Microsoft Says That It Will Hand Over Your Bitlocker Keys To Law Enforcement… Should You Worry And What Can You Do To Protect Yourself

Posted in Commentary with tags on January 26, 2026 by itnerd

Disclaimer: I am not trying to give tips to the bad guys. But given the fact that I have been emailed about this repeatedly since this story broke, I felt that I needed to respond.

Late last week, news broke that Microsoft not only will hand over Bitlocker keys to law enforcement, but it has done so.

Wait, what are Bitlocker keys? Glad that you asked that question.

Microsoft Windows 11 has a full disk encryption feature called Bitlocker. The goal of Bitlocker is to keep your data on your laptop or desktop safe by encrypting it. And to decrypt it, you need a key to do that. So think of it like this. Your data is protected by a padlock. And you have a key to unlock it. That should keep it save from prying eyes.

But here’s the catch, Microsoft also has a key to your data and is willing to hand it over to law enforcement. Now this is likely making you think “wait, I didn’t give Microsoft a key to my data”. Well, actually you did. If you install Windows 11 and you turn on Bitlocker, assuming that it isn’t on already, you need to create a Microsoft account. The idea is that it will store the Bitlocker key in the cloud. The thing is, that the second you do that, Microsoft has access to that key. Now you can opt out of this, but it takes a lot of effort (the cynic in me says that this is deliberate on the part of Microsoft) to do that. And the average user isn’t going to go through that effort. So they take the easy way out.

If you’re still with me, you’re now likely thinking “wow, that’s a massive potential security risk for users.” And you’d be right. The fact that Microsoft can do this to anyone who uses Windows 11 with a Microsoft account is problematic to say the least. Contrast that with Apple who claims to have zero access to keys related to FileVault which is their full disk encryption feature, it creates a comparison that I am going to guess that Microsoft would rather you not make.

So, if this freaks you out, the question becomes what are your options to mitigate this risk. This is what I would suggest:

  • Use A Local Account Instead Of A Microsoft Account: By installing Windows 11 with a local account, you avoid this completely as it doesn’t upload the Bitlocker keys to the cloud where Microsoft can get access to them. Microsoft shockingly has instructions as to how to do this here. But I would default to these instructions as they are a bit more straightforward.
  • Don’t Use Bitlocker To Encrypt Your Disk: Alternatives to Bitlocker that I would actually recommend to people are few and far between. What I would recommend instead is using a self encrypting hard drive. The reason being is that Bitlocker is largely software encryption. That means that there is a bit of overhead in terms of the data being encrypted and decrypted. A self encrypting hard drive is hardware encryption which has substantially less overhead. Another plus that self encrypting drives have over Bitlocker is that these drives secure data in ways that make them difficult if not impossible to break into. Self encrypting drives can be installed in most laptops and desktops after purchase, or they can be added as options during the purchase process. Besides speed, these drives also adhere to standards such as FIPS 140-2 Level 3 validation. Which makes them ideal for environments where the security of data is paramount. The only thing that I would ensure is that you should make sure that the drive that you use adheres to the TCG Opal 2.0 specifications for maximum compatibility with applications that manage these drives. If you want to go down the rabbit hole on self encrypting drives, this will help you to do so.

Now should you worry about the fact that Microsoft will hand over your Bitlocker keys to law enforcement? One view is that if you’re not a bad guy you shouldn’t be concerned. Another view is that if you care about privacy, you should be concerned as someone outside of Microsoft might get their hands on these keys and use them for whatever evil purpose that they have in mind. Or Microsoft may start handing these keys over to non-law enforcement agencies or repressive governments or the like. The bottom line is that you have to look at this relative to your comfort level of letting Microsoft have access to the keys that protect your data. And take action based on that.

Leave a comment »

FIRE Report: Fake Bank Logins Outsmart Google – How Attackers Are Hijacking Search to Target Financial Institutions 

Posted in Commentary with tags on January 26, 2026 by itnerd

Fortra’s Intelligence and Research Experts (FIRE) are tracking HaxorSEO (HxSEO), an active cybercrime marketplace that poses a direct threat to financial institutions by manipulating search rankings to drive phishing and fraud. Operating on Telegram and WhatsApp, HxSEO sells backlinks from long‑trusted, compromised domains, allowing fake financial login pages to outrank legitimate ones. For just a few dollars, attackers can scale account takeover, fraud, and malware delivery, turning routine online banking searches for customers into high‑risk activities.

