Yikes! Critical FortiSwitch flaw lets hackers change admin passwords remotely

Posted in Commentary with tags on April 10, 2025 by itnerd

Fortinet FortiSwitch owners should be patching their gear ASAP as the company has released security patches for a critical vulnerability in FortiSwitch devices that can be exploited to change administrator passwords remotely.

You can find out more details here: PSIRT | FortiGuard Labs

Martin Jartelius, CISO at Outpost24 had this to say:

“There are a few rules of thumb. DO NOT expose administrative interfaces against the internet if you can avoid this. While this flaw allows a password change, for those who expose their devices against untrusted networks, the quality of passwords is also important, because already today there is the risk of attacks against weak password.”

“We help companies fight both those issues, password quality is the most user-centric, and EASM allows organizations to find those devices and fix the exposure – because exposure it risk, and vulnerability or not – if the attackers cannot reach the device you have substantially less of a stressful morning fixing this issue. Also praise to Fortinet who found, fixed, and disclosed the issue openly.”

This is one of these situations where you should drop what you are doing and patch everything ASAP. I say that because there are a lot of these devices online. Which means every single one is a target for threat actors.

Leave a comment »

Arcitecta Wins 2025 NAB Show Product of the Year Award

Posted in Commentary with tags on April 10, 2025 by itnerd

Arcitecta, a creative and innovative data management software company, today announced that its Mediaflux® Real-Time is an Asset Management and Playout winner in the 2025 NAB Show Product of the Year Awards. This official awards program recognizes some of the most significant and promising new products and technologies showcased by exhibitors at the NAB Show.

Ideal for live sports, broadcast, hybrid production environments and more, Arcitecta’s Mediaflux Real-Time provides unparalleled production workflow speed, flexibility and efficiency gains. It supports real-time editing, removes workflow bottlenecks and enhances remote collaboration, enabling faster content delivery and seamless media management.

By eliminating bottlenecks and delays, Mediaflux Real-Time empowers teams to work faster and smarter, delivering powerful capabilities:

  • Edit anywhere: No longer tethered to event locations, editors can access growing files from any site, enabling real-time collaboration across multiple locations.
  • Fast turnaround: Remote editors can create highlight reels or edit live footage almost instantly, dramatically cutting post-production time.
  • Smoother workflows: Content can be played back in real-time across sites and be reviewed as it is rendered, ensuring faster workflows and higher productivity.

NAB Show Product of the Year Award Winners were selected by a panel of industry experts in 16 categories and announced in a live awards ceremony at NAB Show on April 8.

Click here for more information about the 2025 NAB Show Product of the Year Awards.

Leave a comment »

Comparitech’s Q1 2025 Ransomware Roundup Is Live

Posted in Commentary with tags on April 10, 2025 by itnerd

 Researchers at Comparitech have released a study looking at the impact of global ransomware attacks in Q1 2025.  

In this report, the researchers not only outline the number of attacks but also which sectors were most impacted, the average ransom paid globally, as well as the most prolific gangs in the quarter. 

Key findings include: 

  • 2,190 ransomware attacks globally–1,000 more than in the same period of 2024 (1,172). Government organizations remain a key focus for hackers, and the manufacturing industry has also seen a huge uptick in attacks.
  • Of the 2,190, 197 of them have been confirmed. While this is significantly lower than the number logged in Q1 of 2024 (373), many attacks aren’t confirmed until months after the event.
  • Clop was the most prolific ransomware gang at 331 attacks, with RansomHub coming in at second place with 224. 

You can access the report here: https://www.comparitech.com/news/ransomware-roundup-q1-2025/

1 Comment »

Guest Post: KnowBe4 Expert Tips: Securing Employee Identities for Identity Management Day 2025

Posted in Commentary with tags on April 9, 2025 by itnerd

This week the industry celebrates Identity Management Day on the 8th of April, a crucial reminder for organizations to prioritize the security of their employees’ digital identities. 

We live in a time where deepfakes, synthetic identities, and sophisticated cyberattacks are rife, which makes safeguarding credentials and personal information more critical than ever. 

With people remaining the most targeted attack vector, and social engineering attacks including phishing responsible for 70% to 90% of all breaches, KnowBe4’s security awareness experts share their top tips and advice to help organizations safeguard against the theft of their employees’ digital identities. 

