Salesforce breach escalates: Qantas & Vietnam Airlines data leaked on dark web 

Posted in Commentary with tags on October 20, 2025 by itnerd

Outpost24 researchers have published an analysis on the recent developments surrounding the Salesforce data breach. The breach has continued to escalate, with Qantas and Vietnam Airlines data now being leaked on the dark web. 

The analysis dives into the exact timeline of events, the amount of data being leaked, the broader risk of these events, and how the threat actors behind this, Scattered Lapsus$ Hunters, typically run their attacks. The researchers determined that this incident highlights two critical realities. 

One, that an organization’s security perimeter is no longer just the firewall, but all third party platforms that have access to company data and software. And two, that threat actors are increasingly targeting individuals to bypass technical controls. By exploiting insider employees, Scattered Lapsus$ and many other groups, are leveraging major data leaks. All because of effective social engineering. 

For full details, the analysis can be read at this link: https://outpost24.com/blog/salesforce-breach-qantas-vietnam-airlines/

Leave a comment »

Over 17 Million Consumers Impacted In Prosper Lending Platform Data Breach

Posted in Commentary with tags on October 17, 2025 by itnerd

Data breach tracking website Have I Been Pwned posted yesterday that US peer-to-peer lending platform Prosper was hit with a breach that affected 17.6 million customers.

Prosper initially announced last month that it had detected unauthorized access on their systems resulting in the exposure of an undisclosed number of customers and applicant information. The company shut down the activity promptly and confirmed that the unauthorized access was revoked as of September 2.

John Carberry, Solution Sleuth with cybersecurity services provider Xcape, Inc.offers perspective:

    “The Prosper data breach is a serious one, both in terms of the number of people affected and the sensitivity of the compromised information. With 17.6 million customers impacted, and data including Social Security numbers, credit scores, and income details exposed, this incident could lead to various types of fraud, such as identity theft, synthetic identity creation, and phishing attacks. Although Prosper says there’s no evidence of unauthorized account access or stolen funds, breaches involving financial data often have lasting consequences, with issues appearing months or even years later. This event highlights how crucial it is for financial platforms to have strong identity and access management, continuous monitoring, and robust data encryption. Those affected should immediately take steps like credit monitoring, fraud alerts, and closely monitoring their accounts. For organizations, this serves as a reminder to minimize data retention, enforce least-privilege access, and ensure quick breach detection and response to limit damage.

    “Simply put, companies that store this type of PII in the course of operating their businesses have a fiduciary responsibility to protect it.  It is no longer enough to have a “proper” response to such breaches.  Consumers must demand stronger data protections and accountability from these vendors at the outset.”

Companies need to take better steps to avoid a situation like this. I say that because the sort of information that has been leaked should be extremely difficult to get. In this case, that does not seem to be case.

Leave a comment »

NATO’s Biggest Naval Exercise Proves Undetectable Ship-to-Ship Laser Communication

Posted in Commentary with tags on October 17, 2025 by itnerd

Lithuanian space and defense tech company Astrolight has successfully demonstrated undetectable, unjammable, and high-bandwidth laser-based ship-to-ship communication with its POLARIS terminal during REPMUS’25, NATO’s largest unmanned maritime exercise recently.

During the REPMUS (Robotic Experimentation and Prototyping using Maritime Uncrewed Systems)/Dynamic Messenger mission, hosted by the Portuguese Navy, POLARIS laser terminals maintained a stable, jam-proof horizon-limited laser-based link between two vessels: NRP Dom Francisco de Almeida and NRP Dom Carlos I. During testing, the link wasn’t detected by a single sensor of other participating ships, drones, and land assets.

Astrolight’s terminals also transmitted gigabytes of data at latencies and speeds that allow for more than 10 concurrent, real-time HD video streams, even through rain and fog, during the day and night.

Jamming is a serious problem at sea because it can distort satellite navigation, confuse radar and ship-tracking displays, and interrupt radio and satellite communications. In such cases, crews switch to less secure backup methods like noisy radio or signal lamps that increase a ship’s electromagnetic signature and make it easier to detect.

The demonstration of Astrolight’s POLARIS in Portugal builds on prior tests with the Lithuanian Navy.

