The Threat Actors That I’ve Been Tracking Have Moved To Using TD For Their Phishing Campaign

Posted in Commentary with tags on November 14, 2025 by itnerd

Let me get you up to speed in case you’re tuning in for the first time.

I’ve been tracking a group of threat actors who started using Questrade and then Wealthsimple along with TD and finally the National Bank on two occasions to try and phish credentials from unsuspecting users in order to drain their bank accounts dry. And whomever is behind this campaign has got some degree of skill as for the most part, they have sent convincing phishing emails and have built convincing websites to back up those emails.

It now seems that the threat actors are back to using TD to try and pull off their scam based on this email that my honeypot got:

If this email looks familiar, that’s because it’s the same text that was used by the last National Bank phishing email. Only now it’s branded for TD. Which means that it’s the same threat actor at work here. Now when I tried to access the phishing website, it had already been shut down. But it was hosted by the same Chinese hosting company that hosted the second phishing attempt made by these scammers. Now to be clear, just because it is hosted by a Chinese company does not mean that the threat actors are Chinese. Though it would not surprise me if they were.

This likely means that my honeypot will see some more action. Though I have to wonder how long this campaign will continue. I guess I will find out.

UPDATE: A few minutes after posting this, my honeypot this email claiming to be from National Bank. Clearly the threat actors are flipping back and forth between banks in hopes of getting more victims.

Leave a comment »

CISA warning: Patch actively exploited Cisco flaws ASAP

Posted in Commentary with tags on November 13, 2025 by itnerd

The CISA issued an urgent warning that federal agencies must immediately patch two actively exploited Cisco ASA and Firepower vulnerabilities, CVE-2025-20362 and CVE-2025-20333. The flaws allow unauthenticated access to restricted endpoints and remote code execution, and when chained, give attackers full control of affected devices. Although Cisco patched the bugs in September after observing zero-day exploitation tied to the ArcaneDoor campaign, after many agencies incorrectly believed they had updated to safe versions. 

Gunter Ollmann, CTO, Cobalt had this to say:

“The ongoing exploitation of these Cisco flaws highlights how attackers increasingly rely on chaining weaknesses to gain rapid, unauthenticated control over perimeter devices. These types of edge-network compromises are particularly attractive because they create a launch point that bypasses many downstream defenses. The challenge is that organizations still struggle to validate their exposure in real-world terms, even when patches exist. Offensive testing helps reveal whether the environment behaves as expected after updates and whether an attacker could still traverse overlooked paths. Mature programs treat patching as the starting point, not the finish line, and use adversarial validation to catch residual gaps before threat actors do.”

Wade Ellery, Chief Evangelist and IAM Strategy Officer, Radiant Logic follows with this:

“When firewalls or VPN gateways are compromised, attackers often pivot quickly into identity systems because credentials remain one of the most reliable pathways to deeper access. Incidents like this reveal how perimeter flaws can cascade into identity-based risks when agencies lack unified visibility across accounts, entitlements, and authentication patterns. The limitation is that many organizations still operate with fragmented identity data, making it hard to detect suspicious changes that follow network intrusions. Strengthening identity observability provides the context needed to spot anomalies early and contain lateral movement before privileges accumulate. Agencies that unify and observe identity data will be better positioned to absorb these infrastructure-level shocks and maintain Zero Trust resilience.”

Once again it’s time to patch all the things because of an actively exploited threat. The “fun” never ends in this business.

Leave a comment »

Three destructive malware networks taken down in Operation Endgame 3.0 

Posted in Commentary with tags on November 13, 2025 by itnerd

Over the last three days, three major malware strains have been taken down in a large-scale law enforcement operation called Operation Endgame 3.0.

The ongoing initiative was coordinated by Europol and spanned 11 countries including law enforcement agencies from six EU countries, Australia, Canada, the UK and the US, and over 30 private partners from the cybersecurity industry.  

Impacted infrastructure is linked to notorious infostealer Rhadamanthys, a remote access trojan called VenomRAT, and the Elysium botnet.

The mission also resulted in:

  • Over 1025 servers taken down or disrupted
  • 20 domains seized
  • 11 locations searched
  • The arrest of the suspected main operator of VenomRAT in Greece

Rhadamanthys infostealer “had grown to become one of the leading infostealers since Operation Endgame ‘Season 2’ disrupted the infostealer landscape,” according to a UK government-funded non-profit Shadowserver Foundation statement published on November 13.

This latest operation is the third series of takedowns of cybercrime-enabling infrastructure after Operation Endgame 1.0 (May 2024) and Operation Endgame 2.0 (April 2025).

Phil Wylie, Senior Consultant & Evangelist, Suzu had this to say:

   “This operation shows what’s possible when intelligence and collaboration align, but dismantling one infrastructure doesn’t end the threat. Threat actors adapt fast, and defenders must be faster.

