SOCRadar Analysis: Salesloft Drift Breach – Everything You Need to Know

Posted in Commentary with tags on September 4, 2025 by itnerd

More than 700 organizations were affected by the recent Salesloft Drift Breachone of the largest SaaS supply-chain breaches to date, including high-profile technology and security vendors such as Cloudflare, Zscaler, Palo Alto Networks, and PagerDuty. Investigators describe the incident as a “widespread supply-chain attack spree” targeting one of the most widely used SaaS integrations. Drift, acquired by Salesloft in 2024, integrates with customer systems such as Salesforce, Slack, and Google Workspace via OAuth tokens. Threat actors exploited this integration to steal authentication tokens and gain access to customer environments.

In a just-published blog post, threat intelligence company SOCRadar analyzes:

  • How attackers got in/threat actor behind it
  • Technical reasons behind it
  • Type of info exposed/number of organizations affected
  • How to determine if your company was affected
  • How it compares to other supply chain attacks
  • Steps should CISOs take to mitigate risks from this incident
  • Indicators of Compromise (IOCs) related to Salesloft Drift breach

If you use Salesloft, this should be required reading: Salesloft Drift Breach: Everything You Need to Know 

Leave a comment »

PayPal Users Targeted in Account Profile Scam 

Posted in Commentary with tags , on September 4, 2025 by itnerd

Researchers have uncovered a new PayPal phishing scam in which the scammers successfully spoof PayPal’s email address and use the email subject line of “Set up your account profile”.

Details can be found here:  https://www.malwarebytes.com/blog/news/2025/09/paypal-users-targeted-in-account-profile-scam

Here’s the TL:DR:

The sender address service@paypal.com (sometimes the emails come from service@paypal.co.uk) looks legitimate because it is, but the scammers have spoofed the address.

Basically, when someone sends an email, their computer tells the email system what address to show as the sender. Scammers take advantage of this by using special software or programs that let them type in any “From” address they want. This technique is called spoofing. The scammer sends their email through the internet, and since most email systems aren’t strict about checking this information, the fake sender address is displayed just like a real one would be.

So it’s hard for the everyday user to tell if the email has been spoofed or not.

Ensar Seker, CISO at cybersecurity threat intelligence company SOCRadar, commented:

“At first glance, it may appear like just another scam, but it highlights a growing sophistication in how attackers weaponize trust, familiarity, and urgency. What stands out in this case is the use of email spoofing combined with psychological pressure, a classic one-two punch. Spoofing the sender address to mimic PayPal adds a false sense of legitimacy, while the alarming message about a nearly $1,000 unauthorized charge triggers panic. This kind of emotional manipulation is exactly what makes phishing so effective: it hijacks the victim’s instinct to act before thinking. The attackers also cleverly obscure their tracks by using odd recipient addresses and distribution lists, likely to bypass simple recipient verification and to cast a wider net. That detail alone suggests this wasn’t a one-off email but a scaled campaign, which raises the stakes for detection and response.

From a technical standpoint, these types of threats bypass many traditional security controls, especially if there’s insufficient email authentication in place like lacking proper SPF, DKIM, and DMARC configurations. Organizations must ensure those protocols are correctly implemented to prevent spoofed emails from ever landing in inboxes.

On the user side, education remains vital. Even though the visual layout of the phishing email imitates PayPal’s design, a trained eye can spot the inconsistencies. But let’s be clear, users shouldn’t have to carry the burden of being the final line of defense. We need to build systems that assume attackers will get through and are resilient enough to stop damage downstream. We also need to treat email security as part of a broader threat intelligence operation. That’s why real-time visibility into spoofed domains, impersonation attempts, and phishing infrastructure is essential, not just for defense, but for proactive disruption.”

Organizations need to make sure that they are using DKIM, DMARC and SPF because it makes scams like these way less effective. The reason being that emails like these will end up either deleted or in the junk folder. Which means that you won’t be a victim. Hopefully the message gets through that this is no longer optional or a nice to have.

