Archive for March, 2026

« Older Entries
Newer Entries »

Cybercriminals now sell corporate network access for as little as $500

Posted in Commentary with tags on March 12, 2026 by itnerd

A new threat intelligence report from the Abstract’s Threat Research Organization (ASTRO) will reveal that the cybercrime economy has industrialized network breaches with specialized criminals now selling pre-compromised access to corporate networks for as little as $500.

Abstract’s report, “Priced to Move: The Underground Markets of Modern Cyberattacks,” examines the rapidly growing ecosystem of Initial Access Brokers (IABs): attackers who break into organizations and then sell that access to ransomware gangs and other threat actors.

Key findings from the research include:

  1. Credential abuse is now the dominant entry point. 56% of incidents involved valid accounts without MFA.
  2. Ransomware attacks surged 47% year over year, fueled by the growth of this underground access market.
  3. Network access often sells for $500–$1,000, allowing attackers to target dozens of organizations simultaneously.
  4. Median time from initial compromise to ransomware deployment has dropped to just five days.
  5. Healthcare, government, and education are among the sectors seeing the fastest growth in IAB-driven attacks.

The economics are striking. The report details a healthcare breach where $2,200 worth of purchased access ultimately resulted in nearly $4 million in damage, a roughly 1,700x return on investment for attackers.

ASTRO says the rise of access brokers has fundamentally changed how cybercrime operates…turning network intrusions into a specialized supply chain where one group gains access, another sells it, and ransomware gangs monetize it.

You can read the research here:https://abstract.security/reports/priced-to-move

Leave a comment »

SurePath AI Advances Real-Time Model Context Protocol (MCP) Policy Controls to Govern AI Actions

Posted in Commentary on March 12, 2026 by itnerd

SurePath AI today announced MCP Policy Controls, which provides real-time controls over what MCP servers and tools are allowed to be used. The new capability helps organizations adopt MCP safely with visibility and safeguards from day one.

MCP is a direct line from generative AI clients to the systems that enable a business to operate. These lightweight MCP tools can run locally on a user’s laptop and are often launched silently by AI desktop apps like ChatGPT, Claude, and Cursor. They also link to internal tools, such as Google Drive, Salesforce, and AWS management APIs. This presents new security challenges – AI is now issuing real commands, authenticated as the end user.  While cloud-based MCPs offer some guardrails, they also increase surface area. For instance, multiple agents connected to a mix of local and remote MCP servers can create tangled pathways for data sprawl and lateral movement.

SurePath AI was purpose-built to solve these challenges by applying policy-based control over what MCP servers and tools are allowed to be used before anything is executed. As the only platform that is schema-aware enough to transform these requests, SurePath AI enforces an organization’s policies on exactly which MCP servers and tools are allowed by controlling local MCP hosts and their connections to local MCP servers. These policies can leverage built-in classifications of whether a tool is destructive or not, or be customized explicitly to each organization’s security requirements.

To mitigate risk on the remote side, SurePath AI maintains a catalog of known MCP servers and endpoints. All protected MCP traffic is routed through its platform, where access controls are applied in real time, even down to the specific tool. SurePath AI’s new capability also uncovers supply chain threats by detecting never-before-seen MCP tools that could impersonate other tools or attempt to exfiltrate data outside the approved security perimeter.

Key features include:

  • MCP Tool Discovery: Discover MCP tools through monitoring MCP usage in AI tools across the workforce by intercepting MCP payloads and removing tools that are either blocked by policy or in violation of capability requirements, such as tools that are not read-only. When a tool violates policy, it is removed from the MCP payload before being sent to the backend service, which means that the service will not have access to leverage that tool.
  • MCP Tool Block List: Explicitly block specific MCP tools that have been discovered in the environment. Blocked tools are removed from MCP payloads before they reach backend services.
  • MCP Tool Allow List: Allow specific MCP tools that have been discovered in the environment. Allowed tools will always be included in MCP payloads.
  • Allow Read-Only: When enabled, automatically enables all read-only MCP tools without requiring them to be added to the Allow List, streamlining policy management for lower-risk tools.
  • Catch-All Action: Determine the default action taken for MCP tools that are not explicitly allowed or blocked, providing control over how the system handles tools that fall outside of the defined block and allow lists.
  • Auto-Discovery and Classification: Gain insights into MCP tools, like whether they are well-known or just built on someone’s laptop

For more information, visit surepath.ai.

