Zoom Workplace Apps Vulnerabilities Enable Escalated Privileges Among Other Attack Vectors

Posted in Commentary with tags on May 13, 2025 by itnerd

It is being reported that Zoom has disclosed multiple vulnerabilities impacting its Workplace apps, across its various platforms, that pose significant risks such as privilege escalation, denial-of-service (DoS) and remote code execution.

Jim Routh, Chief Trust Officer at Saviynt had this to say:

“Cyber professionals are considering the need for deep fake detection and prevention impacting virtual meetings today. It turns out that the software defects/vulnerabilities announced recently in Zoom Workplace are far more critical at this time.

DoS and remote code execution vulnerabilities have the potential for significant business disruption with the potential for ransomware exploits. Software resilience for enterprise software companies is achievable with more maturity in the development process to identify and remediate race conditions.”

Erich Kron, Security Awareness Advocate at KnowBe4 follows with this:

“Given the number of people that use and rely on Zoom for their organizations’ day-to-day activities, this type of flaw could be very significant. Deepfake audio and video have already been an issue, and in this case having a Zoom meeting initiated from a legitimate account could be the difference between a person believing the caller and not believing them. Fortunately, in this case, exploiting is not something that can be done easily remotely, so physical access is required. However, it demonstrates what may be possible with other future vulnerabilities that could be remotely exploited. Due to the proliferation of deepfakes and live action scams, as opposed to just email phishing, organizations would benefit from ensuring their HDR program includes a focus on ways to ensure the caller is legitimate.”

This is really not good. Now that these are out there, threat actors will be trying to exploit those who do not update ASAP. And that’s the key to keeping safe. If you use Zoom, you should update your Zoom client ASAP.

Leave a comment »

Sage Intacct helps finance teams drive higher performance with greater intelligence, speed, and simplified industry workflows

Posted in Commentary with tags on May 13, 2025 by itnerd

Sage today announced a new wave of AI-powered automation and industry innovations for Sage Intacct. With updates that improve accuracy, reduce reconciliation effort, and simplify contract, fundraising and project workflows, Sage Intacct is helping finance teams make smarter decisions with less manual effort.

As finance teams face growing pressure to do more with less, Sage Intacct continues to evolve to meet the needs of modern, high-performing finance functions. This release brings together innovations that accelerate the close, streamline processes, reduce manual work, and integrate key operational systems, while helping leaders drive better outcomes for their organisations.

Empowering High-Performance Finance Teams Under Pressure

According to Sage’s The Secrets of Successful CFOs report, 69% of CFOs say they are juggling too many responsibilities, 87% regularly feel stressed, while more than half (51%) are already leveraging AI-powered tools built for financial workflows. The path forward is clear, automation is key to reducing pressure, unlocking greater efficiency, and giving finance leaders the visibility and confidence to lead proactively and plan for the future. These latest enhancements deliver AI-powered automation that supports high-performing finance teams by reducing friction, streamlining the close process, and equipping leaders with the clarity and confidence to act decisively.

Delivering AI-powered automation and industry-specific innovations

This release brings a range of updates that show how Sage is continuing to invest in a smarter, more connected experience for modern finance teams. From strengthening fundraising capabilities for nonprofits to simplifying healthcare reporting and automating reconciliation for growing businesses, Sage Intacct’s latest updates are designed to empower finance teams with the time, clarity, and confidence needed to drive smarter financial decisions. These updates Include:

  • Copilot Close Assistant: Simplifies the month-end close with proactive tracking and a centralized summary view of all critical tasks. This gives finance teams real-time visibility into close progress across subledgers and general ledgers, enabling faster issue resolution, smoother collaboration, and a more efficient, predictable close.

Availability: GA in the US and UK

  • Copilot Subledger Reconciliation Assistant: Automates reconciliation reporting, highlights variances and provides drill-down insights for faster issue resolution. With improved transparency and reduced manual checks, teams can catch discrepancies earlier and close books with confidence.

Availability: Early Adopter in UK and US

  • Sage Intacct Fundraising powered by DonorPerfect: Connects donor data and financials to optimize fundraising strategies and build donor relationships. Nonprofits using the solution have reported an average 25% increase in funds raised in their first year and double-digit growth for years thereafter, driven by unified reporting and real-time visibility into campaign performance.

Availability: GA in US and Canada

  • Automated WIP Relief: Automatically moves WIP balances upon project completion, improving alignment of costs and revenue. For service businesses, this reduces the risk of misstatements and speeds up the financial close with accurate, automated journal entries.

