A Large Scale Questrade Phishing Campaign Is Making The Rounds

Posted in Commentary with tags on October 29, 2025 by itnerd

A threat actor is engaged in a large scale phishing campaign that is targeted at Questrade customers. The campaign starts with this email:

Now this all looks and sounds official. But it isn’t. When you look at the “Renew Your Form W-8BEN” link, you’ll note this:

While the link says Questrade in it, it clearly isn’t Questrade as the website isn’t going to someplace that Questrade controls. Instead it’s going to a website that the threat actor controls. Now rather than going down the rabbit hole of what is the goal of this campaign, I let Virus Total do it for me:

This appears to be a phishing campaign aimed at stealing your Questrade credentials. Not good. That is confirmed by going to the URL itself. Which by the way, you should never ever do:

This is an excellent replication of the real Questrade website as evidenced here:

It even has the text “Tip: Always double check the URL of log-in pages to keep your account secure” in it. Which if you follow their advice, you can recognize this as a phishing attempt.

I have seen a few dozen of these emails hit my honeypot recently. So this is a large scale phishing campaign. Likely being done by someone who is sending emails out by the thousands hoping to catch 1% of the recipients out and score a big payday as a result. Because scams don’t have to be successful in volume to be successful.

But we’re not done yet, there’s a second Questrade phishing email making the rounds:

The lure is different as it is trying to get you to fall for the scam by getting you to set up 2 factor authentication. But the net result is the same. It is trying to send you to a replication of the Questrade website that will steal your Questrade credentials, and your money along with it.

For the record, if you can use 2 factor or multi factor authentication for your accounts, it would make them way more secure. Questrade has instructions to set that up here.

Here’s the bottom line. If you you get one of these emails, delete it and move on with your life because it is clearly a scam. And a large scale one at that.

5 Comments »

TELUS Friendly Future Foundation launches second annual sweepstakes 

Posted in Commentary with tags on October 29, 2025 by itnerd

The TELUS Friendly Future Foundation launched its second annual Friendly Future Sweepstakes, this year in partnership with WestJet, offering Canadians 18 and older the chance to win a family trip for four to Costa Rica including flights, a five night stay at Planet Hollywood Costa Rica by Royalton and spending money. Additional prizes include the gift of flight for two guests to any regularly scheduled WestJet destination, prepaid gift cards, and more. Tickets start at $25 and are available online until December 5. TELUS Rewards members are able to redeem points for entries in the TELUS Rewards catalogue. WestJet Rewards members can now link their account to TELUS Rewards and convert points to use for entries from the TELUS Rewards catalogue. All proceeds support underserved, socially-minded post-secondary students through the TELUS Student Bursary program.

Building on the continued commitment to support even more youth in financial need across Canada, Canadians can also support the cause through the fifth annual Friendly Future Auction. Running until November 14, the auction features more than 100 carefully curated items up for bid, including tech and devices, vacation getaways, sporting event experiences, exclusive memorabilia and more. 

Since launching in 2023, the TELUS Student Bursary has supported more than 1,600 students across the country who are experiencing financial need and are committed to making a difference in their communities. Notably, 53 per cent of TELUS Student Bursaries in the 2025/2026 cohort were awarded to students who are the first in their family to pursue post-secondary education in Canada and 51 per cent went to students who are actively working during their studies to support themselves financially.

The next application window will open to eligible students in spring 2026. To learn more about the program or to donate to help even more students achieve their dreams, visit friendlyfuture.com.

For more information on the Friendly Future Sweepstakes, including how to purchase tickets, and view complete sweepstake rules, visit the friendlyfuture.com/sweepstakes. The sweepstakes end December 5, 2025.  To learn more about the Friendly Future Auction, including placing a bid visit friendlyfuture.com/auction.

Leave a comment »

KnowBe4 Uncovers Surged Abuse of Legitimate Platforms by Cybercriminals in 2025 

Posted in Commentary with tags on October 29, 2025 by itnerd

KnowBe4 today announced new research from its 2025 Phishing Threat Trends Report Vol. Six, which finds fundamental shifts in cybersecurity attacker tactics, prompting a significant increase in phishing attack volume from compromised accounts.

