Posted in Commentary with tags Hacked on July 28, 2025 by itnerd
Last week, cleaning products giant Clorox took the unusual step of suing its IT services partner Cognizant for gross negligence.
Clorox are alleging that the August 2023 ransomware attack they suffered came about thanks to an incredibly simple piece of human error. According to the complaint, hackers tied to the “Scattered Spider” group simply phoned Cognizant’s service desk and requested a password reset – and were given one. You can see my coverage on this here.
Today, Specops Software published an analysis on how a simple service desk attack cost Clorox $400 million. Which is up from the $49 million that I first reported.
This analysis not only goes into how exactly the service desk social engineering played out, but also how the ransomware was deployed, and what organizations can do to protect their service desks.
Posted in Commentary with tags Hacked on July 28, 2025 by itnerd
It is being reported by Google that the Scattered Spider group have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors.
The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk. The actors are aggressive, creative, and particularly skilled at using social engineering to bypass even mature security programs. Their attacks are not opportunistic but are precise, campaign-driven operations aimed at an organization’s most critical systems and data.
Their strategy is rooted in a “living-off-the-land” (LoTL) approach. After using social engineering to compromise one or more user accounts, they manipulate trusted administrative systems and use their control of Active Directory as a launchpad to pivot to the VMware vSphere environment, thus providing an avenue to exfiltrate data and deploy ransomware directly from the hypervisor. This method is highly effective as it generates few traditional indicators of compromise (IoCs) and bypasses security tools like endpoint detection and response (EDR), which often have limited or no visibility into the ESXi hypervisor and vCenter Server Appliance (VCSA).
“Scattered Spider’s targeting of VMware ESXi environments marks a concerning escalation in their tactics, especially given the central role ESXi hypervisors play in enterprise infrastructure. What makes this campaign particularly dangerous is not zero-day exploits or novel malware, but the sheer precision of their social engineering. These attackers are bypassing layered defenses by manipulating human trust, impersonating IT staff, abusing MFA processes, and gaining privileged access without firing a single exploit.”
“This highlights a serious blind spot: even organizations with strong patching, segmentation, and endpoint defenses are vulnerable if their identity verification and access workflows can be tricked. The fact that attackers are going straight for hypervisors, the backbone of many corporate data centers, shows they understand where the crown jewels live. Once they get access to ESXi, they can rapidly encrypt or exfiltrate data across many virtual machines, amplifying impact.”
“For defenders, this underscores the urgency of hardening identity and access management. That means enforcing phishing-resistant MFA, separating duties in high-privilege environments, locking down direct access to management interfaces like ESXi, and monitoring for behavioral anomalies across IAM platforms. Security training alone won’t cut it, social engineering resilience must be engineered into systems and processes. We’re not just defending code anymore; we’re defending trust.”
James McQuiggan, Security Awareness Advocate at KnowBe4:
“Scattered Spider is proving that breaches don’t always start with technical exploits. They start with a phone call. As they continue to use social engineering to impersonate employees, trick help desks, and gain access to user accounts, they are leveraging the human trust and lack of awareness of users who fall victim to this attack style to gain access and launch their ransomware attacks.”
“What makes this approach so effective is how well it blends human deception with infrastructure-level exploitation. To defend against this, organizations need to treat social engineering as seriously as they treat compliance, patching and securing their VPNs. Help desks should verify identities using more than just names or IDs, and multifactor authentication should be phishing-resistant.”
“Security awareness training must go beyond generic advice and include realistic scenarios that reflect the current tactics employed by attackers, such as impersonating internal staff or creating a sense of urgency to bypass standard procedures. Building resilience means securing both layers, an organization’s systems and their users.”
I have to admit that this is a pretty crafty attack by Scattered Spider. It shows that you have to be on guard for multiple attack vectors to avoid getting pwned.
Posted in Commentary with tags Saudia on July 28, 2025 by itnerd
Saudia, the national flag carrier of Saudi Arabia, has announced the signing of a partnership with the Esports World Cup Foundation (EWCF), becoming the Official Airline Partner of the tournament. The collaboration aims to support sports and entertainment tourism while promoting summer destinations across the Kingdom. This coincides with Riyadh hosting the second edition of the global tournament, taking place from July 7 to August 24, 2025, at Boulevard City.
