tags on September 26, 2025 by itnerd

This morning, the researchers from Forcepoint X-Labs have released a new blog post detailing a new way attackers are using shellcode as an enabling technology for modern remote access trojan campaigns — and an old technique with a new infection. The example in the post injects the XWorm RAT.

Campaign Highlights:

The campaign is delivered by phishing email, using a fake invoice as a lure. Sequence:

  • The email has an Office file (.xlam) attachment, which, on downloading and opening, shows a blank or corrupted Office file. 
  • This malicious document has an embedded oleObject1.bin file, which hides embedded shellcode. 
  • The shellcode, when executed, initiates connection to retrieve and deploy secondary payload.
  • The second payload, which was an executable, was found to be a .NET binary that reflectively loaded into the memory.
  • The second stage .DLL file from memory uses heavily obfuscated packing and encryption techniques.
  • The next and final step performs a process injection in its own main executable file, maintaining persistence and exfiltrating data to its Command & Control servers. 
  • The C2s where data was exfiltrated was found to be related to XWorm family.

Authored by Prashant Kumar, senior research at Forcepoint, the full post with detailed illustrated example with images can be found at: https://www.forcepoint.com/blog/x-labs/xworm-rat-shellcode-multi-stage-analysis

Leave a comment »

Darktrace Unveils Automated Forensics Capabilities in its ActiveAI Security Platform™ to Advance Hybrid and Multi-Cloud Security 

Posted in Commentary with tags on September 26, 2025 by itnerd

 Darktrace, today announced the launch of Darktrace / Forensic Acquisition & Investigation™, the industry’s first truly automated cloud forensics solution. The solution provides security teams immediate access to forensic-level data, equipping them with critical context to investigate threats quickly and thoroughly across hybrid, multi-cloud and on-premises environments. When paired with the newly enhanced Darktrace / CLOUD™, organizations gain a complete cloud security solution that combines posture management with real-time detection, response and forensic investigation – potentially reducing investigation times from days to mere minutes.  

Cloud adoption has outpaced security operations, creating blind spots that adversaries are quick to exploit. Nearly 90% of organizations report suffering damage before they can contain cloud incidents, and 65% say investigations take three to five days longer in the cloud compared to on-premises environments, according to a survey of 300 cloud security decision makers. Traditional log-based alerts miss behaviors such as lateral movement or privilege escalation, while evidence from ephemeral assets like containers and serverless functions often disappears before it can be collected — leaving security teams struggling to respond effectively. 

At the same time, attacks against cloud workloads are increasingly aggressive. New analysis of Darktrace’s Cloudypot honeypots reveals that attacks on tools like Jupyter Notebooks often arrive in sudden bursts, generating high volumes of attacks in a short period of time from a small group of persistent attackers. These findings highlight that when adversaries target the cloud, they strike quickly and at scale, leaving defenders little time to investigate before critical evidence disappears. 

Introducing Darktrace / Forensic Acquisition & Investigation 

Darktrace / Forensic Acquisition & Investigation is an automated forensic investigation solution designed for the speed and complexity of modern cloud environments. It captures and analyzes host-level evidence — including disk, memory, and logs — at the exact moment a threat is detected, even from short-lived assets such as containers or serverless workloads. These investigations can be triggered by Darktrace or by detections from existing cloud security tools.  

Unlike point solutions that depend on manual snapshots or agents, Darktrace collects evidence directly through cloud APIs, ensuring investigations begin instantly, and critical data from ephemeral workloads is never lost. By preserving volatile data and reconstructing attacker behavior in real time, the solution adds critical context to everyday investigations, enabling security teams to understand root causes quickly and shorten investigation times from days to mere minutes — a critical advantage as over 40% of organizations report suffering significant damage from cloud alerts that were never investigated at all.  

This solution represents the evolution of capabilities gained through Darktrace’s acquisition of Cado Security earlier this year, alongside continued research and development investment to expand and advance Darktrace’s cloud security portfolio. 

Key capabilities of the Darktrace / Forensic Acquisition & Investigation solution include: 

  • Automated hybrid forensic capture: Collects host-level data, including disks, memory, logs, and artifacts the moment an alert is raised across on-premises, AWS, Azure, GCP and SaaS environments.  
  • Ephemeral data capture: Preserves evidence from short-lived workloads including AWS ECS, Kubernetes, and distro-less or no-shell containers, retaining critical data so that it can be investigated. 
  • Automated investigation with complete timelines: Automatically reconstructs attacker behavior into unified timelines, distilling massive volumes of events into the most significant insights providing rapid clarity and root cause in minutes without manual correlation. 
  • Scalable response and reporting: Supports parallel investigations across multiple systems and automatically generates exportable reports to help reduce analyst workload and assist with compliance burdens. 
  • Rapid deployment and seamless integration: Offers flexible SaaS or on-premises deployment, and integrates with existing SIEM, XDR, CNAPP, EDR, NDR, and cloud-native tools so that any alert can trigger immediate forensic capture and investigation. 