UPDATE: Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had this comment:

“Any time a scammer can use a legitimate site or service to send an email that is coming from that legitimate domain, it’s a problem. The popular advice of hovering over a link to inspect it before responding and performing the requested action fails. That’s why KnowBe4 teaches users two easy signs to look out for to detect a potential scam, and neither involves inspecting links or trying to determine if the site or service involved is legitimate. Our two-step recommendation is this: If you receive an unexpected message (no matter how received) and it’s asking you to do something you’ve never done before, research the request using an alternate trusted method (don’t rely on any contact or URL information in the original message) before performing the requested action. Any message with these two traits (unexpected and asking you to do something new) is at higher risk for being a scam than a message that does not have those two traits. So, while a message with those two traits might be legitimate, users need to recognize that any message with those two traits are at a higher risk than other messages and needs to be researched more before performing.”

Leave a comment »

Samsung Expands The Galaxy Ecosystem

Posted in Commentary with tags on September 4, 2025 by itnerd

Samsung is expanding its Galaxy ecosystem this fall with four new products designed to put Galaxy AI at the heart of productivity, creativity, and connected living: the Galaxy Tab S11 Series (S11 + S11 Ultra)Galaxy Tab S10 LiteGalaxy Buds3 FE, and the Galaxy S25 FE

Together, these devices deliver effortless productivity, personalized AI experiences, and flagship innovation at more accessible price points, all while working seamlessly within the Galaxy ecosystem. 

  • Galaxy Tab S11 Series (S11 & S11 Ultra): For creators and professionals who love the PC-to-tablet experience, the Tab S11 Series makes it seamless to sketch ideas with the redesigned S Pen, then jump into New DeX mode for full-scale multitasking, all on an immersive display powered by Galaxy AI. 
  • Galaxy Tab S10 Lite: Built for those on the go, the Tab S10 Lite makes it easy to switch between note-taking, streaming, and browsing, giving users a compact and accessible way to stay productive and entertained. 
  • Galaxy Buds3 FE: Perfect for travelers and trendsetters, the Buds3 FE feature a new blade design with hands-free Galaxy AI, so whether you’re using Interpreter at a café abroad or taking a call, you get reliable performance with powerful sound and ANC. 
  • Galaxy S25 FE: Designed for photography lovers and social sharers, the S25 FE brings flagship-grade AI tools like Photo Assist and Live Translate to a more accessible device with a premium design that fits any lifestyle. 
Device NameKey SpecsPricingColours
Galaxy Tab S1111” Dynamic AMOLED 2X 120 Hz, MediaTek Dimensity 9400+, 12 GB RAM, 128/256/512 GB, S- Pen BT LE, DeX, 8,400 mAh, On-screen fingerprint, IP68 128 GB – $1,099.99; 256 GB – $1,199.99; 512 GB – $1,349.99 Grey, Silver 
Galaxy Tab S11 Ultra14.6” Dynamic AMOLED 2X 120 Hz, MediaTek Dimensity 9400+, 12/16 GB RAM, 256/512 GB/1 TB, S Pen BT LE, DeX, 11,600 mAh, On-screen fingerprint, IP68 256 GB – $1,599.99; 512 GB – $1,749.99 Grey, Silver 
Galaxy Tab S10 Lite10.9” WUXGA+ TFT 90 Hz, Exynos 1380, 6/8 GB RAM, 128/256 GB, S Pen (no BT), DeX, 8,000 mAh, IP42 128 GB – $499.99; 256 GB – $599.99 Grey, Silver, Coral Red 
Galaxy Buds3 FEBlade design, ANC & Ambient, Hands-Free AI (Gemini & Bixby), Interpreter, IP54, 6–8.5h playtime, 3 Mic Intelligent Call $179.99 Black, Grey 
Galaxy S25 FE6.7” FHD+ Dynamic AMOLED 2X, Exynos 2400, 8 GB RAM, 128/256/512 GB, 50 MP Triple Camera, 4,900 mAh, 45W Super Fast Charging, Wireless DeX 128 GB – $919.99; 256 GB – $999.99 Jetblack, Navy, Icyblue, White 

Leave a comment »

Guest Post – From data breaches to physical risks: The dark web’s growing danger to executives

Posted in Commentary with tags on September 4, 2025 by itnerd

Cybersecurity experts explain why security teams are turning to the dark web to protect executives

Executives are the prime targets for cyberattacks. However, cybercrime is not the only threat lurking in the internet shadows for high-profile leaders. The dark web has become a hub for bad actors who are seeking to steal corporate leaders’ credentials for access to sensitive data and laying the groundwork for more sophisticated cyberattacks or even plotting assaults that threaten executives’ physical safety.

