Archive for October, 2025

« Older Entries
Newer Entries »

KnowBe4 Is a Proud Participant in the Microsoft Security Store Partner Ecosystem

Posted in Commentary with tags on October 1, 2025 by itnerd

KnowBe4, the world-renowned platform that comprehensively addresses human and agentic AI risk management, today announced its inclusion in the Microsoft Security Store Partner Ecosystem. KnowBe4 was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.

KnowBe4 is collaborating with Microsoft to help shape the development of the Microsoft Security Store, providing feedback on new features, integration experiences, and customer needs. By publishing certified offerings and AI agents that integrate seamlessly with Microsoft Security products, KnowBe4 is making it easier for organizations to discover, purchase, and deploy trusted security technologies. Through the Security Store, KnowBe4 is helping customers accelerate their security outcomes and simplify operations with products that are vetted, easy to deploy, and designed to work together.

The Microsoft Security Store is setting a new benchmark for cybersecurity procurement and deployment. By centralizing a wide range of security solutions and AI agents—organizations can now streamline how they discover, acquire, and operationalize advanced security technologies. With features like industry framework alignment, simplified billing, and guided deployment, the Security Store helps security teams reduce complexity, accelerate adoption, and maximize the value of their security investment.

Leave a comment »

VMware Related Zero Day Has Been Exploited By Threat Actors For A Year…. Wow!

Posted in Commentary with tags on October 1, 2025 by itnerd

Broadcom has patched a high-severity VMware vulnerability (CVE-2025-41244, CVSS 7.8) that had been exploited as a zero-day for nearly a year. The flaw, impacting VMware Aria Operations and VMware Tools (including open-vm-tools on Linux), allows privilege escalation to root on VMs. Security researchers at NVISO Labs reported that a Chinese state-sponsored threat group, UNC5174, has been actively exploiting the bug, including by staging malicious binaries in writable directories like /tmp/httpd.  Patches are now available across VMware Cloud Foundation, vSphere, Aria Operations, Telco Cloud Platform, VMware Tools, and open-vm-tools (to be distributed by Linux vendors). Detection requires monitoring for uncommon child processes or leftover collector scripts.

You can find more details here: https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/

Gunter Ollmann, CTO, Cobalt had this comment:

“Zero-days that persist in widely used infrastructure for nearly a year highlight the growing mismatch between vendor disclosures and adversary realities. In this case, the triviality of the exploit means it likely fell into the hands of multiple threat actors, not just those with nation-state capabilities. When exploitation is both simple and widespread, leaving customers unaware is an unforced error that adds unnecessary risk. The industry needs more candor around zero-day exploitation so defenders can calibrate their urgency. In the long run, trust in security advisories will matter as much as the patches themselves.”

Dale Hoak, CISO, RegScale adds this:

“An unpatched or undisclosed zero-day undermines the very foundation of compliance programs, which rely on accurate risk data. If customers don’t know an exploit is active, they can’t prioritize remediation, leaving regulators and auditors working from a false baseline of assurance. This is why it’s critical to operationalize risk in the larger context of patching—moving beyond a checklist exercise to a process that connects advisories, vulnerability data, and remediation actions in real time. Continuous controls monitoring enables that connection, ensuring that controls are validated against live threats, not just documented in static reports. Real assurance comes when organizations can align compliance, risk, and patching as a single operational discipline.”

While I am a big believer in patching all the things, you also have to have an approach to security that mitigates the potential effects of zero days. That’s not easy to do, but it has become a requirement given how quickly threat actors evolve and shift tactics.

I should also mention that the fact that this was out there for a year is bad. Extraordinarily bad. But you knew that already.

