Fake WordPress Caching Plugin Used to Steal Admin Credentials

Posted in Commentary with tags on June 10, 2025 by itnerd

A sophisticated malware campaign targeting WordPress administrators has been discovered, utilizing a deceptive caching plugin to steal login credentials and compromise website security. 

Commenting on this is Martin Jartelius, CISO at Outpost24:

“Installing an unknown plugin is always a risk. Markers such as the ones mentioned are also not great to use—a somewhat more engaged attacker would simply fork an open-source project, backdoor that, and include the expected information. The description associated with this “attack” shows both a lack of creativity and enthusiasm with the attacker. The reason we mention this is not to encourage the attackers to try harder, it’s to ensure that administrators are aware that malicious plugins are a real threat, and that they should never expect them to show up with this low level of ambition. Hackers are generally better than this. Think twice, install once.”

I am a WordPress user and I try to stick to known plugins to avoid this scenario. But because it pays to be paranoid, I will be giving my WordPress instance a second look to make sure that I don’t have anything “evil” lurking that I should be concerned about.

Leave a comment »

KnowBe4 Wins Multiple 2025 Top Rated Awards From TrustRadius

Posted in Commentary with tags on June 10, 2025 by itnerd

KnowBe4 today announced that TrustRadius has recognized KnowBe4 with multiple 2025 Top Rated Awards. KnowBe4’s Security Awareness Training won in the Security Awareness Training category, PhishER won in Incident Response, Security Orchestration Automation and Response, and Phishing Detection and Response categories, and for the first time ever, Compliance Plus won in both the eLearning Content and HR Compliance categories.

With a TrustRadius Score of 9.2 out of 10 and over 1108 verified reviews, KnowBe4’s Security Awareness Training is recognized by their customer reviews as a top player in the Security Awareness Training software category for the sixth consecutive time. PhishER has  won in three categories, with an 8.8 out of 10 and over 229 verified reviews. Additionally, Compliance Plus made its debut with a score of 8.3 out of 10. 

Since 2016, the TrustRadius Top Rated Awards have become the B2B’s industry standard for unbiased recognition of excellent technology products. Based entirely on customer feedback, they have never been influenced by analyst opinion or status as a TrustRadius customer. Here is a detailed criteria breakdown of the methodology and scoring that TrustRadius uses to determine TopRated winners.

For more information on KnowBe4, visit www.knowbe4.com.

Leave a comment »

Ericsson and Supermicro advance Enterprise Connectivity for edge AI systems

Posted in Commentary with tags on June 10, 2025 by itnerd

Ericsson and Supermicro today announced an intent to engage in a strategic collaboration to accelerate Edge AI deployment. The parties have signed a Memorandum of Understanding to explore the combination of Ericsson Enterprise Wireless Solutions’ industry-leading 5G connectivity with Supermicro’s industry-leading Edge AI platforms into commercial bundles that will:

  • Deliver advanced Edge AI capabilities that leverage 5G network connectivity as a key value-add attribute
  • Simplify procurement and deployment with a unified solution with pre-validated AI compute and 5G connectivity

As AI becomes integrated into a wide range of business functions, many of those AI applications require low-latency response times. This development is leading to a demand for Edge AI solutions that deploy pre-trained AI models, generative AI, and agentic AI to the network edge, outside the data centre, for local processing. The combination of Supermicro and Ericsson technology is intended to enable businesses in retail, factories, health care, and others to rapidly deploy Edge AI infrastructure together with wireless connectivity.

Supermicro continues to expand its extensive portfolio of infrastructure products supporting Edge AI applications with product choices ranging from small fanless devices to shoe-box sized systems to 1U rackmount systems. These new stand-alone wireless systems can be deployed in diverse environments yet deliver industry-standard data throughput comparable to wired systems.

Ericsson’s wireless WAN portfolio of indoor and outdoor low-and-mid band wireless adapters and their 5G, SD-WAN, and security appliances are critical components for an enterprise when traditional wired connectivity may be inconvenient or even unavailable for some of these edge deployments. In these situations, 5G can serve as the primary WAN connection or even as a backup WAN connection for business-critical deployments. With Ericsson’s solution, enterprises will also be able to take advantage of 5G functionality including network slicing, cellular intelligence, and zero trust security.