Anna Collard, SVP of content strategy & security awareness advocate

  • Cultivate a Zero Trust Mindset: Never trust, always verify, even when communication comes from seemingly familiar contacts.
  • Phishing-resistant MFA: Mandate the use of multi-factor authentication (MFA). Supplement this with additional layers of security, like biometrics (fingerprint, facial recognition) or contextual risk analysis (location, device health, time of access).
  • Security Awareness Training: Conduct regular security awareness training to educate employees on the tactics used in social engineering attacks. This includes recognising phishing emails, smishing (SMS phishing), vishing (voice phishing), and other phishing and social engineering techniques.
  • Mindfulness. “Stop, Breathe, Question” Technique: Teach employees to pause, take a breath, and question the legitimacy of requests before clicking on links, opening attachments, or approving access.

Javvad Malik, lead security awareness advocate

  • Prioritize Security and Usability: Implement a user-centric approach to security that ensures all employees can easily and securely access the resources they need, while maintaining the confidentiality, integrity, and availability of sensitive data. This involves streamlining authentication processes, minimizing friction, and providing clear instructions to guide users through security protocols.
  • Easy-to-Understand Security Measures: Educate employees on the practical benefits of security measures, emphasizing how they protect both personal and organizational data. Use clear and concise language, relatable examples, and interactive elements to engage users and cultivate a strong security culture.
  • Continuous Authentication: Implement advanced authentication mechanisms that continuously verify users based on their behavior patterns, like typing speed, mouse movements, and location data. This helps to detect and prevent unauthorized access, even if login credentials have been compromised.
  • Self-Service Capabilities: Empower users with self-service capabilities such as self-service portals that enable employees to do things like manage their accounts, reset passwords etc. This reduces delays and frustration, improves user satisfaction, and ensures that all users can maintain access to critical resources.

Martin Kraemer, security awareness advocate

  • Share On a Need-To-Know Basis: Uploading personal documents like passports online has become increasingly common for various services like opening a bank account. While this practice can be convenient, it’s essential to exercise caution. Only share sensitive information when absolutely necessary and with legitimate parties. Always verify the legitimacy of the request and the organization before sharing any personal data. If you are asked for sensitive information without a clear and valid reason, or if something feels suspicious, don’t share it. 
  • Your Online Behavior is Monitored: Social media platforms and other online services track your online behavior to create detailed profiles. These profiles gather your behavior, interests, and preferences, which can then be used for targeted advertising or other purposes. If you are uncomfortable with others knowing about your online activity, be mindful of your actions. Consider adjusting your privacy settings, limiting the information you share, and being selective about the websites and services you use. Remember that your digital footprint can have long-lasting consequences.

James McQuiggan, security awareness advocate

  • Empower Employees to Report: Many employees hesitate to report suspicious logins, unexpected MFA prompts, or phishing attempts due to fear of blame, unclear processes, or negative past experiences with IT support. It’s important to foster a security culture where prompt reporting is rewarded, not reprimanded, and to integrate user-friendly reporting mechanisms, for example one-click buttons, and SSO (single sign-on) portals. Ensure the process for reporting phishing, credential misuse, or MFA fatigue is simple, fast, and judgment-free.
  • Post-Incident Response: Use incident reviews as learning opportunities rather than blame sessions. Ensure support teams respond quickly to reported incidents to build user trust.
  • IT and Cybersecurity Teams: Stay informed about Initial Access Brokers (IABs) and Stealer Malware trends. Monitor underground forums and markets for exposed corporate credentials and for insights into attacker tools, techniques, and procedures (TTPs).
  • Governance, Risk Management, and Compliance: Establish a process for regularly collecting, tagging, and analyzing stealer logs to identify exposed employee credentials (especially those with saved browser sessions or cookies). Share insights with IT and cybersecurity teams to prioritize high-risk cases.
  • Threat Intel Teams: Align findings with MITRE ATT&CK techniques (e.g., T1556, T1539) to enhance defensive strategies.