Availability: US, UK, Canada, South Africa, Australia

  • Sage Intacct EMRConnect Dashboards: Offers operational and financial insights for healthcare providers. With real-time access to key metrics like clinician efficiency and occupancy rates, finance leaders can proactively manage costs and drive operational efficiencies with data-driven decisions.

Availability: US only

  • Contract Summary Tab: Consolidates key contract data into a single view, giving teams clear insight into billing, purchasing, and project details. This reduces inefficiencies, mitigates risk, and empowers faster, more informed decision-making.

Availability: US, UK, Canada, South Africa, Australia

  • Tessitura Ticketing Connector: Integrates ticketing and financial data for arts and culture organisations. With this connected solution, billing and payment data flow effortlessly between systems, eliminating manual entry, improving accuracy, and providing a 360-degree view of an organization’s financial health.

Availability: US only

  • Goods and Services Tax support for New Zealand and Singapore: Delivers local tax setup and reporting capabilities. With automated GST configuration, businesses can maintain compliance with ease and scale confidently into new markets.

Availability: Early Adopter in New Zealand and Singapore

Leave a comment »

Steam Gets Pwned Via Third Party Service Getting Pwned

Posted in Commentary with tags on May 13, 2025 by itnerd

If you have a Steam account, it’s time to change your password. Here’s why:

This Tweet was then followed with this:

So the net result is that 89 million Steam accounts are basically compromised. But the bad news doesn’t end there. The company that was pwned was Twillo. If that name sounds familiar, it is because that is the company behind the Authy authentication app. And that company was pwned last year with the details behind the app being kind of murky. None of this has been confirmed by Twillo. But it should not stop Steam users from dropping what they are doing and changing their passwords right now as well as being on the lookout for suspicious emails, phishing attacks and the like.

1 Comment »

Stackpack Raises $6.3M to Solve the $475B Vendor Chaos Problem

Posted in Commentary with tags on May 13, 2025 by itnerd

Stackpack, the first intelligent Vendor Stack Management platform helping companies regain control over their growing network of third-party vendors, has raised $6.3 million. Freestyle Capital led the investment, with additional participation from Elefund, Upside Partnership, Nomad Ventures, Layout Ventures, MSIV Fund and strategic angels from Intuit, Workday, Affirm, Snapdocs and xAI.

Modern businesses are powered by a vast web of third-party providers — AI tools, SaaS platforms, contractors, and managed services. Yet most teams still manage these critical partnerships with spreadsheets, scattered documents, and crossed fingers. Stackpack is changing that.

Founded in 2023 by Sara Wyman, a veteran of Etsy and Affirm, Stackpack emerged from firsthand experience with the chaos and cost of unmanaged vendors. Wyman saw how missed renewals, redundant tools, and growing compliance risks could quietly drain budgets and introduce operational risk — and recognized that the vendors powering a business were as essential to its success as its internal team.

With Stackpack, finance and IT teams get a single source of truth for all third-party vendors – automatically surfacing renewal dates, contract owners, shadow IT, compliance gaps, and savings opportunities. The platform uses AI to not only uncover blind spots, but also acts on behalf of customers as an agent to ensure nothing falls through the cracks. Ultimately, Stackpack turns vendor sprawl into strategic advantage.

The early team behind Stackpack includes early leaders from PayPal, eBay, Adobe, Asana, Twilio, and Google — operators uniquely positioned to build a networked platform and scale it from early stage to market leadership.

Stackpack enters the market at a critical moment: Over $475 billion is spent annually on third-party software and services in the U.S. alone, with an estimated 25% of it going unused. Payroll budgets are shifting to outsourced contractors and AI expense. Compliance risks are multiplying as third-party vendors handle sensitive data. A lack of transparency in renewal dates and pricing are wrecking budgets and forecasts. Today’s finance and IT teams need real-time visibility, automated guardrails, and tighter controls more than ever, and Stackpack is building the platform for this new era.

Just months after launch, Stackpack is already managing over 10,500 vendors and $510 million in spend across more than 50 customers, including Every Man Jack, Rho, Density, HouseRx, Fexa, and ZeroEyes.

Alongside its core Stack Management platform, Stackpack is now expanding beyond visibility with a second product: Requests & Approvals, currently in beta. Designed as a lightweight, affordable alternative to platforms like Zip and Coupa, it gives teams a faster way to evaluate and approve vendor requests. Over time, Stackpack also plans to help customers discover and evaluate new partners.

Looking ahead, Stackpack’s mission is to help companies connect with the right partners, at the right time, on the right terms – transforming vendor management into a strategic capability. 

