If you have an older iPhone or iPad that still runs iOS 18, Apple has just released a newer version of iOS and iPadOS 18.7.7. It’s meant to fix this vulnerability that is in the wild and should be considered a today problem. Your other option is to go to iOS 26 which is not affected by this vulnerability and protects you from other vulnerabilities as a bonus. But whatever you do, don’t delay and patch your iDevice ASAP.
That ends today’s public service announcement.
Peer Software, and Carahsoft Technology Corp. today announced a strategic partnership. Under the agreement, Carahsoft will serve as Peer Software’s Master Government Aggregator®, making the company’s flagship Peer Global File Service (PeerGFS) platform available to the Public Sector through Carahsoft and its reseller partners.
Peer Software’s PeerGFS platform provides real-time file replication and synchronization across distributed environments, enabling Government agencies to maintain file consistency, reduce data silos and ensure high availability without relying exclusively on the cloud. With multi-protocol support for SMB and NFS on the same volume, PeerGFS helps agencies manage hybrid environments, support legacy systems and enable seamless collaboration across locations.
Designed to meet the stringent security requirements of the Public Sector, Peer Software’s solutions support compliance, strengthen operational resilience and optimize data accessibility. Peer Software’s capabilities are critical for agencies managing sensitive workloads and geographically dispersed teams.
Peer Software’s solutions and services are available through Carahsoft and its reseller partners. For more information, contact the Carahsoft Team at (703) 871-8585 or PeerSoftware@carahsoft.com. Explore Peer Software’s solutions here.
SIOS Technology Corp. today announced its participation in several industry events this spring, where company experts will share best practices for maintaining uptime for mission-critical applications across cloud, hybrid, and multi-cloud environments. SIOS will also host an educational webinar focused on designing resilient workloads in the cloud.
Webinar: Resilience by Design – Keeping Mission-Critical Workloads Running on AWS
Date: April 9, 2026 @ 12:00 pm ET
Format: Virtual
Register here
SIOS will host the webinar “Resilience by Design: Keeping Mission-Critical Workloads Running on AWS,” which will explore strategies for ensuring application availability in cloud environments. Attendees will learn how to architect resilient infrastructures, address common failure scenarios, and maintain uptime during maintenance or outages.
SQLBits 2026
Date:April 22–25, 2026
Location: Caerleon, Wales, United Kingdom
Register here
SIOS experts will present two technical sessions focused on SQL Server high availability across operating systems and cloud environments. These sessions, include:
This session will provide a side-by-side comparison of SQL Server high availability on Windows and Linux, covering clustering architectures, failover processes, maintenance and patching considerations, and the operational impact of each approach.
This session will examine how organizations can architect SQL Server high availability and disaster recovery solutions spanning Azure, AWS, and Google Cloud. Attendees will learn how to use technologies such as Always On Availability Groups and Failover Cluster Instances (FCIs) to build resilient multi-cloud deployments.
SQL Saturday Jacksonville 2026
Date:May 2, 2026
Location: Jacksonville, FL
Register here
At Jacksonville’s 18th annual Data Conference Day of Data, Bermingham will present “Building Resilient SQL Server HA/DR in a Multi-Cloud World.“
The session will explore real-world architectures for running SQL Server reliably across multiple cloud providers. Bermingham will share practical guidance for designing high availability and disaster recovery strategies that span Azure, AWS, and Google Cloud, helping organizations reduce risk, avoid vendor lock-in, and meet aggressive recovery objectives.
Red Hat Summit 2026
Date: May 11–14, 2026
Location: Georgia World Congress Center, Atlanta, GA
Register here
SIOS will exhibit at Red Hat Summit, where attendees can learn how organizations are protecting mission-critical Linux applications with SIOS high availability and disaster recovery solutions. At the event, SIOS will showcase SIOS LifeKeeper for Linux, which enables automated failover and continuous application availability for enterprise workloads running on Linux across physical, virtual, and cloud environments.
