Hammer Weekly Update, week ending 18 January 2026

Written by Hammer Enterprise | Jan 19, 2026 8:15:52 AM

Week ending 18 January 2026 put attention on security, infrastructure, cloud and AI in UK and EMEA. We’ve boiled it down to the few stories with practical impact - and concrete steps partners can take this week.

Mandiant releases quick credential cracker, to hasten the death of a bad protocol

The Register (Security) reports: Mandiant releases quick credential cracker, to hasten the death of a bad protocol. PLUS: Navy spy sent to brig for 200 months in brig; Black Axe busted again; Bill aims to crimp ICE apps; and more Infosec In Brief PLUS: Google’s security outfi… [1]

Controls must stand up to real phishing and ransomware drills, not just policy-recovery points and identity boundaries are the failure points. Hammer can bundle Microsoft 365 backup and a managed SOC handover into a repeatable rollout plan with timelines.

Run a restore test from an immutable backup set and record RTO.
Map MFA and conditional access coverage for high-risk apps.
Stage a 30-minute phishing drill and time the run-book.

Amazon MWAA now available in additional Region

AWS What’s New reports: Amazon MWAA now available in additional Region. Amazon Managed Workflows for Apache Airflow (MWAA) is now available in AWS Region and Asia Pacific (Thailand). [2]

Tie architecture to measurable outcomes and test the thing you depend on before go-live.

Define the measurable outcome; ship the smallest change that proves it.

AWS Outposts racks support multiple LGW routing domains

AWS What’s New reports: AWS Outposts racks support multiple LGW routing domains. AWS Outposts racks now support multiple local gateway (LGW) routing domains, enabling you to create up to 10 isolated routing domains per Outpost… [3]

Guardrails around identity, network and spend need to ship with the platform-landing zones and budgets should be codified, not manual. Hammer can package a baseline landing zone with budget alerts and ownership mapping so teams can deploy it the same way every time.

Codify a landing zone (identity, network, logging) and deploy to all accounts.
Enable budget alerts/anomaly detection and assign owners.
Right-size or schedule off non-prod instances before month-end.

Bankrupt scooter startup left one private key to rule them all

The Register (Security) reports: Bankrupt scooter startup left one private key to rule them all. Owner reverse-engineered his ride, revealing authentication was never properly individualized An Estonian e-scooter owner locked out of his own ride after the m… [4]

Expect pressure on rack density, GPU power budgets and memory bandwidth; design choices affect UPS/PDU loading and cooling headroom. Hammer can source AI servers and pre-stage delivery to match cooling upgrades, and translate model sizing into an orderable BOM.

Model peak rack draw; confirm UPS/PDU headroom for target density.
Benchmark NVMe throughput against expected inference concurrency.
Lock delivery dates for AI servers to align with cooling changes.

Probably not the best security in the world: Carlsberg wristbands spill visitor pics

The Register (Security) reports: Probably not the best security in the world: Carlsberg wristbands spill visitor pics. Researcher shows how anyone can access Copenhagen experience attendees' names, videos Exclusive The Carlsberg exhibition in Copenhagen offers a bunch of fun act… [5]

Controls must stand up to real phishing and ransomware drills, not just policy-recovery points and identity boundaries are the failure points.

Run a restore test from an immutable backup set and record RTO.
Map MFA and conditional access coverage for high-risk apps.
Stage a 30-minute phishing drill and time the run-book.

References

View full post