Leave a comment »

New Specops Research: FTP Ports Under Attack: Which Passwords are Hackers Using

Posted in Commentary with tags on May 13, 2025 by itnerd

A just-published Specops Software Research Report reveals passwords being used to attack FTP ports over the past 30 days, in live attacks happening against real networks.

The Specops Software research team found the most common passwords being used in brute force attacks, as well as the frequencies of password lengths and complexities.

This research coincides with the latest addition of over 133 million compromised passwords to the Specops Breached Password Protection service. These passwords come from a combination of our honeypot network and threat intelligence sources.

To view the full research report, please see this link FTP ports under attack: These Passwords use hackers [New Research

Leave a comment »

Black Kite Releases 2025 Ransomware Report, Revealing 123% Increase in Ransomware Attacks Over Two Years

Posted in Commentary with tags on May 13, 2025 by itnerd

Black Kite today announced its newest report, 2025 Ransomware Report: How Ransomware Wars Threaten Third-Party Cyber Ecosystems, which provides a deep analysis into evolving ransomware trends and threats. The report found that threats have escalated with more actors, less predictability, and deeper entanglement in supply chains, underscoring an urgent need for organizations to implement intelligence-driven defenses and proactive vendor monitoring.

Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. As uncovered by Black Kite’s Research & Intelligence Team (BRITE), the number of publicly disclosed victims saw a 25% increase from the previous year. This follows a steep rise in the previous period with an 81% surge, amounting to a 123% increase over two years. The year also saw a noticeable uptick in attacks against small and mid-sized businesses (SMBs) due to their less robust cybersecurity defenses and lower risks of retaliation, and a rise in supply chain warfare with attackers focused on third-party vendors where just one compromised provider can disrupt dozens to hundreds of downstream organizations. These incidents, often called silent breaches, can go unnoticed until their ripple effects halt operations across industries.

Leveraging data and machine learning, Black Kite’s Ransomware Susceptibility Index® (RSI™) proved to be a critical signal. A numerical score between 0.0 and 1.0, with a higher score representing greater susceptibility to a ransomware attack, RSI goes beyond cyber risk metrics and provides a composite score that incorporates technical indicators and intrinsic risk factors. In fact, for those with RSI above 0.8, nearly half (46%) were attacked, and most organizations showed rising RSI trends well before a breach.

The report’s key findings include:

  • Publicly disclosed ransomware victims climbed to 6,046, a 24% increase year over year, and more than doubled since 2023
  • 52 entirely new groups emerged in the last year, resulting in 96 active ransomware groups
  • Under-resourced, understaffed, and underprepared, SMBs ($4M-$8M) were the most frequently targeted
  • Ransomware was responsible for 67% of known third-party breaches
  • 46% of organizations with RSI greater than 0.8 experienced ransomware attacks
  • With smaller, less sophisticated operators that often lack the infrastructure to run complex extortion operations, ransom payment values declined by 35%, but the overall impact has widened

Ransomware is no longer dominated by large syndicates. Today’s organizations must contend against smaller groups that have less experience but the same intent – disrupt, extort, and repeat. While the tactics lack the sophistication of their predecessors and the targets are smaller, the volume and unpredictability of this new era of ransomware presents a new set of challenges. Organizations must also defend against AI-driven ransomware that enables attackers to bypass existing security systems and could evade detection, like analyzing EDR logs or monitoring incident response communications to adjust ransom demands.

Access the full report here.

Methodology

The findings in this report are the result of a comprehensive year-long investigation conducted by the Black Kite Research & Intelligence Team (BRITE), covering the period between April 1, 2024 and March 31, 2025. The methodology combines continuous monitoring of ransomware operations with detailed victim analysis and dark web intelligence gathering:

  • BRITE monitored activity from over 150 ransomware groups, tracking their leak sites, extortion posts, and public disclosures. A group was considered “active” if it published at least one victim within the last 12 months. By March 2025, 96 groups met this threshold.
  • A total of 6,046 victims were identified through leak site monitoring, cross-validated with open-source intelligence and internal telemetry. For each victim, BRITE analysts determined industry classification using NAICS codes, headquarters location by country, and estimated company size based on publicly available financials or trusted databases. BRITE also leveraged the Black Kite platform to assess each victim’s cybersecurity posture before and after the incident, helping to identify patterns in susceptibility and exposure.
  • To complement leak site tracking, BRITE actively monitored ransomware blogs, Telegram channels, and dark web forums to identify group narratives, affiliate activity, and coordination patterns. This enabled the team to detect new groups quickly and contextualize victim disclosures beyond surface-level postings.

