Archive for March 20, 2025

Ransomware Gang Cloak Claims To Have Pwned VA Attorney General

Posted in Commentary with tags on March 20, 2025 by itnerd

Ransomware gang Cloak today claimed responsibility for a February 2025 cyber attack on the Attorney General of Virginia that prompted officials to shut down computer systems including email, VPN, internet access, and the AG’s website.

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote: 

“Cloak is a ransomware group that first started claiming its cyberattacks in August 2023. Its malware both steals data and locks down computer systems, forcing victims to pay a ransom or face extended downtime, data loss, and putting data subjects at increased risk of fraud.”

“Since it began, Cloak has claimed 13 confirmed ransomware attacks and 54 unconfirmed attacks that weren’t acknowledged by the targeted organizations. This attack on the Virginia attorney general is Cloak’s first confirmed attack in 2025. Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud. Ransomware can disrupt everything from communications to billing, payroll, access to data and applications, and online services.”

“Comparitech researchers have logged 10 confirmed ransomware attacks on US government agencies in 2025 so far. Earlier this week, we confirmed Qilin’s attack on the Cleveland Municipal Court, which is still facing service disruptions three weeks later.”

Additionally, Comparitech recently released two studies looking into the impacts of ransomware attacks against US and worldwide government organizations.  Those are worth a read.

Leave a comment »

New KnowBe4 Report Reveals Spike in Ransomware Payloads and AI-Powered Polymorphic Phishing Campaigns

Posted in Commentary with tags on March 20, 2025 by itnerd

Today, KnowBe4 published its Phishing Threat Trend Report, Vol 5 which details threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025.

The report highlights the growing threat of ransomware and explores how cybercriminals are using sophisticated tactics to bypass native security and secure email gateways (SEGs).

It also examines how AI is being leveraged to create polymorphic phishing campaigns, how attackers are infiltrating the hiring process to access systems and data, and the increasing success of attacks evading traditional defenses.

Key Findings From the Report:

  • Between September 15, 2024 and February 14, 2025 there was a 17.3% increase in phishing emails compared to the previous six months.
  • 82.6% of all phishing emails analyzed exhibited some use of AI.
  • The report observes a 22.6% increase in ransomware payloads.
  • The phishing hyperlink, malware, and social engineering payloads getting through traditional detection have surged, with phishing hyperlinks increasing by 36.8%, malware by 20%, and social engineering tactics by 14.2% compared to the previous six months.
  • Additionally, there has been a 57.9% increase in attacks being sent from compromised accounts getting through traditional detection.
  • The top five legitimate platforms used to send phishing emails include DocuSign, Paypal, Microsoft, Google Drive, and Salesforce.
  • Currently the most impersonated brands include Microsoft, Docusign, Adobe, Paypal, and LinkedIn. 

For full details, see below release. The Phishing Threat Trends Report, Vol 5 is available for download here

Leave a comment »

SpyX data breach affects almost 2 million

Posted in Commentary with tags on March 20, 2025 by itnerd

It is being reported by HaveIBeenPwned.com that a consumer-grade spyware operation called SpyX was hit by a data breach last year. SpyX and two other related mobile apps had records on almost two million people at the time of the breach, including thousands of Apple users:

In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target’s email address and plain text Apple password.

Needless to say, that’s not good. Javvad Malik, Lead Security Awareness Advocate at KnowBe4 had this to say: 

“The irony of an entity purporting to offer surveillance capabilities itself falling prey to a breach is not lost with this one. However, this breach not only exposes the victims to further risks but starkly highlights the inherent vulnerabilities within these spyware operations.”

