Archive for July 10, 2025

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried Password ‘123456 …. WTF??

Posted in Commentary with tags on July 10, 2025 by itnerd

 Wired is reporting that McDonalds AI hiring bot “Olivia,” built by AI firm Paradox.ai,  exposed millions of applicants’ data to hackers who tried the password ‘123456,’ according to security researchers Ian Carroll. You can read the research here: https://ian.sh/mcdonalds

Darren James, Senior Product Manager at cybersecurity firm Specops Software, commented:

“Even experienced IT developers make mistakes when it comes to passwords. And if these guys make mistakes that put their customers at risk, it’s even more likely that your end users will make the same errors, or make poor password choices, reuse passwords, and not follow best practice at all when it comes to cyber security and hygiene.

As such, organizations need to make sure that they adopt “fit for purpose” password policies wherever they can, to make sure that passwords, or even better passphrases, are simple to use, have not previously been breached, are strong enough for their intended use, and can be detected and acted upon should they become breached. On top of that, companies should use systems that can provide feedback to users to guide them about what is a good password, and wherever possible make use of a strong biometric 2nd factor.

All organizations should not just bury their heads in the sand about this threat. They should act quickly to have a good understanding of where they are right now when it comes to their password security posture.”

This is pretty stunning that an organization would use such a craptastic password? What this proves is that the bad guys don’t need any skill to pwn you because poor choices allow you to pwn yourself.

Leave a comment »

Specops Now Offered Through GuidePoint Security

Posted in Commentary with tags on July 10, 2025 by itnerd

 Specops Software has announced a strategic reseller partnership with GuidePoint Security, the leading cybersecurity solution provider that helps organizations make better decisions to minimize risk. Through this partnership, GuidePoint Security’s customers have the opportunity to further strengthen their customers’ cyber resilience through password protection and end-user verification.

Specops Software is a leading provider of identity management and authentication solutions. Its products help organizations enforce secure password policies, strengthen user verification, and defend against credential-based attacks. Specops is part of Outpost24, which offers industry-leading Attack Surface Management solutions that help security teams stay ahead of emerging threats. Together, they support thousands of organizations worldwide in identifying, protecting, and monitoring digital risks.

Leave a comment »

Pierce County Library System Massively Pwned

Posted in Commentary with tags on July 10, 2025 by itnerd

The Pierce County Library System in Washington this week confirmed it notified 336,826 people of an April 2025 data breach that compromised names and dates of birth. Ransomware gang Inc took credit for the breach in May, saying it stole 1.94 TB of data including licenses, passports, and internal library documents. 

Rebecca Moody, Head of Data Research at Comparitech:

“As the sixth-largest data breach via ransomware this year so far (across all industries), this attack on Pierce County Library System highlights how organizations are not only facing disruptions to systems following these attacks but are also having to navigate the ongoing consequences of large-scale data breaches. It’s also a reminder that government organizations remain a key focus for hackers (we recently noted a 60% uptick in attacks on government entities when comparing H1 of 2024 to H1 of 2025).”

“Historically, attacks on government entities haven’t typically involved huge datasets as disruption to key systems has often been the primary focus for ransomware gangs. For example, we noted 233 confirmed attacks in 2023 with just over 1.5 million records breached. The number of attacks dipped in 2024 to 200 but the number of records breached rose to over 2.5 million. While this attack on Pierce County makes up the majority of records breached in government ransomware attacks this year so far (just under 350,000), I believe we’ll see a number of other significant breaches being confirmed in the coming months.”

Another day. Another huge breach. This isn’t good to say the least. At this point I am honestly not sure what it will take for things to change so that this sort of thing is not news anymore.

Leave a comment »

Lookout Survey Reveals Critical Gaps in Security Leaders’ Confidence and the Actual Vulnerability of Their Organizations

Posted in Commentary with tags on July 10, 2025 by itnerd

A new global survey by Lookout, Inc. today unveiled concerning insights into the state of mobile cybersecurity preparedness, revealing a significant gap between security leaders’ confidence and the actual vulnerability of their organizations. The survey of more than 700 security leaders globally exposes a pervasive overconfidence in employees’ ability to detect modern mobile-centric threats, leaving businesses significantly more exposed than they realize.

The survey’s most critical insights include:

  • 58% of companies have experienced incidents due to executive impersonation scams via text or voice, highlighting the severe impact of sophisticated social engineering tactics.
  • 77% of respondents have experienced one or more mobile phishing attacks in the past six months, underscoring the ubiquity of these threats.
  • 51% admit to having inconsistent visibility of social engineering attempts, creating massive security blind spots.