Leave a comment »

University of Michigan Pwned Via Threat Actors Swapping A Classroom Engagement Tool For Malware

Posted in Commentary with tags on May 12, 2025 by itnerd

University of Michigan has reported attackers compromised the download portal for iClicker, a classroom engagement tool, replacing the Mac app with malware that used a fake CAPTCHA to lure users into manually launching the payload. The malware granted attackers persistent access, bypassed Apple security controls, and primarily targeted students — raising concerns about supply chain attacks in education.

Debbie Gordon, CEO and Founder, Cloud Range had this to say:

“This incident shows how easily attackers can turn a simple user interaction — like clicking a CAPTCHA — into a full compromise. The real question is: how quickly can your team detect and contain it? That’s the essence of incident response readiness. Simulation-based training gives defenders the muscle memory they need to spot behavioral red flags, investigate effectively, and coordinate containment actions in real time — before small lapses become major breaches.”

I have to admit this attack is pretty scary. Hopefully the university does a deep dive to figure out how this happened because this clearly is a skilled threat actor who came into this with a plan of attack. That makes these threat actors should be considered dangerous.

Leave a comment »

Penske’s Catalyst AI Powers Innovative New Era of Fleet Intelligence 

Posted in Commentary with tags on May 12, 2025 by itnerd

Today, Penske Truck Leasing introduced the new generation of fleet intelligence with the latest release of Catalyst AI™, its proprietary artificial intelligence engine and industry leading AI platform that redefined fleet management. Built specifically for commercial transportation, Catalyst AI applies machine learning in advanced methods—turning one of the industry’s richest vehicle data sets into faster, more strategic decision-making across operations. 

Catalyst AI was built to meet a fundamental need in modern operations: how to take the right action, at the right time, from the right data. The update introduces four core enhancements designed to make that possible: 

  • Fantasy Fleet – Offers a new comparison set made up of top-performing vehicles most similar to each vehicle in the user’s fleet—helping them find gaps and elevate performance. 
  • Vehicle-level Comparison – Enables users to compare individual vehicles to pinpoint performance differences, helping identify where targeted adjustments can drive better results. 
  • Hub-level Comparison – Allows users to assess operations by location and uncover opportunities for improved efficiency at the local level. 
  • Impacting Metrics – Gives users the ability to focus on specific metrics that matter most to their business—fuel efficiency, maintenance costs, utilization, and more. 

Catalyst AI continues to evolve in step with the complexities of modern fleet operations, delivering faster insights, clearer benchmarks, and intelligence designed to keep businesses ahead. Developed by Penske, the platform reflects what today’s fleet professionals need: trusted insights that drive action. 

That demand is reflected in Penske’s 2025 Transportation Leaders Survey: A Road to AI Adoption, which found that 93% of senior business decision makers in the transportation and logistics industry agree that AI will improve their organization’s resiliency and ability to adapt to sudden shifts. More than half (54%) said the ability to compare their fleet’s performance to others in the same market would improve both efficiency and operational decision-making. As they specifically plan for today’s continued economic uncertainty, fleet leaders cited their most critical data needs as: visibility into maintenance costs (44%), fuel price trends (41%), and fleet utilization (36%). 

Organizations that have embraced AI are already reaping the benefits with 40% of respondents using AI tools saying they’ve seen improvements of at least 50% in fuel usage, cost reduction, or distance traveled through smarter routing and optimization. However, 84% of transportation leaders think the industry is lagging behind in AI adoption and 36% only feel somewhat prepared to respond to ongoing supply chain disruptions and economic volatility. This signals a growing urgency for tools that not only provide data but translate it into tangible actions that drive outcomes, such as lowering operating costs and increasing efficiency.  

Since Catalyst AI launched in 2024, the platform has grown to support thousands of users, helping fleet professionals move from lagging metrics to leading decisions. The platform is now a foundational part of how teams across Penske’s network report, benchmark, and plan—across vehicles, locations, and systems. 

Catalyst AI is embedded within Comparative Insights, a feature inside the Fleet Insight® digital platform. Comparative Insights, powered by Catalyst AI, at the fleet level remains available at no cost to Penske customers. The new Comparative Insights Premium Plan unlocks access to vehicle- and hub-level comparisons and the Fantasy Fleet feature, with a 30-day free trial available before subscription. To learn more, visit penskecatalyst.ai

Leave a comment »

Security firm for NFL, NBA, NHL, MLB, and NASCAR notifies 100K people of data breach

Posted in Commentary with tags on May 12, 2025 by itnerd

Andy Frain Services, a security firm servicing major clients such as NFL, NBA, NASCAR, and more, over the weekend confirmed it notified 100,964 people of an October 2024 data breach that compromised their personal information.

