Archive for September 30, 2025

Hackers Distribute Malicious AI Tools Through Chrome Extensions 

Posted in Commentary with tags on September 30, 2025 by itnerd

According to researchers, threat actors are distributing fake Chrome extensions posing as AI tools to hijack prompts in the Chrome search bar and then redirect queries to attacker-controlled domains and track search activity.

More info via this Github link from Palo Alto Networks:  https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-09-24-IOCs-for-AI-prompt-hijacker-extensions.txt

Davit Asatryan, VP of Research at Spin.AI, commented:

“Malicious AI-themed extensions show how attackers are quick to exploit hype to bypass user trust and enterprise defenses. What many don’t realize is that browser extensions can act like shadow IT, silently harvesting sensitive data. Organizations should treat extensions as part of their attack surface and implement continuous risk monitoring to prevent these threats before they spread.”

This underlines the fact that there are dangers with anything that gets onto your computer. Which means that you should always be wary of what you install regardless of what it is.

Leave a comment »

Financial Services Industry: Strong at Prevention, But Weak at Vulnerability Remediation

Posted in Commentary with tags on September 30, 2025 by itnerd

Cobalt today released its State of Pentesting in Financial Services 2025 Report with new insights into how the financial services industry identifies and resolves serious security vulnerabilities. Cobalt pentesting data shows that the financial services sector is accruing security debt and a backlog of serious vulnerabilities. Although financial services firms have one of the lowest rates of serious vulnerability findings, they are among the slowest industries to remediate them.

Financial Services Findings: Strengths and Backlogs

  • Low rate of serious findings: Financial services organizations rank near the top for preventing serious vulnerabilities from appearing at all.
  • Moderate resolution rates: The industry resolves about two-thirds (66.7%) of serious findings, ranking 10 out of the 13 industries Cobalt researched. 
  • Slow median time to remediation (MTTR): At 61 days, financial services ranks 11th of 13 industries, well behind hospitality, which resolves serious findings in 20 days.
  • Backlogs reflected in half-life: Financial services has a half-life of 147 days for serious findings, placing ninth overall, out of the thirteen industries measured. Half-life, unlike MTTR, accounts for unresolved vulnerabilities and provides a fuller picture of backlog and risk.

Vulnerability Profile: Automation Strengths, Human Testing Gaps

The financial services sector excels at addressing straightforward, code-level vulnerabilities, thanks to mature AppSec programs, automated scanning (SAST/DAST), and strong secure coding standards. This results in significantly lower rates of cross-site scripting (5.0% vs. 9.7%) and server-side injection (4.2% vs. 5.3%) in web applications and APIs, compared to other industries.

However, pentests reveal blind spots where automation falls short. The industry struggles with:

  • Sensitive data exposure: 10.5% vs. 8.0% average in other industries.
  • Business logic flaws: 2.9% vs. 2.3% average in other industries.
  • Server security misconfigurations: 34.9% vs. 27.9% average in other industries.
  • Components with known vulnerabilities: 6.1% vs. 5.5% average in other industries.

These vulnerabilities often require human-led pentests to uncover because they involve complex data flows, legacy systems, and application-specific logic that scanners cannot interpret.

Pentesting Practices and Pressures

While financial services firms struggle to resolve most serious issues (61 day MTTR, 147 day half-life, and one-third of serious issues never resolved), they do maintain a solid track record in meeting strict internal service level agreements (SLAs) for the remediation of serious vulnerabilities. Deeper operational data reveals significant systemic bottlenecks, and major backlogs of vulnerabilities that expose financial organizations to risks of data loss and breaches. 

The industry’s exposure due to slow remediation speed is amplified by external threats and internal challenges—ranging from scheduling delays to the escalating risks posed by third-party software vulnerabilities, genAI complexity, and insider threats.

