Archive for September 9, 2025

Guardsquare Highlights Research Showing Organizations Shifting from Mobile Security Overconfidence to Proactive Protection

Posted in Commentary with tags on September 9, 2025 by itnerd

 Guardsquare, the leading provider of mobile application security products, is highlighting new findings from a study conducted by Enterprise Strategy Group, which reveal how widespread overconfidence in mobile app security is driving a fundamental shift in organizational priorities. While 93% of organizations believe their current protections are sufficient, the reality that 62% suffered mobile app breaches in the past year—averaging nine incidents each—is driving a move toward more proactive, comprehensive security strategies that balance development speed with robust protection.

The pressure to accelerate release cycles compounds this blind spot, with 71% of organizations admitting speed has compromised mobile app security.     

The report’s key findings expose the critical vulnerabilities organizations leave unaddressed:

  • Low adoption of proactive defenses: Almost 70% of organizations don’t use obfuscation to protect their mobile apps, and 60% lack Runtime Application Self-Protection (RASP), leaving their apps vulnerable to both static and dynamic analysis.
  • iOS apps are not immune: Challenging a long-held industry myth, more than 70% of organizations believe that iOS apps pose a moderate or higher level security risk.
  • Consequences extend beyond the balance sheet: The impacts of security incidents extend beyond the average reported cost. More than half of respondents (54%) reported application downtime, 48% experienced data leakage, and 41% suffered a loss of consumer trust.
     

The full report, “From Overconfident to Proactive: Why Mobile App Security is Primed for a Cultural Shift,” is available for download at:
https://www.guardsquare.com/report/overconfidence-exposes-mobile-app-security-gaps

Leave a comment »

KnowBe4 Defines a Holistic Approach to Human Risk Management

Posted in Commentary with tags on September 9, 2025 by itnerd

KnowBe4 today released its whitepaper “A Strategic Framework for Human Risk Management”. The paper outlines the core principles of a modern human risk management (HRM) approach and how organizations can apply the framework to strengthen security culture and drive measurable change in employee behavior. 

Separate from a HRM platform, the HRM framework is defined as a strategic, people-centric approach to cybersecurity that measures, manages and reduces the security risks created by human behavior. The new framework comes as a direct response to the escalating cyber landscape where human behavior continues to be a primary attack vector. Moving beyond traditional security awareness programs, the paper calls for a fundamental shift in how organizations perceive and manage the human element of security.

KnowBe4 identifies several core principles that build an effective HRM approach: 

  • Measure and Benchmark: Understand current human risk levels within an organization using a baseline assessment.
  • Engage and Empower: Create a culture where security is a shared responsibility, not just an IT concern.
  • Adapt and Personalize: Deliver tailored training and coaching based on individual risk profiles.
  • Artificial Intelligence (AI) and Automation: Use intelligent AI-driven technology to provide real-time feedback, personalized insights and automated interventions.
  • Demonstrate Value: Show the measurable impact of the program on the organization’s overall security culture.

Download a copy of the whitepaper, “A Strategic Framework for Human Risk Management”here

Leave a comment »

1.6M Audio Recordings Exposed On Gym Communications Platform Breach

Posted in Commentary with tags on September 9, 2025 by itnerd

Recently, cybersecurity researcher Jeremiah Fowler discovered and reported to Website Planet a non-password-protected database containing over 1.6 million audio files linked to Hello Gym, a gym communications platform who partners with some of the biggest gym franchises in the US.

What happened:
The database contained 1,605,345 audio files of phone recordings and voicemails accessible without any password protection. A limited review of the files revealed internal phone calls and messages that included gym members’ names, phone numbers, and reasons for the calls which raises concerns about the sensitivity of the exposed information.

Why it matters:
Audio recordings that contain personal details can be used for spear-phishing or social engineering attacks, impersonation, identity theft and more.

