Posted in Commentary with tags Hacked on August 8, 2025 by itnerd
Air France and KLM have disclosed that threat actors had breached a customer service platform and stolen the data of an undisclosed number of customers via a supply chain attack:
The companies, both owned by the same airline holding firm, sent out data breach notification letters to affected customers, and in a statement shared with Tweakers, KLM said the incident happened when threat actors broke into a third-party service provider.
“Unusual activity was detected on a third-party platform used by our contact centres, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident,” the company also told Cybernews.
Lidia Lopez, Strategic Research Team Lead at Outpost24, has provided the following commentary:
“The disclosure from Air France-KLM adds to a growing list of organizations affected by a highly targeted voice phishing (vishing) campaign exploiting Salesforce environments. First reported in March 2025 and escalating in June, these attacks have now impacted companies across Europe and the US, including Adidas, Allianz Life, Chanel, Pandora, LVMH subsidiaries, Qantas — and most recently, Google.”
“The threat group, uses a phone-based social engineering scheme impersonating IT help desks to trick employees into handing over credentials or installing malicious Salesforce tools. Victims are then extorted weeks or months later by the threat group, often self-identified as ShinyHunters, with threats of public data leaks unless a Bitcoin ransom is paid.”
“This campaign reflects a broader shift: as technical defenses improve, attackers are turning to more personal, psychological methods – a trend underscored by a 442% rise in vishing attacks in 2024 alone.”
“To reduce risk, organizations should enforce SSO, monitor login activity, restrict software installs on endpoints, and apply strict access controls. These simple steps can drastically reduce both the likelihood and impact of attacks.”
This again illustrates the fact that supply chain attacks are “the new hotness” for threat actors. Which means that you as an organization need to ensure that your partners are as secure as possible so that you don’t end up like these guys. Because getting pwned like this affects real people such as yours truly who flew to and from France in 2023. Which means that my personal info might be in the wild.
Posted in Commentary with tags Epson on August 8, 2025 by itnerd
As back-to-school season kicks off, busy parents and students are turning to reliable brands they trust to power them through, and well beyond, the year ahead. Epson has just introduced its latest EcoTank printer— a sleek, high-performance model that doubles as a smart home office investment and an essential tool for academic success.
The ET-4950 is the ideal all-in-one printer for busy households, perfectly suited for both students and parents. Whether you’re working from home during the day or your kids need to print homework at night, the ET-4950 delivers reliable, high-quality performance whenever you need it.
The ET-4950 offers a modern design that fits seamlessly into any space. It provides outstanding print quality and the convenience of printing thousands of pages, including colour1, without worrying about ink levels thanks to Epson’s high-capacity ink tanks and innovative cartridge-free printing. This new model also offers auto duplex printing, copying and scanning for advanced productivity, something any student or work-from-home warrior can appreciate.
The ET-4850 is a tried-and-true EcoTank printer perfect for post-secondary students. Print up to approximately 5,000 pages, eliminating the fear of running out of ink the night before a major assignment is due. This EcoTank printer is perfect for students on a budget as they can save up to 90 per cent with replacement ink bottles vs. ink cartridges 2. With premium productivity features like an Auto Document Feeder and a high-resolution flatbed scanner, this printer will benefit students long after graduation and into the workforce.
Epson has plenty of deals throughout the back-to-school season, so be sure to check Epson.ca for weekly specials and savings!
Instagram’s new Maps feature lets users share their real-time or recent location with selected followers, but it raises privacy and safety concerns. Since it’s release on August 6, social media has been buzzing with locations of high-profile people, including Shawn Mendes, who was spotted in Budapest.
Cybersecurity experts are concerned and urge to pay attention to the feature. For example, CEO of Saily, Vykintas Maknickas, comments:
“Personal safety is the number one priority. Real-time location sharing exposes your precise position down to streets and buildings. You’re losing your privacy — your residence, workplace, places you like to spend your free time become public. It can expose you to unwanted attention from stalkers, abusive exes, or others with bad intent. It’s especially dangerous for underage or high-profile users.”
