Archive for May 8, 2025

Reddit Announces Reddit Pro Profile Tools

Posted in Commentary with tags on May 8, 2025 by itnerd

There’s some news from Reddit today. The company announced the availability of new profile tools to help businesses build their presence and connect with Reddit’s 100,000+ communities via Reddit Pro, a free suite of tools designed to support businesses of all sizes with organic engagement on the platform.

These enhancements will allow businesses to:

  • Set up their profiles more quickly by generating suggested bio descriptions when they sign up for Reddit Pro
  • Crosspost relevant community posts and comments about their products and services directly from the Reddit Pro trends tab to their profiles.

You can learn more about these new features and Reddit Pro on Reddit for Business.

Leave a comment »

The Westfield Fire District Has Apparently Been Pwned By The Medusa Ransomware Gang

Posted in Commentary with tags on May 8, 2025 by itnerd

The Westfield Fire District in Middleton, CT this week confirmed it notified victims of a November 2024 data breach that compromised their personal info. Ransomware gang Medusa claimed responsibility for the breach on December 12, 2024, but Westfield Fire District has not verified Medusa’s claim.

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:

“Medusa is a ransomware gang that first surfaced in September 2019. It debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay both to unlock their systems and for Medusa to not sell or publish stolen data. In 2024, Medusa claimed responsibility for 68 confirmed ransomware attacks compromising nearly 2.4 million records. Its average ransom demand is $576,000.”

“In 2024, Comparitech researchers logged 93 confirmed ransomware attacks on US government entities, which compromised more than 2.4 million records. In 2025 so far, we’ve tracked 20 such attacks. The average ransom is just over $2.1 million.”

“Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, and people whose data was stolen are put at greater risk of fraud. Ransomware can disrupt everything from communications to billing, payroll, and online services.”

Every single day I am writing about a ransomware attack. That alone should make it crystal clear that this is a problem that is a “right now” problem. Because ransomware gangs are running the show right now and that must not be allowed to continue.

Leave a comment »

Outpost24 Enhances EASM Platform with Digital Risk Protection Modules for Social Media and Data Leakage

Posted in Commentary with tags on May 8, 2025 by itnerd

Outpost24, leading provider of cyber risk management and threat intelligence solutions, today announced the integration of two new Digital Risk Protection (DRP) modules to its External Attack Surface Management (EASM) platform. The Social Media and Data Leakage modules are now offered alongside the Leaked Credentials and Dark Web modules to enhance customer insights into the entire attack surface. 

From access to private and exclusive sources, strong automation capabilities, and powered by advanced threat intelligence, Outpost24’s new DRP modules assist organizations in getting a full overview of external threats and risks, empowering proactivity and prioritization. 

With threat actors leveraging information on social media profiles to launch attacks against companies, the Social Media DRP module monitors organizations’ profiles as part of the attack surface. From the real-time tracking of social media impersonation, external breaches, and internal leaks, this module enables organizations to respond faster to threats and incidents as they emerge. 

Likewise, an organization’s sensitive documents are an integral asset to keep protected from external eyes. The Data Leakage DRP module detects potentially leaked documents and potentially leaked source code, providing organizations with enough time to react appropriately. 

Together, these attack surface monitoring modules empower companies to:

  • Respond faster to threats as they emerge on social media 
  • Detect leaked documents and source code and inform teams before they become a problem 
  • Protect their reputation and reduce the risk of phishing or fraud 
  • Prevent confidential information from spreading by catching issues early

To learn more about Outpost24’s EASM Platform with Digital Risk Protection modules, including the new Social Media and Data Leakage additions, please click here

Leave a comment »

Guest Post: If The Cat Game Can Leak Your Data, Any App Can – Here’s How to Protect Yourself

Posted in Commentary with tags on May 8, 2025 by itnerd

By Aras Nazarovas

If you thought downloading a cute cat game was harmless, think again. We at Cybernews have cracked open the code of “Cats Tower: The Cat Game!” – an iOS app with half a million users – and found it purring out plenty of secrets: user IP addresses, Facebook tokens, and locations and credentials for the app’s backend systems.

This is a symptom of a much bigger problem hiding in plain sight on your iPhone – and it’s happening at a scale that should make every user pause before tapping “Install.”

The Cat’s Out of the Bag

Let’s break it down: we went spelunking through the guts of 156,000 iOS apps – about 8% of everything on the App Store. What we found is the stuff of digital nightmares: 71% of those apps were leaking at least one hardcoded secret. We’re talking API keys, cloud credentials, and other sensitive endpoints.

