OVHcloud unveils Public VCF as-a-Service, an innovative managed VMware solution, tailored for SME

Posted in Commentary with tags on September 8, 2025 by itnerd

 OVHcloud today announces Public VCF as-a-Service, a game-changing managed VMware solution designed to help small and medium-sized enterprises (SMEs) and managed service providers (MSPs) modernize their VMware deployments while keeping control of their costs.

A fully managed VMware solution built on VMware Cloud Director

In a context of change and uncertainties, OVHcloud Public VCF as-a-Service addresses the needs of VMware users globally, through a solution leveraging shared hardware to offer VMware functionality with the best performance/price ratio. With licensing and cloud spending being a major concern for every IT decision maker, OVHcloud Public VCF as-a-Service pricing starts as low as $496 /month. It is built on VMware Cloud Director (VCD) and offers unmatched performance and security for a fully managed VMware solution, while remaining scalable.

Designed with SMEs, SMBs and MSPs in mind, the Public VCF as-a-Service solution offers a hassle-free modernization of existing VMware workloads, ensuring small businesses can continue to leverage their long-standing VMware investments. Organizations can quickly deploy their cloud in a scalable VMware environment or seamlessly migrate their existing VMware workloads (SDDC/VCD) in a trusted cloud infrastructure providing continuity, performance and simplicity.

To meet the evolving needs of businesses, Public VCF as-a-Service offers a streamlined approach, allowing users to access only the necessary components, without the complexity of the full VMware suite while remaining easily manageable. A number of essential tools are provided to complement Public VCF as-a-service such as a library of pre-configured images to make deployments a breeze and a managed backup solution powered by Veeam. New features will be rolled-out throughout the months to support Public VCF as-a-Service, ensuring it remains a cutting-edge solution.

OVHcloud, a Broadcom Pinnacle certified partner, offers with Public VCF as-a-Service a no compromise solution when it comes to security, resilience and ease of use. With a 99.95% SLA and resilient architecture, customers can trust that their VMware deployments are always available and secure.

Adjustable resource allocation and unmetered guaranteed bandwidth

OVHcloud Public VCF as-a-Service starts with a pack of 16vCPU and 64 GB of RAM. Users can dynamically allocate theses resources between VMs, and scale the capacity as needed through additional packs, ensuring greater cost efficiency based on their current needs.

OVHcloud Public VCF as-a-Service benefits from up to 5 Gbps guaranteed and unmetered public bandwidth and up to 5 Gbps of unmetered private bandwidth, further participating in guaranteeing predictable pricing.

Data protection and sustainability

OVHcloud Public VCF as-a-Service benefits from OVHcloud’s well-known expertise in infrastructure, offering a trusted Cloud in environmentally friendly datacenters. With the highest security and data protection standards in the form of ISO 27001 certification, customers benefit from a trusted cloud. OVHcloud datacenters take advantage of the Group unique industrial model with a watercooling system that contributes in best-in-class PUE/WUE indexes (see more data here).

Pricing & Availability

OVHcloud Public VCF as-a-Service starts at $469 monthly with 16 vCPU, 64 GB of RAM and 1 TB of storage. It is available now in Canada, Europe and the United States of America.

Leave a comment »

iCloud Calendar Spam Is Back With A Crypto Twist

Posted in Commentary with tags on September 8, 2025 by itnerd

iCloud Calendar Spam has been a thing for a while now. And lately it has resurfaced in a big way. Spammers have been sending calendar invitations containing links, most of them taking the form of cryptocurrency scams. And the big problem with this is that email filters and other security measures that are in place to stop scams from hitting your calendar or inbox are completely bypassed. Thus making it far more likely that there will be victims.