UPDATE: Adrian Culley, Senior Sales Engineer at SafeBreach adds this comment:

“Broadcom has released fixes for CVE-2025-41244 and related issues affecting VMware Aria Operations and VMware Tools. In certain configurations, VMs with VMware Tools managed by Aria Operations with SDMP enabled local privilege escalation to root. NVISO reports the bug was exploited in the wild since mid-October 2024 by a China-nexus actor assessed as UNC5174. Teams should patch Aria Operations/Tools immediately and ensure Linux hosts receive updated open-vm-tools from their distributors. Hunt for exploitation by looking for mimicked system binaries (e.g., httpd) in writable paths like /tmp/httpd and for unusual child processes from discovery collectors. After patching, continuously validate that privilege-escalation, credential harvesting, and lateral-movement paths are closed—don’t just assume they are.”

Leave a comment »

Fewer than half of enterprises are fully successful with network observability tools: BlueCat

Posted in Commentary with tags on October 1, 2025 by itnerd

BlueCat today announced the findings of a new report developed in collaboration with Enterprise Management Associates (EMA), The Network Observability Maturity Model: How to Plan for NetOps Excellence. An independent study of 252 IT leaders found that despite investing heavily in observability tools, most enterprises struggle to manage their networks effectively. Fewer than half (46%) consider themselves fully successful with network observability tools, underscoring the urgent need for a more unified and intelligent approach.

The report highlights the top challenges currently plaguing network operations teams: tool sprawl, limited visibility, poor data quality, and excessive alert noise. These gaps increase operational risk, delay troubleshooting, and expose enterprises to performance problems, security vulnerabilities, and costly downtime.

Key report findings include:

  • Tool sprawl is pervasive: 87% of NetOps teams use multiple observability tools, creating inefficiencies and fragmented insights.
  • Alert noise wastes resources: Only 29% of alerts are actionable, slowing incident response.
  • Cloud and SD-WAN create blind spots: Teams lacking visibility into modern environments are far less successful.
  • Data quality and telemetry matter: Real-time streaming data collection and accurate telemetry improve AI-driven analytics and proactive response.
  • Dashboards enable alignment: Unified, customizable dashboards allow NetOps, SecOps, and CloudOps teams to share a single source of truth.
  • AI-driven automation is the differentiator: Organizations advancing to solutions that are intelligent, automated, optimized, and AI-driven gain faster troubleshooting, predictive optimization, and capacity planning.

To help IT leaders resolve these challenges and maximize the value of their toolset, EMA and BlueCat developed the Network Observability Maturity Model, a five-stage framework that shows IT leaders what they can gain if they consolidate tools, expand visibility across hybrid environments, and embrace AI-driven automation. Ultimately, the framework helps IT stakeholders understand how they can optimize their toolsets to become a best-in-class NetOps practice.

The model also highlights how AI-driven automation can accelerate response times and problem resolution, a sign of the highest level of maturity. EMA’s research shows organizations advancing to “Intelligent and Automated” or “Optimized and AI-Driven” stages along this maturity curve are far more successful in preventing and rapidly resolving issues.

BlueCat’s network observability and intelligence solutions, including LiveNX, LiveWire, and LiveAssurance, help enterprises consolidate fragmented monitoring stacks and extend visibility across hybrid and multicloud networks. These solutions keep the network running without interruption by proactively ensuring its performance, security, and reliability. By pairing flow and packet data with customizable dashboards and AI-driven insights and root cause analysis from LiveAssist, BlueCat helps IT teams prevent downtime, surface issues before they impact the network, and ensure policy enforcement across distributed environments.

The full report is available here: https://www.liveaction.com/observability-report-2025/.

Leave a comment »

WestJet Hack Exposed PII Of Customers…. Yikes!

Posted in Commentary with tags on October 1, 2025 by itnerd

Canadian airline WestJet has alerted customers that a June cybersecurity incident compromised their personal information including passports and ID documents. This isn’t good for reasons that I will get into shortly. In the meantime, Erich Kron, CISO Advisor at KnowBe4, provided the following comments:

“It is very unfortunate that WestJet became a victim of yet another ransomware attack in the aviation space. For victims who had their data stolen, this could be a significant problem as modern air travel requires that people provide a lot of information to airlines as required by various governments. The information stolen, such as passport information or government identification, along with the other personal information such as more typical addresses and date of birth, can be enough to facilitate some significant identity theft. The fact that accommodations were among the list of information stolen can also have a more significant impact both by attackers scamming the victims, and for WestJet if the leakage of medical information violates any regulatory rules.

