RunSafe Security Comments On A New CISA Advisory

Posted in Commentary with tags , on November 5, 2025 by itnerd

The CISA’s latest advisory (issued on Tuesday) underscores a persistent challenge across industrial and critical manufacturing sectors: software vulnerabilities that open the door to potential code execution — even when the risk appears to be local or limited in scope.

Commenting on this is Joe Saunders, Founder & CEO, RunSafe Security

On ICSA-25-308-01 – Fuji Electric Monitouch V-SFT-6

“While the Fuji Electric Monitouch V-SFT-6 vulnerabilities may not be remotely exploitable, the underlying pattern is familiar — buffer overflows in configuration tools or project files that can be weaponized as part of a supply chain or lateral movement strategy. These flaws highlight why protecting binaries before deployment is essential to breaking exploit chains.”

“RunSafe’s approach focuses on preemptive binary protection, eliminating exploit reuse and mitigating memory corruption risks like those identified here — without requiring source code changes or developer intervention. As these advisories remind us, defense-in-depth must now include securing the software itself at its most fundamental level.” 

On ICSA-25-308-03 Delta Electronics CNCSoft-G2

“The recently disclosed vulnerability in Delta Electronics’ CNCSoft-G2 software is another reminder that even trusted engineering and configuration tools can become points of entry for cyber threats. In this case, a simple stack-based buffer overflow — with low attack complexity — could allow arbitrary code execution once a malicious file is opened.”

“Although this vulnerability is not remotely exploitable, it highlights a recurring and systemic issue across industrial control software: unprotected binaries that remain vulnerable to memory corruption and exploit reuse. These weaknesses can be leveraged in multi-stage or supply chain attacks to move deeper into critical systems.”

“RunSafe Security focuses on eliminating these risks before they can be exploited — by protecting binaries at build time and making every software instance unique. This approach prevents attackers from reusing exploits or achieving code execution, even when a vulnerability exists. As this and similar advisories show, securing software at the binary level must now be part of every defense-in-depth strategy.”

Leave a comment »

RunSafe Security Releases New License Compliance Feature on the Company’s RunSafe Security Platform

Posted in Commentary with tags on November 5, 2025 by itnerd

RunSafe Security today announced the addition of a new license compliance feature to its RunSafe Security Platform. The rollout of this critical new feature underscores RunSafe Security’s unwavering commitment to remaining the leader in software supply chain security for embedded systems, from generating build-time Software Bill of Materials (SBOMs) to identifying vulnerabilities and preventing exploitation of embedded software at runtime.

The license compliance feature in the RunSafe Security Platform is designed to give embedded teams control over open source licenses and set policies based on their organization’s risk profile. The feature is aimed at companies needing to prevent “copyleft” licenses, which can legally require companies to open-source proprietary code if they inadvertently distribute code with licenses that are not permissive. With this feature enhancement, RunSafe customers can easily decide which licenses are safe, which licenses are off-limits, and how they want their build pipelines to react if an undesirable license is included in a software product.

Additionally, the feature allows customers to configure organization-wide rules to stop the delivery of code licensed under restrictive licensing terms, automatically enforcing license policy within the CI/CD pipeline to prevent the distribution of disallowed licenses in a software release. Unlike complex alternatives that require extensive manual configuration, RunSafe’s approach offers a balanced mix of control and simplicity. Whether a customer wants to automatically fail pipelines that include restricted licenses or allow by default, the settings are configurable to each customer’s business rules. If an organization’s team is using RunSafe’s SBOM generator and adds new dependencies, RunSafe automatically tracks any new or “unset” licenses.

For more information about RunSafe’s approach to licence compliance, vulnerability identification, and protecting embedded software systems, please visit https://runsafesecurity.com.