A global first of its kind, the agreement was signed virtually using an interactive digital platform, marking a milestone in how partnerships can be formalized through immersive, tech-enabled experiences. This innovative approach bridges the worlds of aviation and esports, reflecting a forward-thinking embrace of digital technology in building future-ready collaborations.
This partnership aligns with Saudia’s commitment to supporting the objectives of Saudi Vision 2030, particularly those related to positioning the Kingdom as a global hub for esports and diversifying its tourism offerings.
Under the agreement, Saudia will offer exclusive travel packages and special offers for fans and visitors attending the tournament. These will include premium hospitality and onboard entertainment services, alongside international marketing campaigns promoting the Kingdom as an attractive global destination for both sports and tourism.
The 2025 Esports World Cup will host 25 tournaments across 24 game titles, bringing together over 2,000 elite players and 200 Clubs from more than 100 countries. With a record-breaking prize pool of over $70 million, the event will offer fans a comprehensive entertainment experience, from high-stakes competition and live music to anime cafés, retro arcades, cosplay showcases, and more, cementing Riyadh’s position as a global esports and entertainment hub.
Through this partnership, Saudia further cements its role as an enabler for international events, placing guest experience at the heart of its priorities and contributing to the advancement of Saudi Arabia’s tourism and aviation sectors.
Website Planet has a report regarding their most recent content creator research.
Content creation offers visible economic rewards for the select few but most creators struggle to turn their passion into sustainable income. Some of their key findings:
Entertainment drives viral reach of the top 56% of the most popular creators.
Gender disparities continue, with women occupying only 34% of the top creators’ spots
Over 90% of top creators have created their own merchandise lines.
10 out of the 15 creators included in their analysis ranked in the top 10 more than once.
Parallel Works today announced the launch of its ACTIVATE AI Partner Ecosystem. This connected and flexible AI ecosystem accelerates AI infrastructure innovation, simplifies operations and supports next-generation AI at-scale. As the control plane for the next generation of AI infrastructure, ACTIVATE AI provides unified access to neocloud platforms and orchestration tools with vendor-neutral, flexible deployment options across hybrid computing environments.
As AI workloads grow more complex, dynamic and seamless integration with top neocloud GPU providers is foundational to a growing ecosystem. By partnering with a diverse set of GPU providers and orchestrating AI workloads across hybrid environments, the ACTIVATE AI Partner Ecosystem Program provides organizations with vendor-neutral, flexible deployment options across hybrid compute environments, including:
Unified Access to Specialized Compute. Whether training large language models (LLMs) or deploying real-time inference, users can access a variety of GPU types – without being tied to a single vendor.
Orchestration Across the AI Stack. By abstracting away infrastructure complexity, users can focus on model development rather than DevOps. The platform integrates with container-based workflows (e.g., Kubernetes), CI/CD pipelines and data tools.
Multi-Cloud and Hybrid Freedom. Vendor neutral support of hybrid and multi-cloud deployments gives organizations the power to move AI workloads across environments based on evolving requirements.
Resource Optimization and Collaboration. The ACTIVATE AI ecosystem supports intelligent workload placement, shared resource pools and budgeting controls.
Ecosystem-Driven Innovation. ACTIVATE AI is designed to integrate with a growing ecosystem of AI tools, platforms and services, providing users with access to the best innovations in AI infrastructure without being locked into a rigid solution stack.
A Partner Ecosystem for AI Innovation
The ACTIVATE AI Partner Ecosystem Program offers access to cutting-edge GPU capacity via neoclouds and aggregators, providing secure access to Kubernetes environments with GPU pooling, as well as vendor-neutral, distributed object storage. Channel partners can also integrate ACTIVATE AI control plane for hybrid cloud bursting with distributed storage.
Scalable, flexible and vendor-neutral AI and HPC solutions help businesses accelerate AI initiatives and drive operational efficiencies in the cloud. Parallel Works enhances technological advancements and optimizes workflows, empowering businesses to innovate. As part of the ACTIVATE AI Partner Ecosystem Program, the company collaborates with industry leaders, including those mentioned above, as well as AWS, Google Cloud, Azure and storage providers such as Hammerspace, to deliver cutting-edge infrastructure and seamless integration for clients.
