Archive for January, 2025

« Older Entries
Newer Entries »

New 2025 State of Application Risk Report: 100% of Organizations Have High Risks in Development Environments

Posted in Commentary with tags on January 23, 2025 by itnerd

Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, today announced its latest research report, The 2025 State of Application Risk: An ASPM View of the Security of Software Factories. The report found significant risk in both applications and the factories that produce them, with many organizations challenged by inefficient AppSec testing, plus a lack of visibility into secrets exposure, AI risks, SDLC misconfigurations, and software supply chain security.

The 2025 State of Application Risk report, based on data from the Legit platform, reveals that, as software development has evolved, vulnerabilities in code are now only the tip of the iceberg, with risks in development pipelines, build servers, libraries, tools, and processes lurking beneath. The research also highlights that all application risk is not created equal, and with the right context, teams can better identify the highest risk areas that deserve their focus, such as toxic combinations that compound security issues. 

Leveraging its powerful ASPM and visibility capabilities, Legit Security delivers data in this report that highlights the previous year’s risk findings and uncovers where application security risk lives in the modern development environment.  

The report’s key findings include:

  • There is significant risk throughout the application development infrastructure and processes, with 100% of organizations found to have high or critical risks in their development environments. 
  • Application security scanning is inefficient, with 78% of organizations having duplicate SCA scanners and 39% with duplicate SAST scanners that can result in the same vulnerability findings and equivalent or contradictory remediation advice.
  • Secrets exposure is pervasive, with 100% of organizations having high or critical secrets exposed in their code, and 36% of secrets found outside of source code.
  • GenAI is an emerging threat, with 46% of organizations using AI models in source code in a risky way, such as low-reputation LLMs, which could contain malicious code or payloads or exfiltrate data sent to them.
  • Misconfigurations are rampant, with 89% of organizations having pipeline misconfiguration issues that could lead to breaches like the one CodeCov suffered.
  • Developer permissions sprawl is a significant issue, with 85% of organizations showing least-privilege violations that could lead to an attack like the one LastPass recently experienced.
  • Toxic combinations of risk – such as developers using GenAI without human code review enforced through branch protection, or secrets in repositories with external collaborators – are prevalent, and highlight where security teams should focus their energy.

From GenAI code to overly permissioned developers to secrets exposed in Jira tickets, organizations must protect their development environments from end-to-end. Legit Security’s report provides organizations with the insights they need to understand the risks embedded and enmeshed across the software factory, well beyond vulnerabilities in code, and steps they can take to reduce this risk. 

To download the full report, visit https://info.legitsecurity.com/state-of-application-risk.

Leave a comment »

Cloudflare CDN Flaw Leaks User Location Data

Posted in Commentary with tags on January 23, 2025 by itnerd

A security researcher named Daniel has discovered a flaw in Cloudflare’s CDN potentially exposing someone’s location by sending them an image on platforms like Signal and Discord. Daniel says he is publishing his research as a warning, especially for journalists, activists, and hackers, as hundreds of apps are vulnerable to this undetectable attack, including Signal, Discord and Twitter/X https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

Roger Grimes, data-driven defense evangelist at KnowBe4, commented:

“At first glance, the flaw seems really innocuous and barely relevant, but there are scenarios, like those involving tracked dissents, where it could be a problem. For example, if the agency that’s tracking you knows you’ve got safe houses in one of two countries but isn’t sure which you’re in, this sort of flaw might be interesting to them. Or I’m a woman trying to escape an ex-boyfriend and he’s not sure which relative or friend’s house I’m hiding out at. And the attack is just generic enough that I think it can be applied to more CDNs…I doubt Cloudflare is the only CDN with this sort of vulnerability. Also, kudos to the 15-year old kid that found and released this attack.”

The report by Daniel should be read in detail because it not only shows how bad this flaw is, but the fact that it is still out there waiting to be exploited. Hopefully those who are mentioned in this report such as Cloudflare along with any other products that might be vulnerable to this attack do something to fix this. And for everyone else, I would take the steps that Daniel outlines to protect yourselves.

