BlueCat appoints Kevin Shone as Chief Financial Officer

Posted in Commentary with tags on September 24, 2025 by itnerd

BlueCat today announced the appointment of Kevin Shone as its new Chief Financial Officer (CFO). Shone, who joined the company in August, will lead BlueCat’s financial strategy and oversee the company’s accounting, financial planning and analysis, legal, treasury, and IT functions.

With over two decades of financial leadership, Shone has held CFO positions at both public and private high-growth technology companies. Most recently, he served as CFO of Definitive Healthcare, where he guided the company through its successful IPO. His prior CFO experience includes Data Intensity, NextG Networks, and Unica. He spent a decade in senior leadership roles at Cognos Corporation, which IBM acquired for $4.9 billion in 2008. Shone began his career in corporate and tax law at Deloitte Touche and Riemer & Braunstein.

Over the past three years, BlueCat has made three strategic acquisitions while more than doubling its revenue and customer base. The Men & Mice, Indeni, and LiveAction additions have strengthened BlueCat’s portfolio and enabled the company to offer a comprehensive suite of Intelligent NetOps solutions to its customers.

Leave a comment »

Flashpoint Posts A Backgrounder On Scattered Spider

Posted in Commentary with tags on September 24, 2025 by itnerd

Today I have a backgrounder on the threat actor known as Scattered Spider that’s been provided to me by Flashpoint. Backgrounders like this one take a lot of time and effort to research so shoutout to Flashpoint for providing me with this.

You can read the backgrounder here: https://flashpoint.io/blog/scattered-spider-threat-profile/?CRO1=control_%233007%2Cvariant_%231027

It goes into detail about the threat actor and their recent arrest which I will get to in a future post. But in the meantime, I would encourage to read this as it is well worth your attention.

Leave a comment »

Blog Post: How Flashpoint Is Reinventing Cyber Threat Investigations with AI

Posted in Commentary with tags on September 23, 2025 by itnerd

This afternoon, Flashpoint announced in a blog post the Flashpoint Investigation Management’s new AI-powered capabilities that allow customers to upload your own findings, choose what to summarize, use smart prompts, and chat with AI for follow-up analysis, all within a single investigation workspace. Flashpoint also provides a video walkthrough here.

AI is only as good as the data it’s built on. There’s no shortage of “AI assistants” in cybersecurity right now. But most rely on generic models, scraped content, or siloed data and fall short when applied to the nuanced world of threat intelligence.

The news highlights how Flashpoint Is reinventing cyber threat investigations with AI and goes into depth on the following topics:

  • Why Investigation Workflows Matter in Cyber Threat Intelligence
  • What Is an AI-Powered Threat Investigation Workspace?
  • How Analyst Teams Use Investigation’s Workspace
  • How Flashpoint’s AI is Different

You can read their blog post here.

Leave a comment »

Azure Entra flaw could enable user impersonation

Posted in Commentary with tags on September 23, 2025 by itnerd

Microsoft patched an Azure Entra elevation of privilege flaw (CVE-2025-55241) that appeared minor and required no customer action. But security researcher Dirk-jan Mollema revealed a deeper issue: undocumented “Actor tokens” combined with an Azure AD Graph API flaw could have enabled attackers to impersonate any user, including Global Admins, across any Entra ID tenant, with no logs or traces. While Microsoft moved quickly after responsible disclosure, the episode highlights the fragility of cloud identity security, the hidden risks in undocumented systems, and the need for proactive monitoring beyond vendor assurances. Details below:

One Token to rule them all – obtaining Global Admin in every Entra ID tenant via Actor tokens: https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

Anders Askasan, Director of Product, Radiant Logic had this to say:

     “This incident shows how undocumented identity features can quietly bypass Zero Trust. Actor tokens created a shadow backdoor with no policies, no logs, no visibility, undermining the very foundation of trust in the cloud. The takeaway is clear: vendor patching after the fact simply isn’t enough. To reduce systemic risk, enterprises need independent observability across their entire identity fabric, continuously correlating accounts, entitlements, and policies. Organizations need a trusted, vendor-agnostic view of their identity data and controls, so they can validate in real time and act before an adversarial incursion escalates into a breach that’s almost impossible to unwind.”