   “To help reduce such risks, practicing good security hygiene is imperative, as well as proactive security measures including security assessments including penetration tests, and security controls validation.”

Michael Bell, Founder & CEO, Suzu:

   “It’s true that it’s cat and mouse, but impact isn’t measured by permanence. Impact is measured by disruption cost and defender advantage gained.

   “Operation Endgame 3.0 is forcing adversaries to rebuild 1,025 servers and reconstitute infrastructure across three major malware families (Rhadamanthys, VenomRAT, Elysium) means they’re investing resources in recovery instead of new attacks, and every credential rotation or system hardening that happens during this window reduces future attack surface.

   “The arrest of VenomRAT’s main operator and seizure of databases containing millions of stolen credentials also creates operational security paranoia within cybercrime networks because when your infrastructure gets seized, you don’t know what intelligence law enforcement now has about your customers, affiliates, and future plans.

   “So yes, they’ll rebuild, but these operations buy defenders time, degrade adversary confidence, and validate the public-private collaboration model that’s the only way to sustainably disrupt the cybercrime ecosystem.”

John Carberry, CMO, Xcape, Inc.:

   “Reports indicate that criminals are now locked out of Rhadamanthys control panels, causing significant operational challenges for those involved. Security teams should now scan endpoints for remaining threats, change tokens and credentials across their systems, and integrate new indicators of compromise (IOCs) from the takedown to identify any lingering infections. Expect subsequent phishing campaigns and criminals’ attempts to rebuild infrastructure as they adapt and try new methods.

   “The only way to win the cyberwar is to persistently decapitate the criminal infrastructure that runs the world’s malware economy.”

I welcome this news as the only way to beat cybercriminals is to make the cost of operation so high and so difficult that they abandon ransomware as a means to make money. This is a step towards that goal. But only a step as more needs to be done.

Leave a comment »

World Quality Report 2025: AI adoption surges in Quality Engineering, but enterprise-level scaling remains elusive

Posted in Commentary with tags on November 13, 2025 by itnerd

OpenText in collaboration with Capgemini, an AI-powered global business and technology transformation company, and Sogeti (part of the Capgemini Group), today announced the 17th edition of the World Quality Report 2025: Adapting to Emerging Worlds. The report reveals that while nearly 90% of organizations are now actively pursuing generative AI (Gen AI) in their quality engineering (QE) practices, only 15% have achieved enterprise-scale deployment.

The report finds a widening gap between organizational interest in GenAI and actual readiness to adopt it effectively within QE. The journey from experimentation to implementation is more complex than anticipated, requiring alignment between operational innovation and strategic oversight.

Key findings from the report:

  • Widespread adoption: 89% of responding organizations are piloting or deploying GenAI–augmented workflows, with 37% in production and 52% in pilot phases.
  • Momentum and recalibration: The rate of non-adopters of GenAI increased to 11%, up from 4% in 2024, but still considerably lower than 2023’s 31%, indicating the initial rush has given way to a more grounded and complex strategy about readiness and value.
  • Limited scale: Only 15% of respondents have achieved enterprise-wide implementation, while 43% remain in the experimental phase and 30% operate within limited use cases.
  • Evolving use cases: GenAI is shifting from analyzing outputs (such as defect analysis and reporting) to shaping inputs, with test case design and requirements refinement now leading adoption.
  • Operational gains with caveats: Organizations report an average productivity boost of 19%, but one third have seen minimal gains, highlighting the need for smarter integration strategies.
  • New barriers emerge: In 2025, top challenges experienced by respondents include integration complexity (64%), data privacy risks (67%), and hallucination and reliability concerns (60%). This is a change from 2024 when top obstacles were more strategic in nature: lack of validation strategy (50%), insufficient AI skills (42%), and undefined QE organization (41%).
  • Skills gap remains: 50% report their organizations lack AI/ML expertise, which is unchanged from 2024.
  • Strategic misalignment: Many organizations treat GenAI as a tactical enhancement rather than a strategic enabler, resulting in fragmented execution and underfunded initiatives.

The report also emphasized the emergence of collaborative intelligence, where human expertise and AI capabilities combine to drive quality outcomes. This hybrid approach is proving essential as organizations navigate the tension between innovation and accountability. The report also showed that while shift left is still the dominant approach in quality engineering, the shift-right approach is gaining traction.

To download the full report, visit www.worldqualityreport.com.

Leave a comment »

BDO Digital recognized as a Finalist for the 2025 Microsoft Americas Partner of the Year – SI Canada Award

Posted in Commentary with tags on November 13, 2025 by itnerd

BDO Digital, BDO Canada’s technology advisory business, announced it has been named a Finalist for the 2025 Microsoft Americas Partner of the Year – Systems Integrator (SI) Canada Award. 

