Archive for July 1, 2025

Kelly Benefits 2024 Breach Now Impacts 550,000 

Posted in Commentary with tags on July 1, 2025 by itnerd

Kelly & Associates Insurance Group (dba Kelly Benefits) has now confirmed that 553,660 people were impacted by a December 2024 data breach that compromised their personal information. This is an update to the 32,234 count they previously reported in April. 

Jim Routh, Chief Trust Officer at Saviynt:

“The first thing for an enterprise to consider regarding this breach information is the fact that Kelly Benefits took such a long time to notify victims, the enterprises impacted, and the public (December 12, 2024 – April 9, 2025). The second is that it is common practice for these types of companies that provide benefits consulting, payroll, insurance, etc., to use SSNs to identify individuals across applications and records. That means that the attack surface for threat actors is significantly larger than necessary and highly profitable, given that SSNs are the easiest data elements to monetize for threat actors. The third is that these types of companies do not necessarily attract top cybersecurity talent nor are they known for providing adequate funding for cyber resilience. The combination of these three attributes makes for a company (in this case) attractive to cyber criminals, while individual consumers are at risk for personal data exposure. 

“All enterprises should incorporate the application of lessons learned from control testing, tabletop sessions, and actual cyber incidents into their communication with existing and future customers. Enterprises that manage third-party risk are more receptive to third parties that apply the lessons learned from incidents. In the case of Kelly Services, this might include the elimination of SSNs in application files and moving this data to databases with different levels of encryption deployed, classified as restricted with the best controls. It might include an investment in mature privileged access management capabilities with continuous verification. Also, investment in more mature identity security practices using a data lake architecture with models to design more effective access controls.” 

James McQuiggan, Security Awareness Advocate at KnowBe4:

“As with all data breaches, it’s the customers, clients, or users who are inconvenienced and impacted. If data has been exposed, vigilance is key to continually monitoring accounts, whether they’re financial, health-related, or email-based.

Cybercriminals or other scammers will leverage this data as they are getting more sophisticated with AI-generated emails, spoofed domains, and social engineering tactics.

“Ask yourself three questions before clicking or replying:

Was I expecting this message?

Is the request unusual, especially if it’s about money, credentials, or urgent action?

Can I verify the request through another channel?

“If anything seems off, report it. Don’t forward. Use your security team’s preferred method of communication, such as email, hotline, or internal tools.

Phishing remains the most effective way for attackers to bypass security controls. Training is beneficial, but maintaining constant awareness is key. These steps are not about paranoia. It’s about being prepared. Stay skeptical. Stay secure.”

The fact that the bad guys had such a head start means that victims really are in deep trouble here. The bad guys could be doing anything with the info that they swiped. And that’s a scenario that never ends well for the victims.

Leave a comment »

Hundreds Of Brother Printer Models Along With Some From Other Vendors At Risk Of Pwnage

Posted in Commentary with tags on July 1, 2025 by itnerd

 Rapid7 has discovered eight vulnerabilities affecting 689 Brother printers. But 46 models from other brands are also at risk of being pwned including models from Fujifilm, Toshiba, Ricoh, and Konica Minolta. You can read the details here, but here’s the TL:DR:

Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, 2 printer models from Toshiba Tec Corporation, and 6 models from Konica Minolta, Inc. are affected by some or all of these vulnerabilities. In total, 748 models across 5 vendors are affected

Here’s the worst vulnerability:

The most serious of the findings is the authentication bypass CVE-2024-51978. A remote unauthenticated attacker can leak the target device’s serial number through one of several means, and in turn generate the target device’s default administrator password. This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device’s unique serial number, during the manufacturing process. Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models.

So if you own a Brother printer, you should change your administrator password ASAP. Now newer Brother printers won’t have this vulnerability as the company will change how they generate the password. But that doesn’t help anyone who owns one of these printers right now. The other vulnerabilities will be fixed via firmware updates. You should check your vendor’s website to see what you should do in that regard:

Leave a comment »

Race condition vulnerabilit leaves nopCommerce at risk of single-packet attacks

Posted in Commentary with tags on July 1, 2025 by itnerd

Outpost24 researchers today released research looking at a race condition vulnerability in nopCommerce, an open-source eCommerce platform written in C#, which aids developers in building online stores. When exploited, it allows an attacker user to redeem a gift card multiple times by using a technique called a single-packet attack. If they did this correctly, they were able to receive items for free. 