Pass Summit Europe
Date: June 10-11, 2026
Location: Hilton Frankfurt, Hochstraße 4, 60313 Frankfurt am Main, Germany
Register here
SIOS will participate as a Gold Sponsor at PASS Summit Europe, where attendees can connect with SIOS experts at the company’s exhibit table to learn more about high availability and disaster recovery solutions for SQL Server environments. SIOS will also deliver a conference session.
For more information about SIOS events and high availability solutions, visit https://us.sios.com
Dubai-based Secure.com has published a concise analysis of both sides of the coin in “The CISO’s Guide: When AI Helps vs. Hurts Security.”
With research revealing that 76% of CISOs reporting that they expect a material cyberattack in the next 12 months, most report that their organizations are already using AI in some form.
The Guide examines key issues including:
The question is no longer “should we use it?” It’s “are we using it in the right places?” The CISO’s Guide delivers a clear, honest answer to that question, and full content is below.
You can read the analysis here: The CISO’s Guide: When AI Helps vs. Hurts Security
Today, CDW Canada released data from its annual Canadian Cybersecurity Study, Navigating Ransomware, Modern Architectures and the Maturity Paradox.
Key findings from the study include:
There are many more findings in the press release linked here. The full report can be accessed here.
The CISA has added a new Citrix NetScaler appliance vulnerability to its Known Exploited Vulnerabilities catalog and is giving federal agencies till Thursday to remediate the flaw.
The vulnerability (CVE-2026-3055) is caused by inadequate input validation and can be exploited by unauthenticated remote attackers to extract sensitive data from Citrix ADC or Citrix Gateway appliances configured as SAML identity providers.
Denis Calderone, CTO, Suzu Labs provided this comment:
“Back in 2023 CISA, the FBI, and Australia’s ACSC put out a joint advisory related to CVE-2023-4966, CitrixBleed. That was the same class of vulnerability on the same product family as this new issue, CVE-2026-3055. The issues are memory leaks on NetScaler that let attackers steal session tokens and walk right past authentication, including MFA. We saw LockBit use it to devastating effect against ICBC, Boeing, and DP World, and now we’re looking at another critical memory disclosure flaw on NetScaler. Citrix themselves are warning that exploitation is likely once proof-of-concept code surfaces.
“An out-of-bounds read on a device like this is particularly dangerous because of where NetScaler sits in the environment. It’s at the network boundary, handling authentication and session management.
“NetScaler is often used to build a layer of abstraction between the untrusted, semi-trusted and fully trusted security zones within a network. When memory leaks on a device like that, what spills out isn’t random data. It’s potentially session tokens, authentication material, and credentials. These are the things that let attackers bypass every security control sitting behind it. That’s what made CitrixBleed so devastating, and this vulnerability has the same potential.
“The one piece of good news is that this only affects NetScaler instances configured as a SAML Identity Provider, not default configurations. SOC teams should check right now: search your NetScaler config for ‘add authentication samlIdPProfile’. If it’s there, you’re in scope and you need to patch immediately. If you can’t patch today, consider whether you can disable SAML IDP functionality as a temporary mitigation. Citrix has 21 entries in the CISA KEV catalog at this point. Waiting to see if this gets exploited is not a strategy that has historically worked out with this vendor.”
Jacob Warner, Director of IT, Xcape, Inc. adds this comment:
“Unpatched gateway appliances are the primary door for initial access brokers and nation-state actors, making this 48-hour remediation window a critical operational priority. This vulnerability allows unauthenticated attackers to bypass security boundaries and harvest credentials or session tokens, effectively turning your identity provider into a pivot point for lateral movement across the entire network. Organizations should immediately identify all Citrix ADC and Gateway instances acting as SAML IdPs and apply the vendor-provided firmware updates before the Thursday deadline.
“If immediate patching is not feasible, security teams must evaluate whether to disable SAML functionality or place these appliances behind a restrictive VPN to reduce the attack surface. This is not a drill for the weekend; the inclusion in the KEV catalog confirms that active exploitation is already occurring in the wild.
“Given the history of NetScaler vulnerabilities such as CitrixBleed, the blast radius of a successful exploit likely includes a full bypass of multi-factor authentication (MFA) for downstream applications. Priority should be placed on Internet-facing instances, followed by a comprehensive review of logs for unusual outbound traffic from these appliances.