The firm received recognition among a group of top Microsoft partners for demonstrating innovation and successfully delivering customer solutions using Microsoft technologies.

The Microsoft Americas Partner of the Year Awards acknowledge Microsoft partners who have created and delivered exceptional Microsoft-based solutions, services, and devices in the past year. The award selections are categorized, with honourees selected from a pool of over 2,000 submitted nominations. BDO Digital was recognized for providing outstanding solutions and services in Canada, helping organizations translate AI strategy into measurable results through programs like Copilot Care+ and industry-specific accelerators.

In addition to its client impact, BDO Canada continues to advance community and inclusion initiatives, from participation in the Microsoft GPS Women’s Council to sponsorship of Global Fabric Community Day in Toronto. The firm has also deepened its own AI journey, resulting in a 92% monthly Copilot usage rate among licensed staff while also expanding its FutureCraft program to enhance AI literacy and confidence firm-wide.

The complete list of 2025 Microsoft Americas Partner of the Year winners and finalists can be found on the Americas Partner Blog.

Leave a comment »

Sage Intacct delivers new capabilities

Posted in Commentary with tags on November 13, 2025 by itnerd

 Sage today unveiled new functionality in Sage Intacct designed to help finance teams move from managing data to driving performance. These new features simplify operations, accelerate reporting, and empower finance teams to lead with accuracy, agility, and confidence.

With finance leaders under pressure to move faster and deliver more value, Edelman DXI research for Sage  shows that 84% want to close the books faster, and 87% are seeking greater automation across AP and reconciliation workflows. The latest Sage Intacct updates address these needs with AI-powered intelligence that helps teams work smarter and make confident, data-led decisions.

Alongside these innovations, Sage is taking steps to make AI more transparent and accountable. The Sage AI Trust Label, now live in Sage Intacct in the US and UK, gives customers clear insight into how AI is developed and applied, including how data is used, the safeguards in place to prevent bias, and the measures taken to ensure accuracy and compliance.

Driving the Next Era of High-Performance Finance

From AI-driven variance analysis and real-time reconciliation to automated consolidations, connected insurance data, and a growing network of intelligent Agents, Sage Intacct continues to deliver on its vision for High-Performance Finance, helping customers simplify complexity, improve control, and accelerate growth.

These Agents – including Close, AP, Time, Assurance, and the newly announced Finance Intelligence Agent – work together to automate repetitive tasks, surface insights in context, and provide finance leaders with continuous visibility across their operations. Together, they represent a significant step toward autonomous finance, where insights and actions flow seamlessly across the business.

As Sage advances this vision, partners and customers are already seeing how these innovations bring new levels of visibility and confidence to financial operations.

What’s New in Sage Intacct R4 2025

  •  Close Automation with Sage Ai 

    Close Automation with Sage Ai is now generally available for all customers in the US and UK, bringing together the full suite of intelligent close capabilities – Close Workspace, Close Assistant, Subledger Reconciliation Assistant, and Variance Analysis – all in one connected, Sage Copilot-guided experience. The solution provides visibility across teams, tasks, and entities, helping finance leaders identify issues early, shorten close cycles, and improve accuracy and auditability.

    Available to customers in the US and UK
  • Finance Intelligence Agent

    The Finance Intelligence Agent is the newest addition to Sage Intacct’s growing network of AI Agents, delivering autonomous insights alongside existing Close, Accounts Payable, Time, and Assurance Agents. It allows finance teams to ask questions in natural language through Sage Copilot and receive instant, actionable answers – transforming how they access, analyse, and act on data.

    Early Access available to customers in the US and UK from December
  •  Equity Method for Advanced Ownership Consolidation

    The new Equity Method for Advanced Ownership Consolidation automates equity accounting for complex, multi-level ownership structures, including partial ownership and multi-parent rollups. By automatically generating and recording equity entries during consolidation, finance leaders gain transparency, precision, and flexibility with affiliate-level reporting across multiple entities

    Available to customers in the US, UK, Australia, Canada, and South Africa
  • Sage Intacct PolicyConnect

    Sage Intacct PolicyConnect seamlessly integrates policy administration systems with the general ledger, giving insurance organizations a unified view of operational and financial data. This connection enables deeper analysis of profitability, exposure and performance, delivering real-time policy level data to accelerate reporting and provides actionable insights to stakeholders.

    Available to customers in the US
  • AI Trust Label Now Live in Sage Intacct

    The Sage AI Trust Label is now live in Sage Intacct in the US and UK, giving customers greater transparency and confidence in how AI is developed and used. It provides clear, accessible information on Sage’s responsible AI practices, including compliance, data use, safeguards against bias, and accuracy monitoring — helping businesses build trust and confidence in AI-powered finance.