Leave a comment »

CISA issues urgent directive on Cisco SD-WAN vulnerabilities that are being actively exploited 

Posted in Commentary with tags on March 11, 2026 by itnerd

There is a new urgent directive from the CISA released this morning which is Emergency Directive 26-03, warning that threat actors are actively exploiting vulnerabilities in Cisco Catalyst SD-WAN systems used across federal networks. The directive requires agencies to immediately inventory affected systems, collect forensic artifacts, apply patches, and hunt for signs of compromise. 

The vulnerabilities include CVE-2026-20127, a critical authentication bypass flaw (CVSS 10) that could allow an unauthenticated attacker to gain administrative access to SD-WAN infrastructure and potentially manipulate network configurations. 

Bobby Kuzma, Director of Offensive Operations at ProCircular had this to say:

“CISA has clear reason to believe that these vulnerabilities have been, and likely continue to be, exploited by threat actors to compromise government systems and networks. The requests for artifact collection and submission make it clear they’re working to identify the scope of the threat. While contractors and civilian organizations are not required or requested to follow similar collection steps, if you have Cisco SD-WAN appliances in your environment, this is a good time to collect artifacts and review patch statuses and logs.”

Once again it’s time to patch all the things. Though this time around, this patching exercise is pretty urgent and should be done without delay.

Leave a comment »

Equinix Unveils Distributed AI Infrastructure

Posted in Commentary with tags on March 11, 2026 by itnerd

At its inaugural AI Summit, Equinix, Inc. unveiled its Distributed AI infrastructure—a bold new approach to power the next wave of AI innovation, including agentic AI. Today’s announcement includes a new AI-ready backbone to support distributed AI deployments, a global AI Solutions Lab to test new solutions, and Fabric Intelligence to better support next-generation workloads for enterprises.

Fabric Intelligence AI-Driven Network Automation

As businesses look to deploy next-generation AI tools, such as AI agents, enterprises need to rethink their existing IT architecture. Equinix’s Distributed AI has been engineered from the ground up to support the scale, speed and complexity of modern intelligent systems—including the evolution from static models to autonomous, agentic AI capable of reasoning, acting and learning independently. Unlike traditional applications, AI is inherently distributed, with distinct infrastructure requirements for training, inferencing and data sovereignty. Meeting these needs requires a new kind of infrastructure—globally distributed, deeply interconnected and built for performance at scale. With a fully programmable, AI-optimized network linking 270+ data centers across 77 markets, Equinix is uniquely positioned to unify these environments across geographies, enabling intelligent systems to operate reliably, securely and everywhere they need to be.

Key announcements from Equinix’s inaugural AI Summit include:

Fabric Intelligence:

  • A software layer that enhances Equinix Fabric®, an on-demand global interconnection service, with real-time awareness and automation for AI and multicloud workloads.
  • Available in Q1 2026, Fabric Intelligence integrates with AI orchestration tools to automate connectivity decisions, taps into live telemetry for deep observability, and dynamically adjusts routing and segmentation to optimize performance and simplify network operations. By making the network responsive to workload demands, Fabric Intelligence helps enterprises reduce manual effort, accelerate deployment and keep pace with the scale and speed of AI.

AI Solutions Lab at Equinix Solution Validation Center® facilities: 

  • Equinix is launching a global AI Solutions Lab across 20 locations in 10 countries, giving enterprises a dynamic environment to collaborate with leading AI partners.
  • Available today, enterprises can use the AI Solutions Lab to connect to the expansive Equinix AI partner ecosystem. This collaboration can help to de-risk AI adoption, co-innovate solutions, and to move faster from idea to operational AI deployment.

