Author Archive

« Older Entries
Newer Entries »

Hackers Target Microsoft Entra Accounts in Device Code Vishing

Posted in Commentary with tags on February 19, 2026 by itnerd

It is being reported hackers are targeting technology, manufacturing, and financial organizations in campaigns that leverage device code phishing with voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts.

Unlike previous attacks that utilized malicious OAuth applications to compromise accounts, these campaigns instead leverage legitimate Microsoft OAuth client IDs and the device authorization flow to trick victims into authenticating.

This provides attackers with valid authentication tokens that can be used to access the victim’s account without relying on regular phishing sites that steal passwords or intercept multi-factor authentication codes.

Ensar Seker, CISO at SOCRadar, commented:

“This campaign is significant because it doesn’t break authentication, it abuses it. The OAuth 2.0 Device Authorization flow was designed for usability across limited-input devices, but attackers are now socially engineering users into completing legitimate device login prompts under the guise of IT support or security validation. By leveraging real Microsoft OAuth client IDs instead of malicious apps, adversaries avoid many traditional detection controls. The result is a valid authentication token issued by Microsoft itself, which means no password theft, no MFA bypass exploit, just human manipulation.

“What makes this especially dangerous for enterprises is that many security programs still focus heavily on credential phishing indicators, fake domains, cloned login pages and MFA fatigue. Device code phishing shifts the battlefield into token abuse and session hijacking. Once the attacker has a valid access token tied to Entra ID, they can move laterally into M365, SharePoint, Teams, and potentially pivot toward financial fraud or data exfiltration without triggering obvious alerts.

‘If ShinyHunters is indeed involved, it signals continued evolution from traditional data-theft extortion toward identity-centric compromise models. Identity is the new perimeter, and OAuth abuse is becoming a preferred entry point because it blends into normal authentication telemetry.

“From a defensive standpoint, organizations need to restrict or monitor the Device Authorization flow where not required, enforce Conditional Access policies that bind tokens to compliant devices, reduce token lifetimes, enable sign-in risk policies, and implement stronger session monitoring. Security teams should also train employees that legitimate IT will never ask them to manually enter device codes shared over the phone.

“This is not a vulnerability in Microsoft Entra, it’s a design feature being exploited through social engineering. The real lesson is that modern attacks increasingly weaponize legitimate cloud workflows rather than exploit technical flaws.”

This is a very good time to start looking at your Microsoft Entra setup to make sure that you are not vulnerable. Because now that this is being used by one group of threat actors, it will be used by others soon enough.

Leave a comment »

Liquibase Secure 5.1 Extends Modeled Change Control to Snowflake

Posted in Commentary with tags on February 19, 2026 by itnerd

Liquibase, the leader in Database Change Governance, today announced the release of Liquibase Secure 5.1, extending modeled Change Control to Snowflake. With 5.1, enterprises can govern Snowflake control plane changes with the same rigor and automation they already apply to schema evolution, closing a critical gap in data platform security, compliance, and AI readiness. Liquibase Secure 5.1 also expands database platform coverage, including new support for additional cloud and enterprise data stores.

Snowflake has become mission-critical infrastructure for analytics, data products, and AI initiatives. As organizations scale DataOps and internal developer platforms, Snowflake changes are no longer isolated technical updates. They are platform-level changes that impact trust, availability, and every downstream consumer. Yet many of the most consequential changes still happen outside standardized governance, often delivered as scripts with limited visibility, weak enforcement, and evidence that is difficult to assemble when it matters most.

Modeled Change Control for Snowflake

Liquibase Secure 5.1 treats key Snowflake control plane changes as first-class, modeled change types, rather than opaque scripts. That modeling enables precise policy enforcement, object-aware drift detection, and audit-ready evidence at the level where access, movement, and execution are defined.

With Liquibase Secure 5.1, data platform teams can govern Snowflake changes across access and security configuration, data sharing and movement, platform and cost controls, and automated execution, using standardized workflows across environments and teams.

