Saviynt Hires Identity Veteran Roger Hsu to Accelerate Asia Growth

Posted in Commentary with tags on April 23, 2025 by itnerd

Saviynt has appointed Roger Hsu as Regional Vice President (RVP), Asia. The move signals the company’s deepening investment and accelerated growth in the region.

Hsu joins Saviynt following a successful tenure at SailPoint, bringing over two decades of cybersecurity and identity management expertise. He will lead Saviynt’s go-to-market strategy across Asia, with a strong focus on helping enterprises secure digital identities in an increasingly complex threat landscape.

The urgency for modern identity governance has never been greater. According to IBM’s 2024 Cost of a Data Breach Report, Asia-Pacific remains the most-targeted region globally, with compromised credentials and misconfigured identity systems among the leading causes of breaches.

Saviynt has steadily grown its presence in Asia, working with Fortune 500 companies and regional enterprises across financial services, healthcare, manufacturing, and critical infrastructure. The company is making strategic investments in local talent, partnerships, and region-specific solutions to meet soaring demand for intelligent identity governance.

The appointment of Hsu signals Saviynt’s continued commitment to Asia as a strategic growth market and its vision to redefine identity security for the modern enterprise.

To learn more about Saviynt’s Identity Cloud, please visit the website.

Leave a comment »

Blue Shield of CA Leaked PHI of 4.7 Million Members to Google…. WTF??

Posted in Commentary with tags on April 23, 2025 by itnerd

News is out that Blue Shield of California leaked the health data of 4.7 million members to Google. And upon reading this, my jaw hit the ground:

Blue Shield said it used Google Analytics to track how its customers used its websites, but a misconfiguration had allowed for personal and health information to be collected as well, such as the search terms that patients used on its website to find healthcare providers.

The insurance giant said Google “may have used this data to conduct focused ad campaigns back to those individual members.” 

Blue Shield said the collected data also included insurance plan names, types and group numbers, along with personal information such as patients’ city, zip code, gender and family size. Details of Blue Shield-assigned member account numbers, claim service dates and service providers, patient names and patients’ financial responsibility were also shared. 

Per a legally required disclosure with the U.S. government’s health department, Blue Shield of California said it is notifying 4.7 million individuals affected by the breach. The breach is thought to affect the majority of its customers; Blue Shield had 4.5 million members as of 2022.

Ensar Seker, CISO at SOCRadar:

“In this case, the unintentional exposure of protected health information (PHI) from 4.7 million members to Google’s analytics and advertising platforms raises serious questions about how healthcare providers manage third-party tracking technologies.”

“This isn’t just a technical misstep. It’s a HIPAA compliance failure. PHI should never be sent to platforms like Google Ads or Analytics, especially without explicit patient consent and proper business associate agreements (BAAs) in place. When you consider the type of data potentially exposed (names, IP addresses, search terms, and in some cases sensitive health-related activity) the privacy implications are significant. Such data can be used to infer medical conditions, insurance status, or treatment history, and that creates a risk not just of identity theft, but of discrimination, stigma, and profiling.”

“What’s particularly troubling is the duration of exposure. nearly three years before it was identified and addressed. That suggests a systemic gap in data flow visibility, audit logging, and vendor oversight. Many healthcare organizations unknowingly introduce risk through website trackers, pixel tags, and marketing scripts. tools that are standard in e-commerce, but dangerously misapplied in regulated environments like healthcare.”

“At the end of the day, this incident wasn’t about a hacker breaking in, it was about data leaking out due to weak controls. And that’s often the more dangerous, and more preventable, type of breach.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech

“Victims should be on the lookout for insurance fraud. Check your hospital bills and prescriptions for any unfamiliar charges that could indicate someone else is using your insurance to get drugs or other care in your name.”

“Patients might have seen ads targeted at them based on confidential information in Blue Shield’s database.” 

“The wildest part about this is that it happened over nearly three years. Luckily, it doesn’t seem like cybercriminals took advantage. The only unauthorized third party that saw the leaked data was Google, according to the disclosure. It doesn’t seem like Google shared identifiable info with any of its advertisers or publishers on Google Ads.”

This is firmly within the realm of WTF. I simply cannot believe that something like this happened as you would never happen. But in this case, it did. And normally I would say that there needs to be an investigation by the relevant government authorities and making sure that those who are responsible for this monumental screw up are punished. But given the times that the US are living in, I am going to guess that this won’t happen.