“The fact that a large number of Apple users were impacted is a reminder that while some technologies are more robust than others, no platform is invulnerable to being breached. Beyond the breach, the apparent inaction and silence by SpyX showcases a lack of responsibility.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech adds this: 

“By law, companies must report breaches like this to the authorities. SpyX is a UK-based company, and the UK has strict breach disclosure laws. SpyX appears to be in violation of those laws by knowingly not reporting a major breach. SpyX does business in the US, which also has breach disclosure laws. SpyX’s failure to report the breach is negligent and puts Apple users at risk, but it’s not surprising given the app’s shady business model.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy offers up this:

“It is inexcusable for a firm to experience a data breach and not notify the authorities and the affected parties. While normally I would applaud a stalkery firm like this being hit with hack attacks, data breaches like this one put millions of users at risk, possibly leaving Apple users open to being hacked on iCloud. Both UK and US laws require reporting of breaches like this, meaning SpyX could be subject to penalties from both countries.”

“iCloud users who have used SpyX should immediately visit the Have I Been Pwned website and enter their e-mail address(es) to determine whether their information was exposed in the breach.”

Now I went to HaveIBeenPwned.com and my iCloud email address isn’t part of the breach. Not that I expected it to be. But it doesn’t hurt to be sure. Regardless, it’s bad when a company who does what SpyX does gets pwned. Hopefully this not only serves as a wake up call in general, but people distrust SpyX to such a degree that they no longer exist.

Leave a comment »

York University and ventureLAB strengthen partnership with renewed Memorandum of Understanding

Posted in Commentary with tags on March 20, 2025 by itnerd

York University and ventureLAB signed a renewed Memorandum of Understanding (MoU) to expand their collaboration in talent development, research, and industry-driven innovation. This agreement reinforces their commitment to bridging academia and industry, creating opportunities for students, researchers, and entrepreneurs to drive growth in Canada’s technology sector.

As a leading innovation hub, ventureLAB’s mission is to power hardtech founders to build and scale globally competitive ventures that advance Canada’s knowledge-based economy, making this partnership a natural extension of its work in fostering a globally competitive technology ecosystem.

The MOU establishes a strong talent pipeline, connecting York University’s distinguished professors and researchers with ventureLAB’s influential network of founders. It also provides York University students with hands-on internship opportunities, equipping them with real-world experience in the hardtech, semiconductor, AI and medtech industries.

With the launch of York University’s new Markham Campus, this partnership is expanding to create even greater opportunities for students, faculty, and industry professionals. Located near the new campus, ventureLAB will serve as a key hub for experiential learning, giving students direct access to its state-of-the-art Innovation Centre and resources. This collaboration will drive new joint programming initiatives and strengthen the synergy between York University’s STEM, management, and business programs and ventureLAB’s dynamic innovation ecosystem. By fostering cutting-edge research, commercialization, and talent acceleration, York University and ventureLAB are shaping the future of Canada’s technology sector.

York University continues to be a valuable partner in ventureLAB’s flagship programs, including the Hardware Catalyst Initiative and Accelerate AI. As part of this renewed agreement, York University professors will now have direct access to ventureLAB’s leading-edge hardware lab, enabling groundbreaking research and industry collaborations that will drive advancements in Canada’s semiconductor, AI, and deep-tech industries.

This renewed partnership underscores the transformative potential of collaboration between academia and industry, creating a stronger pipeline of talent and innovation that will shape the future of Canada’s tech sector. As York University and ventureLAB continue to strengthen their alliance, they remain dedicated to fostering technological advancements, supporting high-impact research, and equipping the next generation of leaders with the tools to thrive.

Leave a comment »

Team Cymru Announces Integration With Microsoft Security Copilot to Bring Immediate AI-Generated Context to Security Teams

Posted in Commentary with tags on March 20, 2025 by itnerd

Team Cymru today announced the general availability of its Pure Signal™ Scout Plugin for Microsoft Security Copilot.

For two decades, Team Cymru has transformed the way security professionals monitor, analyze, and respond to potential threats. Now, these same capabilities enable SOC teams to take immediate action at scale. Using the Microsoft Copilot plugin, SOC teams can seamlessly query the Team Cymru Pure Signal™ data ocean, transforming tedious investigations with immediate, context rich AI powered responses.