A study by GetApp, a business software directory, found that 72% of surveyed US executives have been targeted by cybercriminals at least once. Additionally, 69% of employees who work in companies that experienced previous attacks targeting leaders claim that cyberattacks against executives have increased.

According to Vakaris Noreika, a cybersecurity expert at NordStellar, a threat management platform, executive protection has become an even more relevant topic over the last few years. High-profile cases, such as the assassination of the UnitedHealthcare CEO Brian Thompson, have fueled existing concerns over executive safety — both online and offline.

“Corporate leaders are prime targets for cybercriminals because their credentials and personally identifiable data can grant cybercriminals access to sensitive resources or deploy sophisticated social engineering attacks to maximize the damage and profits,” says Noreika. “The dark web is filled with bad actors — many financially motivated, others driven by political or ideological goals — making it a hub for threats against executives, from cyberattacks to physical assaults.”

Growing concerns from physical security teams

According to Ron Zayas, an online privacy expert and CEO of Ironwall by Incogni, a privacy protection and data removal service, the company’s team noticed a growing interest in executive protection from businesses over the past eight months.  

“Multiple high-profile attacks, as well as abrupt political shifts that resulted from the change of administration in the U.S., have been the two main contributing factors fueling the rising interest in executive protection services,” says Zayas. “Physical security teams have shown the greatest interest. While most IT admins use dark web monitoring and consider executive protection a lower priority, physical security experts stress the need for additional measures.”

Zayas reveals that executives are frequently named as direct targets in dark web posts, with their credentials often appearing in data leaks alongside those of other employees. Some companies are explicitly targeted — bad actors disclose their aim to proactively penetrate the organization and obtain the credentials of its senior management.

“In our experience, physical security teams are most concerned about any information leaks disclosing the location of the executives because this would set the stage for a potential assault at home and away from the office,” says Zayas. “Aside from personally identifiable information leaks, they also look for any other dangerous activity posing a threat to physical security.” 

Main cyber threats targeting executives

According to Noreika, targeted cyberattacks are the most significant cybersecurity risk lurking for executives on the dark web. If a bad actor successfully obtains corporate leaders’ credentials, personally identifiable information, or other sensitive details, the likelihood of them infiltrating a company’s network, using that data to carry out more devastating attacks, or locating the executive is very high.

“In the most common cases, hackers use stolen credentials to infiltrate a network,” says Noreika. “However, they might also use personal information to launch phishing campaigns, tricking executives into downloading malware. They can also carry out business email compromise attacks, posing as corporate leaders to scam employees, partners, or vendors, or even use snippets of their voice for deepfakes. This enables them to steal company funds, fool third parties into payments, or leak sensitive data.”

Noreika explains that dark web monitoring is essential to detect these threats before they escalate. However, it’s important to note that once information is leaked on the dark web, there’s not much security teams can do to make it disappear. Companies must have a proper executive threat prevention, preparedness, and response plan to maximize the mitigation of security risks.

“Strict access controls, multi-factor authentication, proper network segmentation, and a comprehensive cybersecurity strategy are necessary to ensure that cybercriminals cannot successfully infiltrate a network. Robust physical security measures must also be in place to minimize the risk of endangerment to physical security,” says Noreika.” The response plan should contain swift step-by-step actions encompassing threat containment, incident reporting, and coordination with law enforcement and security teams to mitigate risks and ensure executive safety.”

Noreika emphasizes that cybersecurity training for corporate leaders should also be prioritized. Raising their cybersecurity awareness could significantly decrease the likelihood of their credentials or other personal data ending up in a data leak on the dark web.

ABOUT NORDSTELLAR

NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.

Leave a comment »

NTT DATA and Cisco Partner to Power Networking for the AI Era

Posted in Commentary with tags , on September 3, 2025 by itnerd

NTT DATA and Cisco today unveiled a new co-sponsored IDC InfoBrief, Wired for Intelligence: A CIO Guide to Enterprise Networking for AI. The study shares strategic guidance for organizations seeking to accelerate transformation by modernizing their network infrastructure.