Key outcomes include:

  • Stop risky Snowflake control plane changes before they reach production
  • Standardize how Snowflake changes are delivered across environments and teams
  • Automatically generate audit-ready evidence for every change
  • Detect drift and out-of-band updates to governed Snowflake objects
  • Recover faster with traceable, reversible changes and tested rollback procedures

This closes a long-standing gap for organizations that govern schema evolution, yet still struggle with over-permission creep, ungoverned data movement, and control plane drift that can undermine security posture and AI initiatives.

Built for DataOps, data products, and AI readiness

As Snowflake increasingly powers feature engineering, model training, and AI-driven decisioning, the blast radius of ungoverned change grows. A single access change can expose sensitive training data. An unreviewed sharing update can expand compliance scope. An execution change can silently alter business-critical logic. Liquibase Secure 5.1 helps data platform teams keep Snowflake predictable, auditable, and reliable as usage scales, without turning governance into a bottleneck.

Expanding database support across Liquibase’s industry-leading coverage

Liquibase Secure continues to deliver broad database coverage across 60+ platforms, from mainframe DB2 to cloud-native data stores. Liquibase Secure 5.1 expands support for Snowflake, Databricks, and MongoDB, and adds new platform support for Couchbase, AWS Keyspaces, DataStax Enterprise, and AlloyDB for Google Cloud. This breadth helps enterprises standardize change governance across heterogeneous environments using a single platform instead of stitching together siloed tools and processes. Teams can apply consistent workflows and generate unified, audit-ready evidence across their database estate, reducing operational overhead while preserving the flexibility to adopt new technologies without rebuilding governance each time.

Enterprise partnership, not just tooling

Liquibase brings more than a decade of frontline experience helping enterprises govern database change at scale. In addition to the platform, Liquibase provides hands-on professional services, a dedicated customer success organization, and ongoing advisory support to help teams operationalize Change Control across their delivery model.

Availability

Liquibase Secure 5.1 is available now. To learn more about Change Control for Snowflake and Database Change Governance, visit liquibase.com.

Leave a comment »

Compliance Scorecard Launches v10

Posted in Commentary with tags on February 19, 2026 by itnerd

As cyber insurers and regulators begin scrutinizing how AI is used in compliance workflows, Compliance Scorecard has launched v10 – a governed AI system designed to produce audit-ready compliance rather than conversational guesses.

The milestone 10th release introduces what the company calls a “GRC Context Engine” – AI that is visible, editable, and defensible. Unlike black-box AI tools that hide their reasoning, v10 exposes the governance layer to MSPs: every prompt can be viewed and modified, context is explicitly configured rather than inferred, and all changes are version-controlled.

v10 treats AI as a governed system of context and controls, not a conversational interface.

Why This Matters Now

Regulators, cyber insurers, and customers are changing the questions they ask. It is no longer sufficient to show a policy exists – organizations must demonstrate their people understood it. It is no longer enough to run an assessment – auditors want to know how conclusions were reached and why they should be trusted.

For MSPs adding AI to their compliance workflows, this creates a new category of liability: if you cannot explain what the AI did and why you trusted its output, you are taking on risk you cannot quantify or defend.

Built on Defensible Data

v10 builds AI capabilities on structured compliance data maintained in the Compliance Scorecard Vendor Tool, a free, publicly accessible database refined over several years with MSP community input. The dataset includes 1,200+ security tools from 866+ vendors, mapped to 101+ compliance frameworks with over 200,000 normalized control mappings – maintained to exclude marketing claims and keep compliance data accurate.

Governed by Design

v10 includes 30+ purpose-built AI prompts across 12 workflow categories – policy, assessment, analysis, recommendations, risk, reports, and evidence – each fully editable with version control. The platform supports multiple AI providers including OpenAI, Microsoft Azure OpenAI, Anthropic (Claude), and Google Gemini, with Bring Your Own Key functionality that keeps API credentials encrypted using AES-256.

From Acknowledgment to Informed Behavior

v10 reframes policy management around comprehension. The platform generates assessment questions from policy content, translates technical language into plain-language explanations at configurable reading levels, and documents that employees understood the policy before signing off – not just that they clicked “I agree.”