Availability
For more information on the Parallel Works Partner Ecosystem, including AI and other technology partners, click here. ACTIVATE AI is available immediately and included with existing ACTIVATE user seat licenses.
Despite warnings against easy passwords, ‘123456’ is still used over 6.6 million times.
‘Michael’ is the most commonly used name in passwords, while ‘football’ is the most popular sport, each appearing in over 107,000 passwords.
An expert reveals how to create strong passwords and protect your personal data from hackers.
Brand new data released by AI search analytics platform Peec AI reveals the most common words, phrases and values used in passwords – which also happen to be the ones most likely to get you hacked.
Analyzing data from a combination of global data breaches since 2019, the experts have scraped over 100 million different passwords to reveal the most common choices for online password protection.
According to the 2024 Bitwarden World Password Day survey, which gathered insights from 2,400 individuals, 36% of respondents admitted to using personal information in their passwords.
Given that, it’s perhaps no surprise that over 24 billion passwords were exposed by hackers in 2022 alone. More recently, between April 2024 and May 2025, another 19 billion passwords were made available online, accessible to cybercriminals looking to exploit them.
From names, years, seasons, number combinations, and values, to sports, football teams, famous celebrities, and fictional characters, here are the passwords you should really avoid using.
The most used names in passwords
The name ‘Michael’ is one of the most used names for passwords, included in 107,678 passwords. ‘Daniel’ is the second most used name, with a count of 99,399 passwords.
Other names including ‘Ashley’, ‘Jessica’, ‘Charlie’, ‘Jordan’ and ‘Michelle’ are among the most used for password protections.
Name
Number of times used
Michael
107,678
Daniel
99,399
Ashley
91,977
Jessica
86,410
Charlie
82,348
Jordan
74,310
Michelle
71,816
Thomas
70,024
Nicole
69,223
Andrew
66,960
Anthony
65,509
Jennifer
65,278
Joshua
64,335
Andrea
63,640
Maggie
55,967
George
55,949
Amanda
55,629
Hannah
55,320
William
54,917
Samantha
54,745
Robert
54,297
Martin
51,352
Harley
50,386
Brandon
49,986
The most used values in passwords
Often, several websites will ask you to create a password which contains numbers as well. However, 6,621,933 passwords contain the not-so-complicated number combination of ‘123456’.
‘123456789’ is the second most popular number combination, featuring in 2,258,198 passwords, followed by ‘111111,’ used 968,155 times.
‘Password’ has been used 946,935 times, along with ‘qwerty’ 878,496 times and ‘abc123’ 842,399 times.
Value
Number of times used
123456
6,621,933
123456789
2,258,198
111111
968,155
password
946,935
qwerty
878,496
abc123
842,399
12345678
829,914
password1
740,680
1234567
730,840
123123
666,404
The most used years in passwords
When it comes to years, ‘2013’ is the most used year included in passwords, featured in a count of 129,745.
The year of ‘2010’ and ‘1986’ are also amongst the top three most popular years used for password protection. ‘2010’ is used for a total of 79,294 passwords, whilst 1986 is used in 78,709 passwords.
It’s interesting to note that while ‘2013’ and ‘2010’ rank highest, the most commonly used years in passwords tend to cluster around the 1980s – a pattern that suggests many millennials are incorporating their birth years into their passwords.
Year
Number of times used
2013
129,745
2010
79,274
1986
78,709
1987
73,067
1989
61,405
1985
58,627
1988
57,945
1990
56,947
1984
54,333
2020
51,269
1982
50,833
2012
47,283
1983
45,789
1992
44,952
1995
43,558
1980
43,255
The most used football teams in passwords
The top five football teams used are ‘Liverpool’, ‘Chelsea’, ‘Barcelona’, ‘Arsenal’ and ‘Juventus’.
‘Liverpool’ is the most used team, featured in 70,317 passwords, followed by ‘Chelsea’ featuring in 55,834 passwords.
Team
Number of times used
Liverpool
70,317
Chelsea
55,834
Barcelona
46,273
Arsenal
45,321
Juventus
38,169
Amongst sports, ‘football’, ‘baseball’ and ‘soccer’ are the top three most popular sports for passwords, with ‘football’ being used a total 107,169 times.‘Baseball’ is the second most popular, featured 82,574 times.