As organizations integrate AI into more applications, from manufacturing and healthcare to financial services, the demand for high-speed, low-latency, and secure networks is surging. Legacy infrastructure is no longer sufficient to support the scale and complexity of AI workloads. NTT DATA and Cisco are responding to this shift by helping clients evolve from outdated architectures to intelligent, adaptive infrastructure that can power AI-driven innovation.

The Critical Foundation Empowering AI-Driven Growth

The study highlights that network modernization is at the heart of AI success. More than 78% of companies say that networking capabilities are either important or very important when selecting providers for GenAI infrastructure — underscoring the need for networks that can handle and secure ever-scaling AI workloads while running complex AI training, inference, and storage clusters with ease. At the same time, modernization also infuses AI into network operations through AI-driven configuration, anomaly detection, self-healing, and intelligent monitoring to accelerate issue resolution and elevate user experience. Already, industries like manufacturing, healthcare, and financial services are leveraging AI in networking to improve operational efficiency, ensure secure connectivity and reduce costs.

NTT DATA is Enabling Network Modernization Through Intelligent Services

NTT DATA’s comprehensive suite of intelligent services helps clients modernize their digital infrastructure and build secure networks. These services span the full lifecycle from advisory to sourcing, professional services, support and managed services to enable organizations to modernize and unlock the full potential of AI. With many companies undergoing hardware refresh cycles due to the emergence of AI, NTT DATA’s services are designed to meet this critical moment:

  • Advisory: Strategic guidance to align network modernization with AI goals.
  • Strategic Technology Sourcing: Recommending and procuring the right technology to transform network to be AI-ready.
  • Professional Services: Architecting and deploying scalable, secure and high-performance networks.
  • Software-Defined Infrastructure Services: Driving business outcomes through adoption of automation and AI agents into infrastructure operations and license optimization.
  • Adoption Services: Maximizing value from infrastructure investments through greater adoption of software, continuous improvement and change management.
  • Managed Network Services: End-to-end network management to ensure seamless data flow from edge to cloud, minimizing latency and enhancing application responsiveness.

NTT DATA recently launched AI-powered Software Defined Infrastructure (SDI) services for Cisco products to deliver intelligent automation and real-time insights to optimize infrastructure, reduce costs, and drive business outcomes.

Leave a comment »

378 GB of Navy Federal Credit Union’s Backup Files Exposed

Posted in Commentary with tags on September 3, 2025 by itnerd

A data breach involving Navy Federal Credit Union, a Virginia-based company in the banking and finance industry, was discovered and reported to WebsitePlanet by cybersecurity researcher Jeremiah Fowler.

What happened:
A non-password-protected database containing 378.7 GB of internal records was exposed. The leaked data includes internal email addresses, password schemes, keys, document names, file structures, and more.

Why it matters:
This exposure poses significant security risks, including spear-phishing and social engineering attacks targeting internal users, as well as potential network mapping, unauthorized access, or exploitation of additional vulnerabilities.

Read the detailed report here: https://www.websiteplanet.com/news/navy-credit-union-breach-report/

Leave a comment »

An Azure AD Misconfiguration Can Potentially Get You Pwned

Posted in Commentary with tags on September 3, 2025 by itnerd

Here’s another story from the “this is potentially bad” department. Researchers have discovered a critical security vulnerability in Azure Active Directory (Azure AD) configurations that exposes sensitive application credentials, providing attackers with unprecedented access to cloud environments. 

Commenting on this is Martin Jartelius, CTO at Outpost24:

“Security findings are sometimes overstated in coverage. In this case, the penetration testers’ original report was honest and factual, but the article misrepresents it and even links to an unrelated Azure AD vulnerability from 2024 instead of the testers’ actual write-up. The attack is straightforward:

  1. A website or system exposes appsettings.json, which contains tokens similar to API keys or stored credentials.
  2. The exposed application already has permissions granted by the organization.
  3. An attacker can use those credentials.

This is not a vulnerability in Active Directory, permissions management, or the application itself. It is a misconfiguration that exposes sensitive files on a webserver, fileshare, or code repository.