Leave a comment »

Hypori Unveils Full Secure Workspace Ecosystem to Transform Virtual Access at Scale

Posted in Commentary with tags on November 5, 2025 by itnerd

Hypori today announced the expansion of its platform with the launch of the Hypori Secure Workspace Ecosystem, a suite of next-generation products designed to give organizations greater flexibility, scalability, and control over secure mobile access. The new portfolio introduces Hypori Mobile and the Hypori Lyte product lines, reflecting the company’s continued investment in research and development (R&D) to meet evolving cybersecurity threats and mission demands. This is in addition to the launch of Hypori Secure Messaging on October 21.

Hypori Mobile: Full Virtual Workspace, Re-Engineered

Hypori Mobile, the company’s full virtual workspace product, has undergone its most significant architectural innovation to date—redefining how virtual devices are delivered, managed, and experienced. By running Android OS natively on dedicated ARM-based cloud instances, Hypori eliminates shared compute environments to deliver a faster, more responsive, and isolated experience for every user.

This re-architected design boosts performance, strengthens security, and streamlines administration—enabling secure mobility at scale. With a modernized data plane and enhanced management flexibility, Hypori Mobile sets a new standard for virtual mobile infrastructure, empowering both end users and IT teams alike. Additional new capabilities with Hypori Mobile include, “App Gallery” delivers a Google Play Store-like experience, letting users easily install and remove optional apps on demand; enhanced notifications and expanded support for Gmail, Chat, Calendar, and Meet improves user awareness without compromising device security; as well as faster resume times with hibernation that allows virtual sessions to restore more quickly after idle periods, while also reducing cloud resource consumption.

Hypori Lyte: Lightweight, Mission-Focused Access

For government and enterprise customers who do not require a full virtual device or workspace, Hypori now offers three new lightweight deployment options under the Hypori Lyte family—tailored to specific mission and budget needs:

  • Lyte for Secure Messaging: A stand-alone, auditable, and secure messaging app that’s  lightweight and simple to deploy.
  • Lyte for Enterprise Browser: Delivers zero trust browsing and privacy-first design, enabling secure web access from any device without local data exposure.
  • Lyte for Applications: Provides secure access to a single application—such as email, customer relationship management (CRM), or human resource (HR) systems and others—in a compliant environment that protects corporate data without intrusive device management.

Availability

Hypori Mobile and Hypori Lyte for Secure Messaging are now available to all customers. Existing customers using the full virtual workspace—including government organizations operating in IL5 and FedRAMP High environments—have been seamlessly migrated to Hypori Mobile with no user action required. All data and credentials remain intact, allowing users to pick up right where they left off.

Hypori Lyte for Enterprise Browser and Hypori Lyte for Applications will be available for purchase in early 2026.

The Hypori Secure Workspace Ecosystem represents the next chapter in secure mobility—empowering organizations to operate faster, safer, and smarter. To learn more about the Hypori Secure Workspace Ecosystem, visit www.hypori.com or request a demo.

Leave a comment »

First Questrade, Then Wealthsimple And TD, And Now The Threat Actors Behind This Large Scale Phishing Campaign Are Now Going After National Bank Customers

Posted in Commentary on November 5, 2025 by itnerd

I have been tracking a threat actor who has used first Questrade and then Wealthsimple along with TD customers. But last night, I found evidence that the threat actor behind this campaign has shifted tactics to go after National Bank customers as evidenced by this:

Unlike the email that the sent masquerading as TD, this email is well done. But if you compare it to the other e-mails that have been used in this phishing campaign, it uses the same text claiming that you need to fill out a tax form with very similar text. So it’s the same threat actors.

And the website that they send you to is very high quality as well:

The only thing that gives it away as a phishing site is this:

The real domain for National Bank is https://www.nbc.ca. Highlighting the fact that you need to double and triple check where you are surfing to before you enter any information.

Clearly these threat actors are not stopping their activities. That absolutely means that they must be getting paid via stealing money from people who fall for this. Even if it is 2% of people that get scammed, it illustrates that a scam doesn’t have to be successful in volume to be successful.