“I appreciate CISA giving us a Tuesday warning for a Thursday deadline, though I suspect the “unauthenticated remote attackers” didn’t bother waiting for the official calendar invite.”
Rajeev Raghunarayan, Head of GTM, Averlon said this:
“Most organizations measure response in terms of time to patch. The real gap is time to decision. Teams often know about a vulnerability, but they don’t know whether it actually matters in their environment.
“We’ve seen environments with tens of thousands of vulnerabilities where only a handful created meaningful risk based on how they connected to critical systems, especially when identity infrastructure is involved. Without that clarity, everything looks urgent and ends up in the same queue.
“The organizations moving fastest don’t need external deadlines to act. They can quickly determine what matters and treat those cases as incidents. Others rely on external signals like KEV listings to prioritize, rather than identifying that urgency internally.”
If you organization is affected by this, you need to patch this ASAP because threat actors will not wait to exploit this.
Palo Alto Networks Unit 42 published new research on a security flaw in Google’s Vertex AI Engine,
Unit 42 researchers found that Google Cloud’s Vertex AI Engine is giving AI agents far too much access by default. This critical discovery highlights the challenges of applying foundational security standards in the AI era.
Key Takeaways:
You can read the research here:http://unit42.paloaltonetworks.com/double-agents-vertex-ai
The Abstract ASTRO research team has just published a blog entitled: How Attackers Disable CloudTrail Without Calling StopLogging or DeleteTrail.
Security teams rely heavily on AWS CloudTrail as a source of truth for detecting breaches, but new research shows attackers can quietly disable or degrade logging without ever touching the APIs most defenders monitor.
In a new technical deep dive, ASTRO uncovers how adversaries are bypassing traditional detections (like StopLogging or DeleteTrail) and instead using lesser-known AWS APIs to blind logging systems while keeping them appearing fully operational.
Key findings that may interest your readers:
The research also outlines detection strategies, including how to identify subtle parameter changes and—more importantly—how to correlate multiple low-signal events into high-confidence alerts, something most SIEMs struggle to do.
This has major implications for DFIR teams and cloud security programs: organizations may believe they have full visibility, while attackers are actively operating in blind spots.
You can read the blog entry here: https://www.abstract.security/blog/how-attackers-disable-cloudtrail-without-calling-stoplogging-or-deletetrail
Liquibase today unveiled Liquibase Change Intelligence and a new suite of Liquibase Secure Deployment Connectors, expanding how enterprises understand, govern, and operationalize database change across modern delivery environments.
The new capabilities are designed to help teams understand database changes, monitor delivery performance, identify risk earlier, resolve issues up to 95% faster, and centralize audit evidence, while extending governed database change into the systems where developers, DBAs, and change teams already work, including ServiceNow, GitHub, Harness, and Terraform.
The announcement addresses a persistent gap in enterprise delivery. While application and infrastructure changes have become more automated, observable, and standardized, database change still too often moves through ticket attachments, side-channel SQL, manual approvals, and inconsistent execution paths. The result is slower investigations, weaker auditability, and more risk around outages, data integrity, and compliance.
Change Intelligence helps teams see what changed and respond faster
Liquibase Change Intelligence is designed to give teams a clearer view of what changed, how changes are moving across environments, where drift is emerging, and what requires attention next.
It brings together deployment activity, environment-level change status, drift signals, policy outcomes, and operational history so teams can answer critical questions faster: What changed? Where did it fail? Which environments are out of sync? Is drift increasing? What needs to be fixed now?
When failures occur, Change Intelligence is designed to help teams investigate with greater speed and context through AI-driven analysis that identifies likely causes and provides remediation guidance. Instead of forcing teams to reconstruct events from scattered logs, tickets, and tribal knowledge, it gives them a more direct path from issue to understanding to action.
Change Intelligence is also designed to help organizations centralize audit evidence for what changed, who approved it, where it ran, and what happened. That gives engineering, security, and compliance teams a more structured and accessible record of database change activity, reducing reliance on screenshots, manual evidence gathering, and fragmented reporting.