NATO’s REPMUS/Dynamic Messenger exercise combines REPMUS, the top event for maritime robotics and unmanned tech, and Dynamic Messenger, a program for testing innovative naval systems. They bring together NATO Allies, partners, academia, and industry experts, and provide a realistic setting to evaluate new maritime capabilities and promote their integration into NATO operations.

Leave a comment »

Forcepoint X-Labs Publishes Research on Escalating AI Cybersecurity Arms Race

Posted in Commentary with tags on October 17, 2025 by itnerd

 Forcepoint X-Labs has released a new post by researcher Jyotika Singh, which is a deep dive into the accelerating AI Cybersecurity Arms Race. The post details how artificial intelligence is simultaneously empowering defenders with real-time detection while helping adversaries automate deception at massive scale. The central finding is that every algorithm built for protection can now be turned to exploit, making speed and continuous adaptation the only sustainable advantages.  This analysis highlights that the challenge for security leaders is no longer whether to use AI, but how to stay ahead of sophisticated, AI-enabled adversaries.

Key highlights from the research include:

  • Adversaries are leveraging malicious LLM variants (such as FraudGPT and WormGPT) to automate phishing kit creation, malware generation, and massively scale social engineering operations. 
  • Deepfake technology has fully graduated from theory to multi-million-dollar real-world fraud, exemplified by a confirmed £20M video-call scam that impersonated company officers for a fraudulent transfer. 
  • Attackers are using Reinforcement Learning (RL) to train generative models to automatically evolve polymorphic payloads, creating malware that changes structure to evade endpoint security products. 
  • Defenders are fighting back with multi-layered ML/DNN classifiers and ‘Agentic AI’ systems, cutting average dwell time by automating real-time threat detection and high-volume tasks like alert triage. 
  • Actionable recommendations for organizations, including enforcing out-of-band verification for high-value transfers and continuously red-teaming internal ML models against adversarial inputs.

This research reinforces that the future of cybersecurity will be decided by who adapts the fastest, and that human oversight paired with intelligent automation is critical to maintaining confidence in protection.

The full blog post can be found at https://www.forcepoint.com/blog/x-labs/ai-cybersecurity-arms-race

Leave a comment »

Microsoft Logo Used in Fake Browser Lock Tech Support Scam – SOCRadar’s CISO Comments 

Posted in Commentary with tags on October 16, 2025 by itnerd

Researchers have uncovered a new campaign that weaponizes Microsoft’s name and branding to lure users into fraudulent tech support scams. What makes this scam different from others is the use of social engineering, fake system alerts and deceptive UI overlays to execute the scam.

More details can be found here: https://cofense.com/blog/weaponized-trust-microsoft-s-logo-as-a-gateway-to-tech-support-scams

Ensar Seker, CISO at SOCRadar, provided the following comments:

“This scam is an advanced form of client-side browser manipulation that exploits both psychological and technical blind spots. By weaponizing the browser through JavaScript-based UI freezing, attackers simulate a system-level lock, often hijacking the mouse cursor, displaying modal pop-ups, and suppressing keyboard interactions. This creates a false sense of urgency and loss of control, coercing victims into calling a fraudulent support number.

“Technically, this scam evades email security layers by using CAPTCHA challenges and redirect chains to delay payload execution until after user interaction, which frustrates sandbox-based detection. It also mirrors tactics used in scareware and fake AV campaigns from a decade ago, now modernized with brand impersonation and responsive browser exploits.

“For defenders, it reinforces the importance of browser hardening, zero-trust browsing environments, and robust user awareness, especially training users to recognize fake urgency cues and never call unknown support numbers prompted by web pop-ups.”

Threat actors seem to be evolving faster than defenders can keep up. And this campaign illustrates that. That should make it clear that defenders need to evolve just as fast or bad things will happen to those they are protecting.

Leave a comment »

Centreon Launches a Scalable and Cost-Effective Observability Platform    

Posted in Commentary on October 16, 2025 by itnerd

Centreon today announces the launch of the Centreon Observability Platform, a portfolio of simple, scalable and cost-effective solutions designed to deliver extended visibility and make enterprise-grade observability accessible to all organizations.