“Bad actors can exploit the Maps feature to spy on others — it essentially gives a shortcut to one of the most valuable pieces of information: your location, and possibly your routine. A stalker could collect enough information to determine where you live, work or study, making “accidental” in-person meetings easy.”
“Because of these risks, it’s important to manage the feature carefully. You can turn off the Maps feature entirely or choose specific friends to share your location with — both essential steps for a less invasive experience.”
“Private accounts mean only approved followers see your updates. However, a stalker could be someone you already approved or hide behind an account pretending to be your friend. This “trusted circle” can create a false sense of security, encouraging you to share more. However, even if a handful of people can see your location, it only takes 1 screenshot for it to get public.”
“Location sharing could also be used to determine when you’re not home. For example, if your location shows that you’re on vacation, that means that no one’s home — your residence becomes a target.”
“Social engineering is also a risk. Having your current location can help bad actors to create believable scams. For example, they might send you fake messages from businesses you actually visited.”
“If you choose to post with a location tag, my biggest advice would be simple: Don’t post at the moment. Just wait until you’ve left the place, and then feel free to share your memories. Also, limit who can view your stories or posts, and don’t assume default settings have your back.”
“Review everything carefully before posting and watch your videos or photos with a critical eye — sometimes you could be surprised by what you might unintentionally reveal. And, of course, avoid tagging places you visit regularly, blur out any signs, street names, shop fronts, house numbers, or license plates that could give away your exact location.”
My advice would be to turn this feature off. Here’s instructions on how to do that. This is a potential risk to users, and risk should always be mitigated whenever possible.
Unmatched picture quality, a massive colour palette and immersive audio has arrived in Canada in the Hisense U88 series, a best-in-class Mini-LED that redefines what is possible in home entertainment.
Powered by the innovative Hi-View AI Engine Pro, the U88 automatically optimizes brightness, contrast and colour in real-time so every scene looks its best without the need for manual adjustments. AI-driven enhancements sharpen details, reduce noise and improve depth, ensuring lifelike clarity whether you’re watching movies, enjoying live sports or playing video games. With peak brightness levels up to 5,000 nits and expanded local dimming zones, the U88 Series delivers deeper blacks, stunning highlights and exceptional contrast in any lighting condition. Quantum Dot technology enhances colour accuracy, producing richer, more vibrant visuals for an ultra-immersive experience.
With screen sizes from 55 inches up to 100 inches, Wi-Fi 6E for ultra-fast streaming and an 82W Dolby Atmos 4.1.2 multi-channel sound system, the U88 Series delivers the ultimate home entertainment experience — without compromise. Its features include:
Mini-LED Pro — Smaller LEDs means more per panel, resulting in the delivery of superior brightness, richer colours and sharper details.
AI TV — The Hi-View AI Engine PRO processor enhances every frame with advanced scene recognition, optimizing skin tones, graphics and contrast for lifelike visuals. It also intelligently enhances sound for a truly immersive experience.
Billion+ Shades of Vivid Colour — Quantum Dot wide colour gamut reproduced more than one billion colour combinations to deliver true-to-life images.
Game Mode Ultra — With a winning combination of technology, 165Hz Game Mode Ultra is the one to beat. A variable refresh rate from 48Hz to 165Hz ensures that any console and PC gaming will meet any opponent head on. AMD FreeSync™ Premium Pro and Auto Low Latency Mode virtually eliminate screen tearing and controller input lag.
Built-In Cinema Sound — Award-winning Dolby Atmos audio enhancement reveals details you’ve never noticed before. Take movie nights and gaming sessions to the next level with a 4.1.2 channel system, featuring four side speakers, two upward-firing speakers and a built-in subwoofer.
Saviynt today announced the hiring of Kevin Spurway as Chief Marketing Officer. Spurway brings more than 20 years of senior-level marketing leadership in enterprise SaaS and software including as CMO for private, pre-IPO, and public U.S. companies. He joins Saviynt from Feedzai, an AI-native fraud and financial crime prevention platform.