Darktrace / Forensic Acquisition & Investigation can be deployed as a standalone product, giving new customers immediate access to automated cloud forensics to support SOC and incident response teams in their day-to-day management of cloud security threats, or integrated across the Darktrace ActiveAI Security Platform for end-to-end investigations and response across an organization’s entire digital estate. It is particularly powerful when paired with Darktrace / CLOUD, where the two solutions bring real-time cloud detection and response and forensic-level investigation together in a single workflow. 

Unifying Cloud Detection, Response, and Forensic Investigation with Darktrace / CLOUD 

Customers can now add Darktrace / Forensic Acquisition & Investigation capabilities to Darktrace’s leading cloud detection and response (CDR) product. With Darktrace / CLOUD, security teams benefit from:  

  • Autonomous detection and response: Self-Learning AI continuously monitors cloud environments to spot both known and novel threats and automatically contain them at machine speed. 
  • Dynamic cloud visibility: Live mapping of assets, services, and architectures to reveal blind spots, track attacker movement, and provide real-time context. 
  • Proactive risk management: Automated posture checks and attack path modeling that surface misconfigurations and exposures before attackers can exploit them. 

When adding Darktrace / Forensic Acquisition & Investigation to Darktrace / CLOUD, the solutions work together seamlessly to detect threats as they emerge and preserve the forensic evidence needed to investigate them. As Darktrace / CLOUD detects and blocks suspicious cloud activity, Darktrace / Forensic Acquisition & Investigation will capture disk, memory, and log data from the affected asset, allowing teams to immediately contain threats while preserving the critical evidence needed to investigate and remediate the incident.  

Alongside this integration, Darktrace has strengthened its core cloud capabilities to make investigations even faster and more intuitive. Enhancements include more intuitive cloud architecture diagrams that make complex environments easier to interpret, along with expanded detection of advanced attacker techniques such as lateral movement, command-and-control, and privilege escalation. 

When uniting threat detection, response, and automated forensics in one platform, security teams can shift cloud investigations from reactive and fragmented to fast, automated, and context-rich — enabling organizations to harness the benefits of the cloud while effectively mitigating risks. 

Availability  

Darktrace / Forensic Acquisition & Investigation, the integrations across the Darktrace ActiveAI Security Platform and new features in Darktrace / CLOUD are available now.  

Leave a comment »

Guest Post: Why Voice AI Could Be the Career Move That Puts You on the Executive Shortlist

Posted in Commentary with tags on September 26, 2025 by itnerd

By Praveen Rangnath, CMO, Deepgram

If you’re in IT leadership, you’ve seen tech trends come and go. Some flare up in the headlines, get hyped at conferences, and then quietly fade away. Others — the rare ones — change the way entire industries operate.

Voice AI is one of the rare ones.

The problem is, a lot of people think they already understand it. They’ll nod along and say, “Oh yeah, like Siri or Alexa, right?” And if you leave it at that, you’ll miss the fact that Voice AI in the enterprise has almost nothing to do with consumer gadgets.

What we’re talking about is the ability to capture, understand, and act on every conversation your business has — with customers, employees, suppliers, regulators — in real time. It’s a shift from voice being something that “just happens” to voice becoming one of your most valuable data assets.

And here’s the kicker: if you’re the IT leader who drives that transformation, it won’t just make your company more competitive — it’ll make you more promotable.

Why This Is Bigger Than a Tech Upgrade

Think about all the conversations that happen in your organization in a single day:

  • A frustrated customer explaining a problem to support.
  • A nurse speaking with a patient about symptoms.
  • A technician describing a fault to a field supervisor.
  • A sales rep negotiating terms with a client.
  • Two department heads debating how to allocate budget.

Historically, those conversations disappear the second they end. Maybe you get a line or two typed into a CRM. Maybe a call recording sits on a server somewhere, unlistened to. But you’re losing context, insights, and opportunities every single time.

Voice AI changes the game. It can:

  • Transcribe those conversations in real time — accurately, even with accents, jargon, or background noise.
  • Understand the meaning, not just the words.
  • Detect urgency, emotion, and intent.
  • Feed that intelligence into your existing systems so it’s searchable, reportable, and actionable.