Rising Demand for Observability

Modern organizations rely on increasingly complex digital infrastructure, from hybrid cloud environments to distributed applications and customer-facing services. Downtimes, performance degradation, and poor user experience directly impact revenue, brand reputation, and employee satisfaction. 

As Gartner highlights, observability platforms are now vital to ensure availability, resilience, and business continuity, with the market expected to reach $14.2 billion by 2028, growing at 11.1% CAGR. 

In this context, Centreon extends its leadership in IT infrastructure monitoring to deliver extended visibility, helping organizations keep digital systems always-on and high-performing. 

The Centreon Observability Platform

The Centreon Observability Platform combines IT infrastructure monitoring, log management, and digital experience monitoring in a simple, scalable, and cost-effective solution. 

Built on open-source standards and designed for flexibility, it empowers IT teams to detect incidents faster, resolve issues smarter, and operate with greater efficiency. Its modular design allows organizations to deploy each capability independently or as an integrated observability stack, ensuring maximum adaptability and optimized total cost of ownership.

Centreon Infra Monitoring

Since 2005, Centreon Infra Monitoring provides a single platform to monitor the entire hybrid IT stack, from cloud-native and containerized environments to legacy systems and OT/IoT infrastructures. With auto-discovery, 700 built-in connectors, and powerful visualization, Centreon Infra Monitoring empowers IT Ops and NOC teams to gain complete visibility across distributed infrastructures and detect issues faster. By reducing MTTR, ensuring SLA compliance—while integrating seamlessly with ITSM and automation tools and aligning IT performance with business outcomes, Centreon Infra Monitoring eradicates downtime and maximizes productivity. 

Centreon Infra Monitoring is available immediately as open source download, or commercial self-hosted or full SaaS offering. Visit Centreon Infra Monitoring overview, to learn more. 

Centreon Digital Experience Monitoring

Centreon Digital Experience Monitoring (DEM) helps e-commerce, digital businesses, and public organizations maximize user satisfaction, customer conversion rates and sustainability goals. By combining real-user monitoring (RUM), synthetic testing (STM), and financial impact insights, Centreon DEM provides a shared view across business, marketing, and IT teams of how performance drives both revenue and ESG outcomes. This ensures faster detection and resolution of issues, measurable ROI from optimization initiatives, and a direct link between digital performance and corporate sustainability strategies. 

Centreon DEM is available immediately for commercial purchase. To learn more visit Centreon DEM Overview.

Centreon Log Management

Centreon Log Management is a next-generation solution designed for simplicity, scalability, and compliance, accessible to every IT Operations team. Designed for simplicity, scalability, and speed, it combines OpenTelemetry standard with data enrichment to cut through log noise and surface what really matters. From real-time alerting to root cause analysis, every feature is built to reduce complexity and accelerate decision-making. Delivered as a sovereign, cloud-native platform, Centreon Log Management helps IT teams stay compliant, proactive, and always in control without the complexity, while managing cost effectively. 

Centreon Log Management is currently on Beta Release. Visit Centreon Log Management Overview, to learn more.

Leave a comment »

Over 850 New Phishing Sites Target US Taxpayers

Posted in Commentary on October 16, 2025 by itnerd

Ahead of the October 15th tax deadline extension, Netcraft researchers discovered at least 850 newly registered domain names in September and October with phishing links that use tax refunds as a lure. 

Fast Facts:  

  • Most of the websites are engineered to display in mobile browsers, meaning visitors typically arrive at the pages from smishing attacks targeting the messaging apps in their mobile phones.
  • Visitors to any of the sites are presented with pages that direct the target to enter personal financial information into a form, including the target’s name, home address, telephone number and email address, as well as payment card details. 
  • The attackers employ a ruse in which the explanation for the request for information is that it is needed to process a refund, or reimbursement, of taxes ostensibly overpaid by the target. 

Netcraft has a blog on this here: https://www.netcraft.com/blog/taxpayers-drivers-targeted-in-refund-and-road-toll-smishing-scams

Leave a comment »

More Dreamforce News: AWS, Google + Stripe Partnerships

Posted in Commentary with tags on October 16, 2025 by itnerd

Here’s a new update from Dreamforce 2025 —where Salesforce unveiled Agentforce 360, the world’s first platform designed to connect humans and AI agents in one trusted system.