‘Soccer’ has a count of 79,735 passwords, followed by ‘basketball’ with 62,667, ‘hockey’ with 41,220 and ‘tennis’ with 34,189.
Sport
Number of times used
Football
107,169
Baseball
82,574
Soccer
79,735
Basketball
62,667
Hockey
41,220
Tennis
34,189
The most used famous figures in passwords
‘blink-182’ is the most used famous figure for passwords, with a count of 84,545.
‘50 Cent’ places second, featuring in 55,897 passwords.
Following in third is ‘Eminem’ with 43,344 features, ‘Slipknot’ with 39,630 and ‘Metallica’ as the fifth most popular in 38,608 passwords.
Famous figure
Number of times used
blink-182
84,545
50 Cent
55,897
Eminem
43,344
Slipknot
39,630
Metallica
38,608
Nirvana
35,436
Justin Bieber
34,296
Ronaldo
34,137
Messi
495
The most used fictional characters in passwords
Amongst everyone’s favorite fictional characters, ‘Superman’ is the most featured in passwords, with a total count of 86,937.
‘Batman’ follows in second, featuring in 52,388 passwords. ‘Wall-E’ is the third most popular, with a count of 48,288. Rounding out the top six is ‘Hello Kitty’, ‘SpongeBob’, and ‘Spider-Man’, each with total counts of around 35,000.
Fictional character
Number of times used
Superman
86,937
Batman
52,388
Wall-e
48,288
Hello Kitty
35,381
SpongeBob
35,349
Spider-Man
35,078
The most used seasons in passwords
When it comes to seasons, ‘summer’ is the most popular for passwords, resulting in a count of 57,453. With ‘winter’ being the second favourite, appearing in 22,517 passwords, and ‘spring’ in third place with 11,737, ‘autumn’ is the least popular season, featuring in just 10,340 passwords.
Season
Number of times used
Summer
57,453
Winter
22,517
Spring
11,737
Autumn
10,340
Malte Landwehr, CMO of Peec AI, commented on the findings, “Considering the high volume of passwords leaked every year, along with the rise in scam and phishing reports, using obvious combinations like ‘123456’, which is used a staggering 6.6 million times, puts you and your personal information at high risk.
“Nearly everything we use online, from banking and shopping to social media, requires a password (even if you primarily use Face ID on your phone). As cybercriminals continue to target users, strong password security has never been more important.
“Attackers often use dictionaries and lists of common passwords in their attempts to crack passwords, so it’s important to make yours as difficult as possible to guess. Changing your passwords regularly is a great way of adding an extra layer of security.
“You should aim for a password that is at least 12 characters long, as long passwords are generally more secure, and include a combination of uppercase and lowercase letters, numbers, and special characters, such as ., !, @, #, $, %. Also, try to mix up letters, numbers, and symbols that do not follow predictable patterns, such as ‘12345’ or ‘qwerty’.
“Hackers can easily guess personal information, such as names, birthdays, family members, pets, or hobbies that are publicly available, so it’s best to create passwords that don’t relate to you.
“One final piece of advice is to avoid using the same password for multiple accounts, because if a hacker guesses your password on one platform, they will likely attempt it on all your other active platforms.
“It can be difficult to keep track of long, complex passwords – with special characters, uppercase letters, and more – but password managers can help. They store (and even generate) secure passwords for each of your accounts, making it much easier to manage and remember multiple strong passwords.
“Enabling Multi-Factor Authentication (MFA) is also advised, as it adds an extra layer of protection by requiring a second method of verification, such as a temporary code texted to your phone or a mobile authenticator app (such as Google Authenticator or Authy). With an MFA in place, even if someone has your password, they won’t be able to access your account without that second layer of verification – so make sure you use it especially for your email, bank, and social media accounts.
Methodology:
The study analyses data from a combination of global data breaches since 2019, scraping over 100 million different passwords to reveal the most common choices of password protection for internet users.
Posted in Commentary with tags Drizz on July 28, 2025 by itnerd
As AI transforms how software is written, testing remains painfully manual. Traditional test frameworks can’t keep up with AI-generated code or today’s rapidly evolving mobile apps – and it’s costing teams time, confidence, and revenue. Drizz, founded by Asad Abrar, Partha Mohanty, and Yash Varyani – engineers from Amazon, Coinbase, and Gojek – is taking on this challenge. Today, the company launches from stealth and announces a $2.7 million seed round to introduce the fastest Vision AI mobile app testing agent.