Prior to Feedzai, Spurway was CMO at Similarweb, a SaaS market intelligence company that he joined pre-IPO and helped lead into the U.S. public markets in 2021. Before Similarweb, he spent six years as CMO of low-code application development and process automation company Appian, where he helped drive sustained high growth, and was instrumental in the company’s success as the top performing software IPO of 2017. He previously held senior marketing and corporate development positions at PTC and MicroStrategy. Spurway received his B.A. from Dartmouth College and a J.D. from Harvard Law School.
To learn more about Saviynt, please visit the website.
SecurityBridge today announced an upcoming webinar with Microsoft Sentinel for SAP titled “Reimagining SAP Security: AI-Driven Protection with Microsoft Sentinel for SAP & SecurityBridge,” to be held on Tuesday, August 12th from 8:00 am to 9:00 am EDT. This live event will showcase how Microsoft Sentinel and SecurityBridge are enabling seamless visibility, accelerated threat response, and smarter protection for complex SAP landscapes. Registration is now open at:https://bit.ly/45klD4P
As SAP security enters a new era, this collaboration delivers more than visibility—it redefines the security operations workflow by combining Microsoft Sentinel for SAP’s centralized enterprise monitoring with SecurityBridge’s SAP-native capabilities, such as real-time threat detection, vulnerability management, and Advanced Business Application Programming (ABAP) code scanning. Together, the integration enables Security Operations Center (SOC) analysts and SAP security teams to identify threats more quickly and respond more effectively.
Presenting how this powerful integration will simplify workflows will be Martin Pankraz, Product Manager, SAP Integration & Security, Microsoft, and Holger Hügel, Product Management Director, SecurityBridge. Together, they will conduct live demonstrations of:
Unified SAP and enterprise security monitoring.
AI-driven insights from Microsoft Security Copilot.
Streamlined SAP vulnerability detection and remediation.
A new option to learn the fundamentals of project management and enhance your employability profile is available from CompTIA, the leading global provider of vendor-neutral information technology (IT) training and certifications.
CompTIA Project Management Essentials is designed for anyone who wants to improve the outcomes of their work by applying basic project management processes, tools and best practices to everyday projects.
Employers and job seekers alike recognize the importance of project management skills. An April 2025 CompTIA report found that 88% of organizations surveyed planned to increase or maintain the level of their financial investment in project management training. Another report found that among individuals intent on expanding their workplace skills, 63% viewed project management skills as important to their career maintenance and advancement.
CompTIA Project Management Essentials includes a 6- to 8-hour learning experience of engaging multimedia instruction through video, text and interactive activities. The course utilizes CompTIA’s research-based Learning Progression Model to drive effective and efficient learning. Artificial intelligence-powered real-world scenarios immerse learners in project-based work so they can evaluate and hone their skills along the way.
Topics covered in the course include:
The fundamentals of the project life cycle and project management
Defining and initiating a project
Creating an effective project plan
Monitoring a project’s performance
Evaluating and closing a project
Instruction is followed by a 30-minute competency assessment. Learners receive a CompTIA Competency Certificate (CompCert) upon completion, validating their competency and actual skills in project management essentials, not just course completion.
Project Management Essentials joins CompTIA’s growing portfolio of offerings in the project management domain. For individuals working in the project management field looking to validate the skills necessary to perform the job role of project manager in IT projects, CompTIA offers its Project+ certification alongside a suite of learning options.
Tech industry benchmarks are interesting things. Some seem designed mostly for winners to brag to their industry buddies and the press. Like a drag race, where straight-line speed in the quarter mile is all that counts. Those are fun but not really useful, because nobody lives exactly ¼ mile from the grocery store down a straight, flat, empty road.
The benchmarks that are useful to AI and infrastructure architects are the ones that simulate real-world workloads. A little highway driving, some low speed around town stuff, trailer towing, etc. This is why we like the MLCommons® MLPerf Storage benchmark suite and are actively involved in efforts to expand and improve it. MLPerf Storage simulates a variety of realistic AI/ML workloads. The results provide relevant data points for organizations evaluating storage architectures for AI.