Many people believe iOS apps are more secure. But our research shows developers often leave keys to the kingdom in plain sight. It’s like locking your front door but taping the key to the window. Wouldn’t this make you anxious? 

In the case of the cat game, that meant 450,000 users’ IP addresses and ~250 Facebook access tokens were up for grabs. With that kind of data, a savvy bad actor could track you, hijack your social media, or even spin up fake requests to the app’s backend – weaponizing the app against its own users.

How to Keep Your Data Out of the Litter Box

So you’re one of the 1.38 billion active iPhone users in the world, and you love your apps – maybe even that cat game that’s spilling half a million users’ secrets across the internet. Here’s the truth: your data is only as safe as the laziest developer in your app library. But you don’t have to be a sitting duck.

Start with permissions. Every time you install an app, it asks for access – to your location, your photos, your contacts. Most people just tap “Allow.” Don’t. Head to Settings > Privacy & Security and audit who’s got the keys to your digital house. If a game wants your location, ask yourself why. Spoiler: It likely doesn’t need it.

Update like your privacy depends on it – because it does. Apple pushes out security updates for a reason. Hackers love old software. Go to Settings > General > Software Update and don’t let those red notification dots linger. The same goes for your apps: update early and often.

Lock it down. Still using “123456” or your birthday as a passcode? Time to level up. Use a long, unique passcode and enable Face ID or Touch ID. If someone snatches your phone, you want it to be a brick, not a gold mine.

Don’t trust – verify. That adorable new app? Treat it like a stranger at your door. Check reviews, look up the developer, and think twice before granting permissions. Even the App Store’s walled garden isn’t weed-free.

Clean your digital house. Delete apps you don’t use. Every extra app is another potential leak. Before deleting the app, delete the account you created for the service, if they don’t have your data, they can’t leak it. Less is more.

Stay skeptical. Phishing isn’t just for email. If an app asks you to log in with Facebook or Google, make sure it’s legit. And never, ever tap on sketchy links.

Remember, if iOS apps are leaking secrets, it’s up to users to protect themselves first. Assume your favorite app could have a data breach tomorrow. Act accordingly.

The Bottom Line

The cat game leak is a warning shot. As mobile cyberattacks surge and the App Store’s walled garden shows cracks, it’s clear that mobile security is your problem too, not just Apple’s. So next time you download a new app – even one with adorable kittens – remember that on the internet, curiosity doesn’t just kill the cat. It can put your privacy at risk, too.

ABOUT THE AUTHOR

Aras Nazarovas is an Information Security Researcher at Cybernews, a research-driven online publication. Aras specializes in cybersecurity and threat analysis. He investigates online services, malicious campaigns, and hardware security while compiling data on the most prevalent cybersecurity threats. Aras along with the Cybernews research team have uncovered significant online privacy and security issues impacting organizations and platforms such as NASA, Google Play, App Store, and PayPal. The Cybernews research team conducts over 7,000 investigations and publishes more than 600 studies annually, helping consumers and businesses better understand and mitigate data security risks.

Leave a comment »

OWC Launches “My OWC” App to Further Streamline Setup, Support, and Ownership Experience

Posted in Commentary with tags on May 8, 2025 by itnerd

Other World Computing today announced the launch of the My OWC app on iOS. From when the box is opened, the new intuitive mobile companion streamlines every stage of the customer experience (CX), empowering users to effortlessly set up and manage their OWC products, access personalized support, and stay up to date with push notifications – all from the palm of their hand.

OWC has always focused on making technology approachable and easy to use. And with the My OWC app, that experience is even more seamless. The app offers a more connected way to set up, manage, and get the most out of your gear, right from the start. Getting started is simple. Customers can simply scan a QR code or select their device from the list. Step-by-step guides, how-to videos, FAQs, are now at your fingertips, as well as instant real-time notifications of firmware alerts, compatibility tips, and maintenance suggestions. All of which is completely personalized for their exact product(s).

​​My OWC app key features include:

●     Quick Start & Setup Resources – Instantly access product manuals, setup instructions, troubleshooting resources, and commonly asked questions

●     Product-Specific Alerts – Stay informed with real-time notifications about firmware updates, performance tips, product news, and more

●     3D Product Previews – Use augmented reality to view select OWC products in your own workspace – see how devices will fit before setup

●     Easy Product Management – Register your OWC products in seconds to ensure you stay up to date with product-specific news and updates

●     Stay Updated – Get the latest OWC news, upcoming events, and exclusive updates right from the app

The My OWC app is available now as a free download from the Apple App Store, here: https://download.owc.com/myowc/ios

For further information about the My OWC app, please visit: https://www.owc.com/solutions/my-owc-app

Leave a comment »