“A number of recent attacks such as this use social engineering, telephone calls specifically, to get help desk employees to reset passwords or multi-factor authentication information for accounts, such as employee accounts, that attackers are targeting. Once they’ve gained access to a legitimate account, it can be used to perpetuate other attacks against others within the organization, or to impact systems that can be used to steal information or spread malware such as ransomware.

“Organizations of every size and across every industry need to ensure that they are taking precautions to manage human risk, especially for those that are outward facing or in roles such as customer service employees. A good human risk management (HRM) program should address these types of attacks along with those sent through email or text messages and look at ways to manage other types of human risk such as accidental errors as well.”

This is going to be a huge problem for anyone who is affected by this hack. Those affected are going to be prime targets for identity theft and the like. Thus those affected should be on guard for secondary attacks on them.

UPDATE: Paul Bischoff, Consumer Privacy Advocate at Comparitech, provided the following comment:

“Most of the data exposed in this attack does not pose a direct threat to WestJet customers, but it could be used to craft personalized and convincing phishing messages. Be on the lookout for phishing emails and text messages from scammers posing as WestJet or a related company. Never click on links or attachments in unsolicited emails.

Affected customers should also keep an eye on their frequent flyer accounts. Hackers could try to steal your air miles or hijack your frequent flyer account and sell it on the dark web. (https://www.comparitech.com/blog/information-security/how-much-are-stolen-frequent-flyer-miles-worth-on-the-dark-web/).”

Leave a comment »

CIRA introduces Cyber Stack

Posted in Commentary with tags on October 1, 2025 by itnerd

Today CIRA announced the launch of CIRA Cyber Stack, a new streamlined portfolio bringing together its suite of cybersecurity solutions under one unified name. Cyber Stack consolidates CIRA’s trusted services, CIRA XDR, CIRA Cybersecurity Awareness Training, CIRA Anycast DNS and CIRA DNS Firewall into a single, integrated portfolio designed to help organizations build digital resilience against a fast-evolving threat landscape.

What began as a single cybersecurity solution with CIRA Anycast DNS has steadily evolved into a layered, integrated portfolio that organizations across Canada can trust. Cyber Stack simplifies how IT professionals working alone or in teams integrate and deploy new solutions into existing technology stacks for layered protection. Rooted in Canadian identity, the new portfolio works as an integrated shield and evokes the layered strength of stacked logs, as a sturdy, long-lasting, homegrown protection.

Cyber Stack will debut today at SecTor 2025 (booth #1011) and Canadians Connected in Toronto, and will roll out across customer platforms in the coming days. Although the suite is built for combined strength, each CIRA cybersecurity product will continue to be available individually. Learn more at cira.ca/cyberstack.

Leave a comment »

Cosmo5 launches to lead the AI omni-marketing revolution

Posted in Commentary with tags on October 1, 2025 by itnerd

Today marks the official launch of Cosmo5, an international omni-channel marketing intelligence group built for the era of AI-driven brand engagement. Cosmo5, formerly known as Labelium Group, a digital agency launched in 2001, has rapidly grown into a global leader with teams in 18 countries across four continents. Cosmo5 specializes in delivering next-generation intelligence, redefining how brands approach search and discoverability, customer insights, and full-funnel execution. 

Launching at a pivotal moment for the marketing industry, Cosmo5 enters the market as artificial intelligence redefines not only how marketing is practiced, but how people behave, search and engage with brands. In an era of omni-search and media convergence, where consumers encounter brands across voice, visual, text, social and predictive platforms, Cosmo5’s multilayer approach of interpreting all forms of intelligence – artificial, strategic, emotional, operational and ethical – has never been more relevant. Cosmo5’s expertise is decoding the algorithms driving buyer behaviors that help forward-looking brands show up with relevance and impact, everywhere it matters. 

