Sage Wins TrustRadius 2025 Buyers Choice Awards

Posted in Commentary with tags on January 11, 2025 by itnerd

Sage, a global leader in accounting, financial, HR, and payroll technology for small and medium-sized businesses (SMBs), announces that Sage Intacct and Sage Accounting have been named winners of the 2025 TrustRadius Buyers Choice Awards. This recognition is based entirely on customer feedback, highlighting Sage’s commitment to providing exceptional value, innovation and customer support.

Selected through unbiased customer reviews, these inaugural awards reflect top scores in the categories of product capabilities, value for price, and customer relationships – underscoring Sage’s ability to continuously exceed expectations while supporting US SMBs.

Empowering customers to grow through innovation

Sage’s recognition from TrustRadius is a testament to its focus on empowering SMB customers to adapt to change, save time, enhance productivity, and make better informed decisions.

With the introduction of Sage Copilot, Sage is redefining how businesses interact with their financial data. This AI-powered assistant, integrated across Sage products including Sage Intacct and Sage Accounting, is bringing advanced automation, real-time insights, and predictive analytics, enabling customers to streamline workflows and reduce errors. By integrating cutting-edge AI technology, Sage continues to unlock new opportunities for businesses, helping them grow and thrive.

Sage Accounting: Delivering real value for small businesses 

Sage Accounting empowers start-ups and small businesses with an innovative solution that simplifies financial management and delivers measurable value. Designed to help businesses save time and maintain control, Sage Accounting streamlines daily tasks with features such as automated invoicing and bank integration. The integration of AI-driven tools saves time and reduces errors, giving businesses the confidence to focus on growth and customer success.

With the AI-driven capabilities of Sage Copilot, businesses gain access to real-time insights and personalized recommendations, providing confidence and clarity to focus on growth.

Discover more about Sage Accounting

Sage Intacct: Driving efficiency and accelerating growth for medium businesses

Sage Intacct empowers finance leaders and their teams to focus on strategic tasks with Sage Copilot, Sage AI, automation and seamless integrations. Finance teams can harness the power of both their financial and operational data to make informed decision that drive growth, profitability and positive outcomes. 

Designed to meet the unique needs of industries like nonprofits, financial services, healthcare, construction and manufacturing, Sage Intacct is a modern, AI-powered cloud solution that’s tailored to industry needs and scales with organizations as they grow.

Learn more about Sage Intacct

Leave a comment »

360,000 Are Impacted By Medical Billing Firm Medusind Breach

Posted in Commentary with tags on January 10, 2025 by itnerd

Healthcare organization Medusind is notifying 360,934 individuals of a data breach that exposed their personal and health information over a year ago.

The Miami-based company operates 12 locations in the US and India, and it also provides revenue cycle management services to over 6,000 healthcare providers.

Medisund says it took systems offline after it spotted suspicious activity on its network in December 2023.

Through its investigation, the company found evidence that a “cybercriminal may have obtained a copy of certain files containing your personal information.”

Documents exposed may include the following data types:

  • Health insurance information
  • Payment information
  • Medical history
  • Medical record number
  • Prescription information
  • Social Security number
  • Taxpayer ID
  • Driver’s license
  • Passport number
  • Date of birth
  • Email
  • Address
  • Phone number

This notification comes after the U.S. Department of Health and Human Services proposed updates to HIPAA in late December 2024 to secure patients’ health data following a surge in significant healthcare breaches such as Ascension impacting 5.6 million people and UnitedHealth impacting 100 million.

Emily Phelps, Director, Cyware had this to say:

  “The healthcare sector remains one of the most critical industries to secure, given the sensitivity of the data it holds, and the devastating impact breaches can have on individuals and organizations. Effective threat intelligence management is vital to identifying and mitigating risks before they escalate, helping healthcare organizations strengthen their defenses against increasingly ubiquitous cyber threats. Operationalizing this intelligence can enable faster detection and response to potential breaches. Moreover, fostering collective defense through trusted information-sharing partnerships ensures that organizations can work together to anticipate, address, and mitigate emerging threats.”

Lawrence Pingree, VP, Dispersive follows up with this:

  “If the company was using a programmable Universal Zero Trust Network access solution, they could more rapidly isolate key systems through automation and orchestration products in the SOC, reducing the blast radius of attacks. While there is no silver bullet, defense in depth in security still applies, as does centralization risk.”

We’re only 10 days into the new year and we already have a big health care breach. This isn’t good as 2025 appears to be starting off the way that 2024 ended. Which means that we have a long year ahead of us unless substantial changes are made now.

Leave a comment »

Quorum Cyber Continues Expansion in North America with Kivu Consulting Acquisition

Posted in Commentary with tags on January 10, 2025 by itnerd

Quorum Cyber – headquartered in the U.K., with offices across North America – today announced the acquisition of Kivu Consulting Inc., a leading global cybersecurity firm specializing in Incident Response.