Leave a comment »

Appdome Unveils Threat Dynamics

Posted in Commentary with tags on January 22, 2025 by itnerd

Appdome, the leader in protecting mobile businesses, today announced that a new AI-Native threat-management module called Threat Dynamics™ will be offered inside Appdome’s ThreatScope™ Mobile XDR. Threat Dynamics uses AI deep learning to continuously evaluate the likelihood of a successful exploit from more than 400+ attack vectors and calculate a Mobile Risk Index™ for each business and mobile application. This allows businesses to see how threats move across the production environment, empowering them to quickly prioritize and focus on the attack vectors with the highest potential impact and preempt these threats before they escalate. This also allows businesses to continuously benchmark and manage their business- and application-level risk against the baseline of Appdome’s growing monthly data stream of tens of billions of mobile fraud, scam, bot, and cyber threat events globally. These new capabilities add to ThreatScope Mobile XDR’s existing real-time threat intelligence, inspection, and rapid response capabilities.

As mobile becomes the business, the landscape of fraud and cyber-attacks in the mobile economy has grown significantly. It now includes a wide range of adversaries, such as active hacker communities, criminal organizations, and AI-powered attacks. In this economy, attack vectors such as account takeover (ATO), on-device fraud (ODF), scams, identity theft, bot attacks, and more are proliferating quickly. Mobile businesses switched to Appdome to accelerate their defense time to market, eliminate work, gain automation through machine learning, and build any combination of Appdome’s 10,000+ dynamic defense plugins into mobile apps fast. With Appdome Threat Dynamics, mobile businesses can now leverage the biggest and most diverse data stream of mobile fraudand threat events in the digital economy to take a holistic and continuous approach to threat management. With Threat Dynamics, businesses leverage the power of AI to analyze and benchmark their active attack surface against the active attack surface in billions of Appdome-defended mobile apps. By analyzing this data from multiple perspectives, mobile businesses can see how cyber-attacks, fraud, and threats move across the mobile business and use Appdome’s Threat Dynamics to identify fraud and cyber-attack patterns early on, rank the potential impact of each attack prospectively, and preempt cyber-attacks, fraud, and threats before the attacks proliferate.

Data Siloes and Basic High-Med-Low Severities Are Not Enough.

Mobile businesses need usable and relevant data about the attacks and threats impacting their Android & iOS applications, users, identities, and transactions. However, point products aimed at mobile app security, mobile fraud prevention, KYC checks, and mobile identity only provide one slice of data. These slices are often available in siloed implementations that isolate data to one app, customer, and attack vector only. The same products either can’t or don’t aggregate, analyze, or expose data from all installations, leverage adaptive learning models or apply AI to benchmark trends, virality, or future potential impact of attacks. The output from these systems is often limited to human-defined “true / false” or “high,” “medium,” and “low” severity designations, which fatigue users and lead to false positives and missed attacks.

Appdome’s Threat Dynamics leverages AI and Appdome’s big-data footprint to continuously analyze and rank mobile threats, including fraud, malware, and bot trends in its global data set. Using this data, Threat Dynamics continuously calculates a Mobile Risk Index™ for each mobile business and app, providing a holistic, living, and dynamic context to the threat data sent to their ThreatScope instance. Threat Dynamics also shows how fraud, cyber-attacks, and other threats move across mobile apps, releases, installations, devices, users, and networks. With Threat Dynamics, mobile businesses can see which attacks are moving fastest, which mobile applications suffer the most, and which attacks are likely to have the biggest impact on the business. Trends such as Infection Rate, Attack Frequency, Attack Velocity, Cohort Placement, Variance, Projected Impact, and more are provided for each attack, application, release, device, OS, geographic source, and other dimensions.

Learn more and register for your personalized demo of Appdome ThreatScope XDR.

Leave a comment »

Government health IT contractor Conduent confirms ‘third-party compromise’ after outages

Posted in Commentary with tags on January 22, 2025 by itnerd

Conduent, a government contractor that “supports 100 million U.S. residents across various government health programs”, confirmed recent outages experienced by multiple states last week were due to a cyberattack that compromised the company’s operating systems. 

A Conduent spokesperson told Recorded Future News that the company’s operating systems experienced an operational disruption due to a third-party compromise” and the “recovery caused several days of disruption to many of our operations.”