Expansion of Equinix’s AI ecosystem:

  • Now one of the most comprehensive vendor-neutral AI ecosystems in the industry, with more than 2,000 partners worldwide, making next-generation AI inferencing services discoverable and actionable through the new Fabric Intelligence.
  • Providing enterprises access to cutting-edge technology, including the GroqCloud™ platform in Q1 2026, to enable direct, private access to leading-edge inference platforms without custom builds—so they can connect and scale AI services faster with enterprise-grade performance and security.

With Equinix’s Distributed AI infrastructure, enterprises will be able to support use cases like real-time decision-making for predictive maintenance in manufacturing, dynamic retail optimization and faster fraud detection in financial services. By enabling AI at the edge and across regions, Equinix helps organizations run scalable, compliant and low-latency AI workloads wherever they’re needed. These products are expected to become available in the first quarter of 2026.

Leave a comment »

Kyndryl provides Canadian enterprises with a fast, secure path to move and modernize mission-critical legacy systems on Microsoft Azure

Posted in Commentary on March 11, 2026 by itnerd

Kyndryl today announced the availability of Kyndryl Cloud Uplift, formerly Skytap, in Microsoft Canadian data center regions. This expansion provides Canadian enterprises a fast, low-risk, self-serve way to move and modernize mission-critical legacy applications on Microsoft Azure while keeping data in Canada.

While cloud has become a key driver of business agility, Canadian leaders face operational and regulatory complexity as they try to modernize without disrupting critical systems. According to the Kyndryl Readiness Report, 67% of leaders say innovation is delayed by foundational technology issues, and 81% are increasingly concerned about the geopolitical risks of storing and managing data in global cloud environments, with 60% changing cloud strategies in response.

Kyndryl Cloud Uplift addresses these realities by enabling enterprises to replicate and run IBM Power (AIX, IBM i, Linux) on Microsoft Azure without re-architecting or rewriting applications so they can reduce migration risk while maintaining performance and day‑to‑day operations. And because Kyndryl Cloud Uplift is available in Microsoft Canadian data center regions, organizations can keep data within Canada as they modernize and adopt modern cloud services and AI at their own pace.

Canada is the fifth geographic region to offer Kyndryl Cloud Uplift following the acquisition of Skytap in May 2024, reinforcing Kyndryl’s commitment to delivering locally compliant solutions with global deployment options to customers. Canada marks the fourteenth Microsoft data center region where Kyndryl Cloud Uplift is available.

Learn more about Kyndryl’s hybrid cloud services portfolio.

Leave a comment »

New Liquibase research: AI & Production Databases interact in 96.5% of organizations, governance automation lags 

Posted in Commentary with tags on March 11, 2026 by itnerd

Liquibase, the leader in Database Change Governance, today released the 2026 State of Database Change Governance Report, new research on how enterprises are managing database change as AI becomes embedded across production systems, analytics, and delivery pipelines. The report finds that AI interaction with enterprise databases is now widespread, while governance automation and consistent enforcement have not kept pace with the speed and scale of change. (The report and graphic are linked at bottom.)

For CIOs, the issue is not that AI touches production data. The issue is whether the organization can prove control at the database layer when change is frequent, environments are heterogeneous, and AI introduces new pathways for change and access. At AI scale, manual governance struggles to keep up. That is where risk compounds and then surfaces as data quality failures, audit friction, and outcomes leaders cannot explain.

Key survey findings:

  • AI interaction: 96.5% of respondents report at least one AI or LLM interaction with their production databases, including analytics and reporting, training pipelines, internal copilots, and AI-generated SQL.
  • Change velocity: 68.1% deploy database changes weekly or faster, including 10.8% deploying multiple times per day and 18.8% deploying daily.
  • AI-era risk: 64.3% cite data quality issues as a top AI-related risk, and 46.5% cite ungoverned AI-generated SQL as a key concern.
  • Estate complexity: Organizations report an average of five database and data platform types, and 29.1% manage ten or more database types.
  • Governance gap: Only 28.1% report database change governance that is standardized and consistently enforced, while 42.3% remain at Ad hoc or Emerging. Only 7.7% report fully automated governance using policy as code with real-time enforcement.
  • Audit pressure compounds the challenge. The report finds 95.3% of respondents undergo multiple compliance or database audits per year, with more than one in five facing seven or more audits annually.

