Archive for March 30, 2026

The EU Gets Pwned By ShinyHunters

Posted in Commentary with tags , on March 30, 2026 by itnerd

Today is the day that I report on organizations and individuals getting pwned.

The European Commission has confirmed a cyberattack affecting its Europa.eu web platform, with early findings indicating that data was extracted from cloud infrastructure hosted on Amazon Web Services (AWS). The incident was discovered on March 24, 2026, and officials said the breach was contained while an investigation into the full scope remains ongoing.

Hackers linked to the ShinyHunters group have claimed responsibility, alleging they accessed and stole more than 350GB of data, including databases and internal documents. The European Commission has not verified the full extent of the stolen data but confirmed that some data was taken and that affected entities are being notified.

The Commission stated that its internal systems were not impacted, with the attack limited to externally hosted cloud services supporting its public-facing websites. Authorities continue to assess the incident and determine what information may have been accessed while implementing additional security measures.

Lydia Zhang, President & Co-Founder,Ridge Security Technology Inc. served up this comment:

   “Continuously exposed external digital assets, such as public websites and AWS S3 buckets, have become prime attack targets, especially with the rise of AI-driven automated threats. Organizations must strengthen their security posture; continuously scanning, testing, and remediating vulnerabilities across these interfaces is no longer optional, but essential.”

Noelle Murata, Sr. Security Engineer, Xcape, Inc. provided this comment:

   “The business impact has escalated from a simple web defacement to a massive Identity and Access Management (IAM) crisis, as the breach likely involves the theft of DKIM keys and SSO directories. This means the adversary can now generate perfectly authenticated emails that bypass DMARC checks, turning the Commission’s own reputation into a weapon for secondary spear-phishing campaigns across the EU.

   “The technical post-mortem indicates a failure of “Identity Hygiene” rather than a cloud security flaw; AWS has publicly cleared its own name, pointing to compromised credentials – likely harvested via the group’s signature vishing tactics against IT helpdesks. For defenders, the priority is no longer just “containing” the breach but an immediate, wholesale rotation of all cloud-based signing keys and a mandatory password reset for the entire SSO tenant. Furthermore, organizations interacting with the EC should treat all incoming “official” correspondence with extreme skepticism, even if it passes cryptographic validation.

   “The reality is that if your identity provider is compromised, your “secure” cloud is effectively an open book.

   “The EU is about to find out that “GDPR Compliance” is a lot harder to enforce when you’re the one filling out the self-report form.”

Phil Wylie, Senior Consultant & Evangelist, Suzu Labs adds this:

   “This attack shows that threat actors do not always need to penetrate core internal networks to create risk. Public-facing cloud environments often contain valuable operational data that can support reconnaissance, social engineering, and follow-on attacks.

   “Most cloud breaches are not failures of the provider but issues around identity security, access management, or configuration. The real lesson here is that organizations need stronger visibility into how cloud data is accessed and moved, not just whether malware is present.

   “Even if the affected systems were isolated, any confirmed data exfiltration should be treated as potential intelligence exposure that could enable future targeting.”

Rajeev Raghunarayan, Head of GTM, Averlon had this to say:

   “Cloud breaches are rarely contained to the system where the compromise started. The real question is what that system had access to, regardless of whether it was considered external or internal. Public-facing applications are often connected to backend services, databases, and storage, and a compromise can expose far more than the initial entry point suggests. The separation between external and internal systems can limit blast radius, but only if access across those layers is tightly controlled, whether through network paths, vulnerabilities, misconfigurations, or identity permissions.

   “The priority for organizations is understanding what data and systems were reachable from the compromised environment, not just what was directly affected. That potential blast radius is what determines the true impact and guides an effective response.”

It’s days like this that make me wonder if there’s no going back and that organizations getting pwned is now the new normal. But we cannot believe that is true. Instead more effort needs to be put into making sure that this starts to get addressed so that pwnage becomes an edge case as opposed to the new normal.

UPDATE: Gidi Cohen, CEO & Co-founder, Bonfy.AI had this to say:

“Modern incidents like the European Commission’s cloud breach are less about a single misconfigured account and more about sprawling unstructured content moving across websites, SaaS apps, storage buckets, AI systems, and agents without unified, context‑aware governance. Cloud security posture management and traditional DLP/DSPM remain necessary, but they are no longer sufficient on their own; without adaptive content controls that understand the people, customers, and citizens behind the data, organizations will continue to be surprised by where sensitive information surfaces when a breach hits.