Conduent has numerous contracts with state governments providing technology solutions for health programs including, but not limited to Medicaid, Child support, Food assistance.

Evidence of the outage emerged last week when the Wisconsin Department of Children and Families reported to residents that Conduent was experiencing a system outage. 

  “This outage is impacting payees who receive their payments via electronic transfer or an EBT card from receiving their scheduled support payment. Payors support payments, including via income withholding, are still being received and will be processed once the system is operational,” Wisconsin officials said. 

Wisconsin officials also said four unnamed states were impacted by the outages. The systems were restored on Sunday.

In June 2020, Conduent confirmed a ransomware attack after several days of service interruption.

Emily Phelps, Director, Cyware had this to say:

  “Organizations must focus on robust threat intelligence management, which enables the timely sharing of actionable insights across networks and between partners. Through effective intel sharing, businesses and government entities can strengthen collective defense, ensuring faster response times and minimizing the impact of such disruptions. It’s a reminder that cybersecurity is no longer just about protecting internal systems—it’s about securing the broader ecosystem and fostering collaboration to safeguard public services and infrastructure. The ability to detect, respond, and recover from cyber incidents quickly is essential in maintaining trust and continuity.”

The fact that this organization has been pwned twice suggests that they didn’t learn the lessons of their first go round of being pwned. I hope they are paying attention to this incident as having this happen a third time would be completely unacceptable.

Leave a comment »

New KnowBe4 Report Highlights Critical Need for Cyber Insurance Amid Escalating Digital Threats

Posted in Commentary with tags on January 22, 2025 by itnerd

KnowBe4 today announced the release of an in-depth research paper titled “Cyber Insurance and Security: Meeting the Rising Threat.” This research delves into the increasingly crucial intersection of cybersecurity and insurance, examining the ever-evolving threat landscape that organizations face globally.

As digital infrastructure becomes crucial to business operations, failing to protect these systems can lead to catastrophic consequences. The research paper highlights that the average cost of a data breach has surged to $4.88 million in 2024, with significant variations across regions. Notably, the United States, the Middle East, and Europe are observing alarming increases in cyber claim severity and frequency, indicative of a global issue that demands immediate attention and action.

The research explores the relationship between cybersecurity practices and cyber insurance, noting that insurers are increasingly looking for strong security measures when determining coverage and premiums. It emphasizes the effectiveness of ongoing security awareness training in reducing an organization’s vulnerability to attacks.

Key findings from the paper include:

●      Escalating Costs of Cyberattacks: Cyberattack expenses are escalating rapidly, extending beyond immediate disruptions to include legal fees, fines, and reputational harm. IBM reports a significant increase in breach costs, highlighting the urgent need for robust risk management.

●      Complex Threat Landscape: Cyber threats now rank as the top global concern, with social engineering and phishing leading the way. This trend underscores the need for strengthened human defenses against these targeted attacks.

●      Challenges for SMEs: Small and medium enterprises face disproportionate impacts from cyber incidents. While their average costs are lower, the financial consequences can be devastating, requiring tailored security strategies.

●      Increasing Legal Complexities: Expanding data privacy laws are driving a surge in class action lawsuits, especially in the U.S., with potential growth in Europe, urging organizations worldwide to prioritize compliance.

●      Human Factors: Human factors remain the most vulnerable aspect of cybersecurity, accounting for 75% of data breaches.

To successfully confront these mounting challenges, the research underscores the need for a multi-faceted approach that combines cutting-edge cybersecurity measures with comprehensive insurance coverage. A focus on prevention, security culture and education is critical, coupled with strategic partnerships between businesses, insurers and cybersecurity experts.

The full report, “Cyber Insurance and Security: Meeting the Rising Threat”, is available for download here.

Leave a comment »

Palo Alto Networks Prepares Organizations for Quantum Security with QRNG Open API

Posted in Commentary with tags on January 22, 2025 by itnerd

 Palo Alto Networks, the global cybersecurity leader, today announced the release of a Quantum Random Number Generator (QRNG) Open API framework, empowering organizations to prepare for future quantum security threats. The framework, developed in partnership with six innovators across the QRNG field, addresses the need for multi-vendor interoperability across the industry and enables organizations to invest in and build QRNG-based systems that are resilient regardless of the underlying technology or company.