The round was led by Stellaris Venture Partners and Shastra VC, with participation from Anuj Rathi (ex-CBO, Cleartrip) and Vaibhav Domkundwar. The funding will fuel the continued development of Drizz’s Vision AI engine, enhancing its speed, accuracy, and usability across enterprise environments.
Drizz allows teams to write, run, and maintain end-to-end test coverage using plain English prompts instead of fragile code. The system evaluates apps visually – just like a real user – eliminating the need for locator selectors, manual updates, or separate test suites across devices. Its AI doesn’t rely on brittle xPath locators or accessibility IDs, and instead interprets the UI visually – adapting automatically to screen density, hardware differences, and device-specific behaviors.
Developers and QA teams can run tests across iOS and Android using one shared suite, generate test flows in natural language, and rely on self-healing automation that stays stable across UI changes. The platform is built for production readiness, with support for CI/CD pipelines, real device cloud testing, real-time reporting, and full enterprise-grade compliance. Drizz supports a comprehensive range of testing needs – including UI, Functional, API, multi-app, and end-to-end testing.
The system also supports field-level fallback logic and step-by-step execution that boosts reliability and makes debugging easier – even on the most complex interfaces. This opens doors for non-technical stakeholders to actively contribute test scenarios, with no coding required. It streamlines collaboration and helps teams move efficiently. In early deployments, Drizz has helped teams achieve over 97% test accuracy, and reduce test creation time by a factor of 10.
The company is already working with multiple unicorns globally and is seeing strong developer engagement, with users spending an average of 15 hours per week writing and executing test cases. Looking ahead, Drizz plans to extend its vision-based infrastructure toward testing for visually rich and highly interactive environments – areas where traditional locator-based tools can’t operate due to dynamic interfaces and the lack of deterministic DOM structures.
With AI redefining the speed and complexity of software creation, Drizz is supercharging teams to test faster and ship confidently.
Samsung’s ultimate style-tech trio is officially available in Canada . The Galaxy Z Fold7, Galaxy Z Flip7, and Galaxy Watch8 / Watch8 Classic are built to work seamlessly together powered by Galaxy AI. This connected ecosystem empowers users to create, communicate, and live hands-free, without compromising on style or performance.
Whether you’re capturing content, jumping between apps, tracking your wellness goals, or elevating your day-to-night look, this lineup is built to flex with your lifestyle.
Together, the Galaxy Z Flip7, Galaxy Z Fold7, and Galaxy Watch8 Series create a tightly integrated, intelligent ecosystem for users who expect innovation in every layer of their tech, from chip to UX.
The Galaxy Z Fold7, Galaxy Z Flip7, and Galaxy Watch8 Series are now available for pre-order at Samsung.com/ca and select retail partners.
Posted in Commentary with tags Cisco on July 25, 2025 by itnerd
By Mike Hicks & Kemal Sanjta for Cisco ThousandEyes
Summary
Dive into how LEO Internet through Starlink works, which factors determine the download speed and latency of an individual connection, and the difference that various congestion avoidance algorithms can have on the service’s performance.
Low Earth Orbit (LEO) Internet is a transformative technology that offers a cost-effective method for providing widespread coverage without requiring extensive ground infrastructure. This is particularly beneficial for sparsely populated areas where fixed-line broadband is often impractical or prohibitively expensive.
LEO satellite technology has the potential for low latency and high throughput, making it a viable option for various applications, including Earth observation and research. Consequently, customer interest has surged, leading to a competitive market with multiple companies providing similar services.
In this research, we use Starlink as a case study to examine factors influencing performance, such as throughput, latency, and how different congestion avoidance algorithms affect service quality. Our findings will demonstrate that not all Starlink connections perform uniformly.
How Starlink Works
Starlink is a massive and growing fleet of satellites traveling in low earth orbit, operated by SpaceX. At the time of writing, there are well over 6,000 Starlink satellites deployed, providing a mesh of coverage that spans more than 100 countries and several continents.