The core message from Dreamforce is that AI’s real potential lies in deeply interwoven LLMs and enterprise software. Salesforce announced a series of partnerships with OpenAIAnthropic and more, putting it at the heart of delivering secure, interoperable AI at scale and strengthening the backbone of the $6T agent economy.

Noteworthy highlights from Dreamforce below (all fresh updates since our email on Tuesday):

  • Expanded Google Partnership – Salesforce and Google announced an expansion of their strategic partnership, introducing a new wave of AI innovations designed to transform the enterprise. This collaboration brings Google’s cutting-edge Gemini models to the new Agentforce 360 Platform. The expanded partnership places employee productivity at the forefront, integrating Agentforce 360 with Google Workspace for sales and IT service and expanding the Salesforce Gemini integration, already available in Gmail, to more Google Workspace tools.
  • Stripe Partnership – Salesforce announced a collaboration with Stripe and OpenAI to build an Instant Checkout integration, guided by the Agentic Commerce Protocol (ACP), allowing thousands of merchants using Agentforce Commerce to harness the power of conversational AI for a faster path to purchase and create seamless, intelligent shopping experiences that unlock new avenues of growth.
  • Salesforce and AWS announced how they are accelerating AI transformation for Agentic Enterprises across four core pillars — unified data, secure and interoperable AI agents, modernized contact centers, and streamlined customer procurement of AI solutions through AWS Marketplace.  This makes it easier, safer, and faster for customers like Toyota Motor North America and others, to harness powerful technologies without compromising security or trust.

Leave a comment »

OVHcloud launches next-generation of AI-powered cooling that balances performance and environmental responsibility in its datacenters

Posted in Commentary with tags on October 16, 2025 by itnerd

 OVHcloud today unveils a new cooling architecture for its datacenters. The OVHcloud Smart Datacenter combines new industrial designs with AI features, reducing both power and water consumption and enabling datacenters to intelligently react to their surrounding environments. Through this new technology, OVHcloud is able to reduce water consumption by up to 30% and cooling electricity consumption by up to 50%.

Cooling infrastructure electrical consumption reduced by 50%

In development for the past two years, the fifth generation of the OVHcloud server rack has been redesigned to host a new generation of servers and supercharge the Group commitment to a sustainable Cloud. The most significant change is the server layout where clusters of servers are connected in serial when it comes to their cooling, with servers for each cluster being still organized in parallel thus facilitating maintenance. This new design streamlines component layouts including the location of the inrack CDU and helps reduce power consumption at the rack level.

Smart and autonomous, the rack behaves in a “pull” hydraulic configuration so that each server has the right water flow and pressure for its cooling needs. Hardware components such as CPU and GPU are cooled through direct-to-chip waterblocks designed by OVHcloud, dissipating heat through a closed looped water circuit that extends to a single cooling loop across the whole datacenter.

The Cooling Module (also called CDU) is now approximately 50% more compact and is located outside the rack. It can cool down several rows of racks and features more than 30 sensors. These sensors monitor elements from the racks including pressure, speed and water temperature and can adjust cooling settings in real time. The sensors enable the rack to be ‘aware’ of its immediate surroundings and datacenter temperatures and the smart cooling module can automatically adjust to server workloads. This optimization greatly extends the lifespan of the equipment and helps to optimize infrastructure power consumption.

The Smart Dry Cooler, located on the outside, is the last cooling component of the closed water loop. It now takes up half the space and has half the number of fans as the previous generation of equipment. This helps reduce cooling power consumption by up to 50% while also reducing ambient noise level.

Reduced water consumption by up to 30% through AI

By constantly analyzing its surroundings and the behavior of key components, new OVHcloud Smart Racks not only regulate themselves but also collect operational data. Data coming from the racks, cooling modules and Dry Coolers are fed into a datalake so that complex algorithms can determine predictive behaviors, contributing to optimized maintenance. The system can also be connected to a local weather station to enrich the datalake. The new models can predict and inject the exact volume of water that is needed by the adiabatic cooling pads of the Dry Cooler to allow for outside heat exchange.