  • SLAs narrowly met: Despite their 61-day MTTR for serious issues overall, 78% of financial services firms report fixing critical vulnerabilities in business-critical assets within 14 days, in line with SLA requirements.
  • Scheduling challenges: 70% report that pentest scheduling delays sometimes impact compliance or business timelines, meaning potential security risks remain unaddressed for a longer period.
  • Top risks: Financial services leaders highlight third-party software (76%), genAI-related risks (68%), and insider threats (46%) among their greatest concerns.

Additional Resources:

Methodology

The findings in the State of Pentesting in Financial Services 2025 is based on 10 years of Cobalt pentesting data, and data from Emerald Research, an independent third-party research firm, sponsored by Cobalt. The survey included 500 respondents, consisting of security leaders, defined as a mix of C-level and VP-level security professionals, and security practitioners, representing organizations with 500 to 10,000 employees.

Leave a comment »

1st Anniversary of Black Kite Bridge: Strong Momentum & Adoption Surpassing 100K Intelligence Items Shared

Posted in Commentary with tags on September 30, 2025 by itnerd

Black Kite today announced significant momentum on the first anniversary of Black Kite Bridge™, the industry’s first solution enabling customer-vendor collaboration to dramatically reduce response time to cyber events in the supply chain. Black Kite Bridge™ has built a strong community of thousands of third parties, growing over 100% quarter over quarter, with sharp growth spikes following major incidents, when timely intelligence sharing and response are critical to containing cascading risks.

Customers are enabled to overcome the challenges of third-party risk management, which are exacerbated by ineffective communication, including manual outreach using email and spreadsheets, and vendors lacking the actionable intelligence they need to investigate and resolve risks quickly. The community, collaboration, and automation that Black Kite Bridge™ delivers have enabled customers to achieve vendor response rates upwards of 85% and reduce the time from discovery to intelligence sharing from days to minutes. Key intelligence items shared include vulnerability intelligence, Black Kite RSI™, mitigation recommendations, and improvement guides. 

Black Kite Bridge™ was purpose-built to bridge the gap between risk intelligence and action, automating third-party cyber risk management end-to-end, from identifying risks and vulnerable vendors all the way to intelligence sharing and remediation progress tracking, and reporting. Black Kite Bridge™ drives collaboration and streamlines communications between Black Kite customers and their suppliers. Customers can invite partners to a single, shared platform to quickly share intelligence and findings, request remediations, and track progress, reducing overhead and driving timely resolution.

Black Kite Bridge™ key benefits include:

  • Eliminate tedious workflows: Leverage AI and automation to identify vulnerable vendors, draft communication, and share intelligence in minutes, not days. 
  • Increase third-party collaboration: Bring all intelligence sharing, tickets, and communications into a single, shared platform.
  • Reduce risk and response time: Empower your vendors to act fast by giving them instant access to Black Kite intelligence, such as Black Kite FocusTags™, Black Kite RSI™, findings, reports, and more. 
  • Streamline reporting for auditors and leadership: Maintain a record of shared intelligence, vendor communications, status updates, and outcomes, simplifying reporting on cyber event response, vendor assessments, and resolved findings.
  • Strengthen the entire ecosystem: By sharing intelligence and acting together, every user contributes to a safer, more resilient network – turning individual efforts into collective security.

Looking ahead, and based on this year’s usage metrics, trends, and results, Black Kite predicts that over 1.5 million intelligence items will have been shared via The Bridge™ over the next two years. The enthusiastic adoption of Black Kite Bridge™ validates the company’s vision to improve the health and safety of the global cyber ecosystem through a collaborative security intelligence network. 

For more information, contact the Black Kite team

Leave a comment »

Connect with Friends and Family In LEGO Party! Available Today!

Posted in Commentary on September 30, 2025 by itnerd

Developer SMG Studio, the LEGO Group, and Fictions launched their wildly fun multiplayer party game, LEGO® Party!, on Steam for PC, Xbox Series X|S, Xbox One, PlayStation®5 (PS5™), PlayStation®4 (PS4™), and Nintendo Switch™. The Retail Edition is also available now at https://legoparty.iam8bit.com and participating retailers for Nintendo Switch, PlayStation 5 and Xbox Series X|S, alongside the digital release. In addition, those who pre-ordered the Retail Edition will be receiving a download code for five unique LEGO Minifigures.