Bleeping Computer has a story on this: https://www.bleepingcomputer.com/news/security/icloud-calendar-abused-to-send-phishing-emails-from-apples-servers/

Javvad Malik, lead security awareness advocate at cybersecurity company KnowBe4, commented:

“There is an ongoing trend of phishing that rides on reputable services. These attacks, such as the one using iCloud Calendar pass SPF/DKIM/DMARC, and land in inboxes with borrowed legitimacy. People don’t scrutinize calendar links the way they do email links, so a meeting invite with a callback number lowers defenses and funnels victims into vishing or remote‑access scams.

“KnowBe4 Threat Labs has been tracking the same pattern (https://blog.knowbe4.com/phishing-deep-dive-eu-affiliated-survey-platform-exploited-in-sophisticated-credential-harvesting-campaign) of attackers launching campaigns through legitimate platforms AppSheet, Microsoft, Google, QuickBooks, even Telegram which bypass native and SEG controls.

“Don’t just hunt for misspellings and spoofed domains, look at the intent. Ask if this communication was expected, is it trying to spike emotion, and is there an artificial time limit pushing you to act now? If the answer is yes to any, stop and self‑verify via a known channel. And treat calendar invites with the same scepticism as email.”

Apple has a video that addresses this topic that you should look at if get hit by this. But Apple needs to figure out a way to stop this from being an issue in the first place. Maybe with this new wave of spam, they might put some effort and resource into finding a solution.

Leave a comment »

Review: EnGenius ECW520 WiFi 7 Access Point

Posted in Products with tags on September 8, 2025 by itnerd

What if I told you that you could get the following access point with the following specs for just $189 USD:

  •  5,800 Mbps on 6 GHz
  • 4,300 Mbps on 5 GHz
  • 700 Mbps (2.4 GHz)
  • 2.5 GbE port with PoE++ support
  • 2×2 MIMO suppor

You may think that’s not possible. But it is possible as EnGenius has done this with the ECW520. Here’s a look at it:

EnGenius has brought an access point that is on the slim side, as well as having rounded edges. Thus for those who care about design, this access point will likely fit in with any office decor.

Underneath is a 2.5 GbE port with PoE++ support. Which is great as one cable will give you fast uplink/downlink as well as power. I should note that this does not come with a power adapter. Though it does have a 12V barrel jack and EnGenius does sell a power adapter for the three people on Earth who would need that.

Setting things up is laughably easy via the EnGenius Cloud app which is available for iOS and Android. Anyone can get it set up and running in under 10 minutes which is another plus for this product.

But here’s the real question. How fast is this? Well I had to borrow some WiFi 7 devices to properly test this as I don’t run anything with WiFi 7 at the moment. But once I secured said devices and ran my testing, here’s what I got.

  • 1 Meter from the access point: 1.9 Gbps per second
  • 5 Meters from the access point: 1 Gbps per second
  • 10 Meters from the access point: 680 Mbps per second

All of this was within line of sight of the access point. If I compared it to the ECW526, it’s somewhat slower than that access point. But not by enough for me to care. Especially since the ECW526 is a whole lot more expensive. For my clients who are looking to get access points, the ECW520 may be my go to in terms of what I recommend. The price is right and the speed is better than good enough as far as I am concerned. Plus the setup is easy enough that anyone who buys one or more of these won’t have to pay someone like me to set them up. Just get an electrician to string up PoE to the right places and you’re good to go.

Leave a comment »

Posted in Commentary with tags on September 5, 2025 by itnerd

 Researchers have discovered that cybercriminals have orchestrated a sophisticated phishing campaign using Simplified AI, a legitimate AI marketing platform, to steal Microsoft 365 credentials from the U.S.-based organizations.

During the phishing campaign, threat actors hosted a phishing webpage under the legitimate Simplified AI domain, blending malicious activity into the daily noise of enterprise traffic. By impersonating an executive from a global pharmaceutical distributor, the threat actors delivered a password-protected PDF that appeared legitimate. Once opened, the file redirected the victim to Simplified AI’s website, but instead of generating content, the site became a launchpad to a fake Microsoft 365 login portal designed to harvest enterprise credentials.  