The new dry cooler design accounts for a 30% reduction of water consumption, which has the potential to significantly improve OVHcloud’s already-compelling WUE ratio. Unlike traditional adiabatic systems, the OVHcloud cooling pad does not feature a recirculation loop: complex hydraulic units such as pumps, tanks and level sensors have been eliminated, reducing infrastructure complexity and simplifying maintenance.

Predictive and adaptative AI for the datacenter and the environment

The OVHcloud Smart Racks’ predictive AI can now anticipate and react to operational dimensions at the infrastructure level including the pump speed (and thus the water flow), the speed of the fans and the opening of valves to optimize configuration rapidly.

Rack performances can also be adjusted based on external constraints such as noise limits, water scarcity or power cost. The algorithm can choose to consume more power to favor water preservation or adjust sound levels to adapt to urban environments.

Spearheading a sustainable Cloud for more than 25 years, OVHcloud leverages a vertically integrated industrial model that contributes to responsible digital technology. At the heart of the Group’s many innovations are the research and development department which now has a hundred cooling patents. OVHcloud R&D has shaped water cooling at scale since 2003 so that the Group datacenters benefit from PUE and WUE indices among the best in the industry.

These new developments follow the Group’s commitments to the coalition for sustainable AI in February 2025. The new infrastructure deployed by OVHcloud in its data centers demonstrate the use of artificial intelligence firmly committed to furthering sustainability across the globe.

Availability

New OVHcloud Smart Racks are currently being deployed at the Roubaix data center in a room filled with nearly 60 racks and 2,000 servers accompanied by its new cooling system. The entire system is expected to be rolled out across the Group’s data centers.

Leave a comment »

HiSense Announces The QD5N 98-inch QLED 4K Google TV

Posted in Commentary with tags on October 16, 2025 by itnerd

Driven by Quantum Dot technology that produces more than a billion vivid colour combinations, the all-new Hisense QD5N 98-inch QLED 4K Google TV pairs a life-like picture with smooth motion, cinematic sound and smart features.

As the latest addition to Hisense’s industry-leading ultra-big screen family, the QD5N delivers an immersive television experience, whether settling in for a movie night, watching your favourite sports or seeking adventure in video games.

The beauty of the QD5N starts with the quality of the picture. The QLED Quantum Dot wide colour gamut offers a wide spectrum of true-to-life colours, which is enhanced by a 4K AI Upscaler to restore fine details and reduce image noise and a Total HDR Solution (which includes Dolby Vision, HDR10, HDR10+ and HLG) to unlock contrast, highlight detail and provide depth. 

These features come together in an innovative and powerful television that is adaptable to the habits of any viewer or gamer.

  • For the Movie Buff — Filmmaker Mode feature ensures a movie is seen the way the director intended. It automatically restores original aspect ratio, colour and frame rate for an authentic experience.
  • For the Sports Fan — AI Sports Mode optimizes sports content, ensuring smooth motion and vibrant colours for an immersive viewing experience. Enhanced surround sound and commentator audio further elevate the enjoyment of sports programming.
  • For the Avid Gamer — The Game Mode PRO feature on the QD5N offers a 144Hz refresh rate, Low Latency MEMC, VRR (48-44Hz), AMD FreeSync™ Premium, Auto Low Latency Mode and Hisense’s proprietary Game Bar for an ultra-responsive, super smooth and crystal clear gaming performance — there is virtually no screen tearing or output lag.

No matter the mode, sound is critically important to overall enjoyment of watching movies, shows, sports or playing video games. Dolby Atmos Sound in the QD5N elevates the auditory experience with award-winning enhancements that unveil what you’ve been missing. Take your movie and gaming escapades to new heights with a 2.1 audio channel featuring a subwoofer, enhanced by Dolby Atmos for precise three-dimensional audio placement that breaks free from conventional channels.

The QD5N also features Google TV with access to shows and movies across more than 10,000 apps, hands-free voice control and built-in Bluetooth that supports wireless connection to headphones so you can enjoy your shows and games the way you want to without disturbing others in the home (it also supports wireless connection of other devices, like soundbars, speakers and keyboards).

The QD5N is now available in Canada at authorized retailers.

For more information, please visit hisense-canada.com.

Leave a comment »

« Older Entries
Newer Entries »