TELUS Reaches Historic Planting of 25 Million Tree Milestone During National Forest Week

Posted in Commentary with tags on September 23, 2025 by itnerd

In celebration of National Forest Week, TELUS has achieved a landmark environmental milestone by planting its 25 millionth tree. When fully mature, these 25 million trees will absorb 7.5 million metric tons of CO2, equivalent to removing 1.8 million cars from roads while creating vital wildlife habitats across an area 50 times larger than New York’s Central Park. For over 25 years, TELUS has been a global leader in sustainability, investing in innovative technology and sustainable business practices. This achievement exemplifies TELUS’ commitment to meaningful environmental action.

Leading Through Science-Based Climate Action

As a globally recognized sustainability leader, TELUS has established ambitious science-based targets aligned with the Paris Climate Agreement, including:

  • 100 per cent renewable or low emitting electricity by the end of 2025
  • 46 per cent reduction in Scope 1 and 2 emissions by 2030
  • Operational carbon neutrality by 2030

Beyond tree planting, TELUS has demonstrated comprehensive environmental stewardship by diverting 15 million devices from landfills since 2005, investing nearly $52.4 million through the TELUS Pollinator Fund for Good since 2020, and accelerated reforestation efforts with over eight million trees planted across Canada in 2024 alone, restoring more than 5,300 hectares of natural habitats.

Comprehensive Nature-Based Solutions

Central to these achievements is TELUS Environmental Solutions, which offers comprehensive nature-based climate solutions including strategic tree planting, innovative kelp afforestation, and critical mangrove restoration projects. These initiatives contribute to enhanced biodiversity, accelerated carbon sequestration, and ecosystem restoration while empowering customers and partners to take meaningful steps towards a healthier planet.

To learn more about TELUS’ commitment to a more sustainable future, visit telus.com/sustainability.

Leave a comment »

Auto Insurance Platform Exposed Over 5 Million Records

Posted in Commentary with tags on September 23, 2025 by itnerd

Recently, cybersecurity researcher Jeremiah Fowler discovered and reported to Website Planet an unprotected database belonging to a US-based auto insurance platform.

What happened:

The exposed database contained over 5 million records totaling 10.7 TB and exposed PII contained in power of attorney documents, registration documents, repair estimates, invoices, vehicle registrations, insurance policy or claims information, images of damaged vehicles identifying license plates, VIN numbers, and more.

Why it matters:

This discovery highlights serious privacy concerns and exposes customers to the risk of spear-phishing and social engineering attempts to gain additional information that could potentially be used for identity theft, impersonating individuals, or other financial crimes and potential for insurance or automotive ID fraud.

You can read the full report here: https://www.websiteplanet.com/news/claimpix-breach-report/

Leave a comment »

Outpost24 Introduces New Pen Test Reports and Packages for Mobile Apps and APIs

Posted in Commentary with tags on September 23, 2025 by itnerd

Outpost24, a leading provider of exposure management solutions, today announced the launch of new pen test reporting, giving customers a consolidated view of all penetration testing results within a single platform. This eliminates the need to manage multiple reports from different sources, saving time and improving operational efficiency. Security teams can now view, schedule, and download reports directly, with actionable insights from certified pen testers.

According to Gartner, enterprises often take up to three months to identify and address vulnerabilities. The rise of GenAI apps has added complexity, making it harder for security teams to prioritize testing and act quickly on findings. Outpost24’s new reporting capability addresses these challenges by streamlining how organizations run engagements and access results, reducing time to remediation and ensuring direct access to its expert pen testing team.

In addition, Outpost24 is expanding its pen testing services with new packaged pen tests for mobile and API endpoints. These packages enable security teams to proactively identify and manage vulnerabilities in mobile apps and APIs in a cost-effective manner. By leveraging these new packages, organizations can strengthen their security posture and boost return on investment.