Leave a comment »

October 2025: Ransomware Attacks Rising 25%

Posted in Commentary with tags on November 4, 2025 by itnerd

n a study published this morning, Comparitech found that ransomware attacks increased by 25 percent in October, rising to 684 in comparison to 546 in September. This is a significant increase in attacks and the third-highest monthly figure in 2025 so far. 

Manufacturers continue to see the most attacks, accounting for nearly 19 percent of attacks in October, but only rose 9% from September. In contrast, attacks on the healthcare sector rose significantly, jumping 115%. Other sectors that saw high increases were transportation (109%) and retail (104%).

Key findings for October include: 

  • 684 attacks in total — 47 confirmed attacks (confirmed by the entity involved)
  • Of the 47 confirmed attacks:
    • 27 were on businesses
    • 10 were on government entities
    • 3 were on healthcare companies
    • 7 were on educational institutions
  • Of the 637 unconfirmed attacks*:
    • 561 were on businesses
    • 14 were on government entities
    • 53 were on healthcare companies
    • 8 were on educational institutions
  • The most prolific ransomware gangs were Qilin (186), Akira and Sinobi (70 each), INC (32), Play (26), and DragonForce (20)
  • Qilin had the most confirmed attacks (10), followed by Clop (4) and RansomHouse (3)
  • Where hackers provided the data theft size (in 315 cases), over 162 TB of data was allegedly stolen, an average of 516 GB per breach
  • The US saw the most attacks (374), a 33 percent increase from September (282). Australia saw one of the biggest monthly increases in attacks (rising from four to 14), as did Japan (rising from three to 10)

For full details, including more details on the most impacted sectors, most active ransomware gangs, as well as most targeted countries, the full October ransomware roundup can be read here: https://www.comparitech.com/news/ransomware-roundup-october-2025/

Leave a comment »

RapidFire AI Launches Open Source Package to Accelerate Agentic RAG and Context Engineering Success

Posted in Commentary with tags on November 4, 2025 by itnerd

RapidFire AI today announced at Ray Summit 2025 RapidFire AI RAG, an open-source extension of its hyperparallel experimentation framework that brings dynamic control, real-time comparison, and automatic optimization to Retrieval-Augmented Generation (RAG) and context engineering workflows.

Agentic RAG pipelines that combine data retrieval with LLM reasoning and generation are now at the heart of enterprise AI applications. Yet, most teams still explore them sequentially: testing one chunking strategy, one retrieval scheme, or one prompt variant at a time. This leads to slow iteration, expensive token usage, and brittle outcomes.

Hyperparallel RAG Experimentation

RapidFire AI RAG applies the company’s hyperparallel execution engine to the full RAG stack, allowing users to launch and monitor multiple variations of data chunking, retrieval, reranking, prompting, and agentic workflow structure simultaneously, even on a single machine. Users see live performance metrics update shard-by-shard, can stop or clone runs mid-flight, and inject new variations without rebuilding or relaunching entire pipelines. Under the hood, RapidFire AI intelligently apportions token usage limits (for closed model APIs) and/or GPU resources (for self-hosted open models) across these configurations.

Dynamic Control and Automated Optimization

Beyond parallel exploration, RapidFire AI RAG introduces dynamic experiment control, a cockpit-style interface to steer runs in real time, and a forthcoming automation layer that supports AutoML algorithms and customizable automation templates beyond just grid search or random search to optimize holistically based on both time and cost constraints.

Maximal Generality and Open Integration

Unlike closed-system RAG builders tied to specific clouds or APIs, RapidFire AI RAG supports hybrid pipelines that mix self-hosted models and closed model APIs across embedding, retrieval, re-ranking, and generation steps. Users can run with OpenAI or Anthropic models, Hugging Face embedders, self-hosted rerankers, and any vector/SQL/full-text search backend, all within the same experiment workspace.