Let’s review the results, then I’ll explain how they were achieved and why they matter.
Results Summary
For this round, we ran the 3D U-Net benchmark with simulated H100 GPUs.
3D U-Net emulates a medical image segmentation workload. It’s the most bandwidth-intensive of the MLPerf Storage benchmarks, highlighting parallel I/O throughput as well as memory and CPU efficiency. Three configurations were tested, with one, three, and five Tier 0 nodes respectively. The table and graph below summarize the results.
Tier 0 Node Quantity
H100 GPUs Supported
Total Throughput
Mean GPU Utilization
Coefficient of Variation
1
28
85.6 GB/s
94.7%
0.14%
3
84
253.1 GB/s
95.0%
0.13%
5
140
420.8 GB/s
96.4%
0.08%
Notice that both the number of GPUs supported and throughput scale linearly as the number of Tier 0 nodes increases. This demonstrates the full capabilities of the best case where the primary dataset can reside 100% on the host. As the scale of the cluster grows, peak performance will be dependent on the configuration of the system and the percentage of locally-resident data, but aggregate performance will continue to scale. This is an area for further exploration by our performance test team.
Mean GPU utilization indicates the percentage of time the GPUs are being kept busy vs. waiting. To ‘pass’ the MLPerf Storage benchmark, all GPUs must be kept at 90% or higher utilization. Higher is better, since the goal is to minimize GPU idle time.
Coefficient of variation (CV) is a measure of the difference in the results between multiple runs of the same test. The MLPerf Storage benchmark requires that each test be run multiple times, and that the results fall within a small range. This ensures that results are truly reproducible. The very low CV shown by the Hammerspace results indicates that system performance was very stable and predictable.
Competitive Comparison – Simplicity and Efficiency Are Key
To ensure meaningful and fair comparisons, the following discussion includes only vendors who performed the 3D U-Net H100 test using on premises shared file configurations. This graph shows the best result submitted by each vendor in terms of the number of GPUs supported:
As you can see, Hammerspace Tier 0 delivered an excellent result, besting most of the household names on this test. But there is another way to look at this data that’s incredibly revealing and relevant – through the lens of efficiency.
Datacenters everywhere are short on power, cooling, and often rack space. AI, with its power-hungry GPU servers, has magnified the problem. Every Watt dedicated to storage infrastructure is one that’s not available for GPUs. In short, efficiency matters.
Actual power dissipation information is not available for the MLPerf Storage submissions, but we can use rack U as a proxy, assuming the more rack U a solution requires, the more power it will use.
When you look at the number of GPUs supported per additional rack U of storage infrastructure, Hammerspace Tier 0 stands head and shoulders above the rest, with a result 3.7x that of the next most efficient system.
In a real-world situation, GPU servers (represented here by benchmark clients) run AI workloads. “Additional rack U of storage infrastructure” refers to the additional space taken by the storage solution, over and above the compute servers/benchmark clients.
Because Tier 0 aggregates local NVMe storage across the GPU servers in a cluster, the only additional hardware needed for our benchmark run was a single 1U metadata server, known in Hammerspace as an Anvil. In production installations it’s typical to run two Anvils for high availability, but even then Hammerspace would be 85% more efficient than the next best entry.
Looking at max GB/s bandwidth reveals a similar story: Hammerspace Tier 0 is 3.7x as efficient as the next nearest entry.
Benchmark Configuration
Here’s a diagram of the test configuration:
Clients run the benchmark code. With Tier 0, they also house the NVMe drives – 10 ScaleFlux CSD5000 drives per client, in this case. The Anvil is responsible for metadata operations and cluster coordination tasks – no data flows through it. Clients mount the shared file system via parallel NFS (pNFS) v4.2, accessing the storage directly after receiving a layout from the Anvil.
The benchmark configuration is a bit artificial in its limited scope. Typically, Tier 0 is just one of many tiers of shared, persistent storage in a more comprehensive Hammerspace infrastructure that may include network-attached Tier 1 NVMe, object storage, and more across multiple sites and clouds.