Outpost24’s latest release brings significant enhancements to your pen testing experience, including:

  • Comprehensive reporting: View all pen testing results in one platform to accelerate turnaround times, and drive results from every engagement
  • Enhanced visibility and verification: In-depth analysis on discovered vulnerabilities from expert pen testers, providing enhanced visibility and fix verification
  • Flexible reporting: Easily export and schedule reports in multiple formats and frequencies, with optional compression and password protection
  • Simplified planning: Greater transparency of pen testing costs and timelines to enable effective planning throughout your subscription
  • Comprehensive security: Detailed analysis for API endpoints and mobile apps, ensuring thorough testing throughout the SDLC

These new reporting enhancements and packages work together to provide more streamlined, efficient, and effective pen testing experience.

To learn more about Outpost24’s pen testing services click here or contact the Outpost24 team today.

Leave a comment »

OVHcloud, the first global player to improve website access security with a quantum computer

Posted in Commentary with tags on September 23, 2025 by itnerd

 OVHcloud, a global cloud player and the European cloud leader, has announced that it is increasing the security of its hosted websites using quantum computing. The Group has redesigned the process of generating SSL certificates (a file used for encryption and server authentication) for its clients, using the unique properties of quantum computers to generate unpredictable random numbers.

OVHcloud, a member of the Internet Security Research Group, has long supported efforts to help developers make the web safer. As a result, hosted websites will automatically receive SSL certificates from Let’s Encrypt. These certificates now offer enhanced protection thanks to the use of quantum-generated random numbers (quantum entropy). This technology strengthens the reliability of encryption keys and ensures the confidentiality of exchanges.

Traditionally, the generation of random numbers in electronic circuits can, over time, exhibit bias and predictability, which could weaken computer security due to various factors. Quantum physics, on the other hand, can generate truly unpredictable random numbers, thanks to photon entanglement. This Quantum Random Number Generation (QRNG) technology was developed using Quandela’s quantum computer, which OVHcloud acquired. OVHcloud’s patented innovation, known as the ‘certifiable hazard’, exemplifies the Group’s R&D efforts.

OVHcloud is thus becoming the first cloud player in the world to use quantum computing in its SSL certificates to enhance the security of hosted websites. These new certificates are already being deployed and will be offered free of charge to all of the Group’s web clients. Compatible with the entire current web browser ecosystem, they help to strengthen the trusted cloud. In total, nearly five million websites hosted by OVHcloud will benefit from QRNG by the end of October 2025.

Leave a comment »

RapidFire AI Launches Breakthrough Open-Source Engine for LLM Fine‑Tuning and Post‑Training

Posted in Commentary with tags on September 23, 2025 by itnerd

 RapidFire AI today announced the open‑source release of its “rapid experimentation” engine designed to dramatically speed up and simplify one of the most critical, yet underserved, stages of AI development: customizing large language models (LLMs) through fine‑tuning and post‑training.

Released under the Apache 2.0 license, RapidFire AI lets you launch and compare many fine-tuning/post-training configs at once on a single GPU or across multiple GPUs spanning data, model/adapter choices, trainer hyperparameters, and reward functions. It does this by training on dataset chunks and efficiently swapping adapters or base models between chunks, while the scheduler automatically reallocates GPUs for high utilization. Live metrics stream to an MLflow dashboard from where you can stop, resume, and clone-modify configurations, enabling faster, cheaper exploration toward better eval metrics.

Built for Hyperparallel Exploration and Interactive Control

RapidFire AI enables users to launch as many training/tuning configurations as they want in parallel even on a single multi‑GPU machine, spanning variations of base model architectures, hyperparameters, adapter specifics, data preprocessing, and reward functions. Live metrics and Interactive Control (IC) Ops allow users to stop weak configurations early, clone high‑performers, and warm‑start new configurations in real time right from the dashboard, enabling more impactful results without needing more GPU resources. In the same wall‑time as a few sequential comparisons, teams can explore far more paths and reach better metrics, often realizing 20× higher experimentation throughput.

Key Capabilities

  • Hyperparallel configuration comparison on a single machine: compare even 20+ variants in parallel; expand or prune on the fly based on data- and use case-specific constraints.
  • Interactive Control (IC) Ops: Stop, Resume, Clone‑Modify, and warm‑start new configurations directly from the dashboard on the fly to double down on what works.
  • Chunk‑wise scheduling: Adaptive engine cycles configurations over chunks of the data to maximize GPU utilization, while ensuring sequential-equivalent metrics and minimizing runtime overheads.
  • Hugging Face‑native workflow: Works natively with PyTorch, Transformers, TRL; supports PEFT/LoRA and quantization.
  • Supported TRL workflows: SFT, DPO, and GRPO.
  • MLflow‑based dashboard: Unified tracking and visualization for all metrics, metadata management, and control panel for IC Ops—no extra MLOps wiring needed.

