Love, Money, and Disagreements: New Survey By Wise Reveals All

Posted in Commentary with tags on February 6, 2025 by itnerd

With Valentine’s Day just around the corner, Wise, the international money account, has conducted a revealing survey that sheds light on how couples navigate financial discussions and challenges. 

These findings offer a fascinating glimpse into the financial dynamics of modern relationships. 

Key Findings:

Canadians Are More Comfortable Discussing Finances Than Americans

  • A striking 75% of Canadian couples feel comfortable discussing finances with their partners, compared to only 32% of Americans.
  • Over half of Canadians (56%) engage in regular financial discussions, yet 81% of them experience disagreements during these conversations.
    • Cross-border couples are more prone to financial disagreements and often seek advice from close ones, consulting their mom (31%), dad (31%), friends (38%), and co-workers (27%) about financial matters 3-5 times or more per month.

Top Areas of Financial Disagreement Among Couples

  • Spending on non-essential items like streaming subscriptions and vacations (30%).
  • What’s considered a necessity to spend on each month (29%).
  • Savings in relation to income each month (25%).
  • Cultural differences make financial conversations uncomfortable for 24% of those in cross-border relationships.

Reasons for Discomfort in Financial Discussions

  • Fear of causing disagreements (28%).
  • Different ideas about spending and saving (26%).
  • Differences in perceived financial responsibility (25%).

Impact of Living Situations on Financial Discussions

  • One-third of couples not in long-distance relationships see cross-border distance as a potential barrier due to the cost of maintaining places in two countries (32%) and travel expenses (31%).
  • Cross-border couples face higher levels of uncertainty about their future (22% vs. 9% of those living in Canada) and are more unsure about which financial tools to use (22% vs. 9% of those living in Canada).
  • Managing different currencies and transferring money is a concern for 29% of cross-border couples, compared to just 5% of those living in Canada.

Striving for Financial Harmony

  • Canadian couples report higher satisfaction with shared financial responsibilities (75%), likely due to similar philosophies about money (66%).
  • This indicates a strong desire for financial transparency and mutual understanding within Canadian relationships.

Strategic Financial Discussions and Planning

  • Canadians are strategic in their financial discussions and planning with their partners.
  • Both Canadian and cross-border couples believe the right time to begin sharing expenses is when planning a future together (37%) or moving in together (34%).
  • Canadians prioritize important financial discussions within the first year of their relationship, focusing on existing debts (70%), sharing expenses (69%), budgeting strategies (66%), and major planned purchases like a house, car, or education (62%).

Leave a comment »

Ivo Raises $16M In Series A Funding

Posted in Commentary with tags on February 5, 2025 by itnerd

Contract negotiation remains the most challenging bottleneck in the contract lifecycle, with legal teams spending hours on manual redlining and revisions while ensuring perfect accuracy. As contract volumes surge, in-house lawyers face mounting pressure to review more agreements than ever before – yet traditional automation tools prioritize speed over accuracy, forcing legal teams to choose between efficiency and reliability. Today, Ivo announces a $16 million Series A funding round to scale its AI-powered contract review solution that has already helped over 150 corporate legal teams negotiate their agreements. Ivo’s customers include companies like Canva, Fonterra, Pipedrive, Weightwatchers, Eventbrite, Blue Cross Blue Shield Kansas City, and several Fortune 500’s.

The Series A funding round is led by Costanoa Ventures, with participation from Fika Ventures, Uncork Capital, NFDG, Blackbird VC, GD1, and Phase One Ventures. It brings Ivo’s total funding to $22.2 million, following early backing from Daniel Gross and a $4.8 million seed round led by Fika Ventures and Uncork Capital. 

Ivo has developed a breakthrough approach to contract review that sets new standards for accuracy. The platform automatically checks agreements against company requirements, generates specific suggestions for resolving discrepancies, and creates compromise language between conflicting clauses. Unlike competitors that treat legal review as a simple automation problem, Ivo’s sophisticated AI produces naturalistic redlines that mirror the work of experienced attorneys, maintaining consistent terminology and making minimal necessary changes. 

