A Now Fixed But Critical Microsoft Accounts Authentication Vulnerability Enables Takeover 

Posted in Commentary with tags on February 4, 2025 by itnerd

Microsoft has confirmed that critical vulnerability CVE-2025-21396 could enable attackers to access Microsoft accounts and enable an authentication bypass leading to an elevation of privilege and a hacked account. More details can be found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21396

To be clear this vulnerability is now fixed.

Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:

“This new vulnerability released publicly by Microsoft is a reasonable demonstration of both responsible disclosure and effective response by the software vendor many depend on. 

“First, it is a particularly significant vulnerability that enables escalation of privilege and authentication bypass. In other words, MS accounts can be commandeered by a threat actor.

“Second, it was never exploited in the wild and is no longer possible to exploit this vulnerability according to Microsoft’s announcement. This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

“The level of resilience demonstrated by the response to this missing authentication function by Microsoft is a positive thing for digital consumers. This is the way technology is supposed to work and the way enterprise software vendors establish trust in the marketplace.” 

This is a great example of how things work. It got fixed. And the public was informed. Two thumbs up from me. We need to see more of this on a consistent basis.

Leave a comment »

Texas responds to “dramatic” rise in attacks with cyber command center

Posted in Commentary with tags on February 4, 2025 by itnerd

Governor Greg Abbott announced in a State of the State address on Sunday that Texas, in partnership with University of San Antonio, will soon launch the Texas Cyber Command to deploy “cutting edge capabilities” to strengthen the state’s ability to anticipate, detect and prevent cyberattacks.

  “The Texas Cyber Command will work in partnership and collaborate with all state universities and Regional Security Operation Centers, as well as local, state, and federal agencies to strengthen the state’s cybersecurity mission,” reads the press release.

The Cyber Command will create a “robust strategy” including:

  • Anticipating and detect potential cyber threats
  • Promoting cybersecurity awareness, professional training, and other workforce-oriented measures
  • Preparing for cyberattacks through exercises, pre-attack coordination and planning, and proactive collaboration with critical infrastructure partners
  • Defending against, responding effectively to, and mitigating the effects of cyberattacks when they occur, working across the state and with relevant partners
  • Providing subject matter expertise, forensic analysis, and other support to conduct post-attack investigations and recovery efforts

The move to launch the statewide cybersecurity command center comes after the state’s Matagorda County government suffered a cyberattack that forced officials from the Emergency Operation Center to declare a disaster.

In 2022, the University of San Antonio joined the US Cyber Command Academic Engagement Network, which works with the Department of Defense on cyberspace operations and capabilities, cyber expertise, and cyber warfare.

Evan Dornbush, former NSA cybersecurity expert, offers perspective on the matter:

  “From a political lens, it’s pretty fascinating that of all places Texas would be one of the first to promote a state-based government resource that the private sector can lean on, and I look forward to seeing how that plays out.

  “From the technical angle, and with a stated goal to anticipate and detect potential cyber threats, Texas is pretty qualified to pioneer this. A lot of talent is concentrated within, and pulling from its deep bench of military, academic, and private sector perspectives will be advantages to getting this off the ground.”

It’s interesting that Texas would be making a move like this as I don’t associate Texas with cybersecurity. I have to applaud them for doing this and I hope Texas does more of this.

Leave a comment »

VulnCheck Report Says Exploited CVEs Up 20% In 2024

Posted in Commentary with tags on February 4, 2025 by itnerd

New data published by VulnCheck finds a total of 768 CVEs were publicly reported as exploited in the wild, 20% higher than the record high of 2023 (639 CVEs). 23.6% of these vulnerabilities were zero days, down from 26.8% in 2023. Half of CVEs were reported as exploited within 192 days of publicly disclosure in 2024. “Despite the buzz around zero-day exploitation, these findings indicate that exploitation can happen at any time in a vulnerability’s lifecycle,” the researchers noted.