Security Copilot is the first AI-powered security product that enables security professionals to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes. It combines an advanced large language model (LLM) with a security-specific model that is informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals.

Learn how to become AI-enabled with Copilot here

Leave a comment »

Apple won’t build a backdoor – yet iOS apps leak secrets anyway 

Posted in Commentary with tags on March 20, 2025 by itnerd

Apple’s UK encryption rollback has reignited the global debate on privacy. But while all eyes are on government backdoors, the latest Cybernews research exposes an even bigger risk – iOS apps are leaking sensitive data at scale, and Apple isn’t doing much if anything to stop it.

Last week, the Cybernews research team revealed that 71% of 156,000 iOS apps are leaking hardcoded secrets – a serious security flaw with major implications for businesses and consumers.

Now, their latest report dives deeper into the top 10 most commonly exposed secrets and why they pose a significant risk to user data, whether owned by consumers or businesses.

Here’s a quick look at the top 3 threats for businesses and individuals:

  • Project ID (Google) exposes app resources, logs, and potentially weakly secured services, increasing the likelihood of data breaches.
  • Google App ID can be used to impersonate apps, granting unauthorized access to user data, APIs, and backend systems.
  • API Keys (Google): if exposed, these can lead to unauthorized service access, risking data loss, tampering, and breaches of user privacy.

This is the first research of its kind at this scale – no one has ever published even approximate findings on Apple’s secret leaks before. These findings raise a bigger question: is Apple’s App Store security review failing to catch these weak spots? 

With stolen credentials linked to 31% of all breaches and an increasing reliance on mobile devices for sensitive transactions, this is a problem that app users and developers must address.

For more details, including a look at the most sensitive leaked secrets, read the full article here.

Leave a comment »

10000% VPN Surge in Turkey After Social Media Restrictions

Posted in Commentary with tags on March 20, 2025 by itnerd

VPNMentor just published a report about a staggering increase of VPN demand in Turkey amidst the controversial detention of Istanbul Mayor Ekrem İmamoğlu and after authorities restricted access to social media and messaging platforms across the country.

Their research team conducted an analysis of user demand data in Turkey after authorities restricted access to social media and messaging platforms and VPNMentor detected a surge of 10,104% in VPN demand.

You’ll find all the details to our findings here: https://www.vpnmentor.com/news/turkey-vpn-surge/

Leave a comment »

Bell Pure Fibre 8 Gbps now available for business in select areas 

Posted in Commentary with tags on March 20, 2025 by itnerd

Following up on Bell’s previous announcement regarding the re-launch of Bell Pure Fibre 8 Gbps for residential customers, Bell has passed along to me that this high-speed Internet option is now available for businesses in select areas of Ontario and Québec.

This significant speed increase offers businesses enhanced connectivity capabilities, supporting various business needs and applications. Bell Pure Fibre 8 Gbps provides businesses with a powerful Internet solution.

Currently, their 8 Gbps coverage includes the following areas (for residential and businesses):

Ontario:

  • Toronto, GTA (stretching from Ajax/Whitby to Brampton/Mississauga)
  • Ottawa and surrounding suburban areas (i.e., Kanata, Orleans)
  • London
  • Guelph
  • Kitchener
  • Georgetown

Quebec:

  • Montreal, Laval and GMA (Greater Montreal Area)
  • Québec City
  • Levis

Their 8 Gbps coverage will continue to expand, customers (whether residential or business) are encouraged to check Bell.ca regularly to see if they qualify.

Businesses interested in exploring this high-speed option can also learn more and review available plans by visiting Bell.ca/smallbusiness.

Leave a comment »

Guest Post: SAP Concur Delivers Joule, American Express Integration at Fusion 2025

Posted in Commentary with tags on March 20, 2025 by itnerd

At SAP Concur Fusion 2025 today, we are bringing together customers and partners to explore how SAP Concur delivers AI, and greater visibility, to travel and expense management. At the event, we’re debuting new product innovations and strategic partnerships that harness AI, enhance visibility, automate tasks, and drive compliance—unlocking new efficiencies, spend insights, and improved employee experiences.