Specific industry applications include:

  • Retail: Accelerate checkout processing through real-time image recognition of items, enhance inventory tracking, and detect and alert against theft.
  • Smart Factory and Industrial Automation: Monitor and control industrial machinery by locally processing sensor and camera data.  
  • Traffic Safety: Enhance traffic safety by data analysis directly from camera and sensor sources for adaptive real-time traffic management. 
  • Healthcare Management: Support healthcare operations such as just-in-time inventory management to reduce waste and ensure critical medical supplies are available.

Enterprise customers and system integrators can learn more by visiting the Supermicro booth # P10, Pavillion 7 at NVIDIA GTC Paris, June 11-12, 2025 or by visiting https://supermicro.com/en/solutions/ericsson for further solution and product details.

Leave a comment »

#PSA: If You Have An Intel Mac, It’s Time To Replace It With An Apple Silicon One

Posted in Commentary with tags on June 10, 2025 by itnerd

Frequent readers of this blog will know that I’ve been saying for a while that if you own a Intel powered Mac, you should invest in an Apple Silicon one sooner rather than later. I’ve said this in 2023, 2024, and just recently. Now Apple has seemingly put the final nail in the coffin of Intel Macs by announcing that macOS Tahoe which was previewed yesterday at WWDC is going to be the last version of macOS for Intel Macs.

Now Intel Macs will continue to get critical security updates. How long they get those updates is an open question. But there will be zero new features for Intel Macs. And what often happens is that third party developers will stop developing software for Intel macs. Maybe not instantly, but that will happen.

So if you own an Intel Mac, now is the time to make the move to an Apple Silicon Mac. I say now because I predict that a lot of people will ignore this and then be caught out in some way when an app that they need won’t work or something like that. You don’t want to be in the position of having to “panic buy” a Mac, so planning out your transition to Apple Silicon now is the way to go.

Consider yourself warned.

2 Comments »

Xona and Forescout Partner to Deliver Secure Remote Access and OT Cybersecurity for Critical Infrastructure

Posted in Commentary with tags , on June 10, 2025 by itnerd

Xona, the leading provider of secure access for critical infrastructure, today announced a strategic partnership with Forescout Technologies, a global cybersecurity leader. The integration between the Xona Platform and the Forescout 4D Platform™ will give industrial and critical infrastructure operators secure, policy-enforced access to operational systems, backed by continuous network visibility and automated enforcement.

As threats to industrial control systems intensify and compliance requirements become more demanding, the integration of Forescout’s continuous device visibility, intelligence, and control with Xona’s secure remote access capabilities enables operators to modernize security without compromising uptime, safety, or regulatory posture. This partnership ensures that every user and device interaction is authenticated, authorized, and audited—delivering secure, compliant, and uninterrupted operations across critical infrastructure.

Better Together: Unified Access, Visibility, and Control

The best of breed platforms combine the unique strengths of both organizations:

  • Zero-Trust Access with Reduced Operational Complexity: Xona delivers secure, browser-based access to critical systems without requiring VPNs, clients, or network tunnels. When paired with Forescout’s real-time asset discovery, security teams can dynamically identify and import assets to configure identity-level controls. This ensures users only access authorized assets and systems, when they’re authorized to access them.
  • Context-Aware Policy Enforcement: Forescout’s dynamic risk scoring and segmentation logic automatically influence access permissions and session behavior inside Xona. High-risk assets can be isolated, and user access can be denied or revoked in real time, preventing lateral movement and enforcing least privilege access across the OT environment.
  • Built-In Compliance and Session Auditing: Xona’s high-fidelity session recording, file transfer governance, and policy-based controls are now enriched with live network telemetry from Forescout, simplifying audit prep for standards like NERC CIP, IEC 62443, TSA SD2, and OTCC-1. Every session is visible, controlled, and accounted for.
  • Secure Vendor and Third-Party Access Without Exposure: Together, Xona and Forescout eliminate the traditional blind spots around remote access. Contractors, OEMs, and internal users can gain time-limited access with full oversight, without ever exposing underlying network layers or requiring standing credentials.

This integration is purpose-built to support energy and utilities, oil and gas, water, transportation and logistics, and healthcare organizations to drive operational resilience.

Leave a comment »

Optima Tax Relief Pwned By The Chaos Group

Posted in Commentary with tags on June 9, 2025 by itnerd

Optima Tax Relief was hit by a ransomware attack by Chaos group threat actors who are now leaking 69 GB of data stolen from the company. Bleeping Computer has details:

Today, the Chaos ransomware gang added Optima Tax Relief to its data leak site, claiming to have stolen 69 GB of data. 

