Microsoft To Windows 10 Users…. Buy A New PC With Windows 11

Posted in Commentary with tags on March 22, 2025 by itnerd

Later this year, Windows 10 is going to go into end of support status in a few months. But the problem is that there’s a lot of Windows 10 PCs out there. No problem says Microsoft. Because you can just trade in your PC to get a brand new Windows 11 one:

Windows Latest spotted a new email from the Redmond giant related to Windows 10 in our ProtonMail account. We use this email for the Microsoft account of the test PC running Windows 10, which is sadly not capable of running the latest and greatest OS from Microsoft.

The email begins with a bold “End of support for Windows 10 is approaching” heading, followed by direct links to check the upgrade eligibility or purchase a new computer.

Next up is a FAQ section that tries to answer all the important questions related to Windows 10’s retirement. The first question clarifies the things that’ll happen after October 14, 2025, which includes the end of all kinds of support from Microsoft. It clarifies that all the free support will halt from that day onwards but doesn’t offer any paid alternatives.

After that, there is a brief answer about trading or recycling your old PC if you want to upgrade, followed by an assurance that your PC will work but won’t get updates. However, with time it’ll support fewer apps and will become a hunting ground for malicious actors.

Here’s the problem with this approach. People aren’t going to get much when trading in a laptop or a desktop that’s too old to run Windows 11. The market for those machines is already falling fast. On top of that with inflation, tariffs and the like squeezing the bank accounts of people, I really don’t think that this is a winning approach as you have to have the disposable income to buy a new PC. But I guess that their thought process is YOLO.

Leave a comment »

Apple Gets Sued Over The Apple Intelligence Debacle

Posted in Commentary with tags on March 21, 2025 by itnerd

Seeing as Apple was hyping Apple Intelligence to sell iPhones and Macs, and then had to back away from that when they delayed the new Siri, you knew that a lawsuit was going to be inbound. And sure enough, here’s the lawsuit:

The suit, filed Wednesday in U.S. District Court in San Jose, seeks class action status and unspecified financial damages on behalf of those who purchased Apple Intelligence-capable iPhones and other devices.

And:

“Apple’s advertisements saturated the internet, television, and other airwaves to cultivate a clear and reasonable consumer expectation that these transformative features would be available upon the iPhone’s release,” the suit reads.

  • “This drove unprecedented excitement in the market, even for Apple, as the company knew it would, and as part of Apple’s ongoing effort to convince consumers to upgrade at a premium price and to distinguish itself from competitors deemed to be winning the AI-arms race.”
  • “Contrary to Defendant’s claims of advanced AI capabilities, the Products offered a significantly limited or entirely absent version of Apple Intelligence, misleading consumers about its actual utility and performance. Worse yet, Defendant promoted its Products based on these overstated AI capabilities, leading consumers to believe they were purchasing a device with features that did not exist or were materially misrepresented.”

Now I am not a lawyer, but I think that this has merit. Apple did hype Apple Intelligence massively and they did tie it into product launches. So I can see how someone might be a bit ticked off if they bought a new iPhone and some of the key features of Apple Intelligence were not there or didn’t work the way one would have been led to believe. Thus I think Apple might have a problem here that their team of lawyers might have difficulty swatting away. The usual this hasn’t been tested in court applies here. But I suspect Apple is going to focus their efforts in terms of settling this out of court as fast as they possibly can.

2 Comments »

218 Repos Exposed in GitHub Action Supply Chain Attack

Posted in Commentary with tags on March 21, 2025 by itnerd

Endor Labs has a story on a GitHub based supply chain attack that’s worth reading. Though only 218 repositories out of the 23,000 exposed secrets in the supply chain attack on the GitHub Action tj-actions/changed-files, the impact is still significant as some repositories are very popular and could be used in new supply chain attacks. Details below:

https://www.endorlabs.com/learn/blast-radius-of-the-tj-actions-changed-files-supply-chain-attack

Jim Routh, Chief Trust Officer at Saviynt, commented:

“This information represents excellent work by the writer, Henrik Plate from Endor Labs to demonstrate how threat actors use compromised credentials to access the software supply chain. Although the scope and impact, in this case, are not widespread, the threat actor tactics are useful to understand, due to the exploitation of non-human and human account credentials. This represents another reminder for enterprises to invest in more robust privilege access management capabilities (including continuous validation) applied to those with access to the software supply chain for the enterprise.” 

Any organization that uses GitHub should read this report by Endor Labs as it provides a whole lot of insight of how threat actors can execute an attack like this. Thus giving you more insight in terms of how to stop them.

Leave a comment »

Samsung Galaxy S25 Ultra ranked #1 by Consumer Reports and gets rave reviews elsewhere

Posted in Commentary with tags on March 21, 2025 by itnerd

Samsung’s newest Galaxy S25 Ultra is the #1 smartphone of 2025 with recognition across global markets including the US, EU, Denmark and the UK. With its powerful AI features, exceptional camera system, and flagship performance, the S25 Ultra stands out as the smartphone to beat in 2025.  