The report highlights a widening operating gap. Enterprises are shipping database change continuously across diverse platforms, while governance often depends on documentation, manual review, and fragmented evidence. In an AI era, those approaches do not scale. As AI automations and AI-generated changes increase, the cost of inconsistent enforcement rises, and the blast radius of a single unmanaged change expands across downstream analytics and AI systems.

What customer behavior telemetry shows at AI scale:

Anonymized Liquibase Secure product telemetry, separate from the survey results, reveals the following.

  • Governance is the default: 99.25% of Liquibase Secure sessions run with governance enabled, a necessary baseline as AI increases the volume of proposed change.
  • Standardization enables automation: Nearly 86% of observed changelog activity is in XML and YAML, supporting machine-readable change definitions that AI-scale delivery can validate and enforce.
  • Controls must exist before CI: About 90% of sessions run outside CI, reinforcing that as AI accelerates change, governance has to shift left into the developer workflow.
  • Adoption starts with proof: Reporting is among the most exercised capabilities, reflecting early demand for audit-ready traceability as AI makes decisions harder to defend without evidence.

A practical roadmap and scorecard for CIOs

Beyond the survey findings, the report provides a staged operating model for moving from ad hoc database change to standardized, enforced, and observable governance, without slowing delivery. It also introduces a CIO-ready scorecard that pairs reliability metrics (MTTD and MTTR) with coverage metrics for automated controls, audit evidence, and AI-governed change, so leaders can measure progress and risk reduction over time.

Here’s a link to a summary of the 2026 State of Database Change Governance Report.

Leave a comment »

Flashpoint Releases 2026 Global Threat Intelligence Report

Posted in Commentary with tags on March 11, 2026 by itnerd

Flashpoint today announced the release of its 2026 Global Threat Intelligence Report (GTIR), providing security leaders from threat intelligence and vulnerability management teams to physical security professionals and the CISO’s office with a proprietary data-driven, ground-truth view of the converging threats defining today’s hybrid risk environment.

Powered by Flashpoint’s Primary Source Collection (PSC), the 2026 GTIR reveals a sharp rise in AI-related discussions, signaling a rapid shift from criminal curiosity to the active development of malicious agentic frameworks. At the same time, the mechanics of cybercrime have shifted from breaking in to logging in, as attackers leverage stolen session cookies to operate as legitimate users. As technical defenses against encryption harden, ransomware groups are pivoting to the path of least resistance: human trust and identity compromise. Meanwhile, the patching window continues to collapse, with mass exploitation of zero-day vulnerabilities occurring in as little as 24 hours after discovery.

Cybercrime Has Entered the Era of Total Convergence

Between late 2025 and early 2026, adversaries rapidly accelerated adoption of agentic AI frameworks capable of orchestrating autonomous attack chains — automating reconnaissance, phishing generation, credential testing, and infrastructure rotation all without direct human control. This dramatically lowers the cost of experimentation and increases the speed of exploitation.

The 2026 GTIR identifies four converging forces reshaping the global threat landscape:

  • Agentic AI Operationalization — Autonomous systems capable of executing
    end-to-end attack chains at machine speed, increasing both the volume and intensity of
    cybercrime
  • Identity as the Primary Exploit Vector — Billions of compromised credentials fueling
    credential-based intrusions beyond the boundaries of organizational oversight and
    control
  • Compression of the Exploitation Window — Vulnerabilities weaponized within hours
    of disclosure before organizations can understand their exposures or begin to respond
  • The Evolution of Extortion — Ransomware shifting toward identity-driven and
    insider-enabled models, enhancing its effectiveness

Together, these dynamics form a single, high-velocity threat ecosystem where automation,
identity compromise, and vulnerability exploitation reinforce one another.

AI-Related Illicit Activity Surged 1,500% in a Single Month

Flashpoint identified a 1,500% rise in AI-related illicit discussions between November and December 2025 from 362,000 mentions to more than 6 million, signaling a rapid transition from experimentation to operationalized malicious AI frameworks.