The future convergence of AI, ML, deep learning and classical supercomputing with quantum computing necessitates securing today’s systems against quantum-enabled attacks. QRNG is a technology that uses the principles of quantum mechanics to generate truly random numbers, which are essential for creating secure cryptographic keys. Experts recommend the use of recently released NIST post-quantum cryptography (PQC) standards in combination with QRNG to give organizations the best chance to protect against future threats. The QRNG Open API framework eliminates barriers to QRNG adoption, helping global organizations access the highest quality cryptographic operations possible as they prepare for quantum computing technology.

Available through the Palo Alto Networks GitHub portal, the QRNG Open API can be embedded into any application. Later this year, Palo Alto Networks Next Generation Firewalls (NGFWs) will support the QRNG Open API, enabling the network security platform to bring in entropy for cryptographic functions.

Developed by Palo Alto Networks and leading QRNG technology partners, Anametric, ID Quantique, Qrypt, Quantinuum, Quantropi and Quside, the QRNG Open API will:

  • Simplify QRNG integration by removing proprietary silos.
  • Maximize interoperability in multi-vendor networks and promote freedom of choice, allowing customers to select the best technologies and systems for their needs, including both cloud-based and on-prem solutions.
  • Accelerate QRNG adoption by removing barriers with a collaborative, open approach.
  • Provide a common mechanism for obtaining high-quality entropy from an external QRNG platform.

Leave a comment »

Concur Travel becomes the first booking tool to offer ISO 14083-assured emissions data

Posted in Commentary with tags on January 22, 2025 by itnerd

The new Concur Travel has achieved a significant milestone by becoming the first online booking tool to integrate emissions calculations assured to the new ISO 14083 standard. This development, made possible through our partnership with Thrust Carbon, marks a big step forward in providing accurate and consistent emissions data for customers at the point of booking.

Why ISO matters

The ISO 14083 standard was created to address the confusion and inconsistency caused by the multitude of emissions calculation methods currently in use. ISO 14083 offers a single, globally recognised framework for calculating greenhouse gas emissions across all transportation modes, including air, rail, car and freight. By harmonizing methodologies, ISO 14083 provides organisations with consistent, credible data to guide their regulatory efforts.

This standard also aligns with climate initiatives like the European Union’s Corporate Sustainability Reporting Directive (CSRD) which mandates emissions reporting for over 50,000 companies globally, starting in 2025. Additionally, the proposed Count Emissions EU initiative will require transportation providers to display emissions data at the point of sale. The EU’s endorsement of ISO 14083 as a trusted methodology underscores the importance of adopting this standard.

Leading the way with Thrust Carbon!

The new Concur Travel, in partnership with Thrust Carbon, now delivers ISO 14083-assured emissions data at the point of booking. This integration provides customers with reliable and globally recognised sustainability metrics, enabling organisations to align with incoming international standards.

Thrust Carbon adopts a “multi-methodology” approach to emissions calculations. While their current enhanced ICAO (International Civil Aviation Organisation) approach accounts for real-world factors such as airspace closures, they’ve also introduced a dedicated ISO-compliant formula. This ensures adherence to the standardised requirements of ISO 14083, including the use of consistent flight calculations.

Live now, new Concur Travel customers have access to ISO-assured emissions data, enabling standardised and informed sustainability decisions.

Simplifying emissions reporting

The transition to ISO 14083 standards isn’t just about accuracy, it’s about consistency. For organisations navigating the complexities of CSRD compliance, Thrust Carbon’s robust reporting capabilities ensure that emissions data viewed at the time of booking matches data used within official reports. This alignment simplifies the reporting process and helps businesses make informed decisions about their sustainability strategies.

Creating a sustainable future

In their 2024 Sustainability Benchmark, the Global Business Travel Association (GBTA) assessed the emissions reduction efforts in corporate travel across all industry sectors. On a scale from 0 (no action) to 5 (leading practice), the average sustainability maturity score for the 241 organizations assessed was 1.3. This reveals the severe need for corporate climate action, and that clear, enforceable standards such as ISO 14083 would be instrumental in guiding the collective effort.