The full details can be found at this link and it is a very interesting read.

Leave a comment »

SOCRadar Launches MCP Server

Posted in Commentary with tags on July 1, 2025 by itnerd

SOCRadar today launched its MCP Server to support its threat intelligence platform. MCP (Model Context Protocol) is a standardized interface that allows AI language models to securely connect with external data sources enabling AI assistants to access real-time information, interact with databases and APIs, and use various services while maintaining proper security boundaries.

As cybersecurity teams increasingly rely on AI agents for threat analysis and incident response, SOCRadar recognized the critical need for standardized, secure access to its extensive threat intelligence databases and security tools. SOCRadar’s MCP Server enables seamless integration between AI models and its platform, allowing security professionals to leverage AI capabilities while maintaining secure, controlled access to sensitive security data.

Leveraging SOCRadar’s threat intelligence data, AI-driven SOC teams will now be able to use AI agents to directly query SOCRadar’s threat intelligence feeds, perform automated threat hunting, and generate contextual security reports without switching between multiple interfaces.

The SOCRadar MCP server is not just another integration layer built by the company. Instead, the company specifically developed a way for security teams to talk to them like they would an analyst allowing the system to do the heavy lifting.

Here’s how it works:

1. No More Interface Overload. Just Ask. Cybersecurity teams no longer need to memorize SOCRadar’s UI or workflows. They just need to give a command and the MCP server will handle the rest. For example:

“Show me my critical assets exposed to the latest Citrix vulnerability.”

“Give me the top CVEs affecting my attack surface today.”

Behind the scenes, the MCP server interprets, executes, and delivers actionable answers. No clicks. No guesswork.

2. Instant Reports for CISOs and Analysts. Need a daily threat report, a geo-targeted actor profile or a vulnerability snapshot filtered by your environment? Just ask.

For example: “SOCRadar, create a report on threat actors targeting energy companies in the US over the past week.”

No templates or filters are required. The MCP server builds it dynamically — in just seconds.

3. Built for AI Agents and Autonomous System. Already using an AI-driven SOC platform or an internal AI agent?

The SOCRadar MCP server acts as a plug-and-play gateway to the company enabling systems to:

  • Enrich IOCs on the fly
  • Pull CVE intelligence
  • Automate response actions
  • Trigger custom playbooks

With SOCRadar’s MCP server, there’s no need to build brittle APIs. The agent just asks, and SOCRadar answers.

Leave a comment »

Half of Nord Security’s colocated servers use renewable energy

Posted in Commentary with tags on July 1, 2025 by itnerd

Nord Security, home to NordVPNNordLayerNordPassNordLockerNordStellar and Saily, has published its annual Impact Report, addressing all scopes of greenhouse gas emissions, social initiatives, key sustainability risks and impact. It reveals Nord Security’s efforts to advance its mission to protect life online and positively impact people, communities, and the environment. 

Below are some noteworthy highlights. The full report can be found here.

Tackling indirect emissions

In 2024, Nord Security calculated greenhouse gas (GHG) emissions for the second time, and expanded reporting to include key categories within Scope 3 covering indirect emissions across the company’s value chain. The total amount of the company’s market-based greenhouse gas emissions for 2024 was 23,014 tCO2e.

While around 97% of the company’s total emissions are outside the company’s direct control in the value chain, the company now collects and analyzes GHG emissions data across the value chain, and aims to identify opportunities to reduce emissions in line with the Paris Agreement. Nord Security has initiated engagement with key suppliers to promote transparency and collaboration on emission reduction efforts.

According to Nord Security, this assessment will help to identify opportunities to reduce emissions from the company’s own operations and make better decisions about energy procurement and efficiency measures.