The satellites are deployed at altitudes ranging from 310-745 miles (500-1,200 km). This altitude is significantly lower than the geostationary satellites that preceded LEO satellites, which orbit at approximately 21,750 miles (35,000 km) above the Earth. This closer proximity to Earth means LEO technology can offer lower latency and faster speeds than geostationary Internet.
Starlink customers connect to a network of satellites using their Starlink-supplied dish. Starlink offers Internet service for both residential and business customers, available as fixed or mobile options.
The customer’s dish both sends and receives data from the satellites flying overhead within various frequency bands. Satellites connect with the rest of the Internet using Starlink’s network of ground stations.
Starlink has around 150 active ground stations, but these aren’t uniformly distributed across the planet. In some countries, such as the United Kingdom, there are several ground stations. In others, such as parts of Scandinavia, there are currently none. The significance of this will be discussed shortly.
The ground stations connect the satellite data via fiber to the company’s Points of Presence (POPs)—of which Starlink has many across the globe—and from there to the rest of the Internet.
The Ground Station and POP Impact
To understand the impact of ground stations and POPs on performance, we conducted thousands of throughput tests in locations worldwide, aiming to identify patterns in the performance of LEO Internet as provided by Starlink.
The first thing to note is that our speed tests revealed that Starlink consistently delivers on—or outperforms—its stated speeds in all of the locations that we tested. We tested on the residential fixed plan, with estimated download speeds of 25-100 Mbps, uploads of 5-10 Mbps, and latency of 25-60 ms. The average download speeds were in triple digits in almost all of the locations we tested, with some regions comfortably exceeding 250 Mbps.
However, we did notice significant variations in speeds and latency, and some of that can probably be attributed to the proximity of ground stations and POPs. As we noted earlier, some countries have multiple ground stations, others have none. That means the wireless signal between satellite and ground station has to travel further, which increases latency. We noted earlier that Scandinavia has no ground stations, so it’s no great shock to see Stockholm as the test destination with the highest latency in Europe, albeit still within Starlink’s estimated bounds.
It’s also worth noting that the proximity of ground stations and POPs could become less relevant as time goes on. Why? Because the newer Starlink satellites are fitted with laser links called Inter-Satellite Links (ISL) that allow Starlink’s satellites to communicate directly with one another, rather than having to send data back and forth to the ground. This means that data can be relayed across the satellite network before reaching a ground station, allowing the service to operate in areas where ground stations aren’t available, such as in the polar regions.
There are also other potential reasons for the large discrepancies between regions that we saw in our tests. Obstructions in the satellite’s path (such as tree branches swinging in the wind) can cause lower-than-expected performance from our test location in Germany, for example. The Starlink app, though, highlights such obstructions, as shown in Figure 1.
Figure 1. Starlink application indicating the location of obstruction
Suboptimal peering strategies could also explain some of the variation, as could performance throttling when a particular satellite link or ground station is under heavy load. Satellite connectivity is also inherently a lossy technology; in other words, it typically suffers from much higher packet loss than fiber connections. This lossy characteristic leads us to the next part of our research.
Switching Congestion Algorithms
To minimize the impact of packet loss on performance, congestion algorithms such as CUBIC and BBR can play a critical role. CUBIC was designed to manage the effects of packet loss in high-speed, long-distance networks, whereas BBR (Bottleneck Bandwidth and Round-trip propagation time), developed by Google, is an algorithm designed to further optimize network utilization and throughput by continuously probing for available bandwidth. BBR adapts to increases in latency by gradually lowering the sending rate. This is in contrast to the CUBIC algorithm, which reduces the delivery speed when it detects packet loss.
In our study on performance, we therefore conducted initial tests using the default congestion algorithm CUBIC, and then switched to BBR to compare results. Given that we controlled the environment end to end, we were able to enable BBR both on the client side (controlling egress traffic) and on the server side (controlling the client’s ingress traffic) to understand the benefits of using BBR in both directions.
Our tests spanned multiple locations globally, targeting dedicated servers at major points where we had Starlink dishes deployed. In the United States, we deployed dedicated, non-throttled servers in US East (Virginia), US Central (Iowa), and US West (Oregon). In Europe, we had dedicated servers in EU West (London, U.K.) and EU Central (Frankfurt, Germany). Lastly, in Australia, we deployed our testing server in AU East (Sydney).