UPDATE: Jim Routh, Chief Trust Officer at Saviynt provided the following comments:

“The industry is likely to see similar types of data breaches going forward. Google has invested in and implemented highly sophisticated data models (Google Analytics) to harvest user online behavioral information (what products are consumed) along with individual attributes, which is then packaged for advertising platforms. The settings for Google Analytics and similar platforms need to be configured and reviewed by the healthcare insurance provider (Blue Shield of California) and other enterprises sharing consumer information. 

“The good news is that this data did not include SSNs and other sensitive information, but the bad news is it was health-specific information for consumers that should not be shared. The notification of this incident comes several months after it was identified (February 11, 2025).”

Leave a comment »

Fraudsters Abuse Google Forms via Phishing to Steal Logins

Posted in Commentary with tags , , on April 23, 2025 by itnerd

According to researchers, fraudsters are abusing Google Forms via phishing campaigns that steal email logins. You can read more here: https://www.welivesecurity.com/en/scams/how-fraudsters-abuse-google-forms-spread-scams/

Here’s the TL:DR:

Malicious actors are always looking for ways to add legitimacy to scams and evade email security filters. Google Forms offers a great opportunity to do both. It is favored by cybercriminals because it is:

  • Free, meaning threat actors can launch campaigns at scale with a potentially lucrative return on their investment
  • Trusted by users, which increases the chances of victims believing that the Google Form they’re being sent or redirected to is legitimate
  • A legitimate service, meaning that malicious Google Forms and links to malicious forms are often waved through by traditional email security tools
  • Easy to use, which is good for users but also handy for cybercriminals – meaning they can launch convincing phishing campaigns with very little effort or prior knowledge of the tool
  • Cybercriminals also take advantage of the fact that Google Forms communications are encrypted with TLS, which may make it harder for security tools to peer in and check for any malicious activity. Similarly, the solution often uses dynamic URLs, which may make it challenging for some email security filters to spot malicious forms.

Roger Grimes, data-driven defense evangelist at KnowBe4, commented:

“All public services like Google Forms, need to be better at defeating phishing attempts that use their product. I think most people can easily come up with a dozen signs that they can easily see in a message that indicates a scam. These services need to be doing more to fight cybercriminals using their products to conduct scams. Because they don’t, it causes trust issues and lessens the value of those products. Each of these services will tell you that they are already spending a bazillion dollars and lots of resources to fight scammers, but they simply aren’t doing enough. They are letting the revenue they are making by being bad at spotting cybercriminals get in the way of them better detecting and spotting scammers. It’s a business decision. One that isn’t being made correctly by many service providers and it’s unfortunate.”

This isn’t the first time that I’ve seen Google Forms used for nefarious purposes. And to Google’s credit, when I’ve reported a dodgy form, they’ve been quick to take it down. But it often pops up again in hours or days. I am not sure how Google addresses this, but they do need to address it.

Leave a comment »

RESEARCH: Mandatory SIM-Card Laws Across the Globe

Posted in Commentary with tags on April 23, 2025 by itnerd

Comparitech today released research looking at worldwide laws regarding SIM-card registration.

According to the report, the majority of national governments (over 160) require mandatory SIM-card registration. Users must register their real name and personal details to sign up for a phone service. Just over 35 countries also require biometrics, e.g., your fingerprints or a facial scan. More countries are in the process of adding biometric requirements, or they have some requirements but not for everyone (e.g., tourists only).

Key findings Include:

  • 6 countries have enforced mandatory SIM-card registration or increased restrictions in the last few years– Brunei Darussalam, Burkina Faso, Cyprus, Lithuania, Maldives, and Serbia. Among these, Brunei Darussalam requests users re-register their SIMs, while Burkina Faso and the Maldives have placed limits on the number of SIM cards available to customers (two and ten per person, respectively).
  • Cambodia and Thailand introduced a mandatory IMEI database, bringing the total number of countries with one of these to 24.
  • Mauritius was the only country that retracted its SIM-card registration requirement. The Council of Ministers approved the decision on December 27, 2024, replacing the 2023 SIM registration rules with fresh 2024 regulations. Mobile operators must now delete all previously stored photos as well.
  • In contrast, several countries introduced or strengthened their biometric identification measures, including Argentina, Eswatini (Swaziland), India, Laos, and Mauritania. Mozambique’s new requirements come into effect at the end of the year.
  • What to watch: Russia is tightening its biometric registration measures. From the start of this year, any foreigners buying SIM cards in Russia will have to provide their biometrics.