You can read the report here: https://www.fortra.com/blog/seo-poisoning-marketplace-topping-search-results-impersonating-top-financial-institutions

Leave a comment »

Elon Musk Is Likely In Deep Trouble As Grok Is Under Investigation By The EU

Posted in Commentary with tags , , on January 26, 2026 by itnerd

It sucks to be Elon Musk. He’s already been slapped by the EU for not adhering to the Digital Markets Act, and he’s been under fire for the fact that his AI chatbot Grok creates content that is objectionable content. Here’s how that played out:

That takes us to today. The EU has clearly had enough with Elon’s antics and have opened an investigation into Grok and Twitter/X:

The European Commission has launched a new formal investigation against X under the Digital Services Act (DSA). In parallel, the Commission extended its ongoing investigation launched in December 2023 into X’s compliance with its recommender systems risk management obligations.

The new investigation will assess whether the company properly assessed and mitigated risks associated with the deployment of Grok’s functionalities into X in the EU. This includes risks related to the dissemination of illegal content in the EU, such as manipulated sexually explicit images, including content that may amount to child sexual abuse material.

These risks seem to have materialised, exposing citizens in the EU to serious harm. In light of this, the Commission will further investigate whether X complies with its DSA obligations to:

  • Diligently assess and mitigate systemic risks, including of the dissemination of illegal content, negative effects in relation to gender-based violence, and serious negative consequences to physical and mental well-being stemming from deployments of Grok’s functionalities into its platform.
  • Conduct and transmit to the Commission an ad hoc risk assessment report for Grok’s functionalities in the X service with a critical impact on X’s risk profile prior to their deployment.

It’s a safe bet that this will not end well for Elon because when you mess with the EU, the EU tends to make life miserable for you. And it will also be a safe bet that Elon with whine and moan about how unfair this is. But let’s face facts. Elon created this situation by his cavalier attitude towards common decency. And as a result, this very troubled man is likely now in the “find out” phase.

Like I said at the start of this, it sucks to be Elon Musk.

Leave a comment »

Jelou Raises $10M to Build AI Apps That Move Money on WhatsApp

Posted in Commentary with tags on January 26, 2026 by itnerd

Messaging has become the primary way people communicate with businesses across the Americas, yet the actions that actually move money still happen elsewhere. Payments, identity checks, credit applications, and signatures are routinely pushed into apps, portals, or call centers, creating friction, abandonment, and operational cost. Jelou was built to close that gap by turning conversations into execution. Today, the company announced a $10 million Series A to expand Brain, its platform for building AI agents that securely execute real business and financial operations inside WhatsApp.

The round was led by Wellington Access Ventures, with participation from Krealo, Credicorp’s corporate venture arm, and Collide Capital. Jelou has now raised $13 million in total funding, including a $3 million Seed round led by Act One Ventures and Arca Continental Ventures.

The timing reflects a broader shift in how businesses interact with customers. Conversational channels like WhatsApp have become the default interface across Latin America, yet most AI tools remain limited to answering questions rather than completing transactions. At the same time, enterprises face rising pressure to reduce operating costs, improve conversion, and deploy AI that can integrate with existing systems without introducing security or compliance risk. Jelou’s approach focuses on execution, enabling AI agents to move work forward inside the conversation instead of handing it off to fragmented tools.

Jelou’s core product, Brain, is a platform that allows businesses and developers to create and operate AI agents that connect directly to their existing systems and perform transactional operations inside chat. Through Brain, companies can deploy agents that communicate with customers over WhatsApp, collect missing information, verify identity, trigger payments, and advance financial workflows using live system data. The platform includes a web-based studio with more than 3,000 integrations for building and integrating agents, as well as a conversation management layer that allows teams to oversee high-volume interactions while securely executing workflows such as payments, credit processes, and document signing.

The company’s journey began in Ecuador in 2017, where founder Luis Loaiza and the Jelou team observed that messaging had become the dominant interface for commerce in the region, while execution remained fragmented and insecure. Drawing on more than a decade of experience building messaging and encrypted communication systems, the team set out to make chat a place where real business happens. Since then, Jelou has expanded across Latin America, processing more than $100 million in financial operations  and serving over 500 business customers across more than 13 countries, including banks, retailers, and consumer goods companies.