New connectors extend governed database change into the tools teams already use
Liquibase also unveiled a new suite of Liquibase Secure Deployment Connectors designed to extend governed database change into the platforms many enterprises already use to plan, approve, and deliver work.
For teams using ServiceNow, the connector is designed to bring database change into the existing approval process so approved tickets can result in governed, auditable deployments instead of manual SQL execution and disconnected handoffs.
For teams using GitHub, the connector is designed to bring database change into the same pull request and workflow model already used for application code, adding policy checks, validation, and deployment history tied to commits and branches.
For teams using Harness, the connector is designed to preserve existing pipelines while adding stronger governance, centralized visibility, and compliance-grade auditability around database changes.
For teams using Terraform, the connector is designed to extend infrastructure as code to the database layer, connecting Liquibase Secure to Terraform-managed instances through existing pipelines while enforcing database policies, applying versioned changeSets, and maintaining a complete audit trail over time.
Together, the connectors are designed to remove one of the biggest barriers to stronger database governance: the belief that teams need to rebuild their workflows to get it. Instead, Liquibase is extending governed database change into the systems teams already use, while strengthening traceability, standardization, and audit evidence across the delivery lifecycle.
Built for a new era of AI, data integrity, and operational accountability
The new capabilities reflect a broader shift in how enterprises are thinking about AI readiness and operational risk.
As AI initiatives expand, more changes are being generated, reviewed, and pushed through delivery systems at higher speed and greater scale. But when database change remains inconsistent, weakly governed, or hard to trace, the resulting risk does not stay isolated at the database layer. It carries into applications, analytics, automation, and AI-driven systems.
By helping organizations better understand database changes, catch drift earlier, investigate failures faster, and centralize audit evidence, Liquibase is giving enterprises a stronger operational foundation for trusted applications, data products, and AI initiatives.
Availability
Liquibase Change Intelligence, Liquibase Secure Deployment Connectors, and related capabilities are expected to begin rolling out in fall 2026. Additional details will be shared closer to availability.
Guest Post: The curious and occasionally bizarre quest to replace passwords
Posted in Commentary with tags Nordpass on April 2, 2026 by itnerdBy Karolis Arbaciauskas, head of product at NordPass
Yet another new authentication method has emerged. A team led by researchers at Rutgers University (USA) has developed a system called “VitalID” based on a newly proposed biometric — tiny vibrations from breathing and heartbeats that resonate through the skull in patterns unique to each person’s bone structure and facial tissues.
This is far from the first attempt to eliminate passwords and the need to remember them. From swallowable microchip pills and electronic tattoos to logging in via the echo of your skull, the tech industry has spent more than a decade searching for the password’s successor.
“Nobody likes passwords. We all have too many of them — about 170 on average, by our count. And we can’t remember them all, so people reuse passwords, and those reused credentials often become a common attack vector. It’s no surprise that there have been and still are many attempts to free us from passwords and remembering them. At NordPass, we’re also developing passwordless authentication. But for now, there is no universally practical way to live without passwords — especially since not all websites and platforms support passkeys yet,” says Karolis Arbaciauskas, head of product at the password manager company NordPass.
Bizarre passwordless experiments
Let’s take a look at the strangest and most interesting authentication methods proposed.
The password pill. In 2013, around the time Apple’s Touch ID launched, Motorola unveiled a striking prototype — a swallowable authentication pill containing a tiny chip powered by stomach acid. The device produced an 18‑bit, ECG‑like signal that effectively turned the user’s body into an authentication token. It never advanced beyond demos, largely because it felt more like surveillance than authentication, and because Touch ID offered a simpler, far less invasive alternative.
Electronic tattoo. At the same 2013 conference, Motorola also showcased a temporary password tattoo — ultra‑thin, flexible circuits that adhered to the skin for on‑body authentication. The demos were unforgettable, but the concept stalled due to practicality, privacy, and adoption hurdles — users had to replace the tattoo weekly, or it stopped working, making it more cumbersome and costly than passwords. Notably, while that authentication concept faded, similar flexible electronics now power consumer products such as adhesive baby thermometers.