Ransomware gang Black Basta claimed responsibility for the breach in November 2024, saying it stole 750 GB of data from the private security firm. Andy Frain has not yet confirmed Black Basta’s potential involvement. 

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had this to say:

“I’m not sure why it took nearly 7 months for Andy Frain Services to notify the impacted people. That’s 7 months hackers could have been using the learned information to abuse potential victims. If I do business with Andy Frain Services, I would like to know how the breach happened, if they know. Was it social engineering, unpatched software or firmware, or some other cause. Because if they don’t know how it happened it’s much tougher to put in place the right mitigations to make sure it’s less likely to happen again.”

And in  a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:

“Black Basta, not to be confused with Blackcat or BlackSuit, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients pay Black Basta to use its ransomware and infrastructure to launch attacks and collect ransoms. Black Basta often extorts victims both for a key to restore infected systems and for not selling or publicly releasing stolen data. Black Basta has claimed 166 confirmed ransomware attacks since it began, compromising more than 11.7 million records. Its average ransom demand is about $2.9 million.”

“In 2025 to date, Black Basta has claimed five victims, all of which it claimed in January. None of those attacks have been confirmed yet. In 2024, Comparitech researchers logged 793 confirmed ransomware attacks on US organizations, compromising more than 268 million records. 64 of those attacks hit service-based businesses like Andy Frain and compromised 1.6 million records.”

“The average ransom across all industries is just north of $2.3 million, and $787,000 for service-based businesses. In 2025 so far, we’ve recorded 112 confirmed ransomware attacks in total, five of which hit service-based businesses. Ransomware gangs made another 1,365 attack claims this year that haven’t been acknowledged by the targeted organizations.”

Andy Frain has some explaining to do. Or at least it should have some explaining to do. Seven months to disclose this isn’t cool. However I don’t think that will happen given the sort of environment that we’re in at the moment where nobody seems to be held to account for anything. Which is not good.

Leave a comment »

Today Is Anti-Ransomware Day

Posted in Commentary on May 12, 2025 by itnerd

Today, May 12th, marks Anti-Ransomware Day and commemorates the 2017 global WannaCry attack which majorly disrupted the UK’s NHS. That was a huge event at the time. And sadly things have only gotten worse since then.

Rebecca Moody, Head of Data Research at Comparitech had this to say: 

“In 2017, ransomware, to many people, was still a huge unknown. Fast-forward to today, and it’s a word within a lot of people’s vocabulary–even if they don’t understand the technical jargon surrounding it. This is because of large-scale attacks like WannaCry and the current attack on Marks and Spencer, bringing these types of attacks to the forefront. “

“Sadly, however, while awareness around these types of attacks has grown, so too has the number of attacks. Since 2018, we’ve seen yearly increases in the number of ransomware attacks (except for a dip in 2022), and the amount of data involved in these attacks has also risen exponentially. Hackers have become increasingly focused on double-extortion tactics whereby systems are encrypted (for one ransom payment) and data is also stolen (for another ransom payment).”

“Since 2018, we’ve tracked 281 confirmed ransomware attacks in the UK alone (confirmed attacks are those acknowledged by the entity involved). These attacks have led to the breach of over 3.3 million records and have seen average ransom demands of nearly USD $8.6 million (GBP £6.5 million).”

“40 of these attacks and nearly 1.2 million records are from 2024. And we’ve already seen 12 attacks this year so far. While no breaches have been reported for the attacks this year, we’ll likely see significant numbers involved in the attacks on M&S and Co-op.”

“While the threat landscape surrounding ransomware attacks has changed, the basics for thwarting these attacks remain the same. Make sure systems are up to date, patch vulnerabilities as soon as you become aware of them, carry out regular system back-ups, have detailed plans in place if the worst should happen, and, perhaps most crucially, carry out regular staff training. As we’ve seen with Harrods, Co-op, and M&S, social engineering tactics were used to carry out these attacks, whereby employees were tricked into changing their passwords.”

The world isn’t a safe place right now based on the fact that I started out occasionally reporting on ransomware attacks to reporting on them daily. Thus let’s use today as a catalyst to make whatever changes are required to make the world a whole lot safer when it comes to ransomware.

Leave a comment »

« Older Entries
Newer Entries »