Christopher Elisan, Head of Offensive Security Research, Cobalt adds this:

      “This case underscores why blind trust in vendor assurances can be dangerous. While responsible disclosure and rapid patching worked here, the sheer scale of what could have gone wrong reminds us that security isn’t static. Organizations should invest in adversarial testing to uncover blind spots before attackers do. Blind spots often live in undocumented functionalities, which can only be found by continuous, independent testing and validation. Continuous, independent validation is the only way to cut through a false sense of safety.”

This shows the importance of having a strong, diversified defence strategy which reduces your exposure to something like this. That’s on top of patching all the things ASAP.

Leave a comment »

ESET Research: Russian FSB-linked Gamaredon and Turla team up to target high-profile Ukrainian entities

Posted in Commentary with tags on September 23, 2025 by itnerd

ESET Research has uncovered the first known cases of collaboration between Gamaredon and Turla. Both threat groups are associated with the main Russian intelligence agency, the FSB, and in tandem attacked high-profile targets in Ukraine. On the affected machines, Gamaredon deployed a wide range of tools, and on one of those machines, Turla was able to issue commands via Gamaredon implants.

Notably, in February 2025, ESET Research detected the execution of Turla’s Kazuar backdoor by Gamaredon’s PteroGraphin and PteroOdd on a machine in Ukraine. PteroGraphin was used to restart the Kazuar v3 backdoor, possibly after it crashed or was not launched automatically. Thus, PteroGraphin was probably used as a recovery method by Turla. This is the first time that anyone has been able to link these two groups together via technical indicators. In April and June 2025, ESET detected that Kazuar v2 was deployed using Gamaredon tools PteroOdd and PteroPaste.

Kazuar v3 is the latest branch of the Kazuar family, itself an advanced C# espionage implant that ESET believes is used exclusively by Turla; it was first seen in 2016. Other malware deployed by Gamaredon was PteroLNK, PteroStew, and PteroEffigy.

As already mentioned, both are part of the Russian FSB. According to Security Service of Ukraine, Gamaredon is thought to be operated by officers of Center 18 of the FSB (aka the Center for Information Security) in Crimea, which is part of the FSB’s counterintelligence service. As for Turla, the UK’s National Cyber Security Centre attributes the group to the Center 16 of the FSB, which is Russia’s main signals intelligence agency.

From an organizational perspective, it is worth noting that the two entities commonly associated with Turla and Gamaredon have a long history of reported collaboration, which can be traced back to the Cold War era. 2022’s full-scale invasion of Ukraine has probably reinforced this convergence, with ESET data clearly showing Gamaredon and Turla activities focusing on the Ukrainian defense sector in recent months.

Gamaredon has been active since at least 2013. It is responsible for many attacks, mostly against Ukrainian governmental institutions. Turla, also known as Snake, is an infamous cyberespionage group that has been active since at least 2004, possibly extending back into the late 1990s. It mainly focuses on high-profile targets, such as governments and diplomatic entities, in Europe, Central Asia, and the Middle East. It is known for having breached major organizations such as the US Department of Defense in 2008 and the Swiss defense company RUAG in 2014.

For a more detailed analysis and technical breakdown of Turla and Gamaredon’s interactions, check out the latest ESET Research blogpost “Gamaredon X Turla collab” on WeLiveSecurity.com

Leave a comment »

TELUS Reaches Historic Planting of 25 Million Tree Milestone During National Forest Week

Posted in Commentary with tags on September 23, 2025 by itnerd

In celebration of National Forest Week, TELUS has achieved a landmark environmental milestone by planting its 25 millionth tree. When fully mature, these 25 million trees will absorb 7.5 million metric tons of CO2, equivalent to removing 1.8 million cars from roads while creating vital wildlife habitats across an area 50 times larger than New York’s Central Park. For over 25 years, TELUS has been a global leader in sustainability, investing in innovative technology and sustainable business practices. This achievement exemplifies TELUS’ commitment to meaningful environmental action.