Fans can now jump into a number of exciting features, including more than a gazillion (*not a real number) customization combinations of minifigures, incredible LEGO themed Challenge Zones, 60 action-packed minigames and more, all in the quest to collect the most LEGO Golden Bricks and become the ultimate LEGO Party! champion.

Bring out your competitive side and dive into the mini-game mayhem, featuring giant space aliens, power-up popping rainbow unicorns, lava-roasted rotisserie turkeys and more, all of which can be viewed in the newest LEGO Party! launch trailer here: 

LEGO Party! is an up to four-player party game that’s built different! Compete against your friends in wacky Challenge Zones and 60 hilarious minigames from across your favorite LEGO sets like LEGO Pirates, LEGO Space, LEGO NINJAGO® and more. Join your friends online or get together on the couch for a LEGO Party! game night. With multiple game modes and tons of minifigures to unlock, you’ll have all the bricks to build the ultimate party! Challenge players near or far, customize your character, and compete in a variety of awesome minigames to get as many Golden Bricks as you can by any means necessary! But beware, watch out for monsters, traps and flying roast turkeys on your way to becoming the next star of LEGO Party!

For all the latest updates on the game, follow LEGO Party! at: http://www.legoparty.com

Leave a comment »

The CISA warns of a Sudo Privilege Escalation Flaw 

Posted in Commentary with tags on September 30, 2025 by itnerd

The CISA has warned that a local privilege escalation vulnerability in Sudo (CVE-2025-32463, CVSS 9.3) is being actively exploited in the wild. The flaw, introduced in Sudo version 1.9.14 in 2023, allows any local user to execute commands with root privileges, even without being in the sudoers file. Exploitation requires tricking Sudo into loading a malicious /etc/nsswitch.conf file via the chroot feature, which has since been deprecated. The issue was patched in June with Sudo version 1.9.17p1, but proof-of-concept exploits have circulated since July, and CISA has mandated remediation within three weeks for federal agencies under BOD 22-01. 

John McShane, Principal Product Manager for AI & Data Science, Cobalt:

     “Privilege escalation flaws like this sudo chroot issue reinforce a recurring pattern in security: when high privilege software accepts untrusted input or environmental control without guardrails, the downstream impact can be massive. Remember last year’s CrowdStrike Falcon outage (CVE-2025-1146)? A malformed update triggered system crashes at scale across airlines, hospitals, and critical infrastructure. In both cases the root failure was trusted high privilege logic failing in edge scenarios, which is exactly why testing must include more than happy-path unit tests. Fuzzing that targets config and path resolution logic, focused penetration testing that simulates hostile environments, and unit and integration tests all could have caught this earlier.”

Wade Ellery, Chief Evangelist and IAM Strategy Officer, Radiant Logic:

     “Security and defense from attack needs to be a multilayered operation.  Compromising the network perimeter and in this case local access to a server and then taking over a benign local account dramatically increases the threat to the organization.  When a vulnerability then allows any compromised local account to be escalated to root privileges the threat becomes catastrophic.  In most organizations there are no further walls between the attacker and his targets.  Layering in an additional line of defense is critical to stopping such an attack.  Adding continuous observability into who is accessing what resources, and how privilege is being escalated shines the light into the dark corners of today’s vulnerabilities.  Leveraging near real-time controls and remediation can prevent the escalated account from operating outside their original limited access.  Strong identity governance combined with timely patching ensures that when privilege escalation attempts occur, they are detected, prevented, and contained before causing lasting harm.”

“This vulnerability illustrates how access and identity intersect with system-level controls. Even without being in the sudoers file, an attacker could gain full privileges, bypassing established access policies. That underlines the importance of continuous observability into who is accessing what resources, and how privilege is being escalated. Without that visibility, organizations are blind to the subtle shifts that transform a minor intrusion into a full compromise. Strong identity governance combined with timely patching ensures that when privilege escalation attempts occur, they are detected, prevented, and contained before causing lasting harm.”