Despite these alarming statistics, the survey revealed pervasive overconfidence: 96% of leaders are confident their employees can spot a phishing attempt that comes via their mobile devices. Yet, over half reported incidents where employees fell victim to executive impersonation scams, leading to financial loss or sensitive data exposure. Furthermore, even with widespread security training efforts, “lack of training” remains the top reason cited for employees clicking suspicious links, suggesting current education may not be keeping pace with the rapidly evolving modern threat landscape.

These findings highlight core issues:

  • A dangerous overconfidence gap: Organizations feel ready for threats but are demonstrably underprepared, leading to successful attacks.
  • Inadequate visibility: Traditional security solutions often lack visibility into mobile-centric social engineering attempts, meaning many manipulative efforts go unnoticed until it’s too late.
  • Outdated training: Security awareness training isn’t evolving fast enough to truly prepare employees for today’s sophisticated, mobile-focused threats.

To address these pressing challenges, Lookout emphasizes a multi-faceted approach to secure the “front line” – employees and their mobile devices. This includes:

  • Implementing an AI-first social engineering and human risk solution: This provides baseline protection against today’s Modern Kill Chain.
  • Integrating Mobile Endpoint Detection and Response (EDR): Gaining strategic mobile security data points, such as vulnerable assets and web traffic analysis, by integrating EDR into existing SIEM, SOAR, EDR, or XDR solutions.
  • Sophisticated and ongoing security awareness training: Training specifically designed for mobile-centric threats, including simulated phishing and social engineering exercises that reflect current malicious tactics, fostering a culture of vigilance and easy, judgment-free reporting.

The report can be found here: https://mms.businesswire.com/media/20250710838048/en/2520234/1/lookout-2025-simplydirect-survey-report-us.pdf?download=1.

About the Survey

The data presented in this report is sourced from the independent research company Censuswide, which conducted the survey in June 2025. More than 700 security leaders globally were polled across various industries. Censuswide is a member of the British Polling Council and abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles.

Leave a comment »

Qantas Confirms That A Third Party Attack Has Led To The Data Of 5.7 Million Customers Being Swiped

Posted in Commentary with tags on July 10, 2025 by itnerd

Last week, I reported that Qantas had been the target of an extortion attempt after getting pwned via a third party attack. Today the airline has confirmed that this attack compromised personal data for 5.7 million customers. The breach, disclosed after a June 30 incident, included names, email addresses, frequent flyer details, and in some cases, home addresses, birthdates, phone numbers, gender, and even meal preferences. 

Andrew Obadiaru, CISO, Cobalt:

“Breaches like this reveal a systemic issue: security validation rarely extends to the third-party platforms that store massive volumes of customer data. Organizations need to evolve beyond trust-based vendor relationships and implement regular offensive testing across the entire service ecosystem. The fact that an extortion attempt followed the breach suggests the attackers know exactly how valuable this data is. Red-teaming and continuous pentesting are essential tools to uncover these weak points before adversaries do. This highlights the importance of implementing a comprehensive third party risk management program to ensure that the security posture of all vendors aligns with your organization’s security standards and expectations.”

This is pretty bad and highlights the fact that an organization is only as secure as the organizations that they work with. I hope that Qantas keeps that in mind going forward. Related to this, I have to assume that my personal data is out in the wild as I flew on this airline a few years ago. Oh joy.

Leave a comment »

Apple Maps Bug Will Sometimes Force Users In The Greater Toronto Area Onto The Highway 407 Toll Road

Posted in Commentary with tags on July 10, 2025 by itnerd

This past Sunday my wife and I needed to pick up something in the Toronto suburb of Vaughn. I punched the address into Apple Maps and started to drive. But the route took us to Highway 407 which is a local toll road. Now I didn’t clue into that until we were approaching that road. And at that point we figured that we’d just eat the toll cost as it would have taken much longer to detour. Now what was weird about this was the fact that Apple Maps on my iPhone and my wife’s iPhone are set to avoid toll roads. So this should not have happened. But this post on MacRumors seems to indicate that this is a bug:

Since at least July 4, Apple Maps has failed to treat the privately-owned Highway 407 ETR in the Toronto, Canada area as a toll road, according to complaints from affected users. This issue is not limited to any particular device or software version, with users experiencing the problem across the iPhone, iPad, Mac, Apple Watch, and web.

Since Apple hasn’t released a software update for a while, this has to be a back end issue. Thus one can assume that Apple can fix this easily whenever they decide to get around to it. Until they feel like fixing it, I would check any route that Apple Maps closely to make sure that you’re not routed on to Highway 407 when you don’t want to be.