What matters now is not just where data lives but how it flows: public platforms and “content systems” quietly accumulate regulated and entity‑specific data in logs, backups, CMSes, and object stores, while AI and automation continuously read from and write to those same stores, creating a dense web of human, system, and agent access paths that legacy tools do not see end to end. In that environment, a cloud compromise becomes a test of whether an organization can quickly answer the only questions regulators and boards truly care about, whose data was exposed, through which systems, and how far it has already propagated.”

Leave a comment »

Spring forward with these must-have tech essentials from Samsung

Posted in Commentary with tags on March 30, 2026 by itnerd

Spring is a natural moment to refresh the devices Canadians rely on every day. Samsung’s latest Galaxy lineup introduces updated AI capabilities, performance upgrades, and deeper ecosystem integration across mobile, audio, wearables, and PC. 

Here are a few standout devices, each defined by the core innovations driving them: 

  • For AI-powered mobile experiences, Galaxy S26 Series (Starting at $1,249.99 CAD) 
    Including Galaxy S26, S26+, and S26 Ultra, the latest S series is powered by Snapdragon® 8 Elite Gen 5 (3nm) and introduces expanded on-device AI. Features like Now Nudge enable context-aware assistance, Notification Intelligence prioritizes key alerts, and Circle to Search 3.0 supports multi-object recognition. Privacy Screen adds pixel-level display protection, while Nightography Video enhances low-light capture. 
  • For AI productivity and PC performance, Galaxy Book6 Series (Starting at $1,449.99 CAD) 
    Including Galaxy Book6 and Galaxy Book6 Pro, the lineup combines Intel® Core™ Ultra processors with AI-driven productivity tools. The Pro model features a high-resolution AMOLED display with HDR support and variable refresh rate, alongside extended battery life and seamless continuity across Galaxy devices. 
  • For advanced audio and intelligent controls, Galaxy Buds4 Series (Starting at $249.99 CAD) 
    Including Galaxy Buds4 and Galaxy Buds4 Pro, the series introduces upgraded 2-way speakers (Pro), 24-bit Hi-Fi sound, and adaptive noise control. AI integrations enable voice access to Gemini, Bixby, and Perplexity, with new head gesture controls offering hands-free call management. 
  • For health tracking and wearable performance, Galaxy Watch8 Series (Starting at $499.99 CAD) 
    Including Galaxy Watch8 (40mm/44mm) and Galaxy Watch8 Classic (46mm), the series features a new 3nm chipset, expanded storage, and enhanced sensor capabilities. Updates include improved sleep analysis, activity tracking, and gesture controls, with the Classic model adding a rotating bezel and quick-access button. 
  • For device protection and lifecycle value, Samsung Care+ 
    Samsung Care+ provides coverage with unlimited repairs using Samsung-certified parts, free device replacement for loss, and worldwide repair support. Designed to maintain device performance and value over time, it offers an alternative to traditional carrier insurance with broader global coverage. 

For a limited time, until April 2, Canadian customers can access launch offers including 25% off Samsung Care+ for Galaxy S26 Ultra and 15% off across Galaxy S26 and S26+, Galaxy Buds4 series, and Galaxy Book6 series

More details are available at samsung.com/ca . 

Leave a comment »

TELUS launches SmartEnergy for Good across Ontario

Posted in Commentary with tags on March 30, 2026 by itnerd

TELUS is expanding its Connecting for Good programming, which builds stronger and healthier communities across Canada by ensuring no citizen is left behind and has access to world-leading technology, to now include TELUS SmartEnergy for Good. A first-of-its-kind initiative in Canada, TELUS SmartEnergy for Good is designed to advance energy equity by providing vulnerable households with access to smart energy technology at a subsidized monthly service cost. The first phase of SmartEnergy for Good has launched in Ontario, equipping eligible low-income households with the tools and technology they need to reduce energy consumption, lower their utility bills, and contribute to Canada’s climate targets.

The program is open to qualifying low-income Ontario residents, including seniors, families, and youth aging out of government care. Through TELUS SmartEnergy for Good, qualifying customers will receive a subsidized comprehensive SmartHome Energy management package  including: a monthly TELUS SmartEnergy subscription, a smart thermostat rental, two energy monitoring plugs, and professional installation.