Threat actors are actively developing autonomous systems capable of scraping data, rotating infrastructure, adjusting messaging, and learning from failed attempts without continuous human oversight. These agentic systems dramatically increase iteration speed and reduce operational friction for attackers.

Identity Has Become the Primary Exploit Vector

Flashpoint observed over 11.1 million machines infected with infostealers in 2025, generating an inventory of 3.3 billion compromised credentials and cloud tokens.

As a result, the mechanics of cybercrime have shifted from “breaking in” to “logging in.” Attackers now leverage stolen session cookies, tokens, and legitimate credentials to bypass traditional security perimeters entirely, turning digital identity into the connective tissue of modern exploitation. The reality of identity data and the potential for its automation necessitate a shift in how organizations must view their attack surface. Infostealers have shown that it is no longer limited to corporate infrastructure; it now includes employee browsers, personal devices, SaaS platforms, and third-party access.

The Window Between Vulnerability Disclosure and Exploitation Is Vanishing

Vulnerability disclosures increased by 12% year-over-year, with one-third (33%) of disclosed vulnerabilities having publicly available exploit code.

Several high-impact vulnerabilities were mass exploited within hours of disclosure, compressing remediation timelines and raising the stakes for exposure management. In this environment, organizations cannot rely solely on reactive patching cycles; they must incorporate early-warning intelligence to anticipate weaponization trends.

Ransomware Is Pivoting Toward Pure-Play Identity Extortion

Ransomware incidents rose by 53% in 2025, with RaaS groups responsible for more than 87% of attacks.

Rather than relying exclusively on encryption payloads, threat actors are increasingly targeting identity and human trust by recruiting malicious insiders, abusing authorized access, and leveraging credential theft to extort organizations without deploying traditional ransomware binaries.

Who should read the 2026 GTIR?

The report is designed for CISOs, threat intelligence teams, vulnerability management leaders, fraud and risk teams, and executive decision-makers seeking a strategic view of converged cyber and hybrid threats.

Read the full report here: https://flashpoint.io/resources/report/flashpoint-global-threat-intelligence-report-2026

Leave a comment »

New HP Report Highlights SMB Print Security Gap: 57% say print security is a low priority while trusting printers by default

Posted in Commentary on March 11, 2026 by itnerd

HP today released The Workflow Wakeup report, which takes a comprehensive look at how everyday technologies, including printers, can help small businesses improve security and prepare for the future of work.

Despite growing concern among Enterprise IT leaders, print security remains one of the most overlooked weaknesses in SMB cyber defenses. A new global study of 800 IT Decision Makers and 2,400 knowledge workers shows that 57% of SMBs say print security is a low priority in cybersecurity strategies.

The findings come as print-related risk continues to rise. Separate research from Quocirca showed that 56% of SMBs have reported at least one print-related loss of data in the past year, underscoring how easily this “assumed safe” part of the IT estate can become an exposure point.

Key findings from HP’s SMB study include:

  • Policies don’t work or are bypassed: Over half (55%) of SMBs see users trying to bypass print rules or restrictions, while 60% worry existing document processes could lead to a data or privacy issue. A further 50% lack visibility into who prints what and where, while 45% are unsure if print security meets industry compliance standards.
  • Print security assumed: 66% of knowledge workers assume printers on the office network are secure, while 50% don’t think of printers as a security threat. However, 37% do worry about printing confidential information and the wrong person finding it.

Despite low prioritization, 69% of SMBs acknowledge print security needs improvement, and 65% frequently worry about the security risks outdated systems pose. Their top five printer security concerns include:

  1. Cybersecurity risks linked to connected printers
  2. Confidential documents being left at the printer
  3. Cloud vulnerabilities related to scanned documents
  4. Unauthorized access to print files or queues
  5. Misprinting, misfiling, or mishandling materials

The data also suggests these risks are addressable when organizations put the right controls in place. Of SMBs that have adopted smart printing technology, 88% say that smart printing has made their organization more secure. Respondents cite three key reasons: providing clearer visibility into printing and scanning activity across users and locations (89%), meeting compliance and security standards (86%), and enforcing smart rules and restrictions more effectively (85%).