At the heart of Cosmo5’s offering are five key business areas to help the world’s most forward-looking brands stay ahead of the curve:

  • Media: Driving growth and precision across paid, earned and owned touchpoints including social, search, feed management, retail media/marketplaces, and programmatic (CTV, OLV, DOOH, display, etc.).
  • Commerce: Building frictionless experiences that convert across digital and physical retail. 
  • Creative: Crafting bold, culturally attuned storytelling that cuts through. 
  • Data: Harnessing analytics and intelligence to drive real-time, personalized experiences. 
  • Technology: Engineering digital infrastructures that enable speed, scalability, and innovation.

Cosmo5 already counts some of the world’s leading brands among its clients, including L’Oréal, LVMH, LG, Micron, LEGO, Ancestry, Meta, Warner Bros, Zadig & Voltaire, Christie’s, Ardene, Thread Collective, Moose Knuckles, Michelin and more. 

Leave a comment »

Strata Identity Expands Canadian Presence with New Toronto Office

Posted in Commentary with tags on October 1, 2025 by itnerd

Strata Identity, the Identity Orchestration company, today announced the opening of a new office in Toronto. This expansion builds on its already strong Canadian presence, with nearly 35% of employees based in the country. The announcement reinforces Strata’s position as a truly binational company with headquarters in Boulder, Colorado, and offices in Vancouver and now Toronto.

The addition of a Toronto location underscores Strata’s commitment to creating people-first workplaces across North America. The Toronto office will initially grow Strata’s engineering and product teams by tapping into the city’s globally recognized talent pool. Plans are also in motion to expand sales and other roles to support the company’s future growth.

Toronto is home to several of Strata’s largest customers and a dense concentration of financial services firms, making it a strategic location to strengthen partnerships and expand its Canadian market presence. Its proximity to major U.S. East Coast hubs such as New York and Boston also positions Toronto as an ideal bridge for supporting customers across North America.

As the tech hub of Canada, Toronto rivals leading U.S. cities for talent and innovation. It is home to some of the world’s largest technology companies, a thriving startup scene, and top universities. Beyond business, Toronto is a dynamic, multicultural city that offers employees and their families an exceptional quality of life.

Strata Identity enables organizations to orchestrate and modernize human and agent identities without disrupting existing infrastructure while maintaining a frictionless user experience. By decoupling identity from applications, Strata’s Maverics platform unifies SSO, can rationalize redundant IdPs, and ensures continuous access during outages via IdP failover. It enables organizations to extend Zero Trust controls across human, machine, and autonomous AI identities.

Led by CEO Eric Olden, co-author of the SAML standard, Strata also created the Identity Query Language (IDQL) and open-source Hexa project to help standardize multi-cloud identity management. Learn more at Strata.io.

Leave a comment »

ServiceNow unveils AI Experience, the UI for enterprise AI

Posted in Commentary with tags on October 1, 2025 by itnerd

ServiceNow today announced AI Experience, a unified, conversational front door to enterprise AI. With its context‑aware interface, the new AI Experience unites people and AI in a seamless, multimodal environment with built‑in governance, security, and the trust and transparency customers need as they implement AI meant for scale. Building on the foundation of Now Assist, AI Experience extends across any workflow, including the company’s autonomous Customer Relationship Management (CRM) offering, to transform sales and service — positioned to drive revenue growth and lasting customer loyalty. In an agentic AI era, it elevates the traditional user interface (UI) and becomes the intelligent entry point for employees to access information, delegate tasks, and collaborate with AI. 

Enterprises today suffer from decades of SaaS applications that define work in siloes and by departments. Many have dozens of separate AI solutions simply bolted onto existing systems, leaving employees juggling disconnected tools that don’t have access to the data they need to move work forward. With AI Experience, data, AI models, AI modalities, and workflows converge on a single, intuitive interface — empowering organizations to accelerate adoption, simplify access, and reduce employee AI learning gaps because ServiceNow works across workflows, not just a single app.