RapidFire AI’s technology is rooted in award-winning research by its Co-founder, Professor Arun Kumar, a faculty member in both the Department of Computer Science and Engineering and the Halicioglu Data Science Institute at the University of California, San Diego.

The company has raised $4 million in pre-seed funding from leading deep‑tech investors including .406 Ventures, AI Fund, Willowtree Investments, and Osage University Partners.

Availability

RapidFire AI’s open‑source package, documentation, and quickstart guides are available now: rapidfire.ai/docs

AI developers and researchers are invited to try out this package, share feedback, showcase their use cases, and contribute to extensions. For more information on the company visit www.rapidfire.ai.

Leave a comment »

Inc ransomware gang claimed cyber attack on PA Attorney General Office

Posted in Commentary with tags on September 22, 2025 by itnerd

Comparitech reported today that ransomware gang Inc over the weekend took credit for an August 2025 data breach at the Pennsylvania Attorney General’s office.

Rebecca Moody, Head of Data Research at Comparitech,commented:

“This attack on the Pennsylvania Office of Attorney General becomes the 58th confirmed attack on a US government organization this year so far. It’s also the 11th attack noted in August alone–the highest monthly figure on this sector we’ve seen throughout the year. From January to August 2025, confirmed attacks on US government agencies averaged at around seven per month. 

The attack also highlights why government agencies are a prime target for hackers. 1) because of the widespread disruption these attacks can cause and 2) because of the amount of data up for grabs. In this case, INC alleges to have stolen 5.7 TB, which is the highest amount of data a gang has allegedly stolen from a US government entity this year (on average, gangs have stolen 884 GB). 

Pennsylvania AG hasn’t yet said what data could be impacted in this breach, but it’s likely we’ll see a notification of some sort in the coming weeks/months. Lorain County Auditor’s Office has just issued a notification to 18,500 people following its attack in May 2025, making this the second-largest breach via ransomware on a US government organization this year so far.”

Ransomware gangs wouldn’t keep doing this if there was not a payday in one way (ransom) or another (selling the swiped data on the dark web). Thus proving that crime does pay. Which is very unfortunate.

Leave a comment »

Critical GoAnywhere MFT Vulnerability Could Lead to Command Injection Says SOCRadar

Posted in Commentary with tags on September 22, 2025 by itnerd

Today, SOCRadar researchers published an analysis looking at a recently revealed flaw in Fortra’s GoAnywhere MFT. 

This critical vulnerability in the platform’s License Servlet, tracked as CVE-2025-10035, could open the door to severe exploitation if left unpatched. With a maximum severity score, this issue demands immediate attention from administrators.

While at this time, there is no confirmed evidence of exploitation, history suggests that this risk is very real. GoAnywhere MFT was previously exploited through CVE-2023-0669; in these attacks, the Clop ransomware group claimed responsibility for breaching numerous organizations. That earlier flaw triggered a surge in ransomware incidents, making this newly disclosed CVE a prime candidate for future attacks.

The analysis reveals what exactly this CVE is, as well as its impact, and ideal mitigation steps for organizations at risk. 

For full details, the analysis can be found at this link: https://socradar.io/cve-2025-10035-goanywhere-mft-flaw-command-injection/

Leave a comment »

Heathrow And Other European Airports Pwned In Cyberattack

Posted in Commentary with tags on September 22, 2025 by itnerd

Over the weekend, Heathrow was among a number of airports hit by a cyber-attack. You can get details here:

https://www.msn.com/en-gb/travel/news/heathrow-and-major-european-airports-suffer-fourth-day-of-disruption-after-cyber-attack/ar-AA1N2MN7?ocid=BingNewsSerp

Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4 had this to say:

“More information has come to light: Dublin airports have also been affected, and a ransomware demand was made. This does not mean the motivation could not also have been sabotage, but one motivation is now clear: extortion.