The timing of Ivo’s expansion is critical. As artificial intelligence emerges as potentially the most transformative technology since the internet, legal teams face mounting pressure to adopt solutions that can scale their capabilities. Yet most AI tools lack the sophistication to handle complex legal analysis, creating more work for lawyers who must double-check every output. With its team of in-house lawyers continually refining and enhancing the platform, Ivo has developed an approach that augments rather than replaces legal judgment – acting as a “powerful force multiplier” for teams handling increasingly large volumes of contracts.

Today’s launch of Ivo Search Agent marks another milestone in the company’s mission to transform how legal teams work. This new capability revolutionizes contract search and analysis by eliminating the need for manual metadata tagging — a significant pain point in traditional contract lifecycle management systems. Legal teams can now search and generate reports across their entire contract portfolio regardless of where documents are stored, whether in cloud storage solutions like Box and SharePoint or local computers. The system works seamlessly across various data sources, including CLM integrations, requiring minimal implementation while delivering comprehensive insights.

Leave a comment »

Nikon Releases the COOLPIX P1100 Compact Digital Camera

Posted in Commentary with tags on February 5, 2025 by itnerd

Today Nikon Canada Inc. has announced the COOLPIX P1100, a compact digital camera that features an incredible 125x optical super-telephoto zoom, with creative features that help users to create amazing photos and videos from the most extreme distances. 

The COOLPIX P1100 is a compact digital camera that offers further improvements in usability and connectivity. It covers a vast range of focal lengths beginning at the wide-angle 24mm equivalent, extending to the super-telephoto 3000mm equivalent. The P1100 is capable of going even farther, with up to a 250x  zoom when Dynamic Fine Zoom is enabled.

The COOLPIX P1100 makes it easy to enjoy the world of super-telephoto shooting with the ability to capture dynamic images of subjects that are difficult to approach, including birds and celestial bodies. The camera features Dual Detect Optical VR, which achieves a level of vibration reduction equivalent to 4.0 stops at the centre of the frame, effectively suppressing camera shake when handheld shooting. The P1100 is also able to capture 4K UHD/30p and superlapse movie recordings, helping the user make creative videos of nature and the night sky.  

Further enhancements include a selectable AF-area mode in Bird-Watching Mode, and the same functions that can be assigned to the camera’s Fn button can now be assigned to the Fn1/Fn2 buttons on the optional ML-L7 Remote Control. What’s more, a Fireworks option has been added to [Multiple exp. Lighten] scene mode. This function reduces instances of blown-out highlights that often occur when shooting long exposures, making it easier to capture impressively clear scenes of fireworks displays in which the brightness of the foreground or the background differs.

Primary Features of the Nikon COOLPIX P1100

  • Incredible 125x optical zoom for super-telephoto performance up to a 24-3000mm equivalent.
  • Super ED and ED lens elements provide superior chromatic aberration compensation and deliver outstanding rendering capabilities across the entire zoom range, even with super-telephoto shooting.
  • Dual Detect Optical VR accurately suppresses the effects of camera shake with super-telephoto handheld shooting. This enables the capture of sharp and clear images of birds, celestial bodies, and other distant subjects at dynamic angles of view.
  • Bird-Watching and Moon modes can be accessed directly using the mode dial. 
  • Support for 4K UHD/30p movie recording lets users beautifully record subjects with the power of super-telephoto 3000mm equivalent. Frames from movies recorded in 4K UHD format can also be saved as still images.
  • Massive zoom, small size: Despite coverage of focal lengths up to 3000mm equivalent, the camera weighs only approximately 3.1 lbs (1,410g), allowing users to enjoy super-telephoto shooting more comfortably than with DSLR and mirrorless camera systems. 

Additional Features of the COOLPIX P1100:

  • The camera is equipped with a focus mode selector that can be used to change the focus mode even after it has been acquired, along with a control ring that enables the adjustment of settings such as white balance and manual focus.
  • Optional accessory ML-L7 Remote Control connects to the COOLPIX P1100 via Bluetooth®︎, and the same functions that can be assigned to the camera’s Fn button can be assigned to the remote.
  • A 3.2in. TFT LCD Vari-angle monitor with a wide viewing angle makes it easy to compose handheld or on a tripod. 
  • Compatible with Nikon’s exclusive RAW (.NRW) format.
  •  COOLPIX Picture Control5, which can be used to make adjustments in accordance with the subject, shooting situations and intentions.
  • Capability to record superlapse and time-lapse movies.
  • Support for Clean HDMI output6, which cleans the information display from the image output to an external monitor during recording.
  • The ability to set long-exposure noise reduction to [Auto] or [Off].
  • Adoption of a USB Type-C input/output connector.
  • Compatible with the optional DF-M1 Dot Sight that facilitates image composition during telephoto shooting.