Evan Dornbush:

I’m a huge fan of VulnCheck’s overall approach. Visibility into potential risk is critical for the modern C-suite. While, as Patrick’s blog post states, exploitation can happen at any time, patch management is essentially a solved problem with tools and services providing awareness and assistance. Two years in a row we see that a quarter of all exploits occur when only the attackers were aware of the vulnerability. As a community, we have to find ways to get that number lower. So long as attackers are the only or majority possessors of vulnerability data and exploit tools, they will maintain their advantage over the defenders.

Lawrence Pingree, VP, Dispersive follows with this:

The primary reason for the shift to more zero days and an increase in vulnerabilities is fully expected as a nexus of trends in threat actor behavior, including:

  1. A rotation to automation of the discovery of vulnerabilities with AI.
  2. The use of behavioral systems to address and live-patch systems ahead of vulnerability patching – forcing threat actors to lesser-known techniques.
  3. Penetration of more targeted applications that are directed more at the supply chains – which tend to be weaker and harder to patch – such as firmware and centralized but exposed application services (embedded in SaaS and IoT/OT).

I would spend some time reading this report as it will guide you in terms of what to focus on so that you can keep your environment as safe as possible.

Leave a comment »

Quorum Cyber Launches New Threat Business Unit and Appoints Paul Caiazzo as Chief Threat Officer

Posted in Commentary with tags on February 4, 2025 by itnerd

Quorum Cyber, a global cybersecurity specialist with offices in the UK, the US, and Canada, has set a new strategic direction by acquiring Kivu Consulting Inc – a leader in digital forensics, cyber incident response, business restoration, and ransom negotiations in the global insurance, legal, and government sectors. Kivu provides threat intelligence, threat hunting, and incident response services across the UK, North America, the Middle East, and other international markets. Quorum Cyber has appointed Paul Caiazzo as Chief Threat Officer to lead the Kivu sector of the business and joins the company’s executive team.

This strategic acquisition underscores Quorum Cyber’s global expansion strategy, solidifying its position as a leading Microsoft Security partner and its mission to become Microsoft Security’s most valued partner worldwide.

Acquiring Kivu expands Quorum Cyber’s capabilities by putting cyber threats and adversaries at the heart of its comprehensive global cybersecurity services – better addressing customers’ problems and the protection they need in an inhospitable and unpredictable digital environment. Leading this deeper capability in threat intelligence and incident response, Caiazzo will input research and thought leadership into strategic, tactical, and operational cybersecurity, and will be responsible for integrating the deep experience of the Kivu team with Quorum Cyber, accelerating its threat intelligence and incident response teams.

With Quorum Cyber’s wider offerings, this threat arm of the business will protect customers, before, during, and after any kind of cybersecurity incident. 

In conjunction with this move, Quorum Cyber has released its annual Global Cyber Risk Outlook Report 2025, a comprehensive analysis of the ever-evolving cybersecurity landscape. This report offers crucial insights into the current cyber threats and anticipates emerging risks for 2025. Quorum Cyber will host a webinar on February 25th, 2025, featuring Caiazzo, to delve deeper into the report’s insights, offering actionable advice for organizations to enhance their cybersecurity posture in the face of evolving threats. Registrations for the webinar are open

As a cybersecurity engineer, entrepreneur, and strategist with over 27 years’ experience, Caiazzo brings a wealth of knowledge and expertise to the role, having previously developed cybersecurity businesses from the ground up. Prior to joining Quorum Cyber, he held senior positions for numerous technology companies from start-ups and scale-ups through to established enterprises such as Avertium, TruShield Security Solutions, Savvis Communications, and Northrop Grumman Mission Systems in support of the US Department of Defense.

Quorum Cyber has a close and longstanding relationship with Microsoft, having been founded as a Microsoft-first security services provider and a member of the Microsoft Intelligent Security Association (MISA). Quorum Cyber holds three Microsoft Security specializations of Threat Protection, Cloud Security, and Information Protection and Governance.