You can read the full report here: https://www.websiteplanet.com/news/hello-gym-breach-report/

Leave a comment »

September Patch Tuesday Commentary From Fortra

Posted in Commentary with tags on September 9, 2025 by itnerd

Tyler Reguly, Associate Director, Security R&D, Fortra

Today, we have to start with the CVE that made me do a double take. A CVE that I feel should be rejected by MITRE – CVE-2025-55234. We know that relay attacks are possible against SMB and we know that there are hardening mechanisms available to assist with this. So, why is Microsoft releasing a CVE where they state, “Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks.” (https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55234

As far as I’m concerned, Microsoft told us they have assigned a CVE not because of a vulnerability but to raise awareness to new auditing capabilities that they’ve added to assist with protective measures. If that is the case, that is a misuse of the CVE system. If that is not the case, then Microsoft needs to provide clarification very quickly.

This month there is a single CVE with a CVSS score in the critical range, CVE-2025-55232 (https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55232), a vulnerability in the Microsoft High Performance Compute (HPC) Pack that could allow unauthorized attackers to execute code over the network. That makes this a CVSS 9.8 vulnerability and one that people need to pay attention to. Microsoft has provided mitigation steps for those that cannot update immediately. This is important as the update for HPC Pack 2016 is to migrate to HPC Pack 2019 as there is no fix for HPC Pack 2016. Thankfully, Microsoft has labeled this as exploitation less likely with a severity of important, but it is still something that you’ll want to pay attention to if you have the High Performance Compute Pack deployed in your environment.

While Microsoft has identified 11 vulnerabilities as critical this month, only one of those is identified as exploitation more likely. A vulnerability in NTLM that could allow an authorized attacker to gain SYSTEM level privileges via a network-based attack. This is what you’ll want to pay attention to until you have patches deployed. Since this is a privilege escalation for an authenticated user, this is one of those, “the call is coming from inside the house” type situations and a great way for attackers to potentially move laterally in your network.

For CSOs paying attention this month, I would have a couple of questions that I’d ask my team to take back to my Microsoft reps.

First, are they confident that there was no exploitation or disclosure related to CVE-2025-55241(https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-55241), a vulnerability in Azure Entra that allowed for privilege elevation without the need for privileges… something I would typically think of as code execution rather than privilege escalation. This is a no customer action required vulnerability and has already been resolved by Microsoft, but knowing more about the scenario and having a guarantee that there was no past exploitation would be important to me.

Second, I would want to know more about CVE-2025-55234 and whether there truly is a vulnerability associated with it. If this is a vendor using a CVE simply to add a feature, that is something that CSOs everywhere need to push back against. There are enough legitimate CVEs being issued, that we shouldn’t have to worry about CVEs without new vulnerabilities. This just adds complexity to an already complex situation.

Leave a comment »

Guest Post: Media streaming platform Plex suffers a data breach

Posted in Commentary with tags on September 9, 2025 by itnerd

Be careful – customer emails and passwords have been stolen 

Plex, a popular media streaming platform, has issued a warning to its customers regarding a recent data breach. During the incident, a hacker stole customer authentication data. As a result, users are being advised to reset their passwords.

According to Plex, the stolen data includes email addresses, usernames, securely hashed passwords, and authentication data.

In its data breach notification, Plex stated: “We have recently experienced a security incident that may potentially involve your Plex account information. We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure. An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data.” The company added that no payment card information was stolen.

Karolis Arbaciauskas, head of product at NordPass comments:

“Plex stresses that account passwords were securely hashed, in accordance with best practices, meaning they cannot be read by a third party. But we still recommend resetting passwords. You can do this here. I would also advise enabling the ‘Sign out connected devices after password change’ option and turning on two-factor authentication for added protection.

“For those using SSO to log in, it would be best to log out of all active sessions. That can be done here, by clicking the button ‘Sign out of all devices.’ For step-by-step instructions on how to reset your password, visit this link

“Remember to also inform your family and friends about this change. After a password reset, users will need to log in again on all their devices using the new credentials. A password manager can be helpful for securely generating and sharing these new credentials.