This is another one of those today problems that affected organizations need to deal with. And it needs to be dealt with ASAP. So it’s once again it’s time to patch all the things.

Leave a comment »

Unrelenting IT issues cost millions of hours in lost productivity

Posted in Commentary with tags on September 30, 2025 by itnerd

Nexthink has released ‘Cracking the DEX Equation: The Annual Workplace Productivity Report’ showing that poor DEX directly costs global businesses an average of 470,000 hours per year, equivalent to around 226 full-time employees. This indicates that digital friction is a vital and underreported element of the global productivity crisis.

Nexthink’s analysis – the first of its kind – is based on proprietary data from more than 20m endpoints across 474 global businesses. The report finds that the average employee suffers 14 negative digital experiences a week. These include device crashes, application glitches, or slow load times, and can reduce productivity and collaboration while also increasing employee frustration and stress. Crucially, the research also indicates a strong inverse correlation between an organization’s DEX score and productivity loss. For every 10-point increase to the overall DEX score, employees would recoup an average of 22 productive minutes each week. 

The research also suggests that these consistent disruptions are not just a threat to enterprise productivity, but also to the quality of work employees produce. The average negative event lasts a little under 3 minutes (167 seconds), yet research from the American Psychological Association suggests that even delays of less than 5 seconds are enough to triple people’s error rate. Moreover, research from the University of California has shown that when employees are taken out of their flow state it takes around 23 minutes for them to return, further increasing the amount of lost time.

Averaging lost time by industry shows significant variation with retailers, healthcare providers, and financial service companies suffering 1.7x the time loss of the tech industry. The number of disruptive events per week was almost identical, regardless of industry however, suggesting that the variance in time loss is down to the severity of events rather than the volume.

The figures in this report are derived from aggregated, anonymized telemetry from organizations largely in the early stages of DEX management.

For more information on the impact of DEX on workplace productivity, please read the full ‘Workplace Productivity’ report 

Leave a comment »

Meta AI fooled into teaching weapon creation…. Yikes!

Posted in Commentary with tags on September 30, 2025 by itnerd

Cybernews researchers discovered that Meta’s personal assistant, which is integrated into Messenger, WhatsApp, Instagram, and other apps, is easy to manipulate into revealing harmful information. The Llama 4-based chatbot was easily tricked into providing instructions on making a Molotov cocktail.

The assistant was easily tricked by utilizing the so-called “narrative jailbreaking” practice. The technique masks the harmful request by asking the bot to tell a “story” to bypass safety filters. To execute the jailbreak, the team simply asked the chatbot to tell a story about the Winter War between Finland and the Soviet Union, requesting details about how the incendiary devices were made back then. 

While it’s unlikely that people will flock to Meta for advice on Molotov cocktail-making, the issue highlights the possibility of abusing the chatbot for purposes that appear to be beyond the scope of what an AI assistant ought to be capable of.

The team disclosed the issue to Meta immediately after discovering it. After the publication went live, the company told Cybernews it had resolved the problem.

Also, Cybernews researchers recently discovered that Lenovo’s customer service assistant, Lena, had an XSS vulnerability that allowed the running of remote scripts on corporate machines if you asked nicely.

Meanwhile, another chatbot, used by the travel agency Expedia, allowed users to ask for a recipe for making a Molotov cocktail. The company eventually fixed the issue, and the chatbot stopped advising on making incendiary devices.

To read the full research report, please click here.

Leave a comment »

2025 Paywall Index: A Data-Driven Study Across Industries

Posted in Commentary with tags on September 30, 2025 by itnerd

Website Planet has published a study which explores how paywalls have evolved beyond news media to become the internet’s default business model, shaping digital content, SaaS, streaming, and even academic publishing.