In 2024, Nord Security colocated servers in 37 data centers around the world all of which are low-power servers and offer sufficient computing power with low power consumption and are ideal for energy-saving operation. Thirty-two out of 37 data centers utilized renewable energy, making 50% of total colocated servers energy renewable.

Moreover, Nord Security continuously strives to mitigate the adverse effects the company’s  day-to-day operations may have on the environment. At this point, around 73% of employees work in BREEAM-certified offices. Energy-saving measures, such as temperature control via blind automation as well as time and motion-based lighting, are implemented across all buildings. These measures also include recycling and time-adjusted ventilation modes.

Supporting communities in-need

Product donations continue to be one of Nord Security’s mechanisms for supporting the nonprofit community. Over 2,600 accounts were donated to vulnerable groups and individuals online to help protect human rights, freedom of speech, and stand for inclusion and a safe digital world for all. 

Nord Security continued to support the people of Ukraine, with a special focus on helping children and the elderly. Additionally, we also donated over €48K to NGOs working to help volunteers in Ukraine.

In keeping with our annual tradition of supporting NGOs and nonprofits in Lithuania, Nord Security collected donations for Niekieno Vaikai, an organization that improves the lives of vulnerable children, and Sidabrinė Linija, a non-profit that provides support to the elderly.

Assessing sustainability impacts, risks, and opportunities

Last year, Nord Security also went on a six-month quest in preparation for the new EU Corporate Sustainability Reporting Directive (CSRD) rules by identifying and evaluating our key sustainability impacts, risks, and opportunities through a double materiality assessment. 

Through the assessment Nord Security focused on two angles. The first one focused on what matters to the bottom line and identifies which environmental, social, or governance issues could affect a company’s revenues, costs, or reputation. The second considers Nord Security’s impact – how operations affect people and the environment.

Based on the outcomes of the assessment, Nord Security aims to better integrate sustainability risk assessment with enterprise risk framework already this year. Additionally, Nord Security is committed to continuous improvement, transparency, and aligning with the highest standards of sustainability.

To put this in perspective, 1 tCO2e is roughly equivalent to the emissions generated by driving a gasoline-powered passenger vehicle for around 4,000 kilometers or charging more than 66,000 smartphones.

Leave a comment »

KnowBe4 Announces New Assessment Tool to Enable Data-Driven Security Culture Improvements

Posted in Commentary with tags on July 1, 2025 by itnerd

 KnowBe4 has released the KnowBe4 Program Maturity Assessment (PMA), a free, strategic tool designed to help IT and cybersecurity leaders measure and improve their organization’s security culture—starting with the people.

As human actions are targeted and exploited by attackers with increased sophistication, organizations need clarity on what is working and how to measure improvement. According to KnowBe4’s Security Culture: How-To Guide, security culture is one of the strongest predictors of secure behavior, yet few organizations have the tools to assess and manage it effectively.

Created by security culture expert Perry Carpenter, the PMA offers a structured, practical self-assessment framework focused on Human Risk Management (HRM). Unlike technical assessments or consultant-heavy frameworks, the PMA delivers actionable insights across ten critical dimensions of security culture—without the jargon. It translates abstract cybersecurity concepts into concrete actions that organizations can take immediately, regardless of size or industry.

Key Features of the PMA:

  • Holistic Evaluation: Examines leadership, employee behavior and business process integration
  • Objective Scoring: Provides clear, quantifiable results across 40 Culture Maturity Indicators (CMIs)
  • Identify Gaps: Pinpoints exact areas of weakness, from employee mindset to executive communication
  • Strategic Roadmap: Offers customized recommendations based on maturity level
  • Actionable Next Steps: Delivers next steps to strengthen the human firewall

After completing the assessment, users receive a personalized maturity classification on a five-level scale, visual feedback across all dimensions, and prioritized recommendations. Those looking to deepen their efforts can opt into a follow-up consultation to explore how the KnowBe4 HRM+ platform can accelerate maturity and build a lasting security culture.