We still need more information to actually understand the true impact and ramification of the attack.

The EU is still investigating the attack while the impact is widespread. We should not expect the EU to determine the source as early. That is because there is still a lack of clarity since authorities and corporations have confusing messaging. The NCSC is investigating a cyber incident. Collins Aerospace is talking about a cyber-related disruption. We require more transparency before we can make meaningful conclusions as to who is behind this and what their benefits are.

Organizations must ready themselves, as the incident highlights the urgency of protecting organizations and enforcing supply chain security. NIS2 and other regulations are more important than ever.”

Javvad Malik, Lead Security Awareness Advocate at KnowBe4 follows with this: 

“Air travel depends on shared systems, so a failure in a common check‑in platform quickly cascades into missed connections, accessibility shortfalls, and staff forced into manual workarounds. 

It’s why it’s important to build in graceful failure by assuming the primary system will go down and rehearsing manual operations, offline boarding, and accessible contingencies, with cross‑trained staff and basic tools ready. 

Reduce single points of failure by diversifying providers where feasible, segmenting tenants, and ring‑fencing critical functions so one vendor outage doesn’t halt everyone. Above all, communicate clearly and often, prioritize vulnerable passengers, and empower frontline teams to make humane decisions.”

This is brutal for travellers. And unless governments and airport authorities do everything possible to beef up their defences from this sort of thing, the possibility exists that this scenario will repeat itself.

Leave a comment »

Deal Alert: Samsung Galaxy Tab S11 Is Now On Sale

Posted in Commentary with tags on September 22, 2025 by itnerd

Here’s a limited-time deal during Amazon’s sale: the Samsung Galaxy Tab S11 is now $949.99 (down from $1,200 – $150 off)

Perfect for students, professionals, or creators, the Galaxy Tab S11 combines portability with performance. 

On Amazon

On Samsung website

Leave a comment »

Stellantis Has Been Hit By A Cyberattack

Posted in Commentary with tags on September 22, 2025 by itnerd

Car maker Stellantis has disclosed that a third-party provider supporting its North American customer service operations suffered unauthorized access. The incident exposed basic contact details but not financial or highly sensitive personal data. Stellantis has activated incident response, notified authorities, and is warning customers of phishing risks. 

You can read their press release here: https://media.stellantisnorthamerica.com/newsrelease.do?id=27079&mid=1

Javvad Malik, Lead CISO Advisor at KnowBe4, commented:

“The common thread in most of these recent attacks across various industries is the fact that supply chains are often compromised to gain access to systems. Criminals often target a smaller partner with weaker defenses with social engineering being a common tactic. This includes convincing emails, messages, or calls, which can be powered by AI and deepfake technology to trick people into sharing access or approving actions they shouldn’t. 

The approach to be taken is full human risk management which includes the use of technology and clear training, simple processes, and easy ways for people to ask for help so they can make safer choices in the moment. Incident response must cover more than the technical fix. It includes the need to communicate quickly and clearly with customers and stakeholders about what happened, what it means for them, and exactly what steps they should take.”

Anders Askasen, Director of Product, Radiant Logic follows with this:

     “Cyber incidents tied to third-party providers is unfortunately one of the blind spots that could cause CISOs to be sleepless at night and it also highlights the importance that identity security doesn’t stop at the enterprise perimeter. Attackers can weaponize leaked and compromised identity data for phishing and social engineering attacks that open the door to larger breaches. The automotive industry has a norm of a sprawling ecosystem of suppliers and contractors and not having the unified visibility and control creates systemic exposure.

Global initiatives such as the EU’s NIS2 Directive puts a sharp focus on third-party and supply chain risk, making continuous monitoring of identity security posture a compliance requirement. Meeting this standard demands a data-centric approach that unifies identity intelligence across suppliers and contractors, giving enterprises the observability to detect, contain, and minimize risk. Organizations that apply the same rigor to third-party identities as they do internal ones will be far better prepared to withstand inevitable attacks.”

This is the second carmaker to get pwned as Jaguar/Land Rover has been down for weeks due to a cyberattack. Proving that cyberattacks have far reaching and expensive consequences.

Leave a comment »

« Older Entries
Newer Entries »