SAP Concur Debuts Joule with Concur Travel and Expense

SAP is transforming the way businesses run with Joule, its generative AI copilot. Now, this evolution will extend to business travel and expense management. SAP is embedding Joule in SAP Concur solutions, bringing the portfolio one step closer toward a fully automated travel and expense management process. In Concur Expense, Joule helps to ensure that expense reports are ready for submission with minimal effort. For example, Joule can assemble a timeline view of expenses, review for mistakes or missing expenses, and make recommendations for how best to complete the expense report. Additionally, Joule can answer employees’ questions so they no longer have to search through Concur Expense or the SAP Help portal, resulting in fewer support cases and improved efficiency for both employees and administrators. Joule with Concur Expense is expected to be generally available in the second quarter 2025.

SAP Concur also will embed Joule in Concur Travel initially to help with planning locations for offsite meetings. Joule can provide meeting location recommendations and high-level flight and hotel cost estimates based on meeting attendees’ origination points. Once the meeting site and hotel options are selected, Joule will create an email template to send to team members with a link to book directly in Concur. Joule with Concur Travel is available now as part of the early adopter program with general availability expected later this year.

Automating Expense Management in Concur Expense

SAP Concur and American Express (Amex) are expanding their partnership to simplify expense management for shared customers. One-third of SAP Concur customers use the Amex corporate card to capture expense transactions. To streamline the end-to-end experience, SAP Concur and Amex are launching a real-time authorization data capability whereby American Express Corporate Card purchases automatically generate and categorize expenses, starting with meal transactions, in Concur Expense at the time of spend. This integration will include real time mobile notifications via the Concur mobile app that alerts the employee with expense policy reminders in the moment to help drive policy adherence and minimize manual effort.

The most common type of expense submitted within Concur Expense is meals. In fact, a quarter of all expenses are meals, which is why the capability will first be available for meal expenses. For example, when users purchase lunch with their Amex Corporate Card, an expense entry is automatically created and the user can be notified if additional information is required, such as capturing the receipt image or adding attendees.

SAP Concur is on a journey to fully automate the expense management process, from purchase to reimbursement. Last year, we took a big step with our partnership with Mastercard. With the integration, meal expenses purchased with participating Mastercard corporate cards are automatically populated in Concur Expense, and alerts are issued if any additional information is needed.

We’ve heard from customers that they love the hands-free experience, commenting:

  • The automation is really nice, and keeps the trips organized.
  • Much faster data, and less time organizing expense reports.
  • Solicits faster receipt capture while reducing duplicate risk.

We’re working to expand access to the integration so more Mastercard customers can benefit from a simpler and more efficient experience.

“At SAP Concur, we’re creating a world where travel and expenses practically manage themselves,” said Brian Veloso, Managing Director at SAP Concur Canada. “We continue to deliver on that journey with these touchless experiences enabled by industry-leading generative AI and close partnerships with top payment providers.”

Additionally, American Express Global Business Travel has integrated its hotel marketplace, featuring over 2 million properties across 180 countries with competitive rates, into the new Concur Travel solution, providing customers access to comprehensive hotel content, including negotiated programs and preferred partner rates.

With its Concur Travel and Expense solutions, SAP remains the market share leader for worldwide travel and expense management software, with 49.6 percent 2023 market share [source: IDC]. These leading solutions are part of the SAP Business Suite, SAP’s comprehensive portfolio of integrated solutions that combines our core Cloud ERP and Line of Business applications, fueled by the world’s most powerful business data and actionable AI.

“We are redefining the business travel experience, raising the bar for integrated travel and expense management like never before with the power of SAP Business AI,” said Brian Veloso, Managing Director at SAP Concur Canada. “It’s exciting to see our large, global customer base benefit from continual innovations that enhance the user experience and serve the needs of travelers, travel managers and CFOs.”

To learn more about announcements at SAP Concur Fusion or to join the virtual event visit here.

Leave a comment »