The ultimate objective is not policy acknowledgment, but informed behavior.

Availability

v10 is available immediately to all Compliance Scorecard customers. New customers can request a demo at compliancescorecard.com. All AI-powered features, including BYOK support, are included at no additional cost.

Leave a comment »

Abstract Launches AI-Gen Composable SIEM, Redefining the Future of Security Operations

Posted in Commentary on February 19, 2026 by itnerd

Abstract Security, the leader in streaming-first security data operations, today announced the launch of AI-Gen Composable SIEM, a new architectural standard for modern security operations built natively for AI, streaming data, and modular control. 

The launch follows a breakout 2025 for Abstract, including:

  • 380% year-over-year ARR growth
  • 280% increase in new customers
  • 240% net revenue retention
  • 40 strategic hires to support enterprise expansion

As security data volumes grow 25-30% annually as AI exhaust and multi-cloud complexity accelerate, traditional SIEM platforms have struggled to keep pace. AI-Gen Composable SIEM represents a fundamental shift away from monolithic architectures toward a modular, streaming-first model where ingestion, pipelines, storage, detection, AI triage, and response operate as composable building blocks.

What AI-Gen Composable SIEM Means

AI-Gen Composable SIEM introduces a system-of-systems architecture that enables organizations to:

  • Decouple data sources and destinations to eliminate vendor lock-in
  • Run detections in-stream for near real-time threat response
  • Tier and route data intelligently to reduce storage costs
  • Embed AI across workflows for triage, investigation, and response
  • Scale elastically across multi-cloud and hybrid environments

Unlike legacy platforms that centralize all functionality into a single stack, AI-Gen Composable SIEM allows enterprises to choose their architecture, deployment model, and analytics engines without sacrificing performance or control. 

From Signal to Scale

Abstract enters 2026 under the theme Signal to Scale, reflecting the company’s focus on expanding adoption of the AI-Gen model across enterprise and regulated markets.

Security leaders are increasingly prioritizing data strategy as the foundation of effective AI-driven security operations. By shifting analytics left into the data stream and embedding AI natively into detection and response workflows, Abstract customers report:

  • 65–75% reduction in SIEM-related costs
  • Faster mean time to detect (MTTD)
  • Faster mean time to respond (MTTR)

Founded in 2023, Abstract has raised $28.5 million across seed and Series A funding and continues to expand its enterprise footprint across Fortune 1000 and global organizations. Abstract prides itself with providing easy-to-use solutions, but also providing first class customer service for all customers and partners.

Abstract will be at RSAC in March and the team is available for product demonstrations and conversations. To schedule a meeting at RSA, visit this link.

Additional Information

Leave a comment »

Sumo Logic Expands EMEA Footprint with AWS European Sovereign Cloud and Swiss Data Center

Posted in Commentary with tags on February 18, 2026 by itnerd

Sumo Logic today announced it will expand regional availability of its AI-powered cloud security solutions to the AWS European Sovereign Cloud and AWS Swiss Data Center deployments. The new offerings will support European organizations with their data privacy, sovereignty, data residency and security needs as they support and expand their digital and AI strategies.

Analyst firm IDC predicts that 63% of organizations are now more likely to adopt sovereign cloud services in response to recent geopolitical events, and that spending on sovereign cloud services will reach more than $400 billion by 2029.

Further, according to new research from Sumo Logic with UserEvidence, 96% of security leaders say they’ve adopted AI to some extent. But those uses are still relatively nascent as products are still evolving, with only 9% using AI for incident triage and only 20% for automated incident response. This expands on the IDC analysis, which predicts that by 2028, 60% of multinational firms will split AI stacks across sovereign zones, tripling integration costs as regulatory fragmentation and supply chain risks slow strategic scaling.

Providing cloud security for AWS European Sovereign Cloud deployments

Sumo Logic will deliver its AI-powered Intelligent Security Operations Platform as part of the AWS European Sovereign Cloud, helping European companies and government entities implement cloud services while meeting strict rules on data residency and privacy. Companies will be able to run their infrastructure as part of an independent sovereign cloud and use Sumo Logic to log, track and secure those deployments over time.