AI Experience represents a fundamental shift in how people interact with technology to get work done. It places AI at the forefront of the user experience with a powerful new multimodal, multilingual UI that allows instant access to voice, text, image, web, and build agents that are deeply connected to any part of the business, delivering context‑aware, personalized, and proactive interactions. AI Experience can anticipate needs, take action, and deliver results at enterprise scale.

With AI Control Tower — a central hub for governing, monitoring, and managing any AI asset, native or third‑party — enterprises can deploy AI Experience with confidence, giving them speed without losing security or control.

AI is the new UI: Putting AI at the center of how work gets done

At the core of AI Experience are intelligent, role‑aware AI agents that work side‑by‑side with employees to resolve issues, complete tasks, and drive outcomes. AI agents operate transparently, continuously learn, and give users full visibility and control, keeping AI always in the flow of work on one platform.

AI Experience introduces new capabilities such as:

  • AI Voice Agents: Offer hands‑free support that retrieve information, update records, and troubleshoot complex issues with human‑like fluency.
  • AI Web Agents: Learn from humans to complete tasks across third‑party apps and the web — clicking buttons, filling out online forms, and navigating internal sources and external systems, without APIs or integrations.
  • AI Data Explorer: Connects insights across ServiceNow and external data sources via Workflow Data Fabric, helping users investigate trends, pinpoint root causes, and document findings without leaving their workflow.
  • AI Lens: Turns what users see — screens, forms, and dashboards — into instant action, eliminating manual effort and accelerating decisions with AI‑powered automation. 

Autonomous CRM: Driving revenue and customer loyalty

Through the single‑architecture, single data model of the ServiceNow AI Platform, AI Experience can be instantly applied across enterprise workflows, including CRM. This marks a shift from legacy SaaS systems that passively track customer interactions to an AI‑native, revenue‑driving AI operating system that resolves customer issues and improves customer loyalty at every turn.

AI Experience transforms CRM from a static system of record into an AI‑first system of action. Instead of forcing employees to jump from app‑to‑app, spend time configuring quotes manually, or stitch together fulfillment processes, AI agents take on the manual, repetitive work, like scanning tickets, flagging patterns, and recommending response plans. This allows human agents to focus on complex decisions and real‑time improvements. 

In service, customers can get their issue resolved or request fulfilled through automation from the channel of their choice. In sales, a new AI‑powered Configure, Price, Quote (CPQ) solution accelerates quote generation that matches the customer’s need and frees sales reps to focus on customer relationships. Because AI agents and prebuilt workflows are built‑in, work moves smoothly across teams and tools. The result: problems get solved faster, costs can go down, employees stay focused on customers, and customers enjoy better experiences.

The foundation for enterprise‑ready AI

Rapid transformation to an AI‑first enterprise requires transparency, governance, and data to scale responsibly. The ServiceNow AI Platform delivers this foundation by uniting AI, data, and workflows to power autonomous actions — responsibly, transparently, and securely across the enterprise. 

Building on the governance and security capabilities within the ServiceNow AI Platform, ServiceNow also introduced new capabilities for AI Control Tower that span cross‑platform onboarding, proactive risk and compliance monitoring, and real‑time value tracking. ServiceNow also announced Now Assist model provider flexibility, which enables customers to integrate and choose from ServiceNow’s platform‑native LLMs and third‑party providers such as Azure OpenAI, part of Microsoft Azure AI Foundry, Anthropic Claude on AWS, or Google Gemini models. This allows organizations to align the most suitable AI model with the distinct demands of each workflow on the ServiceNow AI Platform, at no additional cost. With Workflow Data Fabric, ServiceNow can connect, catalog, and govern data across systems, offering a comprehensive framework for AI.

Availability

AI Lens is now generally available. AI Voice Agents, AI Web Agents, AI Data Explorer, and AI‑powered CPQ are expected to be available by the end of calendar year 2025. 

Additional Information

Read more about AI Experience from our President, Chief Product Officer, and Chief Operating Officer, Amit Zavery on the ServiceNow blog.