“Although the company insists the data leak was limited and the passwords were hashed, users should still be extra careful, especially if they reuse passwords. And people do reuse passwords. As many as 62% of Americans, 60% of Brits, and 50% of Germans admit doing so across multiple online accounts, our survey shows

“For those who reuse passwords, there’s a risk that some credentials may have already been or will be exposed on the dark web. It’s highly probable that malicious actors will attempt to connect the dots and use these previously leaked passwords to gain unauthorized access to Plex accounts.

“Remember that after major data leaks, social engineering attacks tend to intensify. So users should be a bit more suspicious for some time. Be wary of unsolicited emails and messages, even if they seemingly are from Plex or even the police. If you receive such messages, be extremely careful because links can lead to pages that are designed to steal even more of your data. If you are not sure about the email or a message, it is better not to click on the link. In its breach notification, Plex also emphasizes that it never reaches out over email to ask for a password or credit card number for payments.” 

ABOUT NORDPASS

NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to securely access their passwords on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN – the advanced security and privacy app trusted by more than 14 million customers worldwide. For more information: nordpass.com.

1 Comment »

9 out of 10 Canadian organizations bring AI to the mainframe and project billions in increased revenues as a result

Posted in Commentary with tags on September 9, 2025 by itnerd

According to new research from Kyndryl, the world’s largest IT infrastructure services provider, 86% of Canadian organizations have deployed (or are planning to deploy) AI/generative AI to their mainframe environments, and more than a quarter (27%) are projecting a cost savings of more than $25 million as a result. 

Today, Kyndryl released its 2025 State of Mainframe Modernization Survey, which revealed shifting priorities when it comes to the modernization of one of IT’s oldest and most trusted innovations. Mainframes aren’t just surviving the AI era; they’re powering it and unlocking billions in ROI.

Report Highlights: 

  • AI ROI: Globally, organizations anticipate $12.7B in cost savings and $19.5B in new revenue over the next three years as a result of using AI and generative AI in their mainframe environments.
    • In Canada, companies are applying AI for fraud detection, security testing, and performance optimization. Instead of replacing the mainframe, AI is enhancing its capabilities.
  • Shifting strategies: Over the past year, 73% of Canadian organizations shifted their modernization strategies, and half have increased usage or made new investments.
  • Growing skills gaps: Mainframe modernization requires a multi-skilled organization. 64% faced challenges in finding skills talent to effectively modernize the mainframe, with mainframe security skills the most in-demand skill for Canadian organizations.
  • Regulatory influence: 88% of Canadian organizations agree that regulatory compliance is influencing decision-making regarding mainframe modernization, and 43% say it’s increasing collaboration between IT, security and compliance teams.

Why this matters: More than half (61%) of Canadian organizations have at least half of their mission-critical applications residing in the mainframe – its operability is crucial to more than three-quarters (82%) of Canadian businesses. As a result of rapidly changing geopolitical environments, market forces, and regulatory pressures, mainframe modernization has become more challenging and urgent than ever before, and AI could be a catalyst for secure, cost-effective mainframe modernization.

The full report can be found here.

About The State of Mainframe Modernization Survey

Kyndryl commissioned Coleman Parkes Research to survey 500 enterprises that rely on mainframes, in order to gather their insights into how they view mainframe transformation and application modernization. In addition to this online survey, Coleman held a number of qualitative surveys. The study was executed in Q1 FY 2026.

The 500 leaders we surveyed included senior IT decision-makers and line-of-business leaders working in enterprise and mid-market organizations with an average global revenue of USD $3.6 billion. They shared insights into their strategic approach to mainframe modernization projects.