To learn more or complete the assessment, visit www.KnowBe4.com

Leave a comment »

Threat Actors Poison AI Assistants to Spread Malicious Code & LLM Falls for Phishing Scams Sites

Posted in Commentary with tags on July 1, 2025 by itnerd

Netcraft has released a new blog on LLMs falling for phishing, analyzing what happens when you ask AI where to log in to various well-known platforms, the real-world impact of phishing sites recommended by an AI model, and an AI coding assistants poisoning campaign.

Netcraft’s analysis revealed that 34% of all suggested domains were not brand-owned, potentially harmful, and many of the unregistered domains could easily be claimed and weaponized by attackers, opening the door to large-scale phishing campaigns that are indirectly endorsed by user-trusted AI tools.

Netcraft observed a real-world instance where Perplexity suggested a phishing site when asked what the URL is to log in to Wells Fargo, which was surfaced by AI versus SEO, recommending the link directly to the user, bypassing traditional signals like domain authority or reputation.

Netcraft also uncovered a campaign to poison AI coding assistants in which the threat actor created a malicious API designed to impersonate a legitimate blockchain interface, engineering the entire ecosystem around it to bypass filters and reach developers through AI-generated code suggestions. 

Multiple fake accounts shared a project seeded across accounts with rich bios, profile images, social media accounts, and credible coding activity with the malicious API hidden inside the repository, which were crafted to be indexed by AI training pipelines. 

Netcraft found victims who copied this malicious code into their public projects, some of which show signs of being built using AI coding tools, so those poisoned repos are feeding back into the training loop, causing a supply chain attack.

You can read the blog post here.

Leave a comment »

OpenMSP Launches to Boost MSPs Margins with Open-Source, AI, and Community Insights

Posted in Commentary with tags on July 1, 2025 by itnerd

OpenMSP launched today as the first community-driven platform systematically supporting MSP margin improvement through open-source tooling adoption in the $83.76 billion Managed Service Provider (MSP) and Managed Security Service Provider (MSSP) industry. The platform features an AI Margin Increase Report generator that automatically calculates potential profit improvements for individual MSPs. OpenMSP is an open-source solution delivered by stealth startup Flamingo.

MSPs function as outsourced IT departments for small and medium businesses, providing network monitoring, cybersecurity, and technical support services. However, commercial software tools have created unsustainable cost structures. Vendor licensing fees consume 20-35% of MSP revenue while technician salaries require another 20-30%, leaving providers trapped between growth and profitability. Shifting to open-source tooling, even at a modest scale, can potentially redirect billions in vendor spend and give MSPs a major competitive advantage.

OpenMSP catalogs 155 commercial vendors across NOC, SOC, IT, and business operations categories, and provides comprehensive mapping of expensive platforms like ConnectWise, Datto, and Kaseya to open-source equivalents such as TacticalRMM, Wazuh, and Odoo. OpenMSP identifies viable open-source alternatives for 63% of cataloged solutions, eliminating vendor lock-in, recurring licensing fees, and unlocking major cost savings without sacrificing capability.

Key platform features include:

  • AI Margin Increase Report generator: Automatically analyzes an MSP’s current software stack and produces a detailed report showing current licensing costs, projected savings from open-source replacements, estimated margin improvements, and step-by-step implementation guidance.
  • Vendor mapping directory: Catalogs 155 commercial vendors across 4 main categories —NOC, SOC, IT operations, and business operations—and 19 subcategories, encompassing 63% of which have vetted open-source alternatives mapped to them.
  • Commercial-to-Open-Source Comparisons: Provides side-by-side comparisons of commercial platforms like ConnectWise, Datto, and Kaseya with open-source equivalents such as TacticalRMM, Wazuh, and Odoo—enabling informed decisions without vendor lock-in.
  • Community support and implementation resources: Offers access to a growing peer-driven community, best-practice playbooks, and support channels to help MSPs safely adopt and operationalize open-source tooling.

OpenMSP is now available at openmsp.ai. MSPs can access the AI Margin Increase Report generator and the complete vendor directory at no cost. For more information about implementation support and community resources join OpenMSP slack workspace.

Leave a comment »