Leave a comment »

Darktrace uncovers social media scam that’s draining crypto wallets 

Posted in Commentary with tags on July 10, 2025 by itnerd

 Darktrace researchers have uncovered an active campaign targeting cryptocurrency users through an elaborate social engineering scheme. Threat actors are creating sophisticated fake AI, gaming, Web3, and social media startups, complete with professional websites, hijacked verified accounts, whitepapers, GitHub repos, and Medium blogs to trick targets to download software to drain crypto wallets. 

Targets are contacted via X, Telegram, or Discord by fake “employees” offering crypto in exchange for testing software. They are then directed to professional-looking sites requiring a registration code to download the malware-laced apps. The campaign is currently active with dozens of fake companies identified, targeting both Windows and macOS users globally with malware variants.  

You can read the research here: https://www.darktrace.com/blog/crypto-wallets-continue-to-be-drained-in-elaborate-social-media-scam

Leave a comment »

Black Kite Releases 2025 State of Financial Services Report

Posted in Commentary with tags on July 10, 2025 by itnerd

Black Kite today announced its newest report, 2025 State of Financial Services: Hidden Dangers in the Vendor Ecosystem, which explores the shifting landscape of cyber threats in the financial sector, highlighting the critical importance of understanding and mitigating the hidden dangers within the vendor ecosystem. The report found that while banks and financial institutions possess strong defenses, third-party vendors often lack the same level of security, providing attackers with indirect access to the institutions they serve.

Over the past two years, successful ransomware attacks targeting the financial sector have decreased, from 191 disclosed victims in 2023 to 156 in 2024 and 55 as of mid-2025. There are several reasons why they are seeing a decrease, including difficulty in breaching systems and changes to the ransomware ecosystem. As highlighted in Black Kite’s 2025 Ransomware Report, the dismantling of major and well-equipped ransomware groups, such as LockBit and AlphV, led to fragmentation. This has opened the door to less sophisticated groups and Ransomware-as-a-Service (RaaS) tools being sold as an entry point for less experienced individuals. For instance, nearly one-third (26.6%) of finance threat actors are attributed to “Other,” which includes emerging or short-lived groups, reinforcing ransomware’s landscape as more fragmented, unpredictable, and opportunistic than ever.

Highlighting third-party risks, attackers are shifting from targeting financial institutions directly to exploiting weaker links within their ecosystems. External service providers, software vendors, and infrastructure partners often serve as alternative and more vulnerable entry points for attackers. Therefore, while the drop in direct attacks is promising, the risk of indirect access through third parties poses a serious threat.

The report’s key findings include:

  • Shifting Attack Focus: Attackers increasingly exploit weaker links within the financial ecosystem, primarily through third-party vendors. This indicates that 65% of vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known CVEs and potentially unpatched zero-day vulnerabilities in legacy technologies.
  • Pervasive Vendor Vulnerabilities: A significant number of vendors exhibited critical security weaknesses, including outdated systems, poor patch management, and credential exposures. Black Kite researchers found that 31 out of 140 vendors have at least one critical vulnerability with a CVSS at or above 8, and 15 vendors show an extremely high risk with CVSS scores above 9. Additionally, Black Kite FocusTags™ found 90 vendors are flagged with high-risk threat categories, including 35 marked with KEV tags.
  • Growing Supply Chain Impact: Vulnerabilities in vendors can lead to security risks for financial companies, even from non-cyber events like service outages. Case in point, in December 2024, Cl0p actively targeted companies using unpatched versions of Cleo’s MFT products. Cl0p claimed responsibility, listing 66 victims on their dark web extortion site, but researchers estimated that the actual number of impacted organizations to be in the hundreds. The exploitation resulted in operational disruptions across various sectors linked to financial supply chains, including retailers that faced delays in shipment tracking and inventory management, and manufacturers with production halts and increased downtime due to compromised integrations.
  • Declining Direct Ransomware Attacks: The number of direct ransomware attacks on the financial sector has decreased from 191 companies in 2023 to 55 as of mid-2025, largely due to the implementation of strong defenses and the disruption of major threat groups.

Financial institutions can no longer afford a false sense of security based solely on their internal defenses. They must mitigate the dangers within their supply chain by adopting a proactive, intelligence-driven approach to vendor risk management. Only then can they truly strengthen their cybersecurity posture against the evolving landscape of threats to protect their assets, customers, and the stability of the broader financial ecosystem.

To read the report, visit here.

Methodology

The report’s data comes from a multi-source, intelligence-led investigation by the Black Kite Research & Intelligence Team (BRITE), with integrated streams of intelligence curated by BRITE between January 2023 and May 2025. The report focused on a targeted analysis of 140 vendors serving the financial sector. Selection was made based on a unique criterion: vendors whose client base included at least 10% financial sector customers, regardless of company size. This ensured that the analyzed vendor pool reflected high relevance and potential impact on the financial services supply chain.

Leave a comment »