Leave a comment »

Ericsson Wireless WAN solution enables increased productivity and improved workflow for Coffrages Synergy Formwork

Posted in Commentary with tags on October 1, 2025 by itnerd

Ericsson’s enterprise wireless solutions are supporting Coffrages Synergy Formwork as the company focuses on being a leader in innovation in the construction industry, while improving productivity and processes.

Through the deployment of a reliable Ericsson wireless wide area network (WAN), Synergy’s employees are better equipped to do their work, with stable access to applications and devices they need – even when they’re on a high floor of a project site.

Coffrages Synergy is a Montreal-based construction company that specializes in formwork and high-rise towers. The organization has more than 1,500 employees working on jobsites across Québec and Ontario, including Ottawa, Gatineau, Québec City, Montreal and now Halifax, N.S.

Reliable internet connectivity is imperative on construction sites in order to enable employees’ access to important applications and information. However, the vastness of job sites was impacting the ability of Synergy’s workers to stay connected. Getting wires to a new build job site is also a complex process that is subject to onsite issues and statuses. Wired networks in particular posed difficulties for Synergy, as crews frequently move between different floors during their projects.

Extending wired networks across multiple floors of high-rise projects proved not only to be time-consuming and disruptive to ongoing construction, but also very costly and highly inefficient.

To solve this issue, the company needed a wireless network that could effectively support all requirements. Synergy created portable office units called Sky Shacks that can move from floor to floor of a high-rise under construction. The units are equipped with devices including tablets, laptops and printers, so employees can easily access what they need to work without having to descend to the ground floor. Synergy selected Ericsson Cradlepoint R2100 5G and S700 4G routers to create a reliable Wi-Fi network that connects these devices and extends internet access across the floors of the high-rise project. So far, the company has rolled out 67 Sky Shacks across their project sites delivering reliable connectivity to even the highest floors.

As employees move to work on a different floor of a high-rise project, the Sky Shack follows, providing a stable network to connect to cloud applications and more.

Synergy’s workflow has significantly improved since implementing the wireless WAN solution:

  • As Sky Shacks can be quickly relocated to new floors without the need for time-consuming wired installations, the organization has seen a considerable reduction in downtime
  • Improved connectivity has in turn increased overall productivity with seamless access to cloud-based construction software, plans, and communication tools driving + 4.2 TB of cellular data per month
  • Overall, the new efficiencies gained have translated into substantial cost savings, eliminating expenses associated with wired infrastructure and on-site troubleshooting

Leave a comment »

Unit 42 Identifies New Major Chinese APT Group Targeting Global Diplomats & Telecoms

Posted in Commentary with tags on October 1, 2025 by itnerd

After a nearly three-year investigation, Unit 42 has identified a previously unknown Chinese state-sponsored threat actor we’ve named Phantom Taurus. This isn’t just another threat actor; their methods, tools, and relentless persistence place them in a new top tier of global threats.

What makes Phantom Taurus significant?

  • Unique and Sophisticated: They operate with entirely unique tactics and a custom arsenal of previously undocumented malware, setting them apart from all other known Chinese APTs. 
  • Dual-Mission Focus: They are surgically targeting both high-level geopolitical intelligence and entities (embassies, foreign ministries, diplomats) and critical telecommunications infrastructure. 
  • Unprecedented Persistence: This is what truly sets them apart. When most threat actors are discovered, they retreat for weeks or months. Phantom Taurus regroups and re-enters target networks within hours or days. Their mission is so critical they are willing to risk exposure to maintain access.
  • They Go for the Jugular: Instead of common phishing attacks, they meticulously research their targets and bypass users to directly compromise critical infrastructure to steal entire mailboxes or gain a persistent foothold for data collection.

This group is well-resourced, geopolitically aware, and poses a formidable, ongoing threat with a primary geographic focus on Africa, the Middle East, and Asia.

Here is the full, in-depth report detailing their custom tools, malware, and tactics: http://unit42.paloaltonetworks.com/phantom-taurus

Leave a comment »

« Older Entries
Newer Entries »