The strategic move bolsters Quorum Cyber’s rapid global expansion, as it comes just months after it acquired Difenda, a North American company specializing in Microsoft Security Managed Services.

Founded in 2009, Kivu Consulting Inc, or ‘Kivu’, is a trusted partner in the global insurance, legal, and government sectors. The company is a leader in digital forensics, cyber incident response, business restoration, and ransom negotiations. Since its inception, Kivu has helped define the market for response, managed, and advisory services to protect organizations against compromised data, theft of trade secrets, and unauthorized access to data. 

Kivu holds established relationships in over 40 insurance and legal panels across the U.S. and the U.K. This transformative acquisition not only rapidly expands Quorum Cyber’s presence within these industries but also provides a robust foundation to strengthen its alliances and cements its status as a premier global threat management firm, renowned for its exceptional incident response capabilities. 

In addition, acquiring Kivu enables Quorum Cyber to deliver its market-leading threat management services from three operations centers in the U.S., the U.K., and Canada to its customers worldwide. 

Quorum Cyber’s back-to-back acquisitions of Kivu Consulting and Difenda underscore its aggressive growth strategy across North American and U.K. markets. Bolstered by ongoing support from investors, Charlesbank Capital Partners and Livingbridge, the two acquisitions equip Quorum Cyber with the resources to strategically expand its service offerings and customer reach. The integration of Kivu’s incident response expertise and connections, coupled with Difenda’s managed services capabilities, marks a significant step in Quorum Cyber’s mission of asserting its market presence globally.

Piper Sandler & Co. served as exclusive financial advisor to Kivu, and Mintz and Lowenstein Sandler served as legal advisors to Quorum Cyber.

Leave a comment »

The Oral Arguments In TikTok First Amendment Challenge Will Be On C-SPAN

Posted in Commentary with tags on January 9, 2025 by itnerd

On Friday, January 10, 2025, C-SPAN will provide LIVE audio from the Supreme Court as justices hear consolidated oral argument in TikTok v. Garland and Firebaugh v. Garland, a case about TikTok’s First Amendment challenge to a law requiring the app to divest from Chinese parent company ByteDance or face a nationwide ban.

This will be LIVE on C-SPAN, the C-SPAN Now mobile app, the C-SPAN Select tv app and online here at C-SPAN.org – https://www.c-span.org/event/public-affairs-event/supreme-court-hears-case-on-tiktok-ban/429770

Leave a comment »

Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Among Other Products

Posted in Commentary with tags on January 9, 2025 by itnerd

Ivanti yesterday raised the alarm for a pair of remotely exploitable vulnerabilities in its enterprise-facing products and warned that one of the bugs has already been exploited in the wild.

Ivanti has released an update that addresses one critical and one high vulnerability in Ivanti Connect Secure, Policy Secure and ZTA Gateways. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code execution. CVE-2025-0283 could allow a local authenticated attacker to escalate privileges.  

Martin Jartelius, CISO at Outpost24, commented:

“Last time we had an Ivanti zero-day exploitation, the attackers shifted to their active/destructive phase as the patch became available. So, anyone impacted should firstly patch at once, and secondly review their readiness in incident response and keep extra eyes on their monitoring for the near future. Many still remember the Akira breach against Tietoevry in Sweden and its cascading impact on organizations and government agencies as the impacted organization was a service provider.”

Ivanti yet again makes the news for all the wrong reasons. Which means that if you have any Ivanti products in your environment, you need to drop what you’re doing and patch all the things.

Leave a comment »

Hammerspace and Cloudian Partner UP

Posted in Commentary with tags on January 9, 2025 by itnerd

 Hammerspace, the company orchestrating the next data cycle, and Cloudian, the leader in S3-compatible object storage, have announced a partnership to deliver a cutting-edge solution for managing unstructured data at scale. Combining Hammerspace’s parallel file system performance and global data orchestration with Cloudian’s exabyte-scale HyperStore object storage, the partnership empowers enterprises to seamlessly manage, protect, and extract value from their massive unstructured data sets. 

Unstructured data comprises 90% of all data being generated today, growing exponentially and challenging enterprises with its sheer scale and complexity. By integrating Hammerspace’s high-performance data orchestration capabilities with Cloudian’s secure and scalable object storage platform, organizations can unify data across edge, core, and cloud environments in a single global namespace. This solution ensures simplified management and accessibility of unstructured data while supporting performance-intensive applications such as AI training, HPC workloads, and analytics. 