This isn’t about making calls “sound nicer.” It’s about turning the most human part of business — conversation — into something you can measure, learn from, and improve at scale.

Why IT Management Should Own This

If you’re thinking, “This sounds like a customer service project,” you’re not wrong — but you’re not right, either.

Customer service, sales, compliance, operations — they all want the benefits. But none of them can roll this out enterprise-wide without IT leadership guiding the architecture, governance, and integrations.

That means you have a rare opportunity:

  • Lead a high-impact initiative that crosses silos.
  • Control the data governance and compliance from day one (critical if you’re in finance, healthcare, or government).
  • Choose technology that scales, so this doesn’t become another point-solution mess.

When IT drives Voice AI adoption, it’s not just “supporting the business.” It’s reshaping how the business works. That’s the kind of strategic leadership that the C-suite and boards notice.

The Career Capital Play

Here’s the part some IT leaders miss: delivering a Voice AI initiative isn’t just good for the company — it’s good for your career.

  1. You’ll be seen as an innovator — not just the person who keeps the lights on. You’ll have a real-world example of bringing in a new capability that directly ties to revenue, customer satisfaction, and operational efficiency.
  2. You’ll get visibility with the C-suite — because every major function will be affected, and you’ll be the one making sure it all works.
  3. You’ll have hard metrics to show — cost savings, reduced call times, faster onboarding, higher CSAT, better compliance records. These are the kind of results that get repeated in performance reviews.
  4. You’ll build executive allies across departments — sales, marketing, operations, and compliance will all have wins they can point to because of your project. That makes you easier to promote.

If You Think You Already Understand It — This Could Be the Gap

A lot of tech leaders think Voice AI means “speech-to-text” plus maybe a chatbot. That’s like saying the internet is just “email plus websites.”

The real power is when Voice AI is:

  • Real-time — not hours later.
  • Context-aware — understanding your specific business language and workflows.
  • Integrated — feeding into CRM, ERP, analytics, and compliance systems automatically.
  • Scalable — able to handle every department, every language, every channel without breaking.

That’s when it stops being a tool and becomes infrastructure, and infrastructure projects with measurable business wins are the ones that get you invited to the big table.

Your Next Moves

If you want this to be a career-making initiative, here’s where you can start:

  1. Map Your Conversation Ecosystem — Where in your organization do high-value voice interactions happen daily?
  2. Identify High-Impact Use Cases — Pick two or three where you can prove ROI quickly (e.g., customer support, compliance-heavy calls, field service updates).
  3. Get Cross-Functional Buy-In Early — Loop in operations, CX, compliance, and sales from day one.
  4. Test for Accuracy First — Before you get dazzled by AI features, nail transcription quality. Everything else depends on it.
  5. Plan for Scale — Choose solutions that can grow beyond your pilot without creating security or integration headaches.

Bottom line: Voice AI is more than a technology trend — it’s a platform for delivering visible, measurable business wins. If you own it, you don’t just modernize the company. You modernize your own career path.

The leaders who make this move now won’t just be part of the conversation. They’ll be running it.

Leave a comment »

Tech failures are slowing down nearly half of Canada’s frontline workforce, new survey shows

Posted in Commentary with tags on September 26, 2025 by itnerd

A new national survey conducted by Samsung Canada and Leger, surveyed 510 Canadian workers across construction, healthcare, energy, mining, retail, and public safety, found that: 

  • Roughly 2 in 5 (44%) workers face delays in completing tasks when devices break. This is even higher among healthcare and public safety workers.  
  • 34% report communication breakdowns due to device issues 

From missed reports to disrupted deliveries, these moments of downtime are quietly dragging productivity across sectors. Only 1 in 3 workers are still using consumer-grade smartphones and tablets; devices not designed for harsh job site conditions or long shifts. 

That’s prompting a shift in what business decision makers are looking for when it comes to company tech. Designed for frontline conditions, Samsung’s Galaxy Tab Active5 Pro and Galaxy XCover7 Pro offer more resilient solutions built for durability in rugged workforces. These devices feature excellent weather durability, swappable batteries for all-day power, and glove-friendly touchscreens, a clear fit for jobs where reliability can’t be optional.  

Here are a couple of links that dive deeper into some of the statistics I mentioned above:

Samsung survey reveals deep need for rugged tech in construction industry: https://news.samsung.com/ca/samsung-survey-reveals-deep-need-for-rugged-tech-in-construction-industry

How rugged devices power real-time decision making in remote oilfields: https://news.samsung.com/ca/how-rugged-devices-power-real-time-decision-making-in-remote-oilfields

Leave a comment »