More specifically, Samsung’s Galaxy S25 Ultra earned the highest score of 5 in most of Consumer Reports’ 10 evaluation categories, including performance, rear camera image quality, display, durability, and ease of use.   

What’s driving this global recognition? The Samsung Galaxy S25 Ultra earned praise for its best-in-class camera system and Galaxy AI capabilities with One UI 7Apart from the Galaxy S25 Ultra’s recognition on the US Consumer Reports ranking, it has also been highlighted as the top smartphone in evaluations across five European countries (Italy, Spain, Belgium, Portugal, and Sweden), and by consumer magazines the UK’s Which? and Denmark’s Taenk. 

You can read the details here.

Leave a comment »

Ransomware Gang Cloak Claims To Have Pwned VA Attorney General

Posted in Commentary with tags on March 20, 2025 by itnerd

Ransomware gang Cloak today claimed responsibility for a February 2025 cyber attack on the Attorney General of Virginia that prompted officials to shut down computer systems including email, VPN, internet access, and the AG’s website.

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote: 

“Cloak is a ransomware group that first started claiming its cyberattacks in August 2023. Its malware both steals data and locks down computer systems, forcing victims to pay a ransom or face extended downtime, data loss, and putting data subjects at increased risk of fraud.”

“Since it began, Cloak has claimed 13 confirmed ransomware attacks and 54 unconfirmed attacks that weren’t acknowledged by the targeted organizations. This attack on the Virginia attorney general is Cloak’s first confirmed attack in 2025. Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud. Ransomware can disrupt everything from communications to billing, payroll, access to data and applications, and online services.”

“Comparitech researchers have logged 10 confirmed ransomware attacks on US government agencies in 2025 so far. Earlier this week, we confirmed Qilin’s attack on the Cleveland Municipal Court, which is still facing service disruptions three weeks later.”

Additionally, Comparitech recently released two studies looking into the impacts of ransomware attacks against US and worldwide government organizations.  Those are worth a read.

Leave a comment »

New KnowBe4 Report Reveals Spike in Ransomware Payloads and AI-Powered Polymorphic Phishing Campaigns

Posted in Commentary with tags on March 20, 2025 by itnerd

Today, KnowBe4 published its Phishing Threat Trend Report, Vol 5 which details threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025.

The report highlights the growing threat of ransomware and explores how cybercriminals are using sophisticated tactics to bypass native security and secure email gateways (SEGs).

It also examines how AI is being leveraged to create polymorphic phishing campaigns, how attackers are infiltrating the hiring process to access systems and data, and the increasing success of attacks evading traditional defenses.

Key Findings From the Report:

  • Between September 15, 2024 and February 14, 2025 there was a 17.3% increase in phishing emails compared to the previous six months.
  • 82.6% of all phishing emails analyzed exhibited some use of AI.
  • The report observes a 22.6% increase in ransomware payloads.
  • The phishing hyperlink, malware, and social engineering payloads getting through traditional detection have surged, with phishing hyperlinks increasing by 36.8%, malware by 20%, and social engineering tactics by 14.2% compared to the previous six months.
  • Additionally, there has been a 57.9% increase in attacks being sent from compromised accounts getting through traditional detection.
  • The top five legitimate platforms used to send phishing emails include DocuSign, Paypal, Microsoft, Google Drive, and Salesforce.
  • Currently the most impersonated brands include Microsoft, Docusign, Adobe, Paypal, and LinkedIn. 

For full details, see below release. The Phishing Threat Trends Report, Vol 5 is available for download here

Leave a comment »

SpyX data breach affects almost 2 million

Posted in Commentary with tags on March 20, 2025 by itnerd

It is being reported by HaveIBeenPwned.com that a consumer-grade spyware operation called SpyX was hit by a data breach last year. SpyX and two other related mobile apps had records on almost two million people at the time of the breach, including thousands of Apple users:

In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target’s email address and plain text Apple password.

Needless to say, that’s not good. Javvad Malik, Lead Security Awareness Advocate at KnowBe4 had this to say: 

“The irony of an entity purporting to offer surveillance capabilities itself falling prey to a breach is not lost with this one. However, this breach not only exposes the victims to further risks but starkly highlights the inherent vulnerabilities within these spyware operations.”

“The fact that a large number of Apple users were impacted is a reminder that while some technologies are more robust than others, no platform is invulnerable to being breached. Beyond the breach, the apparent inaction and silence by SpyX showcases a lack of responsibility.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech adds this: 

“By law, companies must report breaches like this to the authorities. SpyX is a UK-based company, and the UK has strict breach disclosure laws. SpyX appears to be in violation of those laws by knowingly not reporting a major breach. SpyX does business in the US, which also has breach disclosure laws. SpyX’s failure to report the breach is negligent and puts Apple users at risk, but it’s not surprising given the app’s shady business model.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy offers up this:

“It is inexcusable for a firm to experience a data breach and not notify the authorities and the affected parties. While normally I would applaud a stalkery firm like this being hit with hack attacks, data breaches like this one put millions of users at risk, possibly leaving Apple users open to being hacked on iCloud. Both UK and US laws require reporting of breaches like this, meaning SpyX could be subject to penalties from both countries.”