Why Tier 0 Matters for Enterprise AI
As enterprises contemplate AI initiatives, initial costs loom large. Computing and storage resources must be acquired and large amounts of data from across the organization must be identified, cleaned, and organized. Anything that can make it simpler to get started is valuable. That’s why with MLPerf v2.0 Hammerspace focused on our Tier 0 implementation.
Hammerspace Tier 0 activates the NVMe storage already present across a cluster of GPU servers, bringing it into a shared, global namespace. Data placement and protection are automated using Hammerspace’s extensive data orchestration capabilities. Tier 0 even works in the cloud when it makes more sense to rent vs. buy.
For the critical initial phases of data wrangling, Hammerspace’s assimilation capability eliminates the need to copy huge amounts of data into a net new repository before refining it. Assimilation brings existing NAS volumes into Hammerspace by scanning their metadata. The data itself stays in place. Once the relevant data is identified and prepared, it can be dynamically orchestrated onto high-performance storage like Tier 0 for processing, with results ultimately archived to a lower-cost tier.
Benefits of Tier 0 for Enterprise AI
The benefits of Hammerspace Tier 0 for Enterprise AI include:
Simplicity:
Get started with the storage and network infrastructure that’s already in place
No agent software to install
No special networking, just Ethernet
Performance:
Tier 0 storage is up to 10x faster than networked storage
Tier 0 increases performance both on premises and in the cloud
Increased GPU utilization, faster checkpoints, reduced inferencing times
Efficiency:
Less external shared storage needed
Less power, rack space, and networking vs. external shared storage
Faster time to value – activate Tier 0 in hours, not days or weeks
Conclusion Hammerspace is proud of our involvement in MLCommons and the MLPerf Storage benchmark program, and we’re proud of our results. But we’re not standing still. We’ve already made additional improvements that deliver even better results – but that’s a topic for a future blog. Until then, you can learn more about Tier 0 and Hammerspace at Hammerspace.com.
Blog post announcement by: Dan Duperron Senior Technical Marketing Engineer
Dan Duperron is a Senior Technical Marketing Engineer at Hammerspace. After wasting his electrical engineering degree working in corporate IT, he fell down the data storage rabbit hole and has never been happier. He particularly enjoys getting other people excited about new and clever storage technology.
74% of Canadian professionals report feeling anxious upon returning to work after taking PTO, with 66% admitting implementing firefighting tactics to reduce the backlog of work they’ll return to.
The Month of July often sees a spike in employee PTO yet new findings from a survey by global talent solutions provider Robert Walters highlights how many Canadian professionals are having their periods of leave overshadowed due to experiencing ‘PTO anxiety’.
Firefighting inbox backlogs
The anxiety surrounding work emails is so widespread that many professionals’ resorts to “firefighting” tactics. In fact, 66% of Canadian professionals check their work emails during PTO to reduce the backlog they’ll face upon returning, while 28% do so to stay on top of urgent matters.
The anxious end to PTO
Findings from Robert Walters reveal that back-to-work anxiety significantly impacts professionals as they return to work, with only 22% of Canadian professionals feeling refreshed and ready to work after a long holiday.
From FOMO to FOFB
Enter FOFB, the fear of falling behind, a new phenomenon that seems to be rife in workplaces. Resoundingly, 46% of professionals across Canada say that it’s much easier to relax on PTO when their teams are also off.
A recent ADP Canada survey revealed that in 2024 only 31% of Canadian workers took all of their allotted vacation days—meaning nearly 69% missed out on some of their paid time off. With trends like “time-off tax” and pressure to avoid looking less committed than peers, many professionals delay or skip taking leave.
Collective leave as a solution?
Across Europe many countries such as Spain and France, businesses often close for part of July and August. Reasons for these ‘summer shutdowns’ include hot weather, scheduled maintenance, and accommodating staff leave.
53% of Canadian professionals noted that they’d be interested in testing out fixed periods of leave in their company.