Leave a comment »

Leaseweb Launches Public Cloud and Virtual Private Server Solutions in Japan

Posted in Commentary on February 4, 2025 by itnerd

Leaseweb Global today announced the availability of its Public Cloud and Virtual Private Server (VPS) solutions in Japan. Delivered via local, in-country infrastructure, Leaseweb Public Cloud offers a highly competitive blend of cost-effective flexibility and global availability and is designed to be around 30% more cost-effective* than traditional hyperscalers while delivering the performance, reliability, and service levels customers demand. The solution is ideally suited for any global organization looking to expand into the Japanese market with local infrastructure.

With the Japanese Public Cloud market expected to reach $48.29bn in value by 2029, Leaseweb operates a transparent pricing model that eliminates hidden costs. This allows businesses to avoid upfront investment in software licenses or data center infrastructure while benefiting from an on-demand subscription model that supports hourly and monthly billing without long-term commitments. It is compatible with existing hyperscale platforms, making it suitable for organizations deploying new workloads and migrating existing ones.

Backed by the renowned Leaseweb brand and market-leading customer service, the solution is available globally across seven regions to minimize latency. It is suitable for a wide range of industries and use cases, from fintech and SaaS to martech and gaming, and it is built to support both simple applications and complex architectures.

Key advantages of Leaseweb Public Cloud include:

  • No upfront investment required in software licenses or data centers
  • Flexible and cost-predictive on-demand subscription model, including hourly or monthly billing
  • No vendor lock-in
  • Global availability across seven regions for reduced latency
  • Robust data sovereignty features
  • 99.99% availability SLA for all instances
  • 24/7 support by phone and ticketing system in multiple languages
  • Advanced API automation and integration with other Leaseweb solutions and hyperscalers

Leaseweb VPS – Delivering Exceptional Price-Performance, Fast Local Storage, and Easy Deployment

Leaseweb’s new and highly efficient Virtual Private Server (VPS) solution is designed for businesses that need a combination of exceptional price performance, fast local storage, and easy deployment; Leaseweb VPS packages deliver affordable solutions that don’t compromise on quality. Powered by the latest generation of CPUs, local NVMe storage, and lightning-fast 10 Gbps uplink speed, Leaseweb VPS provides customers with the flexibility to scale their infrastructure as their business needs grow.

Delivered via a low-touch, self-service portal, it requires limited technical expertise for setup or management, enabling users to configure their server, monitor resources, and manage snapshots with ease. This makes it ideal for businesses seeking a straightforward and efficient hosting service, as well as those looking for an entry-level solution to Leaseweb Public Cloud.

Leaseweb’s solution was designed with our customers in mind to deliver the value of the hyperscale concept but with better price, performance, and flexibility. Our track record, leadership, and customer-first approach position us to make a significant, positive impact on the Japanese public cloud market,” Duley concluded.

For further information about Leaseweb Public Cloud, please click here.

* Cost reduction percentage is based on benchmarks of standardized workloads. Exact cost reduction will differ based on individual use case and workload. 

Leave a comment »

Fortra Publishes Its 2025 State Of Cybersecurity Survey Results

Posted in Commentary on February 4, 2025 by itnerd

Fortra has published the results from its 2025 State of Cybersecurity survey. The report looks at some surprising shifts in what security leaders see as their biggest threats, and what’s slipping off the radar.

Phishing remains the top concern, but interestingly, zero-day attacks have dropped off the list, with only 38% seeing them as a primary risk (down from 50% last year). At the same time, emerging technology threats—like genAI—jumped 15% year over year, hitting the top five for the first time.

Other trends worth noting:

  • Cloud security is no longer a top initiative. Are companies feeling more confident, or are they overlooking evolving risks?
  • A major spike in pentesting outsourcing, as companies push compliance-heavy security tasks to third parties.
  • Budgets are still the biggest blocker with more than half (59%) saying that funding constraints are their top challenge in executing security strategies.