RapidFire AI’s technology is rooted in award-winning research by its Co-founder, Professor Arun Kumar, a faculty member in both the Department of Computer Science and Engineering and the Halicioglu Data Science Institute at the University of California, San Diego.

Availability

RapidFire AI RAG is available now as part of the company’s open-source release and installable via pip install rapidfireai.

To learn more, visit rapidfire.ai or explore the open-source repository on GitHub and the documentation site.

Leave a comment »

Palo Alto Report Outlines China’s Airstalk Supply-Chain Attack Campaign

Posted in Commentary on November 4, 2025 by itnerd

Palo Alto Networks has identified a new Chinese state-sponsored operation using a malware family called Airstalk to infiltrate business process outsourcing (BPO) providers as a conduit into their enterprise clients. The campaign leveraged PowerShell and .NET variants, abused AirWatch’s MDM API for covert C2, and used stolen signing certificates and timestamp manipulation to evade detection.

You can read Palo Alto’s report here: Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack

VP of Cyber Risk for HITRUST, Tom Kellermann had this to say:

“The Airstalk campaign demonstrates China’s continued pivot toward deep supply-chain infiltration, targeting BPOs as operational beachheads to silently reach their clients’ networks. By abusing AirWatch’s MDM API and pairing PowerShell and .NET implants with stolen certificates and timestamp tampering, Chinese operators are weaponizing trusted enterprise mobility infrastructure as covert C2 channels. This is calculated espionage, not opportunism. BPOs are trust concentrators, and once breached, they provide a direct path into multiple U.S. corporate environments. We must elevate third-party security monitoring, particularly API abuse detection and certificate validation, or these persistent access campaigns will proliferate unchecked across the economy.”

This highlights the threats that a supply chain attack can pose. It also shows the lengths that an organization will go to execute their plans. This attack is multi-layered which makes it harder to defend against. But not impossible if you take a more holistic view to securing your organization.

Leave a comment »

Active Archive Alliance Releases Report on How Active Archives Unlock the Value of Data for Innovation and Discovery 

Posted in Commentary with tags on November 4, 2025 by itnerd

The Active Archive Alliance today released a special report, “Preparing for Tomorrow’s Expanding Storage Challenge with Active Archive,” which showcases how active archives are solving data growth challenges and transforming data archives from passive repositories into active engines for innovation and discovery. It also highlights the need for new secondary storage tiers to address today’s data-driven applications.

Active archives enable reliable, online and cost-effective access to data throughout its life. They are compatible with flash, disk, tape, optical, cloud and emerging technologies, as well as file, block or object storage systems.

The report highlights applications and industries where active archives are ideal, including compliance and legal discovery, artificial intelligence (AI), machine learning, big data analytics, video surveillance, medical research and high-performance computing (HPC) environments. It also expands on key benefits of utilizing an active archive:

  • Sustainability: The growing demands of AI computing are pushing data centers and energy grids to their limits. By migrating low-activity or inactive data from HDDs to tape with an active archive, organizations can significantly reduce carbon emissions. 
  • Security: An active archive strengthens the protection of archival data by incorporating advanced features such as encryption, data immutability and an air gap, along with access and authentication controls.
  • Capacity and Performance: HDDs are widely used for storing massive datasets for AI training and inference, and they continue to increase capacity through innovations such as HAMR (Heat-Assisted Magnetic Recording), potentially enabling capacities to reach 50 TB per drive. At the same time, the LTO Ultrium roadmap calls for tape capacities to double with each new generation, with LTO-14 delivering up to 1,440 TB (1.44 PB) compressed per cartridge. HDDs and tape most often combine to host an active archive, offering features that boost both capacity and performance. 
  • Data Migration: An active archive for hybrid clouds is a modern data management solution that bridges on-premises and cloud environments, enabling seamless, long-term storage and access to archival data. Frequently accessed data can remain on premises or in high-performance cloud tiers, while less frequently accessed data is automatically moved to low-cost cloud storage.