Jelou’s traction reflects a broader trend toward conversational commerce and agent-driven operations. As AI adoption accelerates, businesses are discovering that automation only delivers value when it is tightly integrated with existing infrastructure and designed for production from day one. In regions like Latin America, where companies must operate across diverse regulations, payment rails, and systems, the ability to deploy secure, scalable AI inside familiar channels is becoming a competitive necessity.

Looking ahead, Jelou plans to expand Brain into a full operating system for conversational business, enabling companies and developers to build, deploy, and manage production-ready WhatsApp applications directly from a prompt. The company’s vision is to make WhatsApp the primary operating layer for businesses across the region, with Jelou providing the platform that powers everything built on top of it.

Leave a comment »

New PoC Exploit released for telnetd CVE by SafeBreach Labs

Posted in Commentary with tags on January 26, 2026 by itnerd

Happy Monday. You may want to keep an eye on CVE-2026-24061 which is a critical telnetd authentication bypass flaw that attackers are actively exploiting to gain root access: New research from SafeBreach Labs deepens the story with the first full root cause analysis and proof-of-concept exploit that explains exactly how this vulnerability works—and why it’s highly dangerous and easy to exploit. 

The researchers have also released tooling and simulation artifacts that allow organizations to test exposure. 

The full research blog available here.

Leave a comment »

Hammerspace Promotes Tony Asaro to Lead Sales and Business Development Organization 

Posted in Commentary with tags on January 26, 2026 by itnerd

Hammerspace today announced the promotion of Tony Asaro to Chief Business Officer. In this expanded role, Asaro will lead Hammerspace’s global revenue organization — including sales, alliances, channel and go-to-market strategy — to meet rapidly growing demand from enterprises, governments, hyperscalers and Neoclouds to build AI infrastructure and data strategies around data sovereignty, high-performance training and agile inference. 

Asaro previously led Hammerspace’s strategy and alliances teams, driving revenue and market expansion through technology partnerships spanning cloud platforms, systems providers and GPU ecosystem leaders. His appointment reflects increasing market demand for infrastructure architectures that deliver high-performance storage to feed GPUs wherever they are — across sovereign regions, on-premises environments, and public cloud — supporting production inference and agentic AI without compromising compliance or operational simplicity. 

Alliance Momentum: Oracle Highlights Hammerspace for Sovereign + Hybrid AI 

Hammerspace’s expanding partner momentum was recently underscored by Oracle highlighting the Hammerspace/Oracle OCI Dedicated Region.  Enterprises can deploy OCI services inside their own data centers to meet sovereignty requirements — and use Hammerspace as a unified, policy-driven data layer to present a global namespace and orchestrate data placement across sites and clouds based on performance, cost and compliance. 

This combination supports regulated, hybrid AI strategies by enabling teams to run compute near data, reduce unnecessary movement, avoid unmanaged copy sprawl and accelerate AI pipelines that demand consistent, high-performance data access. “The result,” says author Riley Burdon, “is an operating model that can help address residency requirements, simplify hybrid operations, and let you run AI where your data lives — without proliferating unmanaged copies or rewriting workflows.” 

Continuous Sales Momentum and Coverage 

Hammerspace enters 2026 with strong sales momentum, driven by strategic partner expansion, substantial VAR channel growth (with just under 200 resellers), and international expansion. Over the past year, the company launched its Asia headquarters in Singapore and scaled engagement across China and South Korea, while building new regional coverage for India and the Middle East from Dubai—extending field capacity, partner reach, and customer delivery for sovereign AI and GPU-intensive deployments. 

Leave a comment »

Powerful “Stanley” browser-based MaaS guarantees Chrome Store approval 

Posted in Commentary with tags on January 23, 2026 by itnerd

Varonis has uncovered a powerful new proof-of-concept MaaS toolkit called “Stanley” which is actively promoted on Russian cybercrime forums. Stanley follows recent, widespread browser-based attacks such as DarkSpectre and CrashFix, suggesting active interest in exploiting this attack vector.