Price and Availability
The new Nikon COOLPIX P1100 will be available in late February 2025 for a manufacturer’s suggested retail price of $1,449.95. For more information about the latest Nikon products, including the large collection of NIKKOR Z lenses and the entire line of Z series cameras, please visit www.nikon.ca

Leave a comment »

SafeBreach Launches the SafeBreach Exposure Validation Platform 

Posted in Commentary with tags on February 5, 2025 by itnerd

SafeBreach, the leader in enterprise security validation, today announced the launch of the SafeBreach exposure validation platform, which combines the power of its time-tested breach and attack simulation (BAS) product—now called Validate—and its new attack path validation product, Propagate. Together, they provide enterprise security teams with deeper insight into threat exposure and a more comprehensive view of cyber risk, a concept most recently described by Gartner® as “adversarial exposure validation.”

According to Gartner, “Adversarial exposure validation technologies offer offensive security technologies simulating threat actor tactics, techniques and procedures to validate the existence of exploitable exposures and test security control effectiveness.”

Attack path validation specifically can play a significant role in combatting the ongoing challenge of cyber attacks—including ransomware and nation-state attacks whose primary goal is to gain a foothold within large organizations and move laterally to steal critical information and assets. Products like SafeBreach Propagate can help enterprises proactively understand these real attack paths and take preemptive action to close them off. However, large enterprises have had legitimate concerns about the inherent risks that some solutions present to their environments.  

Facing increasingly severe cybersecurity incidents, tool fatigue, deployment complexity, and alert overload, enterprise CISOs need a single exposure validation platform that combines multiple critical security capabilities to provide a more holistic view of cyber risk and empower them to make data-driven decisions to manage it.

To address this need, SafeBreach has launched the SafeBreach exposure validation platform, a suite of exposure validation tools that provide end-to-end visibility into the effectiveness of security controls and the potential impact of a successful breach. The platform draws on SafeBreach’s ten-year history working with the world’s most mature enterprise organizations to offer: 

  • Enterprise-Grade Safety: The platform is purpose-built to meet the stringent safety and privacy requirements of large enterprises, enabling comprehensive security testing without impacting customer environments.
  • Predictable Scalability: Regardless of the environment or deployment model, the SafeBreach platform allows clients to get started with a breadth and depth of testing that provides immediate value—then scale up when they are ready. 
  • World-Class Support: The SafeBreach platform is backed by world-renowned threat researchers and an award-winning customer success team who provide a level of service and support not available anywhere else. 

The SafeBreach exposure validation platform enables clients to leverage Validate to identify security gaps, then dig deeper with Propagate to understand what an attacker could accomplish by exploiting them to develop a more comprehensive understanding of cyber risk—all from one convenient management console.

Looking toward the future, SafeBreach plans to continue to develop not only its existing capabilities in Validate and Propagate, but also new capabilities within the SafeBreach exposure validation platform to continue serving the needs of the enterprise market.

Schedule a customized demo here.

Leave a comment »

Arcitecta Named a Leader in Coldago Research’s Map 2024 for Unstructured Data Management

Posted in Commentary with tags on February 5, 2025 by itnerd

 Arcitecta, a creative and innovative data management software company, has been named a “Leader” in Coldago Research’s Map 2024 for Unstructured Data Management report. This recognition marks a dramatic leap, notably advancing the company from the Specialists category in 2022. 

Arcitecta earned the top spot in Vision and Strategy, illustrating its astute market insights and go-to-market models that continue to drive its success. It also ranked second in Execution and Capabilities, demonstrating an exceptional ability to transform visionary concepts into innovative products and solutions based on clear directions and talented teams. 