Expanding cloud security and log analytics to AWS Swiss Data Center implementations

Sumo Logic will also deploy its platform in Switzerland to support enterprises that need faster in-country data residency to meet the Swiss Federal Act on Data Protection (FADP), as well as General Data Protection Regulation (GDPR) requirements. This move will expand Sumo Logic’s global footprint to the AWS Swiss Data Center, delivering the company’s agentic AI-powered log analytics platform and advanced SIEM to enterprises that require in-country data residency for regulatory compliance.

The new region supports enterprises operating in or serving Switzerland by offering localized processing over data sovereignty, which is especially relevant for organizations in highly regulated industries such as finance and the public sector.  The new data center will also provide a faster, low-latency environment for organizations in the country to take advantage of.

Resources:

Leave a comment »

Cyber Attack Against Cheyenne and Arapaho Tribes Claimed by Rhysida

Posted in Commentary with tags on February 18, 2026 by itnerd

Comparitech is reporting that the ransomware gang Rhysida yesterday took credit for a December 2025 cyber attack against the Cheyenne and Arapaho Tribes’ IT systems. 

Commenting on this is Rebecca Moody, Head of Data Research at Comparitech: 

“At the moment, it’s unclear what, if any, data Rhysida has actually stolen. According to the initial statement from the Cheyenne and Arapaho Tribes, no data was impacted in the recent cyber attack. However, we sometimes see these statements being updated following further investigations. Alternatively, Rhysida could have been successful in encrypting systems but not in stealing data, and has decided to try its luck at securing a ransom demand by alleging a breach anyway. 

Whatever the case, it’s important that the Cheyenne and Arapaho Tribes promptly address these latest claims and confirm whether or not Rhysida’s allegations are true. If data has been impacted, it’s crucial employees and citizens are able to take all of the necessary steps to safeguard their data as soon as possible. As a precaution, I’d recommend that they’re on high alert for any phishing messages and monitor accounts for any suspicious activity, just in case.”

Rhysida is another one of those threat actors who are claiming victims on a frequent basis. Your goal is to not be one of those victims. So consider securing your organization from threat actors like Rhysida a priority.

Leave a comment »

Samsung Teases Next Galaxy S Series with AI Focus Via A BTS Giveaway

Posted in Commentary with tags on February 18, 2026 by itnerd

As Samsung Electronics prepares to unveil the next evolution of the Galaxy AI phone, on February 25, fans who register and complete a short survey by February 24 at 11:59 p.m. ET will have the chance to win two tickets to one of the Toronto BTS concerts in August 2026. Registered participants will also receive an exclusive $50 e-voucher toward their next eligible Galaxy device.

Galaxy Unpacked 2026 will introduce a new era of Galaxy AI, a mobile experience designed to remove friction from everyday tasks and deliver intelligence that feels personal, adaptive and seamlessly integrated from the moment your device is in your hand.

As AI becomes central to how people work, create and connect, Samsung’s latest Galaxy AI phone is built to simplify daily interactions, anticipate needs in real time and bring users closer to the moments that matter most.

The BTS ticket opportunity reflects Samsung Canada’s commitment to creating meaningful experiences that go beyond technology, connecting fans to the music, culture and communities they love.

Galaxy Unpacked will stream live globally on February 25, 2026 via Samsung.com, Samsung Newsroom and Samsung’s YouTube channel.

Consumers can register now at https://www.samsung.com/ca/unpacked/ to receive exclusive updates and pre-event benefits, as well as the chance to win BTS concert tickets and a $50 e-voucher, before registration closes on February 24 at 11:59 p.m. ET.

Leave a comment »

The Top 3 Threat Actors Targeting the Insurance Industry 

Posted in Commentary with tags on February 18, 2026 by itnerd

Threat actors target the insurance industry for a simple reason: insurers sit on concentrated volumes of sensitive personal data, financial records, and in many cases health information, all of which are highly valuable for resale on dark markets. 