Erich Kron, security awareness advocate

  • Do not reuse passwords: Credential stuffing attacks use automated tools and stolen login information to log into accounts. Reusing passwords across multiple platforms makes employees and organizations vulnerable because if one account is compromised, all accounts using the same password are compromised as well.  

Roger A. Grimes, data-driven defense evangelist

  • Phishing-Resistant MFA: This is the most secure option, as it protects against common social engineering attacks like phishing scams. Examples include hardware security keys and biometrics like fingerprint or facial recognition. These methods require something you have (the hardware key) or something you are (your biometrics), making it much harder for attackers to impersonate employees.
  • Any MFA: If phishing-resistant MFA is not feasible, any MFA is better than none. Examples include SMS-based authentication, time-based one-time passwords (TOTP) generated by an app, and push notifications to a trusted device. While not as secure as phishing-resistant MFA, these methods still add an extra layer of protection to your accounts.
  • Use a Password Manager: Use a reputable password manager to create and manage strong, unique passwords for every site and service. Password managers generate complex passwords that are nearly impossible to guess, and they store them securely so you don’t have to remember them all. Many password managers also offer features like autofill and password sharing, which can save time and improve your security.
  • Strong, Unique Passwords: If you can’t use a password manager, create strong passwords or passphrases that are at least 20 characters long. A strong password should include a mix of uppercase and lowercase letters, numbers, and symbols. Avoid using easily guessable information like your name, birthdate, or pet’s name. Most importantly, never reuse passwords across different sites or services.

By implementing these strategies, organizations can significantly reduce the risk of identity theft, credential compromise, and subsequent phishing and social engineering attacks, ultimately protecting their employees and their valuable data. 

Leave a comment »

Research reveals risk of predators grooming women to access their children

Posted in Commentary with tags on April 9, 2025 by itnerd

Women looking for love online are being warned of a sinister side to dating apps, with new evidence that abusers may try to groom them to gain access to their children. 

Research by Childlight Global Child Safety Institute finds men who sexually offend against children are nearly four times more likely to use dating sites than non-offenders. 

The unit, hosted by the University of Edinburgh and University of New South Wales, found nearly two thirds (66%) of men who sexually offended against children used dating platforms – and over one in five (22%) used them daily. 

The report is part of a broader investigation into the multi-billion-dollar industry of child sexual exploitation and abuse, which financially benefits perpetrators, organised crime and even mainstream companies.

While Childlight warns that sexual exploitation and abuse of children has become a pandemic, affecting over 300 million every year, it says education, legislation and technological measures can help prevent it. 

Its findings, based on a survey of about 5,000 men in Australia, the UK and US, represent the latest evidence of the risk of dating site misuse by people who sexually offend against children. 

It follows a separate recent survey by the Australian Institute of Criminology that found 12% of dating apps users received requests to facilitate child sexual exploitation and abuse – often related to their own children. 

Recent high-profile cases include Scottish lorry driver Paul Stewart who manipulated single mothers via dating apps to gain access to their children for sexual abuse. He was jailed for over three years last December. 

Around 381 million people use dating apps like Tinder, according to Statista. 

The survey of 5,000 men found 11.5% admitted having sexual feelings towards children, while 11% confessed to sexual offences against minors.  

Most dating sites do not require new users to provide evidence of their identity. Salter recommends user verification processes, like mandatory ID checks, and tools to detect predatory behaviours like grooming language or suspicious messaging patterns. 

Childlight’s research also reveals that mainstream companies profit from and perpetuate the global trade in technology-facilitated sexual exploitation and abuse of children (CSEA). They include payment transfer firms and social media platforms where illegal child sexual abuse images are present and where abuse-related traffic can increase advertising revenues.

More at childlight.org

Leave a comment »

US Regulator OCC Says Executives’ Emails Were Hacked 

Posted in Commentary with tags on April 9, 2025 by itnerd

It is being reported that the emails of executives and other employees of the U.S. Treasury Department’s Office of the Comptroller of the Currency were hacked with the agency blaming longstanding vulnerabilities for the breach.

The breach involved unauthorized access to highly sensitive information relating to the financial condition of federally regulated financial institutions.

Erich Kron, security awareness advocate at cybersecurity company KnowBe4 had this comment:

“It’s always a dangerous situation when bad actors get into legitimate email accounts as these accounts carry with them a level of trust that is not present in spoofed emails. 