This data contains what appears to be corporate data and customer case files. Tax documents commonly contain sensitive personal information, such as Social Security numbers, phone numbers, and home addresses, which can be used for malicious activity by other threat actors or identity theft.

Sources with knowledge of the attack told BleepingComputer that this was a double-extortion attack, with the threat actors not only stealing data from the company but also encrypting servers.

Ensar Seker, CISO at SOCRadar:

“The Optima Tax Relief breach underscores the growing interest of ransomware groups like Chaos in targeting high-trust financial service providers that handle sensitive personal data. This isn’t just a business disruption issue, it’s a national identity risk.

Tax resolution firms like Optima are rich targets because they aggregate the full spectrum of personally identifiable information (PII): Social Security numbers, tax documents, financial disclosures, and often even power-of-attorney authorization records. When exfiltrated, this data doesn’t just enable identity theft, it fuels secondary fraud operations for years.

“The fact that this was a double-extortion attack, involving both encryption and data theft, is unfortunately now the standard playbook. What’s more concerning is that Chaos ransomware has only recently emerged, yet already demonstrates the operational maturity of a seasoned group. Their ability to launch effective attacks and publicize breaches so quickly suggests they’re leveraging pre-existing access-as-a-service networks or recycled stealer logs for rapid compromise.

“From a defender’s standpoint, this is a call to action: Organizations that handle financial or tax data need to treat endpoint telemetry, privileged access management, and data exfiltration detection as minimum baselines. And more broadly, this reinforces the importance of having not only an incident response plan but a breach communications plan tailored for sensitive customer-impact scenarios.”

Erich Kron, Security Awareness Advocate at KnowBe4:

“The Chaos ransomware group is fairly new on the scene but has claimed a few victims already. This victim is an interesting one due to the significant amount and types of data that were collected and likely stolen. The customers will have provided not only Social Security numbers and other personal information, but also a lot of personal and sensitive financial information that may be embarrassing and that they may not want to be made public. The type of information stolen could also be used by social engineers to convince victims that they are from Optima and may lead to future scams and financial losses.

“The specific attack vector has not been released, but generally speaking, ransomware is most often spread through attacks on the humans within organizations, such as email phishing, vishing, or smishing. For this reason it is very important for organizations to have a robust and well-planned human risk management (HRM) program in place.”

This is an attack that will not end well. Not for Optima, and not for their customers. Expect this hack to reverberate for months or longer.

Leave a comment »

Destructive NPM Packages Disguised as Utilities Enable Remote System Wipe

Posted in Commentary with tags on June 9, 2025 by itnerd

Researchers have discovered two malicious NPM packages that register hidden HTTP endpoints to delete all files on command. The packages masquerade as legitimate utilities while implementing backdoors designed to destroy production systems.

You can get more details on this rather nasty malware here: https://socket.dev/blog/destructive-npm-packages-enable-remote-system-wipe

Jim Routh, Chief Trust Officer at Saviynt, commented:

“This is a case of a software supply chain compromise using malware designed to appear to be benign that then activates a back door once it is embedded. The key for enterprises is to improve the identity access management for everyone with access to the software build process including employees and contractors.”

This pretty much highlights why you need to sanity check anything and everything that goes into software so that you don’t become an unwitting transit mechanism for this type of attack.

Fun times.

Leave a comment »

Grocery wholesale giant United Natural Foods hit by cyberattack

Posted in Commentary with tags on June 9, 2025 by itnerd

United Natural Foods (UNFI), North America’s largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack. The Rhode Island-based company operates 53 distribution centers and delivers fresh and frozen products to over 30,000 locations across the United States and Canada:

On June 5, 2025, United Natural Foods, Inc. (the “Company”) became aware of unauthorized activity on certain of its Information Technology (IT) systems. The Company promptly activated its incident response plan and implemented containment measures, including proactively taking certain systems offline, which has temporarily impacted the Company’s ability to fulfill and distribute customer orders. The incident has caused, and is expected to continue to cause, temporary disruptions to the Company’s business operations. The Company is working actively to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals and has notified law enforcement. Pursuant to its business continuity plans, the Company has implemented workarounds for certain operations in order to continue servicing its customers where possible. The Company is continuing to work to restore its systems to safely bring them back online.