The full research can be read here: https://www.comparitech.com/blog/vpn-privacy/sim-card-registration-laws/

Leave a comment »

Xbox App Now Available on LG Smart TVs

Posted in Commentary with tags on April 23, 2025 by itnerd

Today, Xbox announced the launch of the Xbox app on LG Smart TVs, furthering our mission to bring more games to more devices through Xbox Cloud Gaming (Beta). The Xbox app will be available on LG TV’s running the latest webOS 24 and newer – including 2022 OLED TVs, and select 2023 LG Smart TVs, and newer models, along with smart monitors running webOS 24 or later versions in over 25 countries. Now, players can instantly access hundreds of games directly from the Xbox app, including AvowedSouth of Midnight, and upcoming games like Towerborne as part of their Xbox Game Pass Ultimate membership. Game Pass Ultimate members can also stream select cloud-playable games they own, even if they are not included with Game Pass Ultimate. You can find the full list with over 100 supported titles in the Stream Your Own Game collection here.   

By adding the Xbox app to LG TVs, players can experience the benefits of Xbox Cloud Gaming (Beta), such as sending invite links to join cloud gaming sessionsseamlessly switch between games, and having mouse & keyboard support for select games through Cloud gaming. Additionally, game developers are continuing to utilize Xbox Play Anywhere as developers releasing games on Xbox have embraced Xbox Play Anywhere for their games. 

With Mother’s Day, graduation and Father’s Day around the corner, this is the perfect time to celebrate with the family and play Xbox on your LG Smart TV with the whole family. Xbox is continuing its efforts to ensure players can play anywhere by partnering with LG, bringing more ways to play Xbox. 

For more information about Xbox Cloud Gaming on LG Smart TVs, please visit today’s Xbox Wire blog post here.  

Leave a comment »

Marks and Spencer Pwned In A Cyberattack

Posted in Commentary with tags on April 23, 2025 by itnerd

Marks and Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations. As it stands the only way to buy something from the company is with cash. And if you ordered something, you may not be able to collect it.

Javvad Malik, Lead Security Awareness Advocate at KnowBe4 commented:

“The recent cybersecurity incident at Marks & Spencer serves as a reminder of the interdependencies in modern retail operations. The disruption to Click and Collect services and contactless payments underscores how any technical issue can have far-reaching consequences across an entire organization.”

“M&S’s prompt communication and engagement with the ICO demonstrate a commendable level of transparency and regulatory compliance. However, the event also reveals potential gaps in cyber resilience and crisis management strategies.”

“The key lesson here is the importance of cultivating a positive and strong security culture throughout the organization. Cybersecurity can no longer be siloed within IT departments; it must be integrated into every aspect of business operations and decision-making processes.”

“Moving forward, organizations must prioritize the development of a security-first mindset at all levels, from the boardroom to the retail store.”

Whenever M&S recovers from this, I hope that they take the required steps to make sure that this sort of event cannot happen again. Because as bad as this is, it could easily have been way worse.

1 Comment »

Q1 Retail Snapshot: Canadian online sales dip 3% amid economic anxiety 

Posted in Commentary with tags on April 23, 2025 by itnerd

Q1 Canadian retail insights from Salesforce’s 2025 Shopping Index are out. This analyzes activity from over 1.5 billion global shoppers across 67+ countries. Canadian consumers are becoming more cautious amid ongoing economic uncertainty, with digital commerce sales declining 3% year-over-year—down from 3% growth in Q1 2024. The average spend per visit dropped to $2.57, and the conversion rate softened to 1.9%, reflecting more selective purchasing behavior.

“The Q1 2025 retail results paint a picture of a cautious Canadian consumer. High prices, economic uncertainty, and shifting priorities are all contributing to a more deliberate approach to online shopping,” says Caila Schwartz, Director of Consumer Insights and Strategy for Retail and Consumer Goods at Salesforce. “Canadian consumers are increasingly seeking out discounts and prioritizing value, while retailers are responding with targeted promotions and an emphasis on mobile-friendly experiences.”

Despite flat overall traffic, shopping habits shifted by device. Desktop traffic grew 15%, while mobile traffic declined 4%. Still, mobile remains dominant, accounting for 70% of online traffic and 66% of orders, with mobile order volume growing 6% YoY.

Order volumes fell 5%, and average order value dropped to $99.25 (down 4% YoY). Retailers leaned into promotions, with the average discount rate increasing to 16%. However, elevated cart abandonment—88% on mobile vs. 80% on desktop—shows ongoing friction in the mobile checkout process.

Search and social continued to play a major role: site search accounted for just 7% of traffic but drove 17% of orders, while 10% of traffic (and 12% of mobile traffic) came via social media.

Retailers looking to grow in Canada will need to focus on value, mobile optimization, and personalized digital experiences to meet evolving shopper expectations.

