caliber-holdings

Dormant Magento Supply Chain Attack Hits Up to 1,000 Merchants

Wed, 28 May 2025 16:36:38 GMT

21 extensions from Tigren, Magesolution, and Meetanshi carried six-year-old card-stealing malware—audit your plugins for the fake license and strengthen runtime protections.

Researchers at Sansec uncovered a supply chain attack infecting 21 Magento extensions from Tigren, Magesolution (MGS), and Meetanshi—malware that lay dormant for six years but activated last month—impacting an estimated 500–1,000 online merchants. The JavaScript payload runs in visitors’ browsers to steal payment card and other sensitive data in real time. If you operate e-commerce sites on Magento, audit your extensions for the fake license identified by Sansec, verify plugin integrity, and deploy runtime protections to detect malicious behavior.

Source: Sansec research report

Protect Your Meetings: Microsoft Teams Introduces Screen Capture Prevention

Wed, 28 May 2025 16:30:04 GMT

Blacked-out video for screenshots on Windows, macOS, iOS, and Android ensures sensitive content remains secure.

Starting in July, Microsoft will introduce a Prevent Screen Capture feature in Teams meetings that blacks out the meeting window if a participant attempts a screenshot, safeguarding sensitive content. Supported on Teams desktop (Windows, macOS) and mobile (iOS, Android), users on unsupported platforms will be relegated to audio-only mode to preserve meeting integrity. Organizations should prepare by updating Teams clients, revising meeting security policies, and informing users of the new behavior; contact us for implementation support.

Sourc e : Microsoft 365 Roadmap

Shield Your OT Environment: CISA/FBI Warns of Simple ICS/SCADA Exploits

Wed, 28 May 2025 16:26:16 GMT

Isolate OT from the Internet, enforce strong credentials, segment networks, and practice manual operations to prevent defacements and disruptions.

Unsophisticated cyber actors are targeting ICS/SCADA systems in Oil & Natural Gas sectors—conducting defacements, configuration interference, operational disruptions, and even risking physical damage—often by exploiting poor cyber hygiene and exposed assets. The CISA/FBI alert directs operators to a joint CISA–FBI–EPA–DOE fact sheet that recommends key mitigations, including disconnecting OT from the public internet, replacing default credentials with strong, unique passwords, securing and documenting remote access, segmenting IT and OT networks, and practicing manual operation of OT systems. Organizations should adopt these measures immediately to strengthen their critical infrastructure; contact us for assistance with implementation.

Source: CISA/FBI alert

Protect Your Network: FBI Warns of Proxy Abuse on End-of-Life Routers

Wed, 28 May 2025 16:23:52 GMT

Inventory, segment, and secure outdated devices using FBI IoCs to block anonymized cybercriminal traffic.

Cybercriminals are installing proxy services on end-of-life routers to anonymize illicit traffic, leading the FBI to issue a Public Service Announcement and a companion document outlining IoCs and TTPs for these unsupported devices. Organizations should inventory and replace or segment outdated routers, apply vendor patches or configuration mitigations where available, and integrate the FBI’s indicators into network monitoring to detect and block exploitation.

Source: FBI Public Service Announcement

Increase of Fraud and Ransomware Activity Impact Losses By 33%

Tue, 13 May 2025 20:47:53 GMT

$16.6 Billion in losses from Fraud and Ransomware In Just One Year

In 2024, the FBI’s IC3 received nearly 860,000 complaints and recorded $16.6 billion in losses—a 33 percent increase over 2023—primarily driven by fraud and ransomware, with ransomware posing the greatest threat to critical infrastructure. Deputy Assistant Director Cynthia Kaiser cautioned that this figure likely undercounts the actual impact, as many incidents go unreported. Organizations should review and strengthen their fraud detection, incident reporting, and ransomware response protocols; contact us for detailed guidance.

(Source: FBI IC3 2024 report; contact us for more information.)

VeriSource Services Data Breach February 2024

Tue, 13 May 2025 20:36:52 GMT

Breach of VeriSource Services information exposes employee benefit records

Houston-based employee benefits administrator VeriSource Services confirmed that a February 2024 breach exposed employee benefits records—potentially including names, Social Security numbers, and health data—and, after a comprehensive forensic review, identified four million affected individuals by mid-April, up from the 112,000 initially reported in August 2024. This discrepancy underscores the need for robust breach detection, impact assessment, and notification processes to ensure accurate, timely reporting. Organizations handling personal data should strengthen their incident response workflows, regulatory coordination, and support services for affected individuals; contact us for guidance.

(Source: HHS OCR filing and Maine Attorney General notification; contact us for more information.)

Verizon’s 2025 Data Breach Investigations Report

Thu, 08 May 2025 21:18:57 GMT

Security Teams Should Strengthen Vendor Oversight

Verizon’s 2025 Data Breach Investigations Report (Nov 1, 2023–Oct 31, 2024) shows breaches involving third-party entities doubled to 30%, ransomware incidents rose to 44%, 64% of victims refused to pay demands, and average payouts dropped to $115,000 from $150,000. Security teams should strengthen vendor oversight and ransomware response protocols; contact us for a detailed review.