The investigation to assess the impact and scope of the incident remains ongoing and is in its early stages.

Erich Kron, Security Awareness Advocate at KnowBe4

“Operations such as this often work on a very tight timeline, so the pressure can be high to get systems up and running as soon as possible. This is what attackers hope for as they dangle the idea in front of the victims that paying the ransom will get organizations back online quickly. While decrypting the data could possibly restore operations more quickly, there is a huge danger that back doors are left in place to be exploited again, or that after payment, encrypted files turn out to be corrupted and unrecoverable.”

“Not only do attacks such as these really put the pressure on the victim, but the organizations that rely on the products are also put in a spot as well. If the wholesaler can’t get items to the retailer, the retailer suffers greatly as well and might look for other options to make future purchases, costing the wholesaler customers and their reputation.”

“Since the vast majority of ransomware attacks are started by exploiting employees, organizations should have a robust human risk management program in place to address threats such as social engineering, poor credential hygiene, and other human-centric threats.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech

“Although UNFI hasn’t stated as much, this attack has all the hallmarks of ransomware. Ransomware attacks can lock down computer systems, forcing companies to pay a ransom or face extended downtime and permanent data loss. These attacks can cripple companies and even force them to shut down permanently in some cases, so they should not be taken lightly. This attack could have knock-on effects including higher food prices for consumers.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“Cyberattacks like the one UNFI has been hit with can cause delays in deliveries, product shortages, and even store closings and temporary layoffs, due to organizations’ reliance on computer systems. While we don’t know exactly what type of attack has been launched against UNFI or how it was launched, it does emphasize how companies need to ensure that their internal systems, as well as those of their suppliers and partners, are kept up to date to plug security holes.”

I for one would would like to see more details disclosed. As in what happened, what the downstream effects are, and what UNFI will do to ensure that it doesn’t happen again. Because that will enable it’s business partners and the public to trust them going forward.

Leave a comment »

Ricoh brings greater efficiency to light-production segment with its next generation of sheet-fed digital printers

Posted in Commentary with tags on June 9, 2025 by itnerd

Ricoh today announced the launch of its newest color light-production sheet-fed digital printers, the RICOH Pro C5400S and RICOH Pro C5410S (RICOH Pro C5400S Series). With professional color consistency and precise front-to-back registration, the RICOH Pro C5400S Series offers the powerful production print quality of higher-volume presses in a more compact and versatile design, allowing businesses such as marketing agencies to outsource less work, and commercial printers to keep shorter-run print jobs from tying up larger production systems.

Building on the strengths of its predecessors, the RICOH Pro C5300S and RICOH Pro C5310S, the RICOH Pro C5400S Series inherits key features, such as high-speed output and excellent paper handling while delivering significant improvements in core performance. The warm-up time has been drastically reduced from 120 seconds to 26 seconds for the Pro C5410S, and 30 seconds for the Pro C5400S, greatly boosting user productivity. The scanning speed has also increased, and the adoption of capacitive touch significantly enhances usability and response of the 10.1” Smart Operation Panel. Additionally, the Series features an industry-first staple-less binding option for the SR5130 and SR5140 finishers that uses water to moisten and press pages together, enabling staple-less binding up to 16 sheets (80 gsm/20lb bond), reducing injury and waste from staples, and making it easier to shred and recycle documents.

With high-image quality, versatile media handling capabilities, and print speeds up to 80 ppm, the RICOH Pro C5400S Series meets a wide range of promotional material applications in light-production printing, supporting customers to drive revenue growth. In-plant and franchise print shops can expand their services with greater media support for coated, specialty, and synthetic stocks up to 360 gsm, adding immediate value to their operations with a system that can serve as the center of their production environment. Moreover, expanded core specifications heighten ease of use in office settings, contributing to greater operational efficiency.

For print service providers and commercial printers, the RICOH Pro C5400S Series serves as high-quality, light-production print devices with improved image registration accuracy, achieved through refined paper feeding stability and more precise image adjustment functions. Additionally, an upgraded user interface for paper settings ensures consistent print quality, providing strong support for professional printing operations.

The RICOH Pro C5400S Series is currently on display at IPMA 2025, June 8-12, at the Davenport Grand Hotel in Spokane, WA. Attendees can visit Ricoh’s booth to learn more about the new Series, as well as Ricoh’s full lineup of production and commercial print technology and solutions.