Bone-conducted skull signatures. Researchers have repeatedly explored using the way sound travels through the skull as a unique biometric, from early “SkullConduct” work to recent systems like Rutgers’ VitalID. The core idea is simple — your skull’s acoustic response can be as distinctive as a fingerprint. It’s a clever concept, but so far it has remained largely at the prototype stage because it’s impractical to rely on a head‑mounted device every time you log in. However, VitalID may be on the right track by focusing on virtual and augmented reality environments, where users already wear a device on their heads.
Heartbeat recognition (ECG). Devices like the Nymi Band use a person’s unique heart rhythm as a biometric signature. Because no two ECG patterns are identical, the wearer can authenticate simply by being near authorized devices. This is one of the few experimental methods that actually reached the market — but it remains niche, designed for B2B and research scenarios where staff must authenticate to equipment beyond standard computers (it requires both an ECG bracelet and a compatible reader plugged into a machine). For the mass market, it is still too costly and impractical.
Vein pattern mapping. This method uses infrared light to map the unique vein patterns beneath the skin, typically in the palm or fingers. It is already deployed in high‑security environments such as laboratories and data centers, as well as for patient identification and secure access to electronic medical records (e.g., Imprivata PatientSecure). Like ECG bracelets, however, it remains impractical for mass‑market use because it requires specialized sensors or additional hardware on smartphones and computers.
Lip-reading software. Researchers have developed systems that identify users based on the unique way they mouth specific words or phrases. While the technology is now relatively mature, it is used more often to support solutions for people with hearing impairments and for forensic analysis (e.g., extracting speech cues from silent CCTV footage). It could be applied to authentication, but it remains impractical — most users won’t want to mouth passphrases at a computer or phone every time they log in.
Ear shape, heartbeat, gait, and odor. Over the years, various academic teams have tested everything from ear morphology and gait to body odor and body proportions as identity signals. While these traits can be distinctive, they struggle with reliability, sensor availability, and user acceptance, which is why you don’t scan your ear or authenticate by aroma at the office door.
Mainstream biometrics
So far, the search for a password successor has produced few mainstream winners. Only a handful of biometrics — primarily face and fingerprint — have become everyday tools. Passkeys, a phishing‑resistant login method built on on‑device biometrics and supported by technology heavyweights, are progressing in the same direction, but their adoption is slower than expected.
“Fingerprint login became mainstream in 2013 and face scan in 2017, driven primarily by Apple’s introduction of Touch ID and Face ID. These technologies succeeded because they are simple to use, fast, built into phones and laptops, and work offline on the device. Voice recognition as a biometric authentication has been demoed some time ago and even existed for some time but never became common. Now that AI can clone a voice from a few seconds of audio, it’s not reliable. Keystroke dynamics also exist. AI can infer identity from typing patterns, but this technology also remains niche. AI can recognize handwriting as well, though that’s more relevant to forensic analysis than authentication,” says Arbaciauskas.
Most likely successor
According to him, passkeys have the potential to become the dominant form of authentication because they are based on previous technology that is already built into nearly all modern devices and solves the password problem.
“Passkeys replace passwords with public‑key cryptography. A private key stays on your device, while a website holds the public key. When you sign in, your phone or laptop proves possession of the private key — often unlocked by your fingerprint or face — without revealing anything that can be phished or reused. As a result, passkeys are resistant to phishing, credential stuffing, and brute‑force guessing. Major platforms now support them, and modern password managers include passkey functionality to help organizations and users adopt them,” says Arbaciauskas.
He adds that even with broad platform support, it will take years for websites, apps, and enterprises to standardize on passkeys. During this transition, we live in a mixed world — some accounts support passkeys, while many still rely on passwords, so we’re using both for now.
“Use passkeys wherever they’re available. Everywhere else, use long, unique, randomly generated passwords stored in a password manager. These are harder to phish or disclose in the heat of the moment because you don’t memorize them. And always enable multi‑factor authentication,” says Arbaciauskas.
Leave a comment »