The case does highlight the risk of over-permissioned applications in Azure AD. Tools requesting broad access to calendars or email put sensitive data at risk, where more granular permissions (such as availability only) would not. Organizations should require approval for new apps, minimize their number, and only allow them when clearly justified.

And most importantly: never leave passwords or tokens in files that can be accessed publicly. That is basic security hygiene.”

Misconfigurations are as bad as outright vulnerabilities. Thus you have to make sure that you don’t leave out the red carpet for threat actors because you did not set your environment up with security in mind.

Leave a comment »

Palo Alto Networks data breach exposes customer info, support cases

Posted in Commentary with tags on September 3, 2025 by itnerd

To say that this is not good is an understatement. News is out that Palo Alto Networks suffered a data breach exposing customer data and support cases via a Salesforce exploit. Just think of what a threat actor can do with all of that information.

Lidia Lopez, Senior Threat Intelligence Analyst at Outpost24, had the following commentary: 

“The case of Palo Alto data breach demonstrates the modus operandi of the threat actor is not stagnant, and they are capable of implementing other attack techniques to compromise as many victims as possible. This time they have used compromised OAuth tokens from the Salesloft Drift integration to query Salesforce data at scale. This is potentially affecting other clients using Salesloft Drift integration, for instance, Google and Cloudflare have already reported related exposure.”

“This represents a shift in modus operandi compared to previous intrusions of the threat actor, in which they used social engineering skills via phone phishing to trick them into revealing login credentials or installing malicious versions of Salesforce tools.”

I suspect that Palo Alto isn’t the last organization to be a victim of this Salesforce exploit. Which means that this is going to get real ugly for those who are trying to keep the bad guys out.

Leave a comment »

Windows 10 custom support costs estimated to be in excess of $7bn

Posted in Commentary with tags on September 3, 2025 by itnerd

Nexthink is warning that the cost of custom Windows 10 support could reach upwards of $7.3bn based on market share data and business usage estimates.

Of the 1.4 billion devices powered by Windows, Nexthink estimates that approximately 30% are in use by commercial or public sector organizations, equating to around 420 million enterprise Windows devices. The latest market share data shows Windows 10 still has a 43% market share, which is equivalent to roughly 181 million devices.

According to Nexthink analysis of customer endpoints, there has been a 33% decrease in Windows 10 devices between 19th May and 1st August. Assuming a further 33% reduction by the 14th October, that would leave around 121 million Windows 10 PCs. At $61 per device for the first year of custom support, organizations could collectively be facing a bill of just over $7.3 billion.

Nexthink’s analysis of the digital experience across Windows 10 and Windows 11 shows that Windows 11 devices are currently experiencing a higher level of instability, with more frequent system crashes (1.2% vs 0.6% for Windows 10) and hard resets (9.9% vs 8.5% for Windows 10). While not unexpected in the early years of a new operating system, the findings highlight how factors such as hardware compatibility, drivers and system configuration can impact the employee experience during an OS migration. These risks can be anticipated and mitigated with tailored library packs, which give IT teams ready-to-use insights and guidance to smooth the transition.

Organizations must take a proactive, data-led approach to migration planning, ensuring they understand both the technical requirements and potential impact on the employee experience. To do this, organizations should:

  • Pinpoint remaining Windows 10 devices and assess hardware readiness for Windows 11.
  • Plan for post-deadline risks, as unsupported devices face greater exposure to malware, phishing, and ransomware.
  • Check application compatibility to prevent software issues or loss of support.
  • Factor in device performance, as older hardware may slow productivity and limit upgrades.
  • Consider IT resource impact, as unsupported OS devices may require more IT support.
  • Avoid ‘AI FOMO’ by guiding employees on how they can access and use tools like Copilot, improved multitasking, and enhanced UI features.
  • Reduce friction across teams by avoiding inconsistent experiences between Windows 10 and Windows 11 users.