Leading Through Science-Based Climate Action

As a globally recognized sustainability leader, TELUS has established ambitious science-based targets aligned with the Paris Climate Agreement, including:

  • 100 per cent renewable or low emitting electricity by the end of 2025
  • 46 per cent reduction in Scope 1 and 2 emissions by 2030
  • Operational carbon neutrality by 2030

Beyond tree planting, TELUS has demonstrated comprehensive environmental stewardship by diverting 15 million devices from landfills since 2005, investing nearly $52.4 million through the TELUS Pollinator Fund for Good since 2020, and accelerated reforestation efforts with over eight million trees planted across Canada in 2024 alone, restoring more than 5,300 hectares of natural habitats.

Comprehensive Nature-Based Solutions

Central to these achievements is TELUS Environmental Solutions, which offers comprehensive nature-based climate solutions including strategic tree planting, innovative kelp afforestation, and critical mangrove restoration projects. These initiatives contribute to enhanced biodiversity, accelerated carbon sequestration, and ecosystem restoration while empowering customers and partners to take meaningful steps towards a healthier planet.

To learn more about TELUS’ commitment to a more sustainable future, visit telus.com/sustainability.

Leave a comment »

Auto Insurance Platform Exposed Over 5 Million Records

Posted in Commentary with tags on September 23, 2025 by itnerd

Recently, cybersecurity researcher Jeremiah Fowler discovered and reported to Website Planet an unprotected database belonging to a US-based auto insurance platform.

What happened:

The exposed database contained over 5 million records totaling 10.7 TB and exposed PII contained in power of attorney documents, registration documents, repair estimates, invoices, vehicle registrations, insurance policy or claims information, images of damaged vehicles identifying license plates, VIN numbers, and more.

Why it matters:

This discovery highlights serious privacy concerns and exposes customers to the risk of spear-phishing and social engineering attempts to gain additional information that could potentially be used for identity theft, impersonating individuals, or other financial crimes and potential for insurance or automotive ID fraud.

You can read the full report here: https://www.websiteplanet.com/news/claimpix-breach-report/

Leave a comment »

Outpost24 Introduces New Pen Test Reports and Packages for Mobile Apps and APIs

Posted in Commentary with tags on September 23, 2025 by itnerd

Outpost24, a leading provider of exposure management solutions, today announced the launch of new pen test reporting, giving customers a consolidated view of all penetration testing results within a single platform. This eliminates the need to manage multiple reports from different sources, saving time and improving operational efficiency. Security teams can now view, schedule, and download reports directly, with actionable insights from certified pen testers.

According to Gartner, enterprises often take up to three months to identify and address vulnerabilities. The rise of GenAI apps has added complexity, making it harder for security teams to prioritize testing and act quickly on findings. Outpost24’s new reporting capability addresses these challenges by streamlining how organizations run engagements and access results, reducing time to remediation and ensuring direct access to its expert pen testing team.

In addition, Outpost24 is expanding its pen testing services with new packaged pen tests for mobile and API endpoints. These packages enable security teams to proactively identify and manage vulnerabilities in mobile apps and APIs in a cost-effective manner. By leveraging these new packages, organizations can strengthen their security posture and boost return on investment.

Outpost24’s latest release brings significant enhancements to your pen testing experience, including:

  • Comprehensive reporting: View all pen testing results in one platform to accelerate turnaround times, and drive results from every engagement
  • Enhanced visibility and verification: In-depth analysis on discovered vulnerabilities from expert pen testers, providing enhanced visibility and fix verification
  • Flexible reporting: Easily export and schedule reports in multiple formats and frequencies, with optional compression and password protection
  • Simplified planning: Greater transparency of pen testing costs and timelines to enable effective planning throughout your subscription
  • Comprehensive security: Detailed analysis for API endpoints and mobile apps, ensuring thorough testing throughout the SDLC

These new reporting enhancements and packages work together to provide more streamlined, efficient, and effective pen testing experience.

To learn more about Outpost24’s pen testing services click here or contact the Outpost24 team today.

Leave a comment »

OVHcloud, the first global player to improve website access security with a quantum computer

Posted in Commentary with tags on September 23, 2025 by itnerd

 OVHcloud, a global cloud player and the European cloud leader, has announced that it is increasing the security of its hosted websites using quantum computing. The Group has redesigned the process of generating SSL certificates (a file used for encryption and server authentication) for its clients, using the unique properties of quantum computers to generate unpredictable random numbers.