Leave a comment »

Vantiq Has Two Announcements Regarding Agreements And Partnerships In South Korea

Posted in Commentary with tags on April 23, 2025 by itnerd

Vantiq, a U.S.-based platform for building and operating agentic AI systems in real time, just announced two major developments in Korea.

First, the company announced a strategic partnership with Etevers, a fast-growing tech firm backed by Samsung, LG, and the Korean government. The deal positions Vantiq as the go-to platform for intelligent systems in the country’s healthcare and public sectors. 

You can find out more here: https://vantiq.com/news/vantiq-secures-strategic-foothold-in-south-korea-with-etevers-partnership/

Second, a new agreement with Jeonju University and Etevers to co-develop and pilot AI-driven public safety solutions, with Vantiq’s help, across South Korea’s Jeollabuk-do region—bringing real-time AI into emergency alerts, health monitoring, and disaster response systems.

You can find out more here: https://vantiq.com/news/vantiq-platform-sees-continued-growth-in-south-korea-with-etevers-partnership-and-academic-collaboration/

    Together, these announcements show how Korea is leapfrogging legacy tech to adopt agentic AI—intelligent systems that don’t just analyze data, but act on it in the moment—and how a US company is helping them do that.  These developments also underscore a growing trend of integrating real-time AI into public sector services.

    Leave a comment »

    Konica Minolta Unveils BlueIrisIQ

    Posted in Commentary with tags on April 23, 2025 by itnerd

    Konica Minolta Business Solutions today announced the official launch of BlueIrisIQ™, a dynamic new division leveraging the foundation of the company’s existing Intelligent Information Management (IIM) services. With a logic-driven, customer-centric approach, BlueIrisIQ delivers tailored solutions designed to streamline data complexity and provide an automated approach to business operations. Its AI-powered offerings have the strength and ability to uncover deeper insights and predictive value from enterprise content, while its scalable solutions are designed to grow alongside any organization’s digital transformation journey.

    Created to meet the evolving needs of modern organizations, BlueIrisIQ strengthens Konica Minolta’s ability to support both direct and dealer channels. It’s built on the belief that meaningful transformation starts with three core pillars of focus: Intelligent Content Solutions, Intelligent Automation, and Outsourced Scanning Services. Through these offerings, BlueIrisIQ provides both direct and dealer channels with greater access to innovative tools and resources that drive and deliver meaningful business outcomes for their customers.

    The newly named business unit marks Konica Minolta’s continued investment in building a smarter, more connected digital future – where customers are not just managing their data, they’re mastering it.

    Learn more about BlueIrisIQ and its service offerings here.

    Leave a comment »

    Cobalt Names Christopher Elisan as Head of Offensive Security Research and Community

    Posted in Commentary with tags on April 23, 2025 by itnerd

    Cobalt today announced the appointment of Christopher (Tophs) Elisan as its new Director of Offensive Security Research and Community. In this role, Elisan will spearhead continuous innovation in offensive security practices and lead the Cobalt Core community of 450+ of the world’s best pentesters. 

    Elisan is a seasoned cybersecurity professional with specialized expertise in both offensive and defensive technologies. A premier Advanced Persistent Threat (APT) researcher, he has a proven track record in researching threat actor tooling, malware, deployment vectors, and attack infrastructure. His deep understanding of attacker behavior and the human elements behind cyberattacks enables him to bring a nuanced, strategic approach to threat intelligence.

    Elisan’s career spans high-profile positions at organizations including RSA NetWitness, Polyswarm, Flashpoint, F-Secure, and Trend Micro, where he led global security teams through complex investigations, vulnerability management, and the deployment of advanced security solutions. In addition to his leadership expertise, Elisan has authored three books, including Hacking Exposed: Malware and Rootkits, and Malware, Rootkits & Botnets: A Beginner’s Guide. His thought leadership extends to international conferences, where he shares his expert opinions on the latest in cybersecurity threats and incidents.

    At Cobalt, Elisan will oversee the company’s focus on evolving pentesting from an art into a science, combining offensive security testing with deep threat intelligence analysis to enhance the company’s PTaaS offerings. His work will focus on identifying emerging vulnerabilities, analyzing adversary tactics, techniques, and procedures (TTPs), and providing actionable insights to help businesses stay secure.

    Elisan’s appointment underscores the company’s commitment to proactive cybersecurity, blending the power of offensive security with advanced research to deliver real-time insights that enable organizations to strengthen their defenses and stay ahead of attackers.

    Leave a comment »

    « Older Entries
    Newer Entries »