Please visit this blog to learn more about the security findings: https://www.hp.com/us-en/newsroom/blogs/2026/security-threat-small-business-at-risk

Leave a comment »

Russia-linked hackers breach Signal and WhatsApp accounts

Posted in Commentary with tags on March 11, 2026 by itnerd

Reuters is reporting that Russia-linked hackers have breached the messaging accounts of officials, journalists, and activists using apps including Signal and WhatsApp, according to a warning issued by the Dutch government. Something that I have covered here in the past.

Authorities say the campaign involved targeted account takeovers that allowed attackers to access private communications and potentially monitor sensitive conversations. The activity highlights how threat actors can gain access to messaging platforms without breaking encryption by compromising accounts or exploiting weaknesses in how applications and devices are trusted.

Mark Mazur, Field CTO, Approov Mobile Security had this to say:

“Account takeover attacks often exploit applications’ failure, particularly messaging applications, to accurately assess the risk of tampered mobile applications and devices.

“Security teams need to treat mobile applications and the devices they run on as potential sources of threats. Cloning and modifying an app downloaded from an app store, on a rooted or jailbroken device is an increasing risk due to AI-powered reverse engineering. RASP, Attestation and cryptographically signed API messages should be used in mobile applications to minimize these risks.”

Having strict policies on the use of personal for business use, as well as using MDM products to manage apps on devices and detect jailbroken devices are some ways to keep users safe. Organizations should look at options like those to mitigate the potential threat that this scenario poses.

1 Comment »

Maria Xenos: Powering Ford of Canada’s Next Chapter in Automotive Innovation

Posted in Commentary with tags on March 10, 2026 by itnerd

For more than a century, the automotive industry has been defined by engineering breakthroughs and innovation, yet the contributions of women shaping those transformations have often gone underrecognized. Today, as vehicles become more advanced and digitally integrated, women are increasingly driving the strategic, technological and customer-facing decisions shaping the industry’s future.

This International Women’s Day, as conversations focus on representation and leadership across sectors, Ford of Canada is proud to spotlight Maria Xenos, Connected Services Marketing Manager, whose work sits at the centre of that transformation.

Maria didn’t always know that she wanted to work in automotive, but she was drawn to opportunities that offered continuous learning opportunities and dynamic environments. After graduating from Concordia, she joined Ford in 2015 and quickly embraced its culture of mobility and growth, moving across product and retail marketing roles.

Having grown up in the restaurant business (another historically male-dominated environment), Maria understands the subtle dynamics women often navigate in these industries. She notes that when people learn she works in automotive, the instinct can be to speak to her “like one of the guys,” as though expertise requires shedding a feminine perspective — something her leadership firmly disproves.

Today, she leads connected services for Canada, overseeing go-to-market strategy and dealer training for technologies including BlueCruise hands-free highway driving, as well as Ford’s Connectivity and Security Packages. At a time when vehicles are increasingly software-driven, Maria’s role bridges advanced technology with the everyday ownership experience. As a busy mom, her work ensures that Canadians like her feel supported, confident and seamlessly connected through their vehicles, long after they leave the dealership.

“International Women’s Day is an important reminder of how far we’ve come, but also of how important visibility and representation still are for women in STEM. In my role as Connected Services Marketing Manager at Ford of Canada, I help bring advanced technologies like connected services and in-vehicle experiences to Canadians in ways that enhance their everyday lives – whether that’s features like in-vehicle Wi-Fi that can power multiple devices or ‘gaming on the go’ through Ford’s Arcade Sports Collection to help make long family road trips more enjoyable.

As a woman and now as a mom, I also make a point to advocate for those who may not always have a voice in the room and to represent the perspectives of younger women in the organization who are still building confidence in their careers. I was fortunate to have strong female role models when I started my career, and I hope to help create the same sense of possibility for the next generation of women entering the industry.”

Leave a comment »

« Older Entries
Newer Entries »