According to recent analysis by Outpost24 research and threat intel, there are three threat actors in particular which have been attacking the insurance industry most often. 

According to the findings, the actors include Scattered Lapsus$ Hunters (who recently conducted a large-scale campaign targeting Salesforce environments), Cl0p (recently attacked the Oracle E-Business Suite), and NoName057(16) (a pro-Russian hacktivist group which frequently conducts DDoS attacks). 

For full details, the analysis can be found here: https://outpost24.com/blog/top-3-threat-actors-targeting-insurance-industry/

Leave a comment »

Ericsson and Mastercard enhance global digital money movement and accelerate digital financial inclusion

Posted in Commentary with tags on February 18, 2026 by itnerd

Ericsson and Mastercard today announce a collaboration to reshape how money moves across the world. By integrating the Ericsson Fintech Platform (Mobile Financial Services) with Mastercard Move – Mastercard’s portfolio of money movement solutions – the collaboration will empower telecom service providers, banks, and fintechs to expand digital wallet capabilities, launch new payment services, and reach unbanked or underbanked communities.

Ericsson’s pre-integrated application programming interfaces (APIs), cloud-native deployment and compliance-ready infrastructure simplifies fintech connectivity to Mastercard Move.

These capabilities reduce technology complexity, lower operational barriers (by simplifying integration, deployment and compliance) and accelerate time to market for new payment services – all aimed at catalyzing innovation and growth in the sector.

The Ericsson-Mastercard collaboration transforms how financial services are built, delivered and scaled. It creates new revenue streams and strengthens digital ecosystems across emerging and developed markets.

Financial inclusion and accessibility are key focuses of the collaboration. Mastercard Move enables money movement across 200 countries and territories, connecting more than ten billion endpoints, and supporting transactions in 150 currencies.

Ericsson’s fintech platform operates in 22 countries, serving more than 120 million active users and processing more than four billion transactions every month across digital wallets, payments, remittances, lending, and loyalty services – all backed by enterprise-grade security.

Mastercard Move‘s integration into Ericsson’s Fintech Platform aims to accelerate the adoption of digital payments and expand participation in the digital economy. The global rollout will begin in the Middle East and Africa, where demand for mobile money, remittances and interoperable payment services is particularly strong.

Related link: Ericsson Mobile Financial Services

Leave a comment »

Safe Software Launches FME Flow Availability in AWS Marketplace

Posted in Commentary with tags on February 18, 2026 by itnerd

Today, Safe Software announced that FME Flow is now available in AWS Marketplace, which helps organizations easily discover, try, test, buy, deploy and manage thousands of software solutions, including pre-built AI agents and ready-to-integrate tools, all in one convenient destination. Amazon Web Services (AWS) customers can now purchase FME Flow directly within AWS Marketplace, simplifying billing and procurement and providing faster access to Safe Software’s enterprise-grade data automation capabilities.

Safe Software’s FME connects all data across data velocities, locations, and types. FME Flow delivers many data workflow services to enterprise users. Availability in AWS Marketplace allows organizations to streamline the purchase and management of FME Flow directly within their AWS Marketplace account.

Leveraging FME Flow, users can operationalize, automate, and scale data workflows and deploy them as scheduled or create event-driven automations, real-time data streams, or shareable no-code web applications. Through AWS Marketplace, it is now easier than ever to launch FME Flow into existing AWS environments. Within AWS environments, FME Flow connects natively to AWS services such as Amazon Redshift, Amazon Simple Storage Service (S3), Amazon Relational Database Service (RDS), Amazon Aurora, and Amazon Athena, enabling direct data access and orchestration across AWS services.

As an AWS Partner Network (APN) member, Safe Software joins a global network of 100,000 Partners from more than 150 countries working with AWS to provide innovative solutions, solve technical challenges, win deals, and deliver value to mutual customers.

For more information, please visit: https://fme.safe.com/platform/aws-marketplace/.

Leave a comment »

« Older Entries
Newer Entries »