Among our key findings:

  • Paywalls surged in the 2010s (120 new launches) but appear to have stagnated in the 2020s.
  • Hard paywalls dominate, with 50% of services relying on this model.
  • Nearly half (46.03%) of freemium models are in the software/SaaS sector.
  • Pay-per-view is rare overall, but 65% of academic journals with paywalls use it.

You can check their full research here: https://www.websiteplanet.com/blog/2025-paywall-index-a-data-driven-study-across-industries/

Leave a comment »

Cybersecurity Awareness Month Is Tomorrow

Posted in Commentary with tags on September 30, 2025 by itnerd

With Cybersecurity Awareness Month kicking off tomorrow, I have a comment from Chris Mierzwa, Sr. Director, Global Resilience Programs at Commvault.

For background, Chris Mierzwa is a seasoned technology executive with over 30 years of experience in the IT solutions space. As a former CTO and SVP at Sirus Computer Solutions (now CDW), he led strategic initiatives across infrastructure, cloud, and partner ecosystems, overseeing billion-dollar revenue targets and complex M&A Integrations.

“As we approach another Cybersecurity Awareness Month, it serves as a stark reminder that enterprises must get ‘back to basics’ and focus on creating stronger security foundations. Among the many different threat vectors, I implore business leaders to pay close attention to social engineering – the increasingly dangerous Achilles’ heel of every organization.  

Enterprises are underestimating threat actors’ ability to understand the more formidable adult psyche. With the help of AI, cybercriminals can now alter their voices, accents, and launch social engineering attacks in multiple languages with real-time translation, leaving employees with no cues to suspect malicious intent. On top of that, threat actors recognize that employees only receive minimal cybersecurity training, meaning they don’t have the knowledge or skillset to recognize the newest and most sophisticated threats.” 

Leave a comment »

New Spearphishing Attacks Uses DarkCloud Infostealer to Steal Credentials

Posted in Commentary with tags on September 30, 2025 by itnerd

Researchers have uncovered new spearphishing campaign that leverages the DarkCloud Infostealer to steal FTP credentials, keystrokes and other information. You can find out more details about this campaign here: https://www.esentire.com/blog/eye-of-the-storm-analyzing-darkclouds-latest-capabilities

Henrique Teixeira, SVP of Strategy at Saviynt, commented:

“Infostealers are a type of malware often specifically designed to steal user credential data. 46% of the time, infostealers are running in employee devices not managed by their employers (https://www.verizon.com/business/resources/infographics/2025-dbir-infographic.pdf). While it’s important to stay aware of new versions and campaigns utilizing these vectors, it’s even more critical for cybersecurity and identity leaders to understand the full attack chain of these modern campaigns.

“Data stolen by infostealers is typically sold later to other criminals via Initial Access Brokers (IABs) on the dark web. However, this isn’t the only method used to gain access to organizations. As we’ve seen recently, these groups often employ a multi-pronged approach that can include extortion, social engineering, and compromising third-party access. AI has also risen in the methods of cyber attacks. Therefore, a more complete strategy to protect and defend against modern attacks requires understanding their anatomy and recognizing that credential abuse is the #1 vector of attack, and a low hanging fruit for attackers (and defenders).

“This attack highlights the importance of being able to measure and understand the current state of identity controls, and how resilient and prepared organizations are. This includes implementing least privilege principles for all accounts, discovering and removing long-standing privileges, and avoiding static and long-lived tokens. Identity security also needs to be applied to machine identities, or non-human identities (NHIs). Research shows that, in fact, 80% of the most recent identity-based attacks compromise non-human accounts instead of human ones ([https://nhimg.org/the-ultimate-guide-to-non-human-identities](https://nhimg.org/the-ultimate-guide-to-non-human-identities)).”

Since spearpishing is a highly targeted attack, it illustrates how careful that you have to be in order to not become a victim of such an attack. Thus consider yourself warned and act accordingly. This article will help you with that: https://www.fortinet.com/resources/cyberglossary/spear-phishing

Leave a comment »