Key findings from the report include: 

  • Scattered Spider Destruction: The cybercriminal gang Scattered Spider breached multiple high-profile retailers in 2025, including M&S, Co-Op, Harrods and others, which caused hundreds of millions in damages and losses. These breaches spawned secondary phishing campaigns targeting customers, with attackers impersonating the compromised brands to harvest credentials. Scattered Spider’s signature tactics (including combining sophisticated social engineering, vishing, MFA bombing and credential harvesting) combine techniques that target both the technical and human layers as part of their attack methodology.
  • Voice Phishing Surge: Phone-based vishing attacks increased 449% compared to 2024, with phone numbers appearing as the sole payload in 5.5% of phishing emails. Researchers discovered that 77% of callback numbers used AI-generated voices, while 69% of vishing attacks were financially motivated, requesting bank detail changes, fraudulent refunds or transfers. 
  • Legitimate Platform Hijacking: Perhaps most concerning, cybercriminals increased their abuse of legitimate platforms like QuickBooks, Zoom, SharePoint, and PayPal by 67% year-to-date. These attacks pass DMARC authentication 100% of the time and often bypass traditional defenses because they originate from trusted domains. 

Download the KnowBe4 2025 Phishing Threat Trends Report

Leave a comment »

OpenText Cybersecurity Launches New Capabilities to Create Trusted Foundation for AI

Posted in Commentary with tags on October 29, 2025 by itnerd

 OpenText today announced new cybersecurity capabilities designed to help enterprises embed AI into everyday security work and enforce governance and compliance at scale. OpenText™ Cybersecurity unifies defenses across identity, data, applications, SecOps, and forensics, putting AI directly in the flow of work with OpenText™ Core Threat Detection and Response for behavioral analytics, OpenText™ Core Identity Foundation for advanced permission settings and access protection, and OpenText™ Application Security Aviator auto-remediation during application testing.  Along with OpenText Data Privacy and Protection for advanced encryption, these advanced new cybersecurity capabilities in CE 25.4 strengthen compliance with built-in controls (GDPR, HIPAA, PCI DSS) and ensure enterprise AI runs on security that is adaptive, governed, and trusted.

New innovations include:

  • Get AI Ready with Simplified Identity and Access for Hybrid Environments
    With OpenText Core Identity Foundation, organizations can unify identity and access across on-premises, cloud, and legacy environments without costly infrastructure overhauls. SaaS-based Zero Trust controls and enforces least-privilege access by fully managing all the edge identity stores across disparate environments as part of the Identity-as-a-Service (IDaaS) vision.
  • Put AI in Context with Secure Software Delivery Powered by AI Auto-Remediation
    Development teams can fix vulnerabilities in minutes instead of days with OpenText Application Security Aviator 25.4. Automated, validated code fixes reduce security debt and embed protection directly into DevSecOps workflow through the Fortify Command Line Interface (fcli).
  • Secure, Governed, Compliant with Proactive Threat Detection and Built-In Compliance
    OpenText Core Threat Detection and Response bring behavioral analytics into the SOC. OpenText Data Privacy and Protection is advanced encryption service that protects sensitive data at rest, in transit, and as it feeds AI. And if you’d like to gain expert help, OpenText Managed Security Services can bring Managed Extended Detection and Response (MxDR) and PCI-DSS attestation services to help security teams detect threats faster, respond in real time, and meet regulatory requirements with less operational overhead. For organizations seeking expert support, OpenText Managed Security Services can bring Managed Extended Detection and Response (MxDR) and PCI-DSS attestation services to help security teams detect threats faster, respond in real time, and meet regulatory requirements with less operational overhead.

The new capabilities are currently available with OpenText Cloud Editions 25.4.

Additional Resources

  • To explore OpenText™ Application Security Aviator 25.4 or request a personalized demo, click here.
  • For more information on OpenText™ Core Identity Function or to request a personalized demo, click here
  • To learn more about OpenText™ Managed Security Services, click here.
  • Learn more about OpenText™ Core Threat Detection and Response (TDR) here.
  • Learn more about OpenText™ Data Privacy and Protection Foundation (Voltage) here.

Leave a comment »

AI-Assisted Management Drives Latest SUSE Linux Release

Posted in Commentary with tags on October 29, 2025 by itnerd

The industry’s first enterprise Linux that integrates agentic AI is SUSE Linux Enterprise Server (SLES) 16, announces SUSE , a global leader in enterprise open source solutions.  This release provides deeper visibility, insights and automated management to streamline operations, reduce operational costs and time troubleshooting and create a faster time to market for mission critical applications. 