This social engineering combined with phishing highlights a dangerous evolution: threat actors are merging impersonation with sophisticated phishing techniques while exploiting the era of AI adoption in enterprise organizations. They are no longer relying on suspicious servers or cheap lookalike domains. Instead, they abuse the reputation and infrastructure of trusted AI platforms. These are platforms your employees already rely on, or that your security team may implicitly trust, allowing threat actors to bypass defenses and slip into your organization under the cover of legitimacy. 

Javvad Malik, Lead Security Awareness Advocate at KnowBe4, providing the following commentary:

“We’re seeing attackers piggyback our own shortcuts. If a link lands on a whitelisted AI platform everyone already uses, it feels safe. In a busy world, while many are multi-tasking, it’s easy to see branding, a familiar layout, and a PDF and lower their defenses. That’s precisely what this attack is seeking to do.”

“It’s why we need to treat AI platforms like any other third-party app. We should use them, but verify. Turn on phishing-resistant MFA so a stolen password doesn’t result in a breach. Be wary of password-protected attachments, reporting them to IT or Security teams to inspect if unsure. Keep an eye on which AI apps and OAuth consents your teams are actually using. And if an email nudges you to log in somewhere new, pause and verify before you type a single character.”

This is pretty scary as this would be pretty hard to detect. It just shows how threat actors are evolving to make their attacks more effective. And it means that in response we need to find and implement new and stronger defenses to ensure that threat actors don’t win.

Leave a comment »

The Vancouver Art Gallery Receives Significant Gift of Artwork by Contemporary Artist Guud san glans Robert Davidson from the Entwistle Family

Posted in Commentary with tags on September 5, 2025 by itnerd

The Vancouver Art Gallery today announced a significant donation of 23 works by celebrated Haida artist Guud san glans Robert Davidson (b. 1946) from TELUS President and CEO Darren Entwistle and his family. Davidson, the great-grandson of artist Charles Edenshaw and a protégé of Haida master Bill Reid, is widely recognized for revitalizing Northwest Coast artistic traditions through contemporary interpretation. 

The Vancouver Art Gallery has been exhibiting Davidson’s work from the outset of his career, beginning in 1967 with his inclusion in the groundbreaking survey of Northwest Coast art, Arts of the Raven. Other highlights include a major mid-career survey in 1993, Eagle of the Dawn, and a 2023 exhibition of his graphic works from the 1960s to the present, Guud san glans Robert Davidson: A Line That Bends But Does Not Break.

The gift comprises a dynamic selection of original paintings, masks and two-dimensional works that significantly strengthen the Gallery’s collection with 15 important works from the twenty-first century—a period of notable transformation in Robert Davidson’s practice. 

In the early 2000s, Davidson began to move beyond symmetrical compositions, embracing a broader use of colour and form, as seen in Halibut Halibut Halibut (2000) and the painted drum Second Variation on Tri Neg Drum (2001). By the mid-2000s, his work evolved toward abstraction and minimalism, while continuing to draw from the Haida visual language. Works such as Chief of the Underworld (2006) and Sea Anemone (2008) reflect this shift, emphasizing individual figures, larger forms and a two-tone palette. 

More recent works, including Whirlpool Kwaa K’iilee (2018) and Whimsical (2018), demonstrate a continuing interest in detailed and figurative expression in a fluid, graphic style. This is further exemplified in Diving Killer Whale (2019), which merges the clarity of formal reductivism with the complexity of Davidson’s evolving aesthetic. Both Diving Killer Whale (2019) and Halibut Halibut Halibut (2000) will be featured in the exhibition We who have known tides, opening Nov 7 at the Vancouver Art Gallery. This is an exciting opportunity for audiences to witness these significant works firsthand. 

TELUS’s decades-long relationship with Indigenous art, including commissioning installations for TELUS Garden, underscores its ongoing role as a champion of British Columbia’s cultural heritage. This latest donation by Darren Entwistle and his family further amplifies this legacy by enhancing public access to significant Northwest Coast artworks. 