Source: Verizon Data Breach Investigations Report 2025

Spain and Portugal Power Outage

Thu, 08 May 2025 21:11:43 GMT

Critical Infrastructure Operators Should Validate Contingency Plans

On April 28, Spain and Portugal declared states of emergency after a massive power outage blacked out large swaths of the Iberian Peninsula and parts of France, disrupting hospitals, transportation, and industrial operations. While investigations continue, European Council President Pedro Sánchez confirmed no evidence of a cyberattack, refocusing efforts on grid interdependencies and infrastructure integrity. Critical infrastructure operators should validate contingency plans, strengthen coordination with regional grid authorities, and implement enhanced monitoring to prevent cascading failures; contact us for more details.

(Source: official government announcements; contact us for more information.)

SAP Emergency Patch

Wed, 07 May 2025 20:03:24 GMT

SAP has issued an emergency patch for CVE-2025-31324 (CVSS 10.0) in NetWeaver Visual Composer Framework 7.50 after ReliaQuest researchers observed active exploitation of a missing authorization check in the Metadata Uploader. This flaw allowed unauthenticated attackers to upload malicious binaries, jeopardizing system confidentiality, integrity, and availability. Organizations should immediately apply the update via the SAP Software Download Center and audit their systems for indicators of compromise; contact us for assistance with patch deployment and verification.

(Source: SAP security advisory; contact us for more information.)

Caliber Solutions Named Top Two Partner for AppDirect

Tue, 06 May 2025 20:33:48 GMT

AppDirect Names Caliber Solutions as One of Two Partners

With Over $1 million in Sales

We’re proud to share that Caliber Solutions has been named one of the Top 2 Partners at AppDirect’s President’s Club —an honor that reflects the heart of who we are and the values we live by every day.

This recognition isn’t just a win for our team—it’s a celebration of the trust and collaboration we share with our incredible customers.

It All Starts With Putting Customers First

At Caliber Solutions, our mission has always been clear: put the customer at the center of everything we do. That means more than just delivering great technology—it means acting as a true strategic partner, helping our clients navigate an often-cluttered tech landscape with confidence and clarity.

Whether we’re advising on sourcing strategies, managing vendor relationships, or supporting long-term IT and OT initiatives, our goal is always to help clients make smart, transparent decisions that support their long-term success.

Why This Recognition Matters

Being honored by AppDirect—one of the most respected platforms in the technology channel—is a reflection of the strength of the relationships we’ve built. It's also an affirmation of our approach:

Transparency over transactions
People over products
Strategy over status quo

AppDirect’s President’s Club honors top-performing partners who go above and beyond to drive impact for their customers, and we’re humbled to be included in this elite group.

Thank You to Our Customers

This recognition would not be possible without our customers, who trust us not just to deliver, but to guide. Your willingness to challenge norms, embrace innovation, and collaborate openly is what enables us to perform at this level.

You’ve let us in—not just as vendors or consultants, but as trusted advisors—and we are deeply grateful for the opportunity to be part of your success.

Looking Ahead

This milestone fuels our commitment to continue raising the bar. As technology continues to evolve, so will we—bringing fresh ideas, bold strategies, and unwavering support to help our clients stay ahead.

To our customers, partners, and the team at AppDirect— thank you . Let’s keep building something exceptional.

This is paragraph text. Click it or hit the Manage Text button to change the font, color, size, format, and more. To set up site-wide paragraph and title styles, go to Site Theme.

Caliber Holdings Acquires Cavalry Solutions

Fri, 11 Apr 2025 16:09:53 GMT

Expanding Capabilities in Operational Technology

Caliber Holdings, a renowned consortium of technology procurement companies, today announced the acquisition of Cavalry Solutions, a leader in managed services and operational technology (OT) solutions. This strategic move enhances Caliber Holdings' ability to offer comprehensive IT and OT integrations, catering to the growing demand for interconnected technology systems in various industries.

Sean Curry , CEO of Cavalry Solutions, commented, "Joining forces with Caliber Holdings represents a significant step forward for Cavalry Solutions. This acquisition allows us to leverage Caliber's vast resources and network, enhancing our ability to deliver cutting-edge OT solutions to our clients."

Chris Gamble , CEO of Caliber Holdings, stated, "Cavalry Solutions' expertise in operational technology is a perfect complement to our suite of services. This acquisition not only broadens our service offerings but also deepens our expertise in critical and growing sectors, helping us build out our total technology sourcing platform. Together, we are poised to redefine technology integration across markets."

The acquisition is part of Caliber Holdings' ongoing strategy to lead the market in innovative technology solutions. Cavalry Solutions will operate within the Caliber Holdings portfolio, continuing to serve existing clients while expanding its reach through Caliber's global network.

Caliber Holdings assures all Cavalry Solutions clients and partners that the transition will be seamless, with continued excellence in service delivery and customer support. The integration of the two companies will unfold over the next few months, with joint efforts focused on aligning operations and strategic initiatives.

About Caliber Holdings

Caliber Holdings is a consortium of leading technology procurement companies dedicated to streamlining IT acquisition and management across enterprise IT assets. With a focus on maximizing efficiency and enhancing customer experiences, Caliber Holdings continues to lead the way in technology solutions.

About Cavalry Solutions

Cavalry Solutions has been at the forefront of managed services for operational technology, offering innovative solutions that drive performance and efficiency for businesses across various sectors.