“iCloud users who have used SpyX should immediately visit the Have I Been Pwned website and enter their e-mail address(es) to determine whether their information was exposed in the breach.”

Now I went to HaveIBeenPwned.com and my iCloud email address isn’t part of the breach. Not that I expected it to be. But it doesn’t hurt to be sure. Regardless, it’s bad when a company who does what SpyX does gets pwned. Hopefully this not only serves as a wake up call in general, but people distrust SpyX to such a degree that they no longer exist.

Leave a comment »

York University and ventureLAB strengthen partnership with renewed Memorandum of Understanding

Posted in Commentary with tags on March 20, 2025 by itnerd

York University and ventureLAB signed a renewed Memorandum of Understanding (MoU) to expand their collaboration in talent development, research, and industry-driven innovation. This agreement reinforces their commitment to bridging academia and industry, creating opportunities for students, researchers, and entrepreneurs to drive growth in Canada’s technology sector.

As a leading innovation hub, ventureLAB’s mission is to power hardtech founders to build and scale globally competitive ventures that advance Canada’s knowledge-based economy, making this partnership a natural extension of its work in fostering a globally competitive technology ecosystem.

The MOU establishes a strong talent pipeline, connecting York University’s distinguished professors and researchers with ventureLAB’s influential network of founders. It also provides York University students with hands-on internship opportunities, equipping them with real-world experience in the hardtech, semiconductor, AI and medtech industries.

With the launch of York University’s new Markham Campus, this partnership is expanding to create even greater opportunities for students, faculty, and industry professionals. Located near the new campus, ventureLAB will serve as a key hub for experiential learning, giving students direct access to its state-of-the-art Innovation Centre and resources. This collaboration will drive new joint programming initiatives and strengthen the synergy between York University’s STEM, management, and business programs and ventureLAB’s dynamic innovation ecosystem. By fostering cutting-edge research, commercialization, and talent acceleration, York University and ventureLAB are shaping the future of Canada’s technology sector.

York University continues to be a valuable partner in ventureLAB’s flagship programs, including the Hardware Catalyst Initiative and Accelerate AI. As part of this renewed agreement, York University professors will now have direct access to ventureLAB’s leading-edge hardware lab, enabling groundbreaking research and industry collaborations that will drive advancements in Canada’s semiconductor, AI, and deep-tech industries.

This renewed partnership underscores the transformative potential of collaboration between academia and industry, creating a stronger pipeline of talent and innovation that will shape the future of Canada’s tech sector. As York University and ventureLAB continue to strengthen their alliance, they remain dedicated to fostering technological advancements, supporting high-impact research, and equipping the next generation of leaders with the tools to thrive.

Leave a comment »

Team Cymru Announces Integration With Microsoft Security Copilot to Bring Immediate AI-Generated Context to Security Teams

Posted in Commentary with tags on March 20, 2025 by itnerd

Team Cymru today announced the general availability of its Pure Signal™ Scout Plugin for Microsoft Security Copilot.

For two decades, Team Cymru has transformed the way security professionals monitor, analyze, and respond to potential threats. Now, these same capabilities enable SOC teams to take immediate action at scale. Using the Microsoft Copilot plugin, SOC teams can seamlessly query the Team Cymru Pure Signal™ data ocean, transforming tedious investigations with immediate, context rich AI powered responses.

Security Copilot is the first AI-powered security product that enables security professionals to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes. It combines an advanced large language model (LLM) with a security-specific model that is informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals.

Learn how to become AI-enabled with Copilot here

Leave a comment »

Apple won’t build a backdoor – yet iOS apps leak secrets anyway 

Posted in Commentary with tags on March 20, 2025 by itnerd

Apple’s UK encryption rollback has reignited the global debate on privacy. But while all eyes are on government backdoors, the latest Cybernews research exposes an even bigger risk – iOS apps are leaking sensitive data at scale, and Apple isn’t doing much if anything to stop it.

Last week, the Cybernews research team revealed that 71% of 156,000 iOS apps are leaking hardcoded secrets – a serious security flaw with major implications for businesses and consumers.

Now, their latest report dives deeper into the top 10 most commonly exposed secrets and why they pose a significant risk to user data, whether owned by consumers or businesses.

Here’s a quick look at the top 3 threats for businesses and individuals:

  • Project ID (Google) exposes app resources, logs, and potentially weakly secured services, increasing the likelihood of data breaches.
  • Google App ID can be used to impersonate apps, granting unauthorized access to user data, APIs, and backend systems.
  • API Keys (Google): if exposed, these can lead to unauthorized service access, risking data loss, tampering, and breaches of user privacy.

This is the first research of its kind at this scale – no one has ever published even approximate findings on Apple’s secret leaks before. These findings raise a bigger question: is Apple’s App Store security review failing to catch these weak spots? 

With stolen credentials linked to 31% of all breaches and an increasing reliance on mobile devices for sensitive transactions, this is a problem that app users and developers must address.

For more details, including a look at the most sensitive leaked secrets, read the full article here.

Leave a comment »

« Older Entries
Newer Entries »