    Now available to Sage Intacct customers in the US and UK
  •   Sage Expense Management

    Sage Expense Management, formerly Fyle, simplifies and automates expense workflows with real-time spend notifications and AI-powered receipt capture and matching. The card-agnostic solution lets organizations retain existing credit-card programmes while gaining instant visibility into spend, helping finance teams control costs, improve accuracy, and close faster.

    Available to Sage Intacct customers in the US

Leave a comment »

Why a Samsung tablet tops the tech gift list this holiday season

Posted in Commentary with tags on November 13, 2025 by itnerd

Did you know that 80% of Canadian Grade 4 students use a tablet or computer at home for schoolwork at least once a month? It’s clear that tablets are becoming essential tools, not just for adults, but for young learners too.

Just in time for the holidays, Samsung has introduced the new Galaxy Tab A11+, a powerful yet affordable tablet designed to inspire creativity, boost productivity, and make multitasking easier for Canadian youth (and their families).

Here’s what the Galaxy Tab A11+ can do:

Power that keeps up with them
Whether they’re gaming, streaming, creating, or tackling school projects, the Galaxy Tab A11+ offers smooth, optimized performance for every activity, making it easy for kids to stay engaged and productive.

Room for everything they love
With up to 8 GB of memory and 256 GB of storage, kids can download games, videos, and learning apps without worry. And for families that need even more space, storage can be expanded up to 2 TB with a microSD card.

Smarter learning and creativity with Galaxy AI
Built-in Galaxy AI gives young users an extra boost of creativity and curiosity, including live sharing with Gemini to get instant help with what’s on their screen.

The Galaxy Tab A11+ is available now at Samsung.com/ca and participating retailers.

Leave a comment »

Safe Software Ahead of Target to Reach $250M in Revenue by 2028

Posted in Commentary with tags on November 13, 2025 by itnerd

 Safe Software today announced strong business momentum and continued progress toward its goal of reaching $250M in revenue by 2028. Building on another year of record performance, Safe Software is ahead of its target, surpassing $100M in annual revenue in FY25, representing nearly 20% year-over-year growth.

The company’s employee base increased by 21.8% over the fiscal year, reflecting strategic investments in its people, culture, and innovation to meet global demand.

Internally, the growing Safe Software team has embraced AI, with over 600 active custom GPTs at the company, and over 40,000 messages per month sent to its enterprise GPT. Additionally, the company’s AI Champions Program has resulted in 20 internal demos posted for staff this quarter, covering a wide range of processes and tooling.

During the same period, Safe Software successfully expanded its international footprint with new operations in the UK and Ireland laying foundations for its next period of sustainable growth.

The business also introduced major product updates that further strengthened FME’s ability to connect and automate data across every system, including FME Realize and new Data Virtualization capabilities. Other major updates during the last fiscal year include: The launch of FME Multi-Language Availability24/7 global support for FME users and Safe Software being recognized as Customers’ Choice in the 2025 Gartner® Peer Insights™ ‘Voice of the Customer’ for third consecutive year in a row.

Earlier this month, the company also announced a new partnership with the Vancouver Canucks.

Leave a comment »

800M Credentials Analyzed – Which Breached Holiday Passwords Made the Naughty List?

Posted in Commentary with tags on November 13, 2025 by itnerd

With the holiday season rapidly approaching, Specops researchers wanted to find out how many people previously used this time of year as inspiration for passwords that ended up breached.

In analyzing 800 million compromised passwords, the researchers found 750,000 instances where end users picked memorable, festive passwords that ended up on breached lists creating security blind spots.

This research coincides with the latest addition of over 203 million new, unique compromised passwords to the Specops Breached Password Protection service. These passwords come from a combination of breached password lists, our honeypot network, and threat intelligence sources.

You can read the research here: Breached holiday passwords: Which made the naughty list?

Leave a comment »

Hacktivism in 2025: Where Politics Meets Cyberspace

Posted in Commentary with tags on November 13, 2025 by itnerd

Hacktivism has grown from small online protests into a regular part of the cyber world. What started as activism through hacking now often connects to larger political or strategic goals. 

In 2025, this has been truer than ever. Hacktivist activity is frequent and fast. Many attacks aim for attention more than damage. Leaks, DDoS, defacements, and ransomware now appear together. Telegram and X (Twitter) are key hubs for planning and spreading claims.

SOCRadar researchers have published an analysis on this very subject, diving into hacktivism in 2025, including the types of attacks most prevalent, the regions to watch going forward, and what to expect in 2026. 

You can read their analysis here: https://socradar.io/resources/whitepapers/hacktivism-in-2025-where-politics-meets-cyberspace/

Leave a comment »

« Older Entries
Newer Entries »