TELUS SmartEnergy is a subscription-based energy management solution helping Canadians save money on their energy bills and reduce their environmental footprint. Subscribers can save up to 15 per cent on energy bills by, among other things, automating temperature settings and powering down unused devices, while monitoring usage through personalized insights in the app.

Beyond subsidizing SmartHome technology, the initiative educates households on energy cost reduction while supporting Ontario’s emission reduction targets by reducing grid strain during peak demand. As part of its environmental commitment, TELUS will plant four trees per year on behalf of each participating household, contributing to carbon sequestration and climate resilience.

TELUS plans to bring SmartEnergy for Good to additional provinces across Canada later this year. To learn more, visit telus.com/smartenergyforgood.

Leave a comment »

The Director Of The FBI Has Had His Email Pwned By Iranian Hackers

Posted in Commentary with tags , , on March 30, 2026 by itnerd

The Iranian hacker group Handala has claimed another victim. After pwning this company, Handala has now apparently pwned the personal email account of FBI director Kash Patel. Cybernews suggests that this is in revenge for the FBI taking down the group’s leak site.

“Today, once again, the world witnessed the collapse of America’s so-called security legends. While the FBI proudly seized our domains and immediately announced a $10 million reward for the heads of Handala Hack members, we decided to respond to this ridiculous show in a way that will be remembered forever,” the group wrote on its new leak site.

“All personal and confidential information of Kash Patel, including emails, conversations, documents, and even classified files, is now available for public download” Handala claimed, also boasting about the alleged “get” on its now 42nd Telegram channel.

The posted samples include nine personal photos of Patel and an alleged resume belonging to the FBI head.

The FBI has basically admitted that this is real, and if you’re Patel or the FBI, this has to be highly embarrassing. But honestly, I think that’s the least of their problems. Handala is clearly on a rampage and I fully expect to see more pwnage from this group over the coming weeks seeing as they are an Iran aligned group and will likely want to “flex” for those in the Iranian regime who back them.

Leave a comment »

Rogers & Fido Have Been Pwned

Posted in Commentary with tags , , on March 30, 2026 by itnerd

Over the weekend it came to light that Canadian telco Rogers and their flanker brand Fido have been pwned and customer data is out there. I first saw this here:

But Cybernews saw a lot more that should scare any current or former Rogers customer.

Attackers posted an ad on a mostly Russian-speaking hacker forum, alleging the database for sale belongs to Rogers Communications, a Canadian media behemoth providing wireless, cable, and internet services.

The ad supposedly includes three Rogers’ Active Directory (AD) databases: users, groups, and devices. Organizations use AD to connect users with network resources. Typically, AD includes critical data on the company’s environment, for example, what users can do and what devices operate within the system.

And:

Data samples of the three AD databases included in the ad, and seen by Cybernews, contain customer names and surnames, phone numbers, email addresses, locations, company names, account launch date, user device operating systems, user roles, device security status, and other sensitive data points.

While the sampled attackers provided don’t include employee data, the Cybernews researcher team believes the AD could also host information on the company’s employees that use Rogers’ network resources, as this type of data is usually included in AD databases.

Threat actors put a $14,000 price tag on the three databases mentioned in the ad. The ad doesn’t specify the size of the database or the number of the company’s users it exposed.

The harm that this could cause is huge. Now the company is downplaying the extent of this pwnage based on this comment from the company:

“Through proactive monitoring, we identified that business contact information, such as work email addresses and phone numbers, for Rogers employees was posted on the dark web. No personal details, including banking information, social insurance numbers or passwords, were accessed or posted. Our investigation also indicates no customer information was accessed or posted,” Rogers told Cybernews.

The thing is that all of this information can be used to launch attacks on all who are affected. And Rogers in their statement doesn’t say how long the threat actors had access to their systems. The cynic in me says that it could be years as I have personally had a threat actor use very specific information to attempt to execute a social engineering attack on my wife and I which I posted a story about here. And that incident was in 2023. So I would not be shocked that when all the details are made public that the threat actors were inside Rogers systems for at least that long. But I am free to be proven wrong on that front. All Rogers has to do is to post what happened, how long it has been happening and what they will do to stop it from happening in the future. It will be interesting to see if Rogers actually does that, or simply tries to sweep this under the nearest rug and hope that this goes away.

Leave a comment »