Key features and benefits of the RICOH Pro C5400S Series

For Enterprise

Enhanced usability and efficiency for office environments.

  • Faster startup and output: Warm-up time of just 26 seconds for the Pro C5410S and 30 seconds for the Pro C5400S. First copy output in full color as fast as 6.5 seconds for the Pro C5410S and 7.2 seconds for the Pro C5400S.
  • Improved scanning speed: Duplex scanning up to 300 pages per minute. New AI-powered orientation detection and support for continuous scans of small-format documents, such as business cards, enhancing workflow efficiency.
  • New capacitive touch: Android-based 10.1” Smart Operation Panel upgraded with capacitive technology for improved touch response, enhancing user experience.

Versatile media capability and advanced finishing options. 

  • Supports various types of media, including coated paper, waterproof paper, envelopes, clear files, and long sheet printing up to 51 inches or 1,300 mm to increase output possibilities.
  • Industry-first staple-less binding function: Uses water to moisten and press pages together, binding up to 16 sheets, ideal for safety-conscious environments, such as food services and educational institutions like kindergartens and nursing care facilities. It does not require consumables and is designed to allow easy waste separation at the time of disposal, showing consideration for the environment.
  • Compact folding unit: The paper folding option has been reduced in width to about 8.22 inches, less than half of the previous model, achieving a space-saving design. It supports the folding of coated paper and tri-folding of long sheets, expanding the range of compatible tasks and business for customers.

For Commercial Printing

Advanced functionality for stable and high-quality output.

  • New optional envelope fusing unit: Operator installed and easy to use, it offers improved print quality and printing speed of envelopes, reducing waste associated with envelope printing and boosting productivity.
  • Improved paper transport stability: Redesigned Vacuum Feed Large Capacity Input Tray (LCIT) improves paper transport stability and significantly enhances image registration accuracy for duplex and long sheet printing.
  • Advanced image alignment: Trapezoidal and right-angle correction functions for even higher precision in image alignment.
  • Enhanced paper setting user interface: Operators can easily adjust and program paper settings for optimal print performance based on their print application, which further enhances the overall output quality.
  • Simplified transfer conditions adjustment: Outputs adjustment charts (sample prints) for multiple transfer conditions, allowing users to select their desired result, streamlining setup and minimizing pre-printing adjustment time.
  • Expansive selection of inline finishers: Option to add new GBC Steampunch Plus to support more binding and punch applications, and new Plockmatic 435e series finishers for saddle stitch booklet making.

Environmental qualities

The use of post-consumer recycled materials has increased by more than five times compared to the previous models, contributing to customers’ environmental management and sustainability initiatives.

For more information, please visit: https://www.ricoh-usa.com/en/products/commercial-industrial-printing.

Leave a comment »

Samsung Canada’s Sweetheart Hotel at STACKT Market Announced

Posted in Commentary with tags on June 9, 2025 by itnerd

In an era of online dating, finding love seems harder than ever. This is partly because crafting a profile that represents you is not as easy as it looks.  

That’s why between June 21st and July 6th, Samsung and Gemini Live are saving hopeful singles and giving their dating lives a boost by opening up the Samsung Sweethearts Hotel – a dreamy pop-up hotel where guests go hands-on with the new Galaxy S25 Edge to create the perfect dating profile, their ideal dream date, and even have the chance to win seeing their dreams come to life! 

At this limited time pop-up, you’ll also have the chance to: 

  • Bio Glow-Up: Create a fake dating profile on a custom microsite app called “Samsung Connections” and describe yourself to Gemini Live. It will then generate a fun and customized bio. You can also grab a bracelet to indicate your relationship status 
  • Red Flag Detect: Use Gemini Live to browse others’ dating profiles for red flags  
  • Fit Check: Upon entering a hotel room, use Gemini Live to suggest the perfect look based on your date  
  • Who said romance is dead? Use Gemini Camera to create a meaningful bouquet. Then use Sketch to Image to create a card that goes with the bouquet  
  • Free Gifts: Stop by the Sweetheart Shop to pick up a souvenir and redeem a prize  
  • Sweet Treat: Be sure to stop by the bar and order a sweet treat using Live Translate  

When: June 21 – July 6, 2025 

Where: STACKT Market , 28 Bathurst St, Toronto, ON M5V 0C6 

Admission: Free! 

Leave a comment »

« Older Entries
Newer Entries »