Key benefits of the partnership include: 

  • Seamless Data Orchestration Across Tiers and Locations: Hammerspace’s data platform automates data movement between Tier 0, Tier 1, and object storage within a unified global namespace, spanning sites, hybrid clouds, and multi-cloud environments. 
  • Exabyte-Scale Object Storage with Advanced Security: Cloudian’s HyperStore offers industry-leading S3 API compatibility, robust data protection, and ransomware defense, ensuring security and scalability for the world’s most demanding workloads. 
  • High-Performance Access Using Industry Standard Protocols: Hammerspace supports standard NFS, SMB, and S3 protocols without proprietary software or networking requirements, enabling seamless integration with Cloudian storage. 

The combined solution is available immediately through Hammerspace and Cloudian’s global partner networks. For more information, visit https://hammerspace.com/hs-partners/technology-partners/cloudian/

Leave a comment »

Adyen Announces Adyen Uplift

Posted in Commentary with tags on January 9, 2025 by itnerd

Adyen, the global financial technology platform of choice for leading businesses, announces the launch of Adyen Uplift. The AI-powered payment optimization suite will help businesses increase payment conversion, simplify fraud management, and reduce the cost of payments. Adyen’s customers can utilize data-driven, tailored performance recommendations and opportunities to test different payment configurations to maximize performance.

Saving businesses from trading off between conversion, risk, and cost

The complexity of payment management still holds businesses back from reaching their ambitions. They constantly need to compromise between conversion, fraud, and cost. Thanks to Adyen Uplift, businesses can optimize the full payments funnel with AI. AI-powered payment optimizations bundled in a single product suite are trained on Adyen’s global transaction dataset. Rather than navigating the complexity of payments in operational silos, the AI-first approach uses risk-based intelligence and automated conversion optimization to help businesses get more out of payments. The pilot has shown a significant effect on profits, with businesses seeing an overall uplift of up to 6% on their payment conversion rate. 

$1 trillion+ payments data 

Businesses and other providers rely on limited datasets, impacting their ability to recognize shoppers and payment behavior. With Adyen Uplift, companies benefit from AI trained on over a trillion dollars worth of global payments data from Adyen’s single platform.

Adyen has processed payments for over one billion consumers globally, giving its AI solutions a strong basis to differentiate good shoppers from fraudsters. When an Adyen customer encounters a new shopper, there is a high likelihood that Adyen has seen the shopper elsewhere on the platform. For a retail merchant on the Adyen platform, there is more than a 90% chance that Adyen has seen that shopper before. When a good shopper is identified, AI optimizations allow them to speed through checkout whilst shoppers and retailers also benefit from precise payment fraud mitigation. 

The AI-first approach to fighting fraud

Today, the fraud control process is highly complex, requiring businesses to implement extensive manual rules to combat ever-evolving fraud techniques. With Adyen Uplift, businesses can automate fraud control by removing the operational burden from fraud management teams. The solution automates and refines risk management without relying on manual rules. This enables businesses to lower fraud levels and reduce false positives, depending on their risk appetite.

Businesses piloting the risk product have seen the impact firsthand. Adyen’s pilot enterprise customers have reduced their manual risk rules by 86% on average, and 35% of customers have completely eliminated manual rules saving valuable time and resources.  

Adyen’s customer Indeed, a leading job matching and hiring platform, was able to run AI-based optimization experiments that are tailored to the unique characteristics of its business. This translated into a reduction in operational workload by automating processes to drive efficiency.

Reduce payment processing costs by up to 5%

Today, businesses are more focused than ever on their bottom line, yet many still view payments as a commodity rather than a powerful cost-saving strategy.

Adyen Uplift has reduced payment cost by up to 5% for pilot customers in the U.S. Adyen’s AI selects the best routes with the best rates for transactions to help minimize total cost of payment. Pilot customers also experienced cost savings through Adyen’s optimizations, which tailored the shopper-facing checkout flow to their needs.

To learn more about Adyen Uplift, click here.

Leave a comment »

DomainTools Invests in Domain & DNS Research with Launch of DomainTools Investigations

Posted in Commentary with tags on January 9, 2025 by itnerd

DomainTools, the global leader in domain and DNS-based cyber threat intelligence, today announced the launch of DomainTools Investigations (DTI), a community-based research effort focused on preventing, mitigating, and investigating domain and DNS based attacks.

With the launch of DTI, the cybersecurity community will have access to the insights DomainTools analysts gather on advanced persistent threats (APTs), nation-states, cyber-espionage groups, business email compromise (BEC), and more. In addition to driving the analysis and data behind DomainTools’ industry-leading products, DTI security analysts and researchers will produce and publish innovative research on the DTI website and share findings in webinars, industry events, and conferences.

DomainTools has been collecting and analyzing domain and DNS data for more than two decades, uniquely positioning DTI to analyze threat actor behavior and surface newly emerging patterns in threat activity based on the largest historical active and passive DNS database – as it’s happening.