SLES 16 introduces agentic AI, with an implementation of the Model Context Protocol (MCP) standard. The SUSE Linux agentic AI implementation gives enterprises a secure, extensible way to connect AI models with external tools and data sources, while preserving freedom to choose and extend their preferred AI providers without lock-in. It provides a resilient and secure foundation, combining long-term lifecycle guarantees and enterprise-grade automation. 

SUSE Linux Enterprise Server (SLES) The First AI-Ready Linux for Agentic AI

SLES 16 introduces a framework for embedding intelligence directly into the OS. 

  • Integrated Agentic AI and MCP: SLES 16 implements the MCP (Model Context Protocol) standard and provides MCP host and server components, as tech preview, to seamlessly integrate AI operations. It enables AI-powered local administration through the simplified, browser-based interface Cockpit web console, the default configuration management tool for SLES 16,  and the command line, reducing operational overhead. 
  • Bridge to any LLM: The platform connects to any Large Language Model (LLM) provider.
  • Future-Ready Architecture: The SUSE linux of agentic AI implementation uses an extensible, standards-based architecture ready for the next generation of agentic AI. 

Additional Features 

  • A Predictable, Simpler and Longer Lifecycle: One of the longest support timeframes in the market, a 16 year total lifecycle,  backs the SLES 16 codestream. This makes it the first and only enterprise Linux with a support commitment that makes it post-2038 ready, guaranteeing support after that critical date without requiring disruptive upgrades. 
  • Instant Rollback:  Administrators can instantly roll back nearly any modification, from a system upgrade, a software patch, to a single configuration edit. Now enabled by default in cloud images, this provides a surgical, OS-level recovery option that is far faster and more granular than traditional VM-level snapshots.
  • Reproducible Builds: SLES 16 is the first Enterprise Linux distribution built with reproducible builds, giving customers the unprecedented ability to independently verify and even rebuild their enterprise Linux distribution from source while remaining fully supported by SUSE. This ultimate level of transparency and control, combined with Software Bills of Materials (SBOMs), is part of a development process evaluated for the highest security certifications (EAL4+) in the Linux market.
  • Reduced Skills Gap: The mainstream components in SLES 16 shrinks the skills gap when moving from other distributions. ·

Availability

SLES 16, including the SUSE Linux Agentic AI implementation, is available to all SUSE customers and partners starting today. 

Also available today, the SUSE Linux product family launches with a suite of tailored solutions to meet specific enterprise needs, ensuring there is an adapted Linux for every workload. This comprehensive launch includes:

  • SUSE Linux Enterprise Server for SAP applications 16: Available for mission-critical SAP environments, providing a secure, high-performance foundation optimized for SAP HANA and S/4HANA workloads.
  • SUSE Linux Enterprise High Availability Extension 16: Designed to ensure maximum business continuity, this extension provides automated failover and clustering to protect essential services and prevent downtime.
  • SUSE Linux Micro 6.2: Perfect for workloads needing a more resilient OS, like edge, embedded and other dispersed deployments, this resilient-by-design, transactional, and immutable OS enables an image-based mode perfect for predictable, automated DevOps at scale.

For details, please visit www.suse.com/server  and the SLES 16 blogpost.

Leave a comment »

Acronis Announces Cyber Protect Local to Deliver Unified Cyber Resilience for On-Premises and Sovereign IT/OT Environments

Posted in Commentary with tags on October 29, 2025 by itnerd

 Acronis today announced the launch of Acronis Cyber Protect Local, a solution delivering natively integrated cyber resilience for on-premises, sovereign private cloud, and air-gapped IT and operational technology (OT) environments. Designed for organizations where cloud deployment is not an option, the solution combines robust backup, rapid recovery, cybersecurity, and endpoint management in a single platform, enabling agile, resilient, and compliant IT and OT operations while reducing costs and operational complexity.

Built on Acronis’ proven cyber protection expertise, Acronis Cyber Protect Local keeps the data securely within the customer’s perimeter, ensuring full data sovereignty and regulatory compliance. The solution supports legacy systems and modern hypervisors including Windows XP, OT/ICS environments, Nutanix, Proxmox, VMware, and Hyper-V to ensure complete coverage across mixed infrastructures. Customers benefit from strong backward compatibility, one-click self-service recovery, and expanded workload portability for virtual and hyper-converged environments.