The results when we switched to BBR were startling. The download throughput between our Georgetown, Texas, and U.S. West Coast data centers, for example, improved almost ten-fold. Between Weinstadt, Germany, with its partially obstructed link to the satellite, and the EU Central data center, the download throughput increased by a staggering 18.4 times with BBR switched to.
We saw improved performance on the uplink too, with anywhere between a 1.2-fold and 3.4-fold improvement in upload speeds when BBR was activated.
CUBIC and BBR Throughput Differences
The results listed below are based on sustained throughput measurements as part of separately testing ingress and egress traffic. We are showing results that were obtained over 7,200 data points and thus represent a good indication of what to expect throughput-wise over longer time periods and for larger data transfers.
Results for the United States
As shown in Table 1, Selkirk, NY achieved the highest download speed of 40.102 Mbps, despite having the highest latency of 82.662 ms while using the default congestion algorithm, CUBIC. North Bend, WA recorded the highest upload speed at 6.773 Mbps with the lowest latency of 56.772 ms. In contrast, Georgetown, TX had the poorest performance, with download speeds of 10.860 Mbps and upload speeds of 4.902 Mbps.
After switching to the BBR congestion algorithm, all locations demonstrated significant improvements. Notably, Georgetown’s download speed increased dramatically from 10.860 Mbps to 106.668 Mbps, representing a remarkable 9.8-fold improvement. Additionally, Selkirk experienced the most substantial increase in upload speed, rising from 5.631 Mbps to 19.404 Mbps, which reflects a 3.4-fold increase.
Table 1. Throughput differences between CUBIC and BBR when testing with a server hosted in US West
As shown in Table 2, our testing on a dedicated, non-throttled server located in Selkirk, NY, demonstrated the highest download speed at 36.177 Mbps and an upload speed of 6.801 Mbps, with the lowest latency recorded at 50.664 ms. In contrast, Georgetown, TX, had one of the poorest performances, delivering the lowest download speed at 17.049 Mbps. Additionally, San Francisco, CA, registered the lowest upload speed of 4.509 Mbps.
Switching from the CUBIC to the BBR congestion control algorithm resulted in significant improvements. The agent in North Bend, WA, experienced a remarkable 7.7-fold increase in download speeds, rising from 17.458 Mbps to 133.741 Mbps. Furthermore, North Bend, WA, also witnessed the largest enhancement in upload speeds, improving 3.3-fold from 4.651 Mbps to 15.736 Mbps.
Table 2. Throughput differences when testing to US Central
Testing with a server located in US East showed that Selkirk had the highest download speed at 74.247 Mbps and the highest upload speed at 11.449 Mbps, along with the lowest latency of 32.210 ms. This emphasizes the importance of being close to the POP to which the dish is assigned. In contrast, North Bend, WA performed the worst, recording the lowest download speed at 12.436 Mbps and the lowest upload speed at 3.983 Mbps, along with the highest latency of 115.788 ms. The results for North Bend are to be expected, given the geographical characteristics of the dish’s deployment and the testing server’s location.
Table 3. Throughput differences when testing to US East
Results for Europe
Testing the EU West region while using CUBIC as the congestion avoidance algorithm revealed that Weinstadt, DE achieved the highest download speed at 39.434 Mbps, while Jaen, ES recorded the highest upload speed at 8.840 Mbps. Epe, NL had the lowest download speed at 16.454 Mbps, and Weinstadt recorded the lowest upload speed at 6.353 Mbps. Interestingly, Weinstadt exhibited both the highest download and the lowest upload speeds. We attribute these discrepancies to the fact that the testing agent faced physical obstructions to the clear sky during the tests.
Switching to the BBR algorithm resulted in improved speed values across all locations, with the most significant improvement observed in Epe, NL, which experienced a 17.2-fold increase in download speeds—from 16.454 Mbps to 283.013 Mbps. Despite the obstructions, Weinstadt, DE saw a 2.5-fold increase in upload speeds, rising from 6.353 Mbps to 16.369 Mbps.
Table 4. Throughput results when testing to EU West
As shown in Table 5, the testing conducted in the EU West revealed that Epe, NL achieved the best results for both download (76.010 Mbps) and upload (10.975 Mbps) speeds. In contrast, Weinstadt, DE, despite having the lowest latency (27.251 ms) to the testing server, performed the worst, with a download speed of only 6.336 Mbps and an upload speed of 4.820 Mbps. This poor performance can be attributed to its physical obstruction, which hindered its view of the sky.