Leave a comment »

Insider Threat Awareness Month highlights key threats and opportunities 

Posted in Commentary on September 5, 2025 by itnerd

September is National Insider Threat Awareness Month, which serves both as a reminder of the challenges that insider threats can pose security teams, and also raise awareness for the best practices for preventing breaches as a result of these hidden threats.

Here is some commentary from a group of cybersecurity experts regarding Insider Threat Awareness month and insider threats in general. They are Steve Wilson, Chief AI and Product Officer at Exabeam, Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka, Joshua Roback, Principal Security Solution Architect at Swimlane, and Pete Luban, Field CISO at AttackIQ.

Steve Wilson, Chief AI and Product Officer at Exabeam:

“The danger from insider threats continues to grow in the modern cyber landscape, particularly as AI accelerates their speed, stealth, and sophistication. With 64% of cybersecurity professionals now viewing insiders as a greater risk than external actors, Insider Threat Awareness Month serves as a critical opportunity to emphasize proactive defense strategies. 

While 88% of organizations have insider threat programs, many lack behavioral analytics needed to detect AI-enhanced attacks that exploit trusted access and mimic legitimate user behavior. As threats intensify across sectors like government, healthcare, and manufacturing, this initiative provides an opportunity to call for stronger governance, cross-functional collaboration, and real-time detection capabilities to stay ahead of both human and AI-driven insider risks.”

Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka:

“Insider Threat Awareness Month is a critical initiative for raising awareness about the unique security risks posed by internal actors. There have been several examples of insider threats wreaking havoc on major corporations, with Elon Musk’s X being the most prominent recent example. 

A malicious insider is a significant cybersecurity risk, as such individuals can steal intellectual property, exfiltrate confidential information, sabotage systems, or manipulate business operations for personal gain or in collusion with outside threats. The impact can range from financial losses and reputational damage to regulatory penalties and national security risks. 

Awareness about malicious insider activities is crucial because employees and stakeholders must understand the importance of safeguarding credentials, and the necessity of reporting suspicious activity. By teaching employees to recognize the signs of suspicious behavior and reinforcing the importance of strict access controls and reporting protocols, organizations can transform our entire workforce into a crucial line of defense against internal threats. Employees’ role in this is not just important: it’s indispensable. They are the first line of defense, and their commitment to this cause is what will keep organizations secure.”

Joshua Roback, Principal Security Solution Architect at Swimlane:

“Insider threats have always been one of the hardest challenges for security teams because they originate from people with legitimate access. Unlike external adversaries, they don’t have to find a way in. They already have the keys. That makes their actions harder to spot and far more damaging when they turn malicious or careless.

It’s up to organizations to ensure their security systems are well-protected, starting with determining who has access to which systems. Poorly managed access controls creates an environment for insider threats to sprout and thrive. Implementing a mature identity access management solution is the most powerful weapon in mitigating insider threat risks. User behavioural analytics (UBA) can provide proactive detection of anomalous user behaviors, giving security teams a leg up against unannounced attackers.

The rise of insider threats has resulted in the development of security measures which can ensure that threats are monitored, analyzed, and neutralized before they escalate into catastrophic breaches. Building resilience has required organizations to combine continuous monitoring, automated response, and a strong security culture to reduce the window of opportunity for insider abuse.”

Pete Luban, Field CISO at AttackIQ:

“Insider threats, whether from disgruntled employees or compromised credentials, are difficult to detect and prevent with traditional security measures. Insider Awareness Month serves as a reminder to security teams about the importance of simulating real-world insider attack scenarios to assess the effectiveness of their security controls and response protocols. 

Recent spikes in shadow AI usage and lack of proper cyber hygiene increase the likelihood of insider threats. Use of unauthorized tools or platforms can unknowingly expose sensitive data or create exploitable vulnerabilities, as well as poor security practices, like maintaining out-of-date software or weak passwords.