In many cases, bad actors will piggyback on previous conversations with others in an attempt to get the target to open infected documents or take actions that benefit the attackers. This is much easier for them to do if they are using a previous email correspondence with the victim because people are naturally less skeptical when receiving a message from someone they have previously communicated with.

It’s important that as part of a human risk management plan, employees are taught to always be careful when handling file attachments or unexpected requests, even if they come from a source they have previously communicated with. If in doubt, the request can be confirmed through an alternative form of communication such as a phone call or text message.”

The human element in making an organization secure is a key point. If you don’t have people who have the awareness to spot threats, you’re guaranteed to get pwned.

Leave a comment »

Radiant Logic Announces Strategic Growth Investment from Ridgeview Partners

Posted in Commentary with tags on April 9, 2025 by itnerd

 Radiant Logic today announced a strategic growth investment from Ridgeview Partners, a growth-oriented technology private equity firm. Upon completion of the transaction, Ridgeview will join existing investor TA Associates to support Radiant Logic’s continued global expansion and innovation in the ISPM space.

Radiant Logic is redefining enterprise security by addressing one of the largest attack surfaces—identity. The RadiantOne platform empowers the world’s largest commercial and government organizations to strengthen their security posture and solve the most complex identity challenges at scale. By leveraging the most accurate and unified data foundation, the platform provides real-time visibility into identity ecosystems and enables proactive remediation.

Ridgeview’s investment follows a period of transformative growth and innovation for Radiant Logic. Since partnering with TA in 2021, the Company has achieved significant milestones, including launching RadiantOne AI—a data lake-powered AI engine—and AIDA—a generative AI assistant that automates identity security posture management. These innovations have set new benchmarks for scalability and efficiency in enterprise identity security. Additionally, the strategic acquisition of Brainwave GRC expanded Radiant Logic’s capabilities into identity analytics, enhancing governance and compliance for its customers.

Deutsche Bank acted as financial advisor and Kirkland & Ellis served as legal advisor to Radiant Logic. PJT Park Hill acted as financial advisor and Sidley Austin LLP served as legal advisor to Ridgeview.

Leave a comment »

Arcitecta Mediaflux Named a 2025-2026 TOP 5 Cybersecure 10PB+ NAS Solution in DCIG Global Edition Report

Posted in Commentary with tags on April 9, 2025 by itnerd

Arcitecta, a creative and innovative data management software company, today announced that research firm DCIG has selected Arcitecta’s Mediaflux appliance as one of 2025-26 DCIG TOP 5 Cybersecure 10PB+ NAS Solutions in a Global Edition Report. The report provides “organizations with guidance on the best cybersecure 10PB+ NAS solutions for deployment today,” based on DCIG’s evaluation of over 300 features within specific categories. These categories included architecture, cyber resilience, data protection, efficiency, performance management, performance resources, product management, and technical service and support.

DCIG reports that network-attached storage (NAS) solutions remain a practical and widely adopted choice for organizations of all sizes due to their ease of setup, configuration and deployment. With support for NFS and SMB protocols, NAS systems are well-understood and continue to grow in popularity. According to Fortune Business Insights, the global NAS market is projected to grow from $40.3 billion in 2024 to nearly $130 billion by 2032, signaling strong momentum for these scalable, file-based storage solutions.

As data volumes rapidly increase—driven by more devices, applications and the growing use of high-resolution media— and organizations expand their NAS deployments, DCIG notes the growing ubiquity of NAS solutions also makes them prime targets for ransomware attacks, highlighting the need for robust data protection strategies.

Mediaflux Point in Time for Near-Zero RPOs and RTOs

Arcitecta’s Mediaflux data management platform includes a revolutionary new backup and recovery approach that redefines data resilience at scale. Mediaflux Point in Time eliminates the cost and business impact of lost or corrupted data and provides self-service data recovery. It allows users or IT administrators to return to any point in time to recover needed files – even in a cyberattack where files have been encrypted. It provides a strong first line of defense against crypto locking with the ability to roll back ransomware attacks, enabling the complete and immediate recovery of data – a recovery time objective (RTO) of zero – and virtually no downtime with a recovery point objective (RPO) near zero, typically within milliseconds.