Users also gain the advantage of natively integrated endpoint security and management, including automated discovery of unmanaged devices via Device Sense™, helping reduce tooling complexity while enhancing operational efficiency. P2V, V2V, and cross-platform recovery are simplified, with no need for separate agent installations, enabling organizations to migrate workloads seamlessly while maintaining protection.

By consolidating multiple tools into a single platform, Acronis Cyber Protect Local reduces complexity and significantly improves IT professional productivity while enhancing operational efficiency and reducing the cost of ownership. AI-driven automation, anomaly detection, self-service recovery, cross-platform migration, and SIEM integration enable both IT and non-IT users to respond rapidly to threats and disruptions.

Key capabilities include:

  • Unified cyber resilience: Backup, recovery, cybersecurity, and endpoint management in a single agent and single console.
  • Data sovereignty: Keeps management and data within customer perimeter to ensure compliance.
  • Comprehensive workload support: Covers legacy OS, OT/ICS, and modern virtualization platforms for complete protection across hybrid and mixed environments.
  • AI-driven automation: Streamlines management, anomaly detection, and remediation.
  • Self-service recovery: Empowers users to recover data and systems independently, improving resilience.
  • Cross-platform agility: Enables seamless migration and recovery across diverse environments.

With Acronis Cyber Protect Local, organizations gain proactive, active, and reactive defense layers purpose-built for environments where cloud connectivity is limited or prohibited. This local-first innovation extends the reach of Acronis’ global cyber protection technology to enterprises, industrial organizations, and multi-site entities that require secure, disconnected deployment options.

To learn more about how Acronis Cyber Protect Local protects on-premise environments, visit the blog: https://www.acronis.com/en/blog/posts/built-for-control-acronis-cyber-protect-local-simplifies-sovereignty-and-compliance/

For more information about Acronis Cyber Protect Local, visit: https://www.acronis.com/en/products/cyber-protect/licensing/local

Leave a comment »

DH2i Launches Hands-On Tutorial for Building a Test Lab for SQL Server 2025 on Kubernetes Using Minikube

Posted in Commentary with tags on October 29, 2025 by itnerd

 DH2i today announced the release of a new hands-on tutorial titled, “Build a Test Lab for SQL Server 2025 on Kubernetes Using Minikube” that provides developers, database professionals, and other IT professionals with a practical, self-paced tool for experimenting, testing, and learning about Kubernetes and DH2i’s DxOperator technology.

In DH2i’s new tutorial, minikube serves as the foundation for building a personal, hands-on Kubernetes lab environment – right on the user’s own personal laptop, and in doing so, it provides:

 Accessible learning environment:

  • Users can explore Kubernetes concepts without needing access to a corporate or cloud cluster
  • It spins up a single-node Kubernetes cluster locally, so users can experiment freely without risking production systems

 Skills development & other practical applications:

  • Users naturally gain familiarity with Kubernetes fundamentals as they create clusters, deploy containers, and execute kubectl commands
  • These same skills are also directly applicable when managing enterprise-scale clusters on platforms like Amazon EKS and Azure Kubernetes Service

Tutorial Resources:

Video: https://dh2i.com/deploy-sql-server-ag-dxoperator-minikube/

Blog: https://dh2i.com/blog/build-sql-server-kubernetes-test-lab-minikube/

1 Comment »

Foxit Authorized as a CVE Numbering Authority (CNA)

Posted in Commentary with tags on October 29, 2025 by itnerd

Foxit today announced that it has been authorized as a CVE Numbering Authority (CNA) by the Common Vulnerabilities and Exposures (CVE) Program.

This designation officially authorizes Foxit to assign CVE Identifiers (IDs) and publish CVE Records for security vulnerabilities found in its products, greatly simplifying the process for coordinated disclosure and patching for its global customer base, including enterprise and government clients.

Taking Control of the Vulnerability Lifecycle

As a newly certified CNA, Foxit will directly help uphold the global standard for vulnerability detection. This status emphasizes the company’s dedication to proactive security, transparency, and compliance with strict federal and international compliance regulations.