You can view Fortra’s findings here.

Leave a comment »

Action1 Expands Its Free Offering to 200 Endpoints, Delivering Industry’s First Free Autonomous Endpoint Management Solution

Posted in Commentary with tags on February 4, 2025 by itnerd

Action1, a leading provider of autonomous endpoint management solutions, today announced a major expansion of its free tier, increasing the number of free endpoints from 100 to200. The first, foundational use case for Autonomous Endpoint Management (AEM) is autonomous patching that accelerates patch deployment and compliance and reduces IT overhead and degradation of Digital Employee Experience (DEX). Driven by a mission to make autonomous endpoint management easily and universally accessible, Action1 will now enable organizations and home users to deploy its cloud-native patching solution to secure the first 200 endpoints at no cost, forever, with no feature limits. 

Democratizing Autonomous Endpoint Management

Today’s cyber threat landscape presents unprecedented challenges, from sophisticated, Gen-AI-enabled ransomware attacks to complex compliance demands. Small and medium-sized businesses (SMBs) and nonprofits often lack the resources to address these issues effectively. 

According to Veeam, 85% of ransomware attacks target small businesses. Action1’s expanded free tier provides a lifeline to these targeted groups, providing: 

  • Enterprise-grade autonomous endpoint management FREE: Protecting up to 200 endpoints free forever, with simple scaling above 200, without hidden costs or complexity. 
  • 5-minute deployment, effortless management: Start managing endpoints immediately, minimize training and free up IT resources.  
  • Low bandwidth and hybrid workforce patching: Seamlessly deploy patches, remediation, and updates with bandwidth-efficient P2P distribution—no VPN required. Easily patch offline devices as soon as they reconnect online. 

Redefining “Free” in Autonomous Endpoint Management

Unlike misleading “free” software offers that often serve as bait for trials or data monetization schemes, Action1 provides a genuinely free solution with comprehensive autonomous endpoint management capabilities for the first 200 endpoints and transparent pricing for any additional usage. With no hidden fees or commercial handling of user information, Action1 empowers small businesses and non-profits to operate and grow securely. It also enables larger organizations to start using the platform’s capabilities on smaller environments at no cost, with no functional limits, before scaling up. 

Reinventing Patching with the Powerful, Cross-Platform Solution

Action1’s platform disrupts legacy patch management approaches, offering an all-in-one solution tailored for today’s hybrid work environments. Key benefits include: 

  • Unified, cross-OS and third-party patching: Automate the entire patching process, from identifying and deploying missing updates to real-time reporting. 
  • Ease of use: Start getting value in minutes. Patch software consistently without legacy technology, clunky integrations, or multiple consoles. 
  • Vulnerability discovery and remediation: Prevent security breaches and ransomware attacks. Detect vulnerabilities in OS and applications in real-time and enforce remediation. 

Learn more about the difference Action1 can make for your IT operations with the first 200 endpoints free: https://www.action1.com/free-edition/

Leave a comment »

Contrast Security Releases Modern Heist Bank Report 2025 Which Revealing Critical Concern Over Zero-Day Attacks

Posted in Commentary on February 4, 2025 by itnerd

Contrast Security, the runtime security leader, today released Modern Heist Bank Report 2025, revealing that the financial sector faced a surge in attacks, with 64% of respondents reporting cybersecurity incidents in the past 12 months. Contrast Security’s annual report sheds light on the cybersecurity threats facing the financial sector, providing an eye-opening perspective on the changing behavior of cybercriminals and defensive shifts in today’s environment.

Contrast Security researchers found that 71% of respondents reported zero-day attacks as the key concern to safeguarding applications and APIs, followed by dwell time (43%) and lack of visibility into the application layer (38%). The overwhelming concern with zero-day attacks aligns with key industry research and trends showing significant increase in zero days being exploited year-over-year. The rise in zero days is largely due to heavy spending from nation states. China and Russia are increasing their efforts to discover and create zero days to infiltrate Western critical infrastructures. 