“Leaders in the data management space are champions in their field, and Arcitecta has proven its status through strong technology direction, market vision and strategy, especially with key innovations for its highly scalable metadata database and global namespace capabilities,” said Philippe Nicolas, founder and lead analyst, Coldago Research. “The 2024 Map results highlight Arcitecta’s leadership with a strong ranking in areas of Vision and Strategy and Execution and Capabilities.”

The Coldago Research recognition is the latest achievement for Arcitecta, which made significant strides in its mission to transform how organizations manage and utilize their data. Arcitecta achieved exciting milestones in 2024, including: 

  • Strategic Partnership with Wasabi Technologies: Arcitecta partnered with cloud storage company Wasabi Technologies to integrate its cloud storage into workflows, allowing users to access their data through a single, unified view via Arcitecta’s Mediaflux data management platform – regardless of where the data resides.
  • New Markets and Partnerships: The Powerhouse Museum chose Arcitecta as its new digital asset management solution (DAMS), extending its reach into the museum/gallery/cultural asset market alongside its presence in higher education, government, media and entertainment, and life sciences.
  • Expansion of Mediaflux Solutions: The launch of Mediaflux Multi-SiteMediaflux Edge, and Mediaflux Burst demonstrated Arcitecta’s commitment to addressing today’s dynamically changing and increasingly distributed data and workflow environments. The company showcased these new solutions at SC24 and IBC2024 in collaboration with Dell PowerScale and ECS/ObjectScale. 
  • Recognition as a Coldago Gem: Arcitecta was named one of Coldago Research’s Gems 2024, one of five innovative companies that have demonstrated exceptional vision and product development.
  • Game-changing Mediaflux Livewire Enhancements: Arcitecta unveiled Mediaflux Livewire solution enhancements to tackle the challenges of transmitting data over low-bandwidth and unreliable network connections, enabling the secure global transfer of massive file volumes around the globe.
  • Award-Winning Technology: Mediaflux Livewire was named “Most Complete Architecture” at the International Data Mover Challenge (DMC) at SuperComputingAsia 2024, highlighting its role as a leading solution for secure, high-speed file transfers.

Leave a comment »

Foxit and Pax8 Announce Strategic Partnership

Posted in Commentary with tags on February 5, 2025 by itnerd

Foxit, a leading provider of innovative PDF and eSignature products and services, helping knowledge workers to increase their productivity and do more with documents, and Pax8, a leading cloud commerce marketplace, today announced they have entered into a strategic partnership. Foxit’s industry-leading PDF and eSignature solutions will now be offered via the global Pax8 Marketplace, backed by Pax8’s expertise. Pax8’s MSP partners will now be empowered to deliver Foxit’s cutting-edge technology with unmatched flexibility, scalability, and efficiency to their end customers, who will in turn benefit from significant cost savings, elevated productivity, unprecedented security, and reduced business risks.

This announcement comes at the ideal time – when countless MSPs are facing extreme challenges around the complexity of managing diverse software solutions and providing flexible, cost-effective tools that meet the evolving needs of their clients. At the same time, end users are struggling with rising licensing costs, limited scalability, and risks from unauthorized software use. This partnership overcomes these challenges by combining the most advanced and secure PDF and eSignature solutions from Foxit with Pax8’s streamlined intelligent distribution platform, delivering simplified license management, unmatched flexibility, and access to cost-effective, best-in-class tools that equip both MSPs and their end customers to succeed.

The following four Foxit solutions are now generally available through the Pax8 Marketplace:

  1. Foxit PDF Editor – A powerful tool for creating, editing, and managing PDF documents with ease and efficiency, featuring an AI Assistant that enables users to summarize complex documents, enhance writing, and translate documents in more than 30 languages.
  2. Foxit PDF Editor+ – An enhanced version of the PDF Editor with advanced features for professional users – including 80+ Smart Commands, legally binding eSign, and AI-powered Smart Redact.
  3. eSign for Business – A secure, seamless eSignature solution that enables users to break away from cookie-cutter eSign solutions and enable businesses to get documents signed, collect payments, and keep workflows moving.
  4. Foxit AI Assistant – An intelligent assistant that leverages AI to enhance productivity and streamline document workflows, providing its users with the ability to summarize documents in seconds, quickly rewrite documents with clarity and precision, and to chat naturally to make more informed decisions, faster.