The respondents work for organizations based in North America (26%), Europe (25%), Latin America (25%) and the Asia-Pacific region (24%). They work across 12 industries – including high-tech, banking & financial services, manufacturing, healthcare, retail, insurance, telco & media, oil & gas, automotive, energy & utilities, travel and transportation, and government. 

Leave a comment »

Rogers Satellite Expands to More Areas Across Canada

Posted in Commentary with tags on September 9, 2025 by itnerd

Rogers today announced the expansion of Rogers Satellite. With the satellite-to-mobile texting service, Rogers now provides three times more coverage than any other Canadian wireless service provider.

Now, when connected to Rogers Satellite, customers can send a text to friends when taking the ferry from Newfoundland to Nova Scotia, fishing off Haida Gwaii or crossing James Bay, with the expansion across bodies of water and along waterways off the Canadian coastline.

In July, the company launched a beta trial open for all Canadians at no cost. Rogers Satellite initially supports text messaging and text-to-911 and will expand to support apps, data and voice services, including 911 voice services. ​ 

Summer network traffic shows Canadians are using the service as they explore some of the country’s most iconic parks and destinations, where traditional cell coverage is not available.

The top destinations for Rogers Satellite usage include Yoho National Park in British Columbia, Banff National Park and Kananaskis Provincial Park in Alberta, Algonquin Provincial Park in Ontario, areas around Mont Tremblant in Quebec and Fundy National Park in New Brunswick.

Among the most remote locations where Rogers Satellite has been used are Telegraph Creek, British Columbia, a community with a population of 51, Brochet, Manitoba, a fly-in community on the shores of Reindeer Lake, and North Twin Island, Nunavut, an Arctic island in James Bay.

Rogers Satellite is available outside, including on bodies of water, where you can see the sky. For coverage areas, see updated coverage map.

Once the beta trial ends in October, Rogers Satellite will be included at no additional cost to customers on the Rogers Ultimate Plan and will also be available for all Canadians for $15/month. Canadians participating in the beta trial will receive a $5/month discount for the first 12 months. 

For more information about the beta trial, visit rogers.com/satellite.

Leave a comment »

GhostAction Supply Chain Attack Compromises 3,225 Secrets Via GitHub Workflows

Posted in Commentary with tags on September 9, 2025 by itnerd

Researchers have uncovered hundreds of GitHub users and repositories impacted by a supply chain attack in which hackers stole more than 3,325 secrets.

You can read more details here:  https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/

Jim Routh, Chief Trust Officer at AI-based identity security and governance solutions provider Saviynt, commented:

“This incident provides cyber professionals with an excellent example of how malicious threat actors can operate at scale by using compromised credentials for accounts that are part of the software supply chain. It is an extended attack surface for cyber criminals given the fundamental changes to software assembly using essential cloud accounts. 

“These types of incidents will (unfortunately) continue until enterprises figure out that identity security is essential when establishing and managing all accounts. That means that your IAM practices must be applied when setting up, configuring cloud and managing (SaaS)  accounts and not leaving it for your software engineers to figure out. The large scale use of tokens by cloud providers offers convenience in authentication which is positive, but extends the attack surface when credentials are easily compromised. 

“Identity security today (and tomorrow) means the application of identity management for the full lifecycle across all types of human and non-human accounts. This starts with ways to identify existing accounts, create a data lake for them and their uses, and uniformly apply identity access management across all enterprise accounts. The majority of enterprises today apply identity security capabilities for accounts provisioned by the operations team but not the engineering teams who need cloud access to assemble software. Until this changes, we will see more cases of compromised credentials used by threat actors impacting the software supply chain. 

“Cloud accounts set up for software engineers represent privileged accounts where privileges need more real time protections. This is the next generation of privileged access management (PAM) to reduce the use of compromised credentials.” 

Supply chain attacks are all the rage right now. Organizations need to take action to ensure that they are not victims of a supply chain attack by doing everything possible to minimize their risk. And I do mean everything possible.

Leave a comment »