Financial institutions are further challenged by legacy technology, with 82% overrelying on web application firewalls (WAF) and 61% saying they considered their WAFs to be effective. However, reliance on WAFs alone is inadequate against zero-day exploits and modern application attacks. In light of all this, it’s no surprise that zero days were the top application-related security concern. In fact, fewer than 25% said they were confident that their current security controls could mitigate such an attack.

The report’s key findings include:

  • Two-thirds of financial institutions have experienced a cyber incident in the last 12 months
  • Respondents reported a 12.5% increase in destructive cyber attacks, which are launched punitively to destroy data and burn the evidence as part of a counter-incident response 
  • Over two-thirds experienced attacks focused on stealing non-public market information, with cybercriminals using it for insider trading, digital front running, and shorting stock before they dox the stolen, confidential data to the regulators
  • Over 71% said zero-day attacks were the biggest issue they faced in regard to safeguarding their applications and APIs
  • Over half experienced a supply chain attack
  • Top two attack vectors were APIs and cloud environments, followed by applications
  • 60% said their investments in XDR did not provide visibility into behavioral anomalies at the application layer

Offense must inform defense, and as zero days and API attacks surge, financial institutions need to implement ADR solutions purpose-built to provide ground truth at the application layer.  

ADR is the only real-time and always-on application and API security solution that prevents exploits in production and insecure programming during development. As a result, organizations are enabled to block attacks and easily scale to protect the entire software portfolio, including applications, APIs, and third-party applications.

To download the full report, visit https://www.contrastsecurity.com/modern-bank-heists-report-2025-adr.

Leave a comment »

Zoho Corporation Announces Zia Agents; AI Platform Supporting Autonomous Agents Across Organization’s Broad Portfolio

Posted in Commentary with tags on February 4, 2025 by itnerd

Zoho Corporation, a global technology company, today expands the scope of Zia with the announcement of Zia Agents, Agent Studio, and Agent Marketplace. Together, these solutions empower enterprises to access, build, and distribute intelligent, autonomous digital agents across their organizations. Beginning today, Zoho and ManageEngine will be previewing pre-built, task-specific Zia Agents, which will deploy across Zoho Corporation’s combined portfolio of 100+ products in the coming weeks. 

Zoho Corporation’s in-house AI has evolved over the past decade from proactive to prescriptive to generative to agentic: 

Zia: Launched in 2015, Zia is Zoho Corporation’s foundational AI, facilitating all intelligent and contextual actions across the company’s ecosystem of apps. Zia possesses a vast and diverse skillset. New skills are being implemented regularly to boost customer experience and drive productivity.

Ask Zia: Launched in 2018, Ask Zia has developed into a system-wide conversational assistant that helps employees work smarter and accomplish tasks more effectively. For example, an account manager can review a report of customers at risk of churn, summarize the outcomes of each customer’s recent interactions, filter and summarize helpdesk tickets, analyze trends in their industry, and reach out to that customer for a meeting based on the employee’s upcoming travel schedule, without leaving the Ask Zia interface. Ask Zia is powered by Zoho’s unified data platform and will be contextually embedded across all applications.

Zia Agents: Today, Zoho Corporation has previewed some of the several dozens of pre-built Zia Agents that will be rolled out in the coming months, including an Account Manager Agent, SDR Agent, HR Agent, Customer Support Agent, IT Help Desk Agent, and a SalesCoach Agent. For customers, partners, and developers looking to create their own agents, Zoho is launching Zia Agent Studio, allowing them to build and deploy customized agents with inherited skillsets, which can then be distributed through Zoho’s Agent Marketplace.