What sets Stanley apart:

  • A turnkey MaaS for browser-based attacks. Attackers get an array of tools at their fingertips. After quietly infecting victims, it uses real Chrome notifications to redirect to spoofed sites while leaving genuine URLs intact.
  • Low cost. Stanley starts at 2,000 USD, and for a few thousand more, it’s guaranteed to pass Google’s review process. Its low price point places it within reach of solo scammers to organized crime groups alike.
  • Chrome seal of approval. Stanley masquerades as a humble note-taking browser extension (“Notely”), that’s approved and available for download in the Chrome Web Store.

According to researcher and author Daniel Kelley:

“Extensions that do something useful while hiding malicious functionality are hard to spot. They pass store reviews, they work as advertised, and users have no reason to question them. The permissions needed for legitimate features are often the same ones needed to steal credentials or hijack sessions. Only install extensions you actually need, and regularly audit your browser to remove any you’re no longer using.”

Varonis just published a report on this: Stanley — A $6,000 Russian Malware Toolkit with Chrome Web Store Guarantee

Leave a comment »

Samsung Canada Launches 11th Annual Solve for Tomorrow Contest

Posted in Commentary with tags on January 23, 2026 by itnerd

Samsung Electronics Canada Inc. has announced the launch of the 2025/2026 Solve for Tomorrow Contest, a nationwide initiative challenging Canadian students in grades 6 –12 to use STEM (Science, Technology, Engineering and Math) to develop real-world solutions that make a meaningful impact in their communities. 

Canadian youth are eager to develop STEM skills, yet classrooms are not resourced to support in a meaningful way. Solve for Tomorrow aims to address this gap by creating hands-on, applied experiences that help students develop the skills they need for the future. 

State of STEM in Canada: Data Snapshot 

  • 98 per cent of Canadians say it is important for youth to develop STEM skills 
  • Only 40 per cent believe schools have the resources to prepare students for STEM careers, with nearly two in three expressing that schools are not well equipped with the tools needed 
  • 90 per cent say hands on experiences spark student interest in STEM* 

Now in its 11th year, Samsung’s Solve for Tomorrow offers a unique opportunity for youth to engage further with STEM concepts. The contest has reached over 40,000 students across Canada and contributed more than one million dollars in technology and grants to empower future leaders through innovation. 

Even as career pathways expand, many young people face hard limits on access. 40 per cent of Canadians feel schools are not well equipped to provide youth with the tools and knowledge needed for future careers, while 47 per cent of Canadians point to the cost of higher education as the biggest barrier to pursuing STEM studies.* Concerns around confidence, inclusivity, and equitable access compound the challenge, narrowing the number of students who feel able to participate in these fast-growing fields. 

Solve for Tomorrow encourages students to explore STEM in new ways by offering a challenge that sparks creativity and real-world problem-solving.  

Canadians are calling for applied STEM and AI education that connects classrooms with real-world problem solving. 89 per cent of Canadians support partnerships that make STEM education more practical, and many see them as essential preparation for future careers.* 

Designed to put a spotlight on STEM, the Solve for Tomorrow contest will help do the following: 

  • Integrate STEM with practical real-world applicability, helping to create long-term educational impact 
  • Inspire diverse student participation, helping to highlight opportunity gaps in STEM education 
  • Accelerate community-led problem solving, challenging students to turn local insights into broader solutions 

Key Highlights  

The annual competition is designed to foster STEM-based innovation to solve real-world problems. 

  • Who: Canadian students in grades 6-12 (teachers submit applications on their behalf). 
  • When: Teachers can register their teams’ interest and learn more about the program, with opportunities for early recognition and prizes, through submitting via this link. The official submission period for student-written applications will open on January 12, 2026.  

Prizes:   

  • Eight finalist schools will each receive a $5,000 E-Voucher (taxes not included) that they can use towards the purchase of Samsung technology.  
  • The top three winning schools will be awarded a $50,000 (first place), $20,000 (second place), and $10,000 (third place) E-Voucher (taxes not included) that they can use towards the purchase of Samsung technology. An additional $5,000 will be given to the Fan Favourite winner.  

*Disclaimer:  
Based on a 2025 randomized quantitative online survey conducted by Edelman Public Relations Worldwide Canada Inc. of 1,510 individuals across Canada comprised of adults who are 18+, 390 parents of children under the age of 18, and 259 elementary school educators/professionals. 