To learn more, please visit https://www.pax8.com/vendors/foxit/.  

Leave a comment »

NordStellar launches attack surface management

Posted in Commentary with tags on February 5, 2025 by itnerd

A vulnerable attack surface exposes a company to cyberattacks. However, constantly monitoring and assessing its condition requires a great deal of time and human resources. To help security teams be more efficient, NordStellar, a next-generation threat exposure management platform, has introduced attack surface management (ASM) — a feature designed to automatically discover security gaps by constantly monitoring and evaluating all of the organization’s internet-exposed assets.

The ASM consists of two modules: automatic asset discovery and external vulnerability management. Automatic asset discovery maps infrastructure by running various domain enumeration processes that allow it to automatically identify and catalog all internet-exposed assets associated with the organization, such as web servers, applications, and other network-connected devices. External vulnerability management monitors and scans the discovered assets for known vulnerabilities, providing vulnerability intelligence for more efficient recovery efforts.

“ASM helps to reduce companies’ attack surface by identifying and mitigating vulnerabilities, minimizing the potential for successful attacks. It also offers enhanced visibility into shadow IT so the security team can discover and manage unauthorized IT resources that pose security risks,” says Noreika. “The feature increases operational efficiency because attack surface management tasks are automated, and the risks are prioritized in order to focus remediation efforts on the most critical cases.”

How it works: 

  • Implements automatic asset discovery using various techniques, including DNS enumeration, web crawling, and other OSINT techniques to identify all internet-exposed assets associated with the organization.
  • Conducts vulnerability assessments by scanning the discovered assets for known vulnerabilities using passive service fingerprinting.
  • Prioritizes identified vulnerabilities by evaluating them according to their severity, exploitability, and potential impact.
  • Provides real-time alerts about new vulnerabilities and changes to the attack surface to the organization’s security team and comprehensive reports for a detailed overview of the company’s attack surface and associated risks.

ASM is now available to all NordStellar users. More information here.

Leave a comment »

Phishers Exploit Microsoft’s ADFS to Enable Account Takeover

Posted in Commentary with tags , on February 4, 2025 by itnerd

Researchers have uncovered a sophisticated phishing campaign that exploits Microsoft’s Active Directory Federation Services (ADFS) using spoofed login pages to harvest user credentials and bypass MFA to take over accounts. You can read the research here:

https://abnormalsecurity.com/resources/targeting-microsoft-adfs-phishing-bypass-mfa-for-account-takeover  

A sophisticated phishing campaign is targeting organizations that rely on Microsoft’s Active Directory Federation Services (ADFS), exploiting the trusted environment of ADFS with spoofed login pages to harvest user credentials and bypass multi-factor authentication (MFA). This allows attackers to take over accounts and gain unauthorized access to critical systems and data, putting sensitive information and organizational security at significant risk.

Roger Grimes, data-driven defense evangelist at KnowBe4, commented:

“I’m a 36-year cybersecurity expert and author of 15 books (one on hacking MFA (https://www.amazon.com/Hacking-Multifactor-Authentication-Roger-Grimes/dp/1119650798) and over 1,500 articles. This is the first time I’ve read about fake ADFS login pages, but ADFS has been involved in bypassing MFA authentication before, so it’s not completely new to use in the hacker scene. All users should use phishing-resistant MFA whenever they can. Unfortunately, most of today’s most popular MFA solutions, including Microsoft Authenticator, Google Authenticator, Duo, push-based MFA, OTP, and SMS-based MFA are very phishable and subject to the exact type of attack reported here.”