A further half (20%) of Canadian professionals expressed concerns that adopting such shutdowns could limit their overall flexibility. 35% of Canada employers agreed, stating that implementing such periods would be too disruptive e.g. too costly or hampering productivity.
Here are some top tips on how leaders can help staff optimize their PTO:
Communicate, Don’t Compare: Advise teams to share holiday schedules to keep each other in-the-loop. Reinforcing that the amount of PTO taken doesn’t reflect an employee’s capability or commitment.
Flexible Leave Policies: Offer adaptable leave arrangements that accommodate individual needs. If a summer shutdown doesn’t suit some employees, consider allowing them to work remotely during that period.
Mandatory Handovers: Ensure all staff complete thorough handovers before taking leave to minimize the need for them to log in during their time off.
Support Out-of-Office Adherence: Once out-of-office messages are set, strengthen them by signposting appropriate secondary contacts for any urgent issues.
Encourage Pre-Leave To-Do Lists: Advise employees to create detailed to-do lists before their leave. This will help them prioritize tasks upon return, making it easier to manage their workload effectively.
Strengthen company-wide messaging around the right to disconnect – create a culture which supports employees’ right to switch off during holidays, this will help create a more refreshed, engaged returning workforce.
Businesses fail all the time, for all sorts of reasons. So, when a business like Knights of Old (trading as KNP Logistics Group) survives a century and a half, through enough recessions, wars, government changes, and technological advances to fill many history books, it would be fair to say it’s pretty resilient. Sadly, it would be something a lot more minor and simpler that would signal the end of KNP – a weak password.
In June 2025, the 158-year-old British transport firm, collapsed under the weight of a devastating ransomware attack that began with one guessed password. The breach not only encrypted every corner of the company’s digital estate but also obliterated its backups and disaster recovery systems, forcing KNP to enter administration and leaving some 700 employees without jobs.
In an analysis published this week, Specops Software experts dove into what exactly happened with the KNP attack, how the threat actor behind it, Akria, operates, how this all could have been avoided, and the wider ransomware landscape at hand.
Air France And KLM Pwned In Supply Chain Attack
Posted in Commentary with tags Hacked on August 8, 2025 by itnerdAir France and KLM have disclosed that threat actors had breached a customer service platform and stolen the data of an undisclosed number of customers via a supply chain attack:
The companies, both owned by the same airline holding firm, sent out data breach notification letters to affected customers, and in a statement shared with Tweakers, KLM said the incident happened when threat actors broke into a third-party service provider.
“Unusual activity was detected on a third-party platform used by our contact centres, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident,” the company also told Cybernews.
Lidia Lopez, Strategic Research Team Lead at Outpost24, has provided the following commentary:
“The disclosure from Air France-KLM adds to a growing list of organizations affected by a highly targeted voice phishing (vishing) campaign exploiting Salesforce environments. First reported in March 2025 and escalating in June, these attacks have now impacted companies across Europe and the US, including Adidas, Allianz Life, Chanel, Pandora, LVMH subsidiaries, Qantas — and most recently, Google.”
“The threat group, uses a phone-based social engineering scheme impersonating IT help desks to trick employees into handing over credentials or installing malicious Salesforce tools. Victims are then extorted weeks or months later by the threat group, often self-identified as ShinyHunters, with threats of public data leaks unless a Bitcoin ransom is paid.”
“This campaign reflects a broader shift: as technical defenses improve, attackers are turning to more personal, psychological methods – a trend underscored by a 442% rise in vishing attacks in 2024 alone.”
“To reduce risk, organizations should enforce SSO, monitor login activity, restrict software installs on endpoints, and apply strict access controls. These simple steps can drastically reduce both the likelihood and impact of attacks.”
This again illustrates the fact that supply chain attacks are “the new hotness” for threat actors. Which means that you as an organization need to ensure that your partners are as secure as possible so that you don’t end up like these guys. Because getting pwned like this affects real people such as yours truly who flew to and from France in 2023. Which means that my personal info might be in the wild.
Leave a comment »