The team of analysts and researchers who make up DTI is led by top cyber industry expert, Daniel Schwalbe, who spent the greater part of two decades tracking cybercriminals and nation-state actors in higher education, government, and large enterprises. As head of investigations and CISO at DomainTools, Schwalbe is committed to sharing actionable insights with the community. The diverse DTI team is composed of well-respected industry researchers and analysts with deep knowledge, specializing in reverse-engineering, malware, and global threat actors.

DomainTools has captured more than 97% of the Internet, mapping and analyzing billions of domains and DNS infrastructure to provide security teams with advanced domain risk analytics and real-time passive DNS feeds for proactive defensive strategies. 

The launch of DTI comes as threat actors increasingly leverage credential phishing like Charming Kitten, banking trojans like TrickBot, and various other tactics for financial gain. For the latest research from DTI visit dti.domaintools.com.

Leave a comment »

Beyond Identity Launches New Channel Program to Accelerate Partner Business Growth

Posted in Commentary with tags on January 9, 2025 by itnerd

Beyond Identity, the leading provider of secure identity and access management (IAM) platform, today announced the launch of its new channel program and the appointment of channel leader Joel Vinocur as Senior Director of Channels. The new global channel program will drive partner growth, open new revenue streams, and offer high rewards through a three-tier structure.

An accomplished channel leader with nearly a decade of experience shaping go-to-market strategies, building robust channel programs, and accelerating growth across a diverse range of organizations, Vinocur joins Beyond Identity, where he will oversee the company’s channel program by guiding sales strategy, building and fostering relationships and securing strategic collaborations. Before joining Beyond Identity, he held channel leadership roles in the threat intelligence and digital risk protection space for organizations such as ZeroFox and Recorded Future and co-founded an athletic apparel and footwear startup where he built distribution channels and cultivated independent contractor relationships to expand the company’s footprint in Europe and West Africa.

Beyond Identity’s channel program is currently available in the Americas, Europe, the Middle East, and Africa, and it plans to expand into Asia-Pacific and Japan. The program prioritizes mutual partnership and growth and includes a three-tier system (Silver, Gold, Platinum) to drive investments in joint opportunities, marketing funds, and additional benefits for partners as they grow with the company. 

Key features include:

  • New technical certification opportunities to leverage joint services engagements and platform and demo access
  • Increasing levels of investment as a partner moves up within the program
  • High levels of guaranteed margin/ discount for sourced, fulfilled, or co-sold opportunities
  • Increased committed MDF funds for higher-tiered partners
  • Access and support from the Beyond Identity team 

For more information on Beyond Identity’s channel program and tiered benefits, visit https://www.beyondidentity.com/partners.

Leave a comment »

New PayPal Phishing Scam Exploits Microsoft 365 

Posted in Commentary with tags , , on January 8, 2025 by itnerd

Researchers have uncovered a scam that targets PayPal users by leveraging legitimate PayPal tools to trick them into linking their accounts to unauthorized addresses which could give attackers control over their finances. The scammer appears to have registered an Microsoft 365 test domain, which is free for three months, and then created a Distribution List containing victim emails.

The research can be found here: https://www.fortinet.com/blog/threat-research/phish-free-paypal-phishing

What makes this interesting is that this will pass things like DKIM and DMARC. Also when it is examined by a human, it will pass all the usual tests for phishing. Which makes this pretty dangerous because by the time you figure out that this is a threat, you’ve already been pwned.

Roger Grimes, data-driven defense evangelist at cybersecurity company KnowBe4, commented:

“I’ve seen similar attacks utilizing legitimate platform services, such as QuickBooks, that essentially do the same thing (i.e., uses a legitimate service to send a message from that service with a legitimate, recognizable URL to fool users into participating. I do think it’s important that the vendors involved in these types of scams (in this case, Microsoft and PayPal) work to prevent their services from being used in scams. I don’t think vendors scrutinize participants enough to prevent these sorts of scams. They could be doing more.  At the same time, 99% of phishing scams have the same two attributes: 1) They arrive unexpectedly, and 2) Ask the user to do something they have never done before (at least for that sender). Any message, no matter how it arrives, no matter how legit it looks, with those two traits, should be investigated using trusted methods not involving anything communicated in the message before performing the requested action. Teach and drill that into your own behavior and teach others as well.”

Now this is a technique that I have seen before. Specially here where I came across a scam related other Microsoft 365 that used Microsoft’s own infrastructure to propagate it. Thus I would encourage you to read this report and be on the lookout for these sorts of emails. Because the threat actor behind this is clearly taking things to the next level.

Leave a comment »

« Older Entries
Newer Entries »