Related to this, here’s some relevant articles in relation to MFA:

Don’t Use Easily Phishable MFA and That’s Most MFA!

https://www.linkedin.com/pulse/dont-use-easily-phishable-mfa-thats-most-roger-grimes

My List of Good, Strong MFA

https://www.linkedin.com/pulse/my-list-good-strong-mfa-roger-grimes

Why Is the Majority of Our MFA So Phishable? and US Government Says to Use Phish-Resistant MFA

https://www.linkedin.com/pulse/why-majority-our-mfa-so-phishable-roger-grimes and https://blog.knowbe4.com/u.s.-government-says-to-use-phishing-resistant-mfa

Leave a comment »

AMD Silicon Flaw Found By Security Researchers At Google

Posted in Commentary with tags , on February 4, 2025 by itnerd

Google security researchers have recently discovered CVE-2024-56161, a microprocessor vulnerability that could lead to the loss of Secure Encrypted Virtualization (SEV) protection, and allow an attacker to load malicious code. You can read the research here:

https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w

Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside a VM) to load malicious microcode patches. We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs. The vulnerability is that the CPU uses an insecure hash function in the signature validation for microcode updates. This vulnerability could be used by an adversary to compromise confidential computing workloads protected by the newest version of AMD Secure Encrypted Virtualization, SEV-SNP or to compromise Dynamic Root of Trust Measurement.

And:

Google notified AMD of this vulnerability on September 25, 2024. AMD subsequently provided an embargoed fix to its customers on December 17, 2024. To coordinate with AMD, we made a one-off exception to our standard vulnerability disclosure policy and delayed public disclosure until today, February 3, 2025. This joint disclosure occurs 46 days after AMD shared the fix with its customers and 131 days after Google’s initial report. Due to the deep supply chain, sequence and coordination required to fix this issue, we will not be sharing full details at this time in order to give users time to re-establish trust on their confidential-compute workloads. We will share additional details and tools on March 5, 2025.

Andrew Obadiaru, CISO, Cobalt had this comment:

     “The discovery of this vulnerability, along with the subsequent collaboration between AMD and Google, underscores the importance of responsible vulnerability disclosure. By proactively identifying and addressing the issue before it could be widely exploited. 

This vulnerability, tracked as CVE-2024-56161, highlights ongoing hardware security challenges. While CPU vulnerabilities are not new, they remain difficult to detect due to the complexity of modern processors. Additionally, many organizations, including major manufacturers, often prioritize performance over security when it comes to patching CPUs, as such updates can lead to performance trade-offs. Could this vulnerability be a result of that trade-off?

Organizations must ensure that users promptly apply patches through firmware updates, operating system patches, etc. More importantly, hardware manufacturers should prioritize security at the design stage rather than treating it as an afterthought once vulnerabilities are discovered.”

Gunter Ollmann, CTO, Cobalt adds this:

     “For decades flawed or absent update security validation has been a common threat. Failure to sign patches, updates, firmware, and microcode, etc. and failure to verify the signature and identify tampering have seen countless otherwise secure devices and software to fall victim to targeted attack.

Silicon-level device security is both one of the hardest to master and the most vital. The root of trust starts and ends with the secrets within the silicon layer.

If security fails at the silicon-level than all the layers above (firmware, drivers, software, data storage) are undermined and compromised.”

It’s good that this is being fixed as AMD is seeing a rise in its fortunes in the processor space. Thus it is highly likely that it will be targeted by threat actors looking for weaknesses in their silicon that they can exploit to do their evil deeds.

Leave a comment »

A Now Fixed But Critical Microsoft Accounts Authentication Vulnerability Enables Takeover 

Posted in Commentary with tags on February 4, 2025 by itnerd

Microsoft has confirmed that critical vulnerability CVE-2025-21396 could enable attackers to access Microsoft accounts and enable an authentication bypass leading to an elevation of privilege and a hacked account. More details can be found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21396

To be clear this vulnerability is now fixed.

Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:

“This new vulnerability released publicly by Microsoft is a reasonable demonstration of both responsible disclosure and effective response by the software vendor many depend on. 

“First, it is a particularly significant vulnerability that enables escalation of privilege and authentication bypass. In other words, MS accounts can be commandeered by a threat actor.

“Second, it was never exploited in the wild and is no longer possible to exploit this vulnerability according to Microsoft’s announcement. This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

“The level of resilience demonstrated by the response to this missing authentication function by Microsoft is a positive thing for digital consumers. This is the way technology is supposed to work and the way enterprise software vendors establish trust in the marketplace.” 

This is a great example of how things work. It got fixed. And the public was informed. Two thumbs up from me. We need to see more of this on a consistent basis.

Leave a comment »

« Older Entries
Newer Entries »