By integrating techniques, such as adversarial emulation, into the security lifecycle, organizations can uncover gaps in their detection and mitigation strategies before a real attack occurs. Simulated, continuous testing can ensure that security teams can mitigate attacks before insider threats sidestep defenses and steal valuable company data.”

Leave a comment »

SIOS Technology Named Among the Best Places to Workin South Carolina for the Sixth Consecutive Year

Posted in Commentary with tags on September 4, 2025 by itnerd

 SIOS Technology Corp. today announced that it has been named the 2025 Best Places to Work in South Carolina list for the sixth consecutive year. The annual program, created by SC Biz News in partnership with the Best Companies Group, honors workplaces that demonstrate a strong commitment to their employees and communities. Winners were recognized at a celebration event on Monday, August 25 at the Columbia Metropolitan Convention Center.

The headquarters of SIOS’ research and development facility as well as its professional services and support departments are located at the M. Bert Storey Engineering and Innovation Center at the University of South Carolina’s College of Engineering and Computing in Columbia. In addition to its campus partnerships, SIOS is an active contributor to the greater Columbia community, with employees participating in local initiatives and collaborating closely with the University of South Carolina’s Computer Science Department.

SIOS high availability and disaster recovery solutions have become the gold star standard for protecting critical Windows and Linux applications such as SQL Server, SAP HANA, and Oracle across cloud, hybrid cloud and datacenter environments from downtime and disasters.

Leave a comment »

Starburst Announces AI & Datanova 2025, the Global Virtual Summit for Trino, Data and AI Innovation

Posted in Commentary with tags on September 4, 2025 by itnerd

 Starburst, the data platform for apps and AI, today announced details for AI & Datanova 2025 virtual events, a global virtual event taking place October 22-23, 2025. The two-day experience will bring together engineers, data scientists, analysts, and technical decision-makers to explore innovations in Trino, data, and enterprise AI.

Day 1: Trino Day launches the event and delivers community-driven sessions with real-world stories featuring deep dives into architecture, performance tuning, and integration best practices from engineers running Trino at scale.

Day 2: AI + Datanova, Starburst’s marquee virtual showcase, highlights data and AI innovations, including an exclusive look at Starburst’s products powering next-generation applications. Attendees will leave with practical insights from smarter cloud data access and stronger governance, to proven strategies for accelerating AI adoption through robust data foundations. Registration grants free full access to both days with a single sign-up.

Registration for the virtual event is free and includes full access to both days. Details and sign-up are available at https://www.starburst.io/info/ai-datanova-2025/

In addition to the virtual experience, Starburst will host an exclusive in-person AI & Datanova Summit for data  and AI leaders on October 9, 2025, at The Westin N

Leave a comment »

Nikon Releases a New Silver Edition of the Z f Full-Frame Mirrorless Camera

Posted in Commentary with tags on September 4, 2025 by itnerd

Nikon Canada Inc. is pleased to announce the release of a new silver edition of the full-frame/FX-format Nikon Z f mirrorless camera. The Nikon Z f combines a timeless design inspired by an iconic Nikon film camera with the superior performance of a full-frame mirrorless camera.

Three new Premium Exterior1 colour options will also be available, providing more choices for users to customize the colour of their Z f camera body1. Additionally, the Z f will support a new Film Grain feature that adds grain to photos and videos, further expanding creative possibilities.

Designed to resemble the silver plating on film-era cameras like the Nikon F, the metallic texture creates an authentic feel suited to the premium, full-frame retro design. Three new Premium Exterior colour options have been added: Cognac Brown, Teal Blue, and Mauve Pink – all with an embossed texture. These are subtle, yet elegant tones that complement the silver body, providing more options for customizing the exterior of the camera than ever before. In addition to the three colours, Moss Green, Stone Gray, Sepia Brown are available – allowing for six colour variations in total. Additionally, the sophisticated design will help inspire users every time they pick up the camera.