By integrating ISO-assured emissions data into new Concur Travel, our customers can confidently navigate a complex future of regulations and advancements knowing that their data is up to the highest standard — equipped with the tools they need to meet their sustainability goals.

What’s next?

The new ISO 14083-assured data is now live in new Concur Travel and is a critical milestone in the mission to provide transparent, reliable and actionable emissions data for customers.

With new Concur Travel and Thrust Carbon’s partnership, businesses can now approach sustainability goals with confidence in the integrity of their emissions reporting.

Leave a comment »

Samsung Announces The S25 Series

Posted in Commentary with tags on January 22, 2025 by itnerd

Samsung at Galaxy Unpacked in San Jose, California, Samsung has announced its newest smartphone lineup – the highly anticipated Galaxy S25 Series. This new device lineup includes the Galaxy S25, S25+ and S25 Ultra, all of which will soon be available for pre-order. You can find more information on the S25 Series here, as well as some key new features below: 

  • New ways to get things done 
  • Cross App Action: Long press the power button to open Gemini, naturally speak and explain the tasks you want completed, and let AI combine the tasks and complete them for you.  
  • Now Brief: Shows AI-powered insights of your sleep, the weather forecast and even communicates your schedule for the day.  
  • Auto Suggestions: This feature can help you be more productive by suggesting things like turning on your smart washing machine based on your perceived routines or turning on maps to help you navigate to your destination.  
  • Multimodal Search: Allows you to search for a whole range of things easier, including humming the tune of the song you don’t remember.  
  • New ways to create  
  • Audio Eraser: Removes background noise and conversations in video content, isolating and distinguishing the sound you’d like to hone in on. 
  • Auto Trim: Removes unnecessary footage like “ums” and blank spaces in video content. Can also use keywords to help AI know which clips or sound bites to trim out of the video. 

I got an advance look at these devices last week and I have some pictures to share:

One new feature that caught my eye was the morning brief feature which summarizes all your email and notifications among other things on one screen. That makes it easy to figure you what your priorities are when you wake up in the morning.

In terms of accessories, Samsung will have a good selection of first party cases available at launch.

A third party accessory that caught my eye was this:

This 3 in 1 wireless charger and case allows you to charge your S25, Galaxy Buds, and Galaxy Watch on one stand.

The case is required to have your S25 attach to the stand as it has magnets in it to allow that attachment to happen.

And here’s the S25 on the stand. Pretty cool.

Here’s the specs of the different S25 models:

Pricing starts at $1198.99 and goes up to $2458.99. Pre-orders should be live shortly or may already be live by the time you read this.

Leave a comment »

iOS 18.3 Will Turn On Apple Intelligence Automatically…. WTF?

Posted in Commentary with tags on January 22, 2025 by itnerd

The release candidate of iOS 18.3 hit the streets today. Now a release candidate is basically a beta version of a piece of software that is considered to be stable enough that it may be released to the public. But the person who makes the software wants to make sure that there are no issues of note before it gets released. Thus they put out a release candidate. If it is stable, that’s the version that the public will get. In any case, people who have seen the release candidate of iOS 18.3 have noted that in the release notes for this version, there’s this text:

For users new or upgrading to iOS 18.3, Apple Intelligence will be enabled automatically during iPhone onboarding. Users will have access to Apple Intelligence features after setting up their devices. To disable Apple Intelligence, users will need to navigate to the Apple Intelligence & Siri Settings pane and turn off the Apple Intelligence toggle. This will disable Apple Intelligence features on their device. 

This is the single dumbest thing that Apple has done in a very long time. I say that because you should be able to opt into things rather than be forced to opt out. And with something like Apple Intelligence which is AI by another name, users shouldn’t be forced into running it if they are not comfortable with the implications of running AI on their devices. I say devices because I have seen reports of Apple Intelligence being turned on by default when software updates for Macs appear. What isn’t clear is what happens to users who had turned Apple Intelligence on and then turned it off. Does it get turned back on? That’s pretty bad if that’s the case. What’s clear is that Apple has decided to force Apple Intelligence on its user base whether they want it or not. Which seems so un-Apple like.

Shame on you Apple.