The special report is a collaborative effort among the members of the Active Archive Alliance, who are bringing innovative technology solutions to the market to help meet the increased demand for effective data management. 

The full report is available here: Preparing for Tomorrow’s Expanding Storage Challenge with Active Archive.

Supporting Resources

Leave a comment »

University of Pennsylvania hacker claims to have stolen 1.2 million donor records in data breach 

Posted in Commentary with tags on November 3, 2025 by itnerd

Cybercriminals have claimed responsibility for the recent cyberattack on the University of Pennsylvania and the stealing of data on approximately 1.2 million students, alumni, and donors. Here are the details:

Penn has reported last week’s mass cybersecurity breach to the Federal Bureau of Investigation following reports that the hack compromised data for millions of individuals. 

The breach resulted in mass scam emails sent on Oct. 31 from multiple University-affiliated email addresses that were addressed to the Penn community and contained criticisms of the University’s security practices and institutional purpose. A University spokesperson wrote to The Daily Pennsylvanian that the matter has been referred to law enforcement and the FBI as Penn investigates a “breach of data of select information systems.”

In the initial emails, the hacker appeared to threaten to release user data, writing that “all your data will be leaked.”

“We understand and share our community’s concerns and have reported this to the FBI. We are working with law enforcement as well as other third-party technical resources to address this as rapidly as possible,” the spokesperson added. 

And according to Bleeping Computer, this is how the threat actors got in:

However, the threat actor behind the attack contacted BleepingComputer, claiming the intrusion was far broader and that they had gained access to multiple university systems.

The hacker said their group “gained full access” to an employee’s PennKey SSO account, allowing access to Penn’s VPN, Salesforce data, Qlik analytics platform, SAP business intelligence system, and SharePoint files.

I have a lot of commentary on this. Staring with Darren James, a Senior Product Manager at Specops Software:

“This incident highlights the double-edged nature of single sign-on (SSO). It is an effective way to simplify access and strengthen security through centralized monitoring and MFA, but if compromised, it can act like a master key and provide access to multiple connected systems at once.

In this case, the access spanning Salesforce, Qlik, SAP, and SharePoint is unusual and raises questions about how role-based access controls were managed. Even if this level of access was legitimate for the user involved, it reinforces the importance of strict privilege management and continuous identity monitoring.

The attacker’s behavior, including sending offensive mass emails, does not appear to align with professional or highly organized cybercrime groups. However, the volume and sensitivity of the data reportedly accessed makes the breach significant.

PennKey authentication appears to rely on a username and password followed by a DUO push prompt. That raises several important questions: Was the password reused or previously compromised? Was MFA configured properly, including fatigue protections? Was the second factor bypassed through social engineering, or could a stolen session token be responsible?

Modern identity security needs to go beyond MFA alone. Controls like device pinning and posture checks, which ensure credentials can only be used from trusted and compliant devices, would significantly reduce the likelihood of this type of intrusion.”

Ensar Seker, CISO at SOCRadar follows with this:

“The claims that 1.2 million donor, alumni and student records may have been exfiltrated at Penn including access via a compromised SSO account, VPN, SharePoint, Salesforce, SAP and BI systems highlight the highly leveraged value of non‑financial, crowd‑sourced datasets. What’s alarming here is the attack vector: the hacker asserts that rather than immediately demanding ransom, the aim was pure information theft and monetization of donor insights. 

If this breach is genuine as claimed, the impact extends beyond identity theft. Data sets linking net worth, donation history and demographic details (race, religion, sexual orientation) are highly tailored and valuable to adversaries launching social engineering, targeted phishing or credential stuffing campaigns. The fact that the initial indicators emerged as a provocative “we got hacked” mass‑email adds urgency: it wasn’t just a stealthy breach, it was weaponized for reputation and donor confidence.