Leave a comment »

Attackers Reverse‑Engineer Patch to Exploit SmarterMail Admin Bypass in the Wild 

Posted in Commentary with tags on January 23, 2026 by itnerd

It is being reported that a critical authentication bypass vulnerability in SmarterTools SmarterMail is actively being exploited in the wild by attackers. 

We did not plan to publish this blog post today – Wednesdays are meme days – but that changed when an anonymous reader reached out to us with a tip – somebody is currently exploiting SmarterMail and resetting admin passwords.

This same reader was kind enough to point us to a seemingly related SmarterMail forum thread, where a user is claiming that they cannot access their admin account anymore and provided log file excerpts of potentially related and suspicious behaviour

Commenting on this news is Martin Jartelius, AI Product Director at Outpost24:

“This incident highlights a growing reality in cybersecurity: the real risk often starts after a patch is released. Zero-day vulnerabilities are difficult to defend against, but once a fix becomes public, attackers quickly reverse-engineer it to understand and weaponize the flaw. What used to take weeks now takes days, or even hours, especially with logic-based vulnerabilities like this one, where exploitation requires little sophistication. The defender’s only advantage is speed. Organizations need immediate visibility into what software is running in their environment and the ability to map new vulnerability intelligence against it in real time. When attackers can move from patch to exploit in hours, rapid awareness and response are critical.”

This illustrates how crafty the bad guys can be. Which means you need to be on top of patching all the things so that attackers don’t have an advantage over you.

Leave a comment »

149M harvested credentials exposed in data breach 

Posted in Commentary with tags on January 23, 2026 by itnerd

Cybersecurity researcher Jeremiah Fowler recently discovered a non-password-protected database containing over 149 million unique credentials. These records were collected from victims of malware worldwide and include everything from social media and streaming services to sensitive financial logins.

In a few words, the publicly accessible database:

  • Exposed 149,404,754 unique logins and passwords (96GB of raw data);
  • Revealed user credentials for major platforms (including Facebook, Instagram, TikTok, X, dating sites, and OnlyFans, affecting both creators and customers);
  • Included high-risk financial credentials (such as crypto wallets, trading services, and banking logins).

Because this data was likely collected by malicious third parties, there is a heightened risk of widespread credential-stuffing attacks, identity theft, and financial fraud. 

Jeremiah published his detailed findings on the ExpressVPN blog here: https://www.expressvpn.com/blog/149m-infostealer-data-exposed/

UPDATE: I have commentary on this starting with Paul Bischoff, Consumer Privacy Advocate at Comparitech

“The data is a gold mine for cybercriminals launching credential stuffing attacks. Cybercriminals can use stolen username and password combinations to log into a wide array of accounts under the assumption that many people use the same password across multiple accounts. This process is automated, so a hacker can attempt to use a single set of credentials across dozens or even hundreds of accounts in a matter of seconds.

This data exposure highlights the importance of setting unique passwords and using two-factor authentication when available. If you don’t reuse passwords, then you are immune to credential stuffing attacks. Even if a cybercriminal tries to log into your account with the correct password. two-factor authentication will prevent them from doing so in the vast majority of attacks.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“The report indicates the harvested login credentials were the results of “Keylogger” and other types of “infostealer” malware underscores the need for computer users to run Antivirus and ant-malware protection on their machines. Whether they use Windows or macOS, there are risks to not keeping your machine safe by running security apps in the background. 

The exposure of such a huge number of credentials poses a significant risk to users that are not aware of the breach and to what extent they are exposed. While it may be too soon to have this information included in the “HaveIBeenPwned” (https://haveibeenpwned.com/) website’s extensive database, I still strongly recommend that users visit the site and enter their email address(es) to determine whether their information has been exposed in previous data breaches. I also recommend that they take advantage of the website’s option to notify them when their email address was exposed in future data breaches.

Last but not least, everyone should use a password manager. In addition to keeping track of login information for multiple sites, password managers often offer warnings about password reuse or if a login has been exposed in a breach. This makes it easy to guard against password reuse, and to update passwords when they need to be changed.”

Leave a comment »

« Older Entries
Newer Entries »