Key Benefits of Foxit’s CNA Status:

  • Faster Response: Direct control over ID assignment significantly reduces the time between vulnerability discovery and official public notification.
  • Enhanced Transparency: The ability to issue official CVE Records provides customers and security analysts with clearer, standardized information about vulnerabilities affecting Foxit products.
  • Streamlined Collaboration: Foxit can now coordinate the disclosure process more effectively with independent security researchers, ensuring proper credit and protecting users from zero-day exploits.

Commitment to the Global Security Community

The CVE Program, sponsored by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), is a global effort to identify, define, and catalog publicly known cybersecurity vulnerabilities. Foxit joins hundreds of organizations worldwide participating in this effort.

Foxit is dedicated to fostering a more secure ecosystem and encourages security researchers to continue reporting potential vulnerabilities through its established disclosure channel at www.foxit.com/support/security.

Leave a comment »

Has HSBC USA Been Pwned?

Posted in Commentary with tags on October 29, 2025 by itnerd

Hackers allegedly breached HSBC USA and stole customers’ records, including bank account numbers and transaction details. A threat actor posted screenshots and data samples on a dark web leak forum. The alleged stolen database contains names, addresses, Social Security numbers (SSNs), dates of birth, phone numbers, email addresses, transaction histories, stock orders, and bank account numbers.

Researchers who analyzed the provided sample suggest the data may be legitimate and appear recent. HSBC has acknowledged a recent denial-of-service (DoS) attack, but the bank denies any customer data was accessed or lost.

Ignas Valančius, Head of Engineering at the cybersecurity company NordPass, comments:

“If true, this could be one of the most dangerous attacks in recent years. We have seen a lot of cyber incidents recently in the retail, aviation, and automotive industries. However, these were primarily related to ransom demands and mostly impacted breached companies. Some of them were even forced to stop their activities. In this alleged attack on HSBC USA, personal customer data could have been stolen along with financial information. Similar cases proved that from there, it’s only a small step to financial fraud — or, even worse, identity theft.”

“The data hackers allegedly obtained allow malicious actors to empty accounts, take out loans, open fraudulent accounts, file fake tax returns, or use the stolen personal information for further fraud or cyber attacks, such as spearphishing. Attackers could also attempt to use the data to impersonate legitimate institutions.”

“If we look at cold numbers only, the financial impact of this attack will likely be noticeably lower than those of some recent, widely discussed incidents, like the Jaguar Land Rover incident. However, the attack on HSBC may result in personal tragedies and cyber harassment for businesses that had used HSBC services.”

“HSBC, ranked among the biggest banks in the world, has been reducing its retail banking operations in the US and focusing on corporate clients recently. It has largely exited the U.S. mass retail banking sector. As a result, the retail data might be older than the hackers claim. Regardless, it would be prudent for all bank customers, both business and private, to change their passwords and activate multi-factor authentication (MFA) on online banking platforms and apps if they have not done so already. I would also advise to maintain heightened vigilance for phishing emails. After such attacks, phishing, spearphishing, CEO fraud, and other social engineering attacks typically increase.”

This is potentially a scary hack. This will need to be watched closely as the fallout from this could be massive.

Leave a comment »

Fortra Launches DSPM Solution to Protect Data From Endpoint to Cloud  

Posted in Commentary with tags on October 29, 2025 by itnerd

Fortra announced today the launch of its new Data Security Posture Management (DSPM) solution to enable organizations to discover, classify, and protect sensitive data across their hybrid cloud. Fortra DSPM expands the company’s comprehensive security portfolio by addressing one of the most critical challenges facing modern enterprises: maintaining visibility and control over data in increasingly complex, distributed environments. 

As organizations increasingly embrace hybrid cloud architectures, sensitive data continues to proliferate across countless shadow repositories, applications, and environments. The modern threat landscape demands that businesses not only know where their critical data resides, but also understand how it’s being accessed, used, and protected. Traditional data protection approaches fall short in today’s dynamic threat environments, creating dangerous blind spots that cybercriminals are quick to exploit. 

Fortra DSPM delivers automated data discovery across on-premises, cloud, and hybrid environments, intelligent classification of sensitive information, and continuous monitoring of data security posture. By providing real-time insights into data risks and compliance gaps, the solution enables security teams to proactively address vulnerabilities before they can be exploited.  

The DSPM solution integrates seamlessly with Fortra’s existing security portfolio, providing customers with a unified approach to protecting their infrastructure and data assets. 

 

Leave a comment »

« Older Entries
Newer Entries »