OVHcloud, a member of the Internet Security Research Group, has long supported efforts to help developers make the web safer. As a result, hosted websites will automatically receive SSL certificates from Let’s Encrypt. These certificates now offer enhanced protection thanks to the use of quantum-generated random numbers (quantum entropy). This technology strengthens the reliability of encryption keys and ensures the confidentiality of exchanges.

Traditionally, the generation of random numbers in electronic circuits can, over time, exhibit bias and predictability, which could weaken computer security due to various factors. Quantum physics, on the other hand, can generate truly unpredictable random numbers, thanks to photon entanglement. This Quantum Random Number Generation (QRNG) technology was developed using Quandela’s quantum computer, which OVHcloud acquired. OVHcloud’s patented innovation, known as the ‘certifiable hazard’, exemplifies the Group’s R&D efforts.

OVHcloud is thus becoming the first cloud player in the world to use quantum computing in its SSL certificates to enhance the security of hosted websites. These new certificates are already being deployed and will be offered free of charge to all of the Group’s web clients. Compatible with the entire current web browser ecosystem, they help to strengthen the trusted cloud. In total, nearly five million websites hosted by OVHcloud will benefit from QRNG by the end of October 2025.

Leave a comment »

RapidFire AI Launches Breakthrough Open-Source Engine for LLM Fine‑Tuning and Post‑Training

Posted in Commentary with tags on September 23, 2025 by itnerd

 RapidFire AI today announced the open‑source release of its “rapid experimentation” engine designed to dramatically speed up and simplify one of the most critical, yet underserved, stages of AI development: customizing large language models (LLMs) through fine‑tuning and post‑training.

Released under the Apache 2.0 license, RapidFire AI lets you launch and compare many fine-tuning/post-training configs at once on a single GPU or across multiple GPUs spanning data, model/adapter choices, trainer hyperparameters, and reward functions. It does this by training on dataset chunks and efficiently swapping adapters or base models between chunks, while the scheduler automatically reallocates GPUs for high utilization. Live metrics stream to an MLflow dashboard from where you can stop, resume, and clone-modify configurations, enabling faster, cheaper exploration toward better eval metrics.

Built for Hyperparallel Exploration and Interactive Control

RapidFire AI enables users to launch as many training/tuning configurations as they want in parallel even on a single multi‑GPU machine, spanning variations of base model architectures, hyperparameters, adapter specifics, data preprocessing, and reward functions. Live metrics and Interactive Control (IC) Ops allow users to stop weak configurations early, clone high‑performers, and warm‑start new configurations in real time right from the dashboard, enabling more impactful results without needing more GPU resources. In the same wall‑time as a few sequential comparisons, teams can explore far more paths and reach better metrics, often realizing 20× higher experimentation throughput.

Key Capabilities

  • Hyperparallel configuration comparison on a single machine: compare even 20+ variants in parallel; expand or prune on the fly based on data- and use case-specific constraints.
  • Interactive Control (IC) Ops: Stop, Resume, Clone‑Modify, and warm‑start new configurations directly from the dashboard on the fly to double down on what works.
  • Chunk‑wise scheduling: Adaptive engine cycles configurations over chunks of the data to maximize GPU utilization, while ensuring sequential-equivalent metrics and minimizing runtime overheads.
  • Hugging Face‑native workflow: Works natively with PyTorch, Transformers, TRL; supports PEFT/LoRA and quantization.
  • Supported TRL workflows: SFT, DPO, and GRPO.
  • MLflow‑based dashboard: Unified tracking and visualization for all metrics, metadata management, and control panel for IC Ops—no extra MLOps wiring needed.

RapidFire AI’s technology is rooted in award-winning research by its Co-founder, Professor Arun Kumar, a faculty member in both the Department of Computer Science and Engineering and the Halicioglu Data Science Institute at the University of California, San Diego.

The company has raised $4 million in pre-seed funding from leading deep‑tech investors including .406 Ventures, AI Fund, Willowtree Investments, and Osage University Partners.

Availability

RapidFire AI’s open‑source package, documentation, and quickstart guides are available now: rapidfire.ai/docs

AI developers and researchers are invited to try out this package, share feedback, showcase their use cases, and contribute to extensions. For more information on the company visit www.rapidfire.ai.

Leave a comment »

« Older Entries
Newer Entries »