Methodology

The full workings for the Nexthink calculation are as follows:

  • There are 1.4 billion devices powered by Windows, of which Nexthink estimates that around 30% of these are in use by commercial or public sector organizations
  • This leaves 420m million enterprise Windows devices. If 43% of these are Windows 10 devices, that leaves 180,600,000m Windows 10 enterprise devices
  • Assuming a 33% reduction in the 74 days from 1st August to 14th October (59,598,000), this will leave 121,002,000 devices due to be upgraded
  • At $61 per device, this makes the cost of Windows 10 custom support worldwide to be $7,381,122,000

Leave a comment »

HappyRobot raises $44M to build a digital workforce for the real economy

Posted in Commentary with tags on September 3, 2025 by itnerd

The operations of most organizations still rely on high-volume manual labor – millions of conversations, documents,  and updates every day just to keep things moving. For decades, this work has been handled by overwhelmed teams or outsourced to call centers, with inefficiencies and crucial tasks slipping through the cracks amidst the chaos. HappyRobot is changing that. The San Francisco-based startup’s $44 million Series B funding will scale their platform to build & deploy AI workers, bringing the next generation of automation to the backbone of global trade. 

The $44 million Series B financing round was led by Base10 Partners with participation from existing investors, a16z, Array Ventures, and YC. New investors include Samsara Ventures, Tokio Marine, WaVe-X, World Innovation Lab (WiL) and other industry operators and global logistics funds. This financing follows a $15.6 million Series A financing round raised in late 2024, which was led by a16z and included investment from YC and Carles Reina’s Baobab Ventures. The company will use the capital to grow its product engineering, forward-deployed engineering, and go-to-market teams; enhance its platform’s functionality; and continue building the AI workforce.

HappyRobot gives enterprises a new kind of teammate: AI workers that can handle end-to-end tasks, communicating over the phone, email, and chat, parsing documents, browsing sites, and logging crucial data. Designed to handle the messy, dynamic workflows of  real-world operations, these workers are handling critical tasks – negotiating rates, booking appointments, collecting payments, recruiting staff, and keeping stakeholders updated – without relying on brittle rules or rigid scripts. The impact goes beyond cost savings, with organizations boosting revenue generating activities and infinitely increasing their velocity. 

The returns are already visible across the company’s 70+ enterprise supply chain customers like DHL, Ryder, and Werner. In appointment scheduling, the platform has reduced resolution times from over a week to under 30 minutes. In collections, customers report returns exceeding 119 times their initial investment. In outbound sales, HappyRobot agents are delivering over 19 times ROI, while carrier sales operations have seen returns north of 5x – all while freeing up human operators to focus on relationship-building and strategic work.

As adoption grows, so does the sophistication of the AI workforce, expanding into modalities like browser agents and advanced reasoning, and building a robust platform. That includes the AI Auditor, an automated agent designed to review the activity of AI workers, flag exceptions, and ensure compliance. The AI Builder will allow operators to deploy new workers with a prompt, making automation configurable by the teams closest to the work. And the HappyRobot operating system gives teams a centralized interface to monitor, manage, and coordinate operations with an AI workforce at their fingertips.

Unlike generic copilots or point solutions, HappyRobot is a vertically integrated orchestration platform. It combines multiple AI models (transcription, LLMs, voice generation, optical character recognition, AI browsing and more) with deep integrations (TMS, ERP, CRM, APIs) and a robust infrastructure layer built for production reliability at enterprise scale. Every deployment is supported by a dedicated forward-deployed engineer (FDE) who customizes and maintains the AI workflows on site – a model that accelerates time-to-value and ensures operational readiness.

The company’s origin story is personal. Co-founders Pablo Palafox, Luis Paarup and Javier Palafox started working together years before incorporation, bonding over robotics projects, deep learning projects, and a shared ambition to build something foundational in AI. After stints in cloud architecture, AI research, and corporate finance, the trio launched HappyRobot in 2023, having built a voice AI that could hold a natural phone conversation – and found its first commercial application in a fractured world of freight communication. 

As supply chains grow more complex and customers demand faster, more reliable service, the pressure on human teams has intensified. Meanwhile, call center burnout, labor shortages, and software fragmentation are driving up costs. By automating frontline communication with domain-specific AI workers, HappyRobot offers a scalable, efficient, and auditable alternative. 

With this new funding, HappyRobot plans to scale hiring across engineering, deployments, and product, while making their AI workers more robust. The long-term vision is clear: to build the digital workforce that powers operations. 

Leave a comment »

« Older Entries
Newer Entries »