In terms of dark‑web indicators, our dark web team is monitoring underground forums for early exposure of “appetizer” leak data and dataset advertisements associated with the incident. While we have not yet seen full confirmation of a wide‑scale public dump, the presence of credential sets tied to the institution suggests the attack may already be staging towards commercialization.

For organizations in the education or non‑profit sectors, the message is clear: privileged access to major donor platforms, CRM systems, marketing cloud tools and analytics portals must be treated with the same level of monitoring and segmentation as financial systems. A compromised user session in an SSO environment has proven more than enough to cascade into high‑value data loss.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech adds this: 

“None of the breached data poses a direct threat to victims or their finances. There are no passwords or Social Security numbers, for example. However, the info could be used to craft more convincing phishing messages that are tailored to the recipient. Be on the lookout for phishing messages from scammers posing as UPenn or a related organization. Never click on links or attachments in unsolicited emails.”

Finally, Chris Hauk, Consumer Privacy Champion at Pixel Privacy had this to say:

“Victims of the hack should keep an eye out for phishing emails, texts, and phone calls that may attempt to use the gleaned information to obtain additional data about the users. They should particularly be on the alert for emails appearing to come from the University of Pennsylvania.

Victims should also change any passwords that they have used for accounts that are connected to the university. They should also use a password manager to create unique and secure passwords for not only possibly targeted accounts, but for all of their accounts. Most popular password managers will check login credentials for each account, warning of duplicated passwords. Users should also enable multi-factor authentication on all of their accounts, not just their affected accounts. This will help guard against wide exposure in future data breaches.”

This is one of these hacks that will have downstream effects for years. Which is why the best defense is going to be to do everything possible to make sure that a hack like this never happens.

Leave a comment »

Minister McGregor and Global Tech Leaders Unite to Advance Talent, AI, and Innovation in Canada’s Future

Posted in Commentary with tags on November 3, 2025 by itnerd

The Honourable Graham McGregor, Ontario’s Minister of Citizenship and Multiculturalism, will join Obsidi®, North America’s largest network and job platform for Black and allied tech professionals, at the 2025 BFUTR Global Tech Summit presented by TD.

Themed “The New World of Work,” this year’s summit highlights Ontario’s leadership in fostering inclusive innovation and advancing AI talent development as key drivers of economic growth. Hosted at the International Centre, BFUTR convenes more than 20,000 Black professionals, executives, and allies from across North America to connect, collaborate, and shape the future of technology.

Minister McGregor will deliver remarks from the Main Stage on November 6, emphasizing Ontario’s commitment to building a strong, diverse innovation economy where every community can thrive.

As part of the Summit, Obsidi® and the Ministry of Citizenship and Multiculturalism will host a CIO Roundtable Discussion with senior technology leaders to explore how public–private partnerships can accelerate AI workforce growth and expand access to high-demand careers. The session will feature insights from Obsidi® Academy, a workforce initiative equipping Canadians with the technical and professional skills needed to succeed in AI, data, and software development roles.

Early results point to strong employer engagement and promising participant outcomes, underscoring how partnerships between government and industry can create sustainable pathways into Ontario’s innovation economy. The model aligns with the province’s Black Youth Action Plan, which supports equitable access to technology careers and long-term workforce representation.

The BFUTR 2025 Summit will also feature the release of Reprogramming the Enterprise: AI’s Reinvention of Technology, Talent, and Leadership, a national white paper developed by Obsidi® and senior Canadian executives outlining strategies for scaling AI adoption and inclusive workforce design across industries.

Headliners at BFUTR 2025

  • Bozoma Saint John – Former CMO of Netflix and trailblazing brand executive redefining
    bold, authentic leadership across tech and culture.
  • Dan Schulman – CEO Verizon and globally recognized voice in digital transformation and
    purpose-driven business.

These global thought leaders will join Minister McGregor and top CIOs and CTOs to explore how innovation, equity, and talent are reshaping the future of work and economic opportunity in Canada.

Leave a comment »

« Older Entries
Newer Entries »