A Film Grain Feature for Film-Like Expression

A future firmware update for the Nikon Z f will offer the new Film Grain feature, which adds grain to photos and videos. Users will be able to achieve more creative imaging expression in accordance with the scene and their intent by adjusting grain size (three options) and strength (six options). By combining this feature with Imaging Recipes (downloadable imaging presets created by Nikon and creators) and Picture Controls, users will enjoy film-like expression tailored to their personal and creative style. This update is scheduled for release within 2025.

Price and Availability

The new Nikon Z f Silver Edition will be available in late September for a Manufacturer’s Suggested Retail Price (MSRP) of $2,699.95, or $2,829.95 for the new premium exterior options. For more information about the latest Nikon products, including the vast collection of NIKKOR Z lenses and the entire line of Z series cameras, please visit www.nikon.ca.

Leave a comment »

Bridgestone Pwned In Cyberattack

Posted in Commentary with tags on September 4, 2025 by itnerd

Tire giant Bridgestone has confirmed it is investigating a cyberattack that impacts the operation of manufacturing facilities in North America. Bridgestone doesn’t yet know how bad this is.

Rebecca Moody, Head of Data Research at Comparitech had this comment: 

“As our August ransomware roundup report found, manufacturers are facing an increasing number of ransomware attacks (figures rose by 57 percent from July to August). Manufacturers are a prime target for hackers due to the amount of disruption they can cause by encrypting systems–something we’re also seeing with Jaguar Land Rover in the UK. If this is a ransomware attack and Bridgestone hasn’t paid a ransom, it’s likely we’ll see a group claiming the attack in the coming weeks. For example, in the last 24 hours, Scattered Spider has come forward to claim the JLR attack.”

Erich Kron, Security Awareness Advocate at KnowBe4 adds this: 

“While every industry is threatened by modern cyberattacks, organizations in time sensitive industries such as manufacturing or healthcare can really suffer when an attack occurs. Even if the attack doesn’t get very far, it is generally wise to shut down or isolate networks or systems before malicious things can spread. This means that even if the actual production systems are not impacted, the manufacturing lines can stop while things are being checked, then must be restarted again, which is not a trivial matter. Even with those challenges, it is much better to be safe than to risk an actual cyberattack, such as ransomware, getting loose within the organization.”

“Organizations that perform time sensitive tasks need to have a good business continuity plan in place that includes recovery and steps to be taken to minimize damage. This is not something you want to be coming up with on the fly during an attack, so planning for it is essential.”

“Since a majority of malware, including ransomware, is spread through modern social engineering attacks such as email phishing, it has never been more critical to have a good human risk management program in place that helps reduce the chances of a human error causing significant problems.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech provided this comment: 

“This attack has many of the hallmarks of a ransomware attack, although ransomware hasn’t been confirmed as the culprit yet. Bridgestone suffered a previous ransomware attack in 2022 by LockBit, which would make this the second time that the company fell victim to ransomware. This attack actually disrupted the company’s manufacturing facilities, not just non-essential stuff like communications, sales, and payroll like we see with most attacks. Although Bridgestone says it stopped the attack early, it’s best to assume the worst until the investigation is complete.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy chimes in with this comment:

“We can expect to continue to see cyber-attacks on companies like this, attacks that aren’t aimed at stealing data but that target their manufacturing facilities. While Bridgestone believes no customer or company data was compromised, Bridgestone customers and employees will still want to stay alert for phishing attempts, as well as possible new accounts opened in their name. Firestone customers should also be on alert, as Firestone is a subsidiary of Bridgestone.”

Bridgestone customers should be prepared for attacks as I totally see that coming. I’m basing that on the fact that Bridgestone doesn’t yet know the extent of this incident. But I am willing to bet that it will be bad.

Leave a comment »

« Older Entries
Newer Entries »