The Mediaflux Difference

Mediaflux offers an advanced, comprehensive data management platform that can operate on a massive scale to help organizations better manage data throughout its entire lifecycle. Its suite of solutions enables organizations to organize, search, share and preserve their data well into the future for lasting value.

With solutions such as Mediaflux Multi-Site, Mediaflux Edge and Mediaflux Burst, users within geographically dispersed workforces collaborate more efficiently, spend far less time waiting for data when needed, and avoid unnecessary investments in compute resources when usage times peak. As part of Arcitecta’s evolving ecosystem of advanced data management capabilities, these solutions ensure data is moved to the right location for the right user at the right time, accelerating innovation, discoveries and business outcomes.

Leave a comment »

Ericsson unveils wireless-first branch architecture to deliver agile, secure connectivity for AI-led enterprise innovation

Posted in Commentary with tags on April 9, 2025 by itnerd

Ericsson today announced the launch of its new wireless-first architecture that brings agility and scale to branch networking. Designed to support higher-bandwidth, business-critical AI-powered operations, it combines diverse WAN connectivity, LAN switching, network slicing, and zero-trust through unified management to deliver scalable and secure high-performance branch networking. From virtual experts in insurance offices to computer vision applications in remote healthcare clinics, distributed sites increasingly rely on always-on connectivity to support business-critical operations and deliver modern customer experiences.

According to IDC, by 2026, 90 per cent of enterprises will integrate generative AI into their connectivity strategy – underscoring the growing need for secure, scalable, and easily managed networks. As 5G Advanced gains momentum, enterprises are moving beyond traditional best-effort services and seeking predictable performance for business-critical applications through services such as network slicing. Ericsson’s wireless-first branch architecture – combining the Cradlepoint E400, new LAN switches and access points, and NetCloud Manager – provides enterprises with a future-ready connectivity foundation to unlock the full potential of AI-driven innovation.

Key components of Ericsson’s new wireless-first branch architecture include the following:

  • The new Cradlepoint E400 is a next-generation routing and security appliance that serves as the core of the architecture – providing integrated support for 3GPP Release 17 5G, Wi-Fi 7, and LEO satellite WANs to deliver high-performance, scalable connectivity from virtually anywhere.
  • New Cradlepoint LAN switches and access points, which extend LAN capacity and are unified under Ericsson NetCloud Manager to augment LAN solutions from existing technical alliance partner solutions.
  • Ericsson NetCloud Manager additionally provides centralized control and provisioning of embedded eSIM and dual-SIM capabilities, enabling remote profile configuration, seamless carrier switching, and streamlined deployment for lean IT teams.
  • Ericsson NetCloud SASE, SD-WAN, and 5G network slicing capabilities which enhance reliable performance and security across diverse WAN connections. While SD-WAN, link bonding and SASE optimize traffic across wired, cellular, and satellite links, network slicing delivers isolated, secure 5G slices with use-case specific parameters for business-critical applications.

To fully unlock AI’s potential, lean IT teams must be able to deliver modernized branch operations that support AI applications with scalable, secure, and resilient wireless connectivity. Ericsson’s wireless-first architecture – powered by the E400, NetCloud Manager, and LAN infrastructure – gives IT teams and carriers the flexibility, performance, and security needed to deploy and manage AI-ready connectivity across distributed branch sites.

All products are available immediately. For more information on the Ericsson Cradlepoint E400 routing and security appliances visit here; for details about Ericsson Cradlepoint LAN switches visit here; and information on Wi-Fi access points, visit here.

Leave a comment »

iOS Photo Vault app leaked user data in real time 

Posted in Commentary with tags on April 9, 2025 by itnerd

The iOS app Photo Vault, designed to protect private content, has leaked user data in real time due to a misconfigured, passwordless Firebase database.

What was exposed:

  • Metadata from 17,000 photo albums
  • 56 password entries
  • 81 private notes, some labeled “passwords”

Because of this flaw, attackers could watch as users uploaded content, and potentially use that data to hijack accounts or infiltrate linked services like Facebook or Dropbox.

You can read the full Cybernews investigation here.

Leave a comment »

« Older Entries
Newer Entries »