1 Comment »

EnGenius Introduces the ESG320: The Ultimate VPN Router for Secure and Reliable Small Business Connectivity

Posted in Commentary with tags on January 21, 2025 by itnerd

EnGenius Technologies, a global leader in innovative networking solutions, is excited to announce the release of the EnGenius Cloud Managed ESG320 VPN Router. Designed to meet the growing demands of small businesses, the ESG320 delivers enterprise-grade performance, robust security, and simplified cloud-based management, making it the ideal choice for companies looking to optimize their network infrastructure, ensure data protection, and increase operational efficiency.

Comprehensive Security with a Stateful Firewall

Businesses face the challenge of securing their networks from external threats while maintaining smooth operations. The ESG320 Cloud Managed VPN Router addresses this with its advanced stateful firewall, which monitors and inspects traffic to safeguard against cyberattacks. It allows only authorized traffic, providing real-time protection against intrusions and malware. This router enables secure access and sharing of critical data while offering flexibility in implementing custom security policies. Additionally, its TPM security chip enhances encryption, preventing unauthorized access and data breaches.

Seamless Auto-VPN and Simplified Network Configuration

Setting up secure connections for remote sites and users can be complex, especially for businesses without dedicated IT teams. The ESG320 simplifies this with its Auto-VPN technology, automatically creating secure VPN tunnels for site-to-site connections. This allows easy connection of branch offices, remote workers, and clients. Key features include VPN healing for automatic recovery from disruptions and NAT traversal for network compatibility. SecuPoint, a VPN client for remote employees, enables hassle-free access to critical resources from anywhere—whether in the office, at home, or on the go.

Optimized Network Performance with Dual-WAN and Cellular Failover

The ESG320 Cloud Managed VPN Router offers Dual-WAN capabilities, providing two separate internet connections that can be used simultaneously to increase bandwidth and optimize network performance. The router includes a Gigabit WAN port, an SFP Fiber Port (WAN1), and a Gigabit LAN port (WAN2) for fast and reliable connectivity. Its WAN load balancing feature optimizes bandwidth usage by distributing traffic across available WAN interfaces, improving network performance and reducing latency. If a WAN connection fails, the cellular failover feature activates automatically through a USB 3.0 cellular modem, ensuring continuous connectivity and minimizing costly downtime.

Cloud-Based Management for Effortless Monitoring and Administration

The ESG320 streamlines network management via the EnGenius Cloud Management Platform, offering a centralized dashboard for remote monitoring and management. Businesses can easily configure and monitor the ESG320 router and other EnGenius devices from one interface. IT teams can conduct real-time diagnostics, track VPN connections, and identify network issues proactively. With automatic updates and remote troubleshooting, businesses can resolve problems quickly, reducing IT workload and costs. The Passthrough Mode allows smooth integration into existing networks without disruption.

Key Features of the ESG320 Cloud-Managed VPN Router

  • Dual-Core 2.1 GHz Processor: Delivers superior speed and performance, enabling businesses to handle demanding networking tasks.
  • Dual-WAN Configuration: Features an SFP port, Gigabit WAN, and cellular failover for continuous, high-speed internet access.
  • Stateful Firewall: Provides advanced protection against cyber threats with high-efficiency filtering and inspection.
  • Auto-VPN: Simplifies the setup and maintenance of site-to-site and client VPNs, ensuring secure remote access to business resources.
  • Gigabit PoE+ Port: Powers devices like Wi-Fi access points, IP cameras, or phones directly from the router.
  • Cloud Management: The EnGenius Cloud Platform offers centralized, remote management for all network devices, ensuring real-time visibility and control.
  • WAN Load Balancing and Traffic Prioritization: Ensures efficient use of available bandwidth and improves network performance.
  • Automatic Firmware Updates: Keeps your network devices up to date without requiring manual intervention, ensuring security and feature improvements.
  • Flexible Connectivity: Supports routed or passthrough mode for easy integration into existing network architectures.

The ESG320 Gateway, with an MSRP of $349, will be available for immediate shipping through the EnGenius Store and EnGenius authorized distributors. For more information about the ESG320, visit ESG320 Cloud VPN Router.

Leave a comment »

« Older Entries
Newer Entries »