After switching to BBR, Weinstadt, DE saw a significant improvement in its performance. Download speeds increased dramatically from 6.336 Mbps to 117.049 Mbps, marking an impressive 18.4-fold increase. Upload speeds also improved substantially, rising from 4.820 Mbps to 14.123 Mbps, a 2.9-fold increase. What makes these results even more remarkable is that the agent was still physically obstructed during this assessment, further underscoring the advantages of BBR over CUBIC.
Table 5. Throughput results when testing to EU West
Results for Australia
Brookvale recorded the highest download speed at 61.367 Mbps and the highest upload speed at 9.862 Mbps, along with the lowest latency of 27.642 ms. In contrast, Perth experienced the highest latency at 88.038 ms. Erskineville had the lowest download speed at 33.199 Mbps, while Perth also had the lowest upload speed at 5.972 Mbps. This data further illustrates that physical proximity to the assigned POP significantly impacts performance.
Switching to BBR resulted in substantial improvements across all locations, with a notable highlight being Erskineville’s download speed increase of 7.9-fold, improving from 33.199 Mbps to 264.460 Mbps. For uploads, Perth experienced the largest increase of 2.1-fold, rising from 5.972 Mbps using CUBIC to 12.988 Mbps with BBR.
While the results after switching to BBR are significant, before we all start rushing to switch to BBR on our LEO satellites, there are a couple of important points to consider. The speed tests we conducted were based on raw throughput, not application data. While BBR can provide higher throughput, it can also create issues such as buffer bloat and higher retransmission rates, especially in lossy network environments such as satellite connections.
By switching to BBR, you might actually be pushing the problem of retransmissions back to the application server, because it’s effectively saying: “I have a gap in my data, so you need to send that through again,” whereas CUBIC would likely slow down the rate of transmission to maximize the chances of getting all the data you need in the first place.
Therefore, until we can leverage real application data to perform tests on LEO connectivity over Starlink, it’s a little premature to suggest that switching to BBR is the performance panacea that it may first appear to be.
The Next Step
The ability to demonstrate increased throughput with BBR indicates that satellite links possess characteristics well-suited for BBR’s hybrid approach, which combines bandwidth efficiency with control over latency caused by buffering. This underscores BBR’s potential to optimize LEO satellite communications and highlights its adaptability to distinct network conditions while effectively managing latency.
The next step for our research is to answer questions that revolve around how different applications react to varying amounts and spikes of packet loss. What would the impact be of switching to BBR when using LEO Internet? How would it affect application performance? And even if it did offer improved performance, would the associated costs of retransmission make it prohibitive to implement?
LEO Internet is a fascinating technology with its own unique characteristics. As with everything we test, you have to consider the full service delivery chain to truly understand its implications.
Threat actors are impersonating platforms like Discord, Twitch, and OnlyFans to trick users into downloading .HTA files. These payloads silently execute ransomware via browser-based ActiveX abuse—bypassing standard security measures and putting global users at risk.
Key Highlights:
Active campaign observed in July 2025
Abuse of social engineering and brand impersonation
Infrastructure linked to multiple fake domains and IPs
Epsilon Red ransom notes bear stylistic resemblance to REvil, though the malware is distinct
How a simple service desk attack cost Clorox $400 million
Posted in Commentary with tags Hacked on July 28, 2025 by itnerdLast week, cleaning products giant Clorox took the unusual step of suing its IT services partner Cognizant for gross negligence.
Clorox are alleging that the August 2023 ransomware attack they suffered came about thanks to an incredibly simple piece of human error. According to the complaint, hackers tied to the “Scattered Spider” group simply phoned Cognizant’s service desk and requested a password reset – and were given one. You can see my coverage on this here.
Today, Specops Software published an analysis on how a simple service desk attack cost Clorox $400 million. Which is up from the $49 million that I first reported.
This analysis not only goes into how exactly the service desk social engineering played out, but also how the ransomware was deployed, and what organizations can do to protect their service desks.
The full details can be found here: https://specopssoft.com/blog/clorox-password-social-engineering/
Leave a comment »