  • Zia Agent Studio: Offering no-code and low-code experiences, Zia Agent Studio enables users to build autonomous agents with skills relevant to their specific needs. Zia Agent Studio users can also access a wide range of pre-existing Zia Skills, tools from across the Zoho ecosystem, data from a unified data platform, and a range of language models. These can be agents within a function (like an SDR agent or email support agent) or natively cross-functional agents (like an RFP agent or loan approval agent). They can be deployed on any Zoho application and summoned using Ask Zia. Moving forward, Zia Agents will be deployable in any third-party application as well. Additionally, Zia Agents with complementary skillsets can be combined using Zia Agent Studio, creating a single agent capable of cross-functional work.
  • Agent Marketplace: Agents created using Zia Agent Studio can be published in the Agent Marketplace. Zoho Corporation will offer a pre-built roster of agents, while the company’s ecosystem of partners and developers can build and distribute specialized AI agents through the marketplace, which can be reused and instantly deployed by organizations. 

Organizational Differentiation

Today’s announcement follows record growth for Zoho Corporation, which onboarded 110,000 new customers globally in 2024. With over 850,000 customers globally in diverse industries, using a range of tools across Zoho and ManageEngine, Zoho Corporation’s AI solutions are informed by a vast range of functional data. This is a core differentiator for the company, putting it in a unique position to serve businesses with cutting-edge technology. 

Technological Differentiation

Zoho Corporation’s distinct technological breadth and depth is a fundamental differentiator, particularly in AI development and deployment. Leveraging its shared data model, owned and managed tech stack, including global data centers, and a broad application portfolio, Zoho Corporation’s highly secure, privacy-compliant, usable, capable, and deeply knowledgeable AI agents deliver superior technology at a high value to its growing customer base. 

Availability

These capabilities will begin to roll out to a limited set of customers, which will expand monthly. 

Leave a comment »

OWC Announces General Availability (GA) Launch of OWC Dock Ejector 2.0

Posted in Commentary with tags on February 4, 2025 by itnerd

 Other World Computing (OWC) today announced the general availability (GA) launch of the OWC Dock Ejector 2.0, the ultimate solution for efficiently and safely ejecting all connected devices, including SoftRAID and AppleRAID volumes. This updated version works with all docks, including non-OWC docks and hubs, expanding compatibility and drive protection to all Mac and PC users.

The newly enhanced OWC Dock Ejector takes the tedium and risk out of un-docking devices individually. By ensuring all data has been written before any disk is unmounted, you can safely eject your dock without worrying about losing or fragmenting files.

New in OWC Dock Ejector 2.0:

1.)  Streamlined install process (new for Mac) – OWC is the first to ship software that enables high-power Thunderbolt dock ports without requiring reduced macOS security settings.

  • OWC Dock Ejector 2.0 eliminates the need for Recovery Mode and simplifies the process compared to competing docks, which require users to boot into Recovery Mode, lower Mac security settings, reboot multiple times, and install system extensions. With OWC Dock Ejector 2.0, simply install the software, approve the system extension, and you’re done!

2.)  Enhanced Volume Mounting (new for Mac) – OWC Dock Ejector 2.0 simplifies volume management like never before. If you unmount a volume, you can easily remount it without the hassle of unplugging cables or using Apple’s Disk Utility application.

OWC Dock Ejector 2.0 Features and Benefits:

●     Data Security – Avoid data corruption by safely ejecting all connected drives with a single click.

●     Easy Connection Management – Optimized for seamless disconnection of storage devices and peripherals.

●     Security First – No need to compromise your macOS security settings.

●     Timesaving – Skip the tedious recovery mode process required by other docks.

●     User-Friendly – Designed for simplicity without sacrificing functionality.

OWC Dock Ejector 2.0 is now generally available (GA) and is FREE.

Visit https://www.owc.com/solutions/dock-ejector to learn more and start optimizing your workflow.

2 Comments »

« Older Entries
Newer Entries »