Archive for November 5, 2025

Japanese Media giant Nikkei reports data breach impacting 17,000 peopl

Posted in Commentary with tags on November 5, 2025 by itnerd

Japanese publishing giant Nikkei said that its Slack messaging platform had been compromised via an unauthorized external login which exposed the names, email addresses and chat histories of 17,368 individuals registered on Slack. An employee’s personal computer was infected with a virus, leading to the leakage of Slack authentication credentials which hackers used to gain unauthorized access to employee accounts.

Nikkei put out a statement on this here: https://www.nikkei.co.jp/nikkeiinfo/en/news/announcements/1394.html

Rainier Gracial, Senior Security Engineer at cybersecurity company Spin.AI, provided the following comments:

“Nikkei is a prime example of why protecting data within core SaaS applications like Slack is absolutely critical. People assume Slack is secure because it is private to their business employees, but that does not mean unauthorized access won’t happen. Organizations should always assume they will be breached at some point and leverage strong data leak prevention controls in addition to strict access controls.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech adds this: 

“This breach demonstrates how organizations are only as secure as their weakest link. In a remote work environment, IT security teams struggle to secure devices used by non-IT personnel on the public internet. The risk is doubled if the devices are also for personal use. Hackers only need to compromise one person’s device to compromise the whole organization. In this case, the hacker used malware to steal one employee’s login credentials for Slack.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy offered this comment:

“Incidents like this one emphasize how important it is for organizations to regularly monitor their employees’ computers and other internet-capable devices to ensure that malware has not infected the devices. This is particularly important when companies allow employees to use their own computers and devices for work-related tasks. Organizations with such BYOD policies should require employees to have efficient virus and malware protection installed on their personal devices, preferably installed by the organization.”

This illustrates why a holistic approach to security is required in this day and age. From training to physical and software security measures, it all adds up to you not being the next organization that gets pwned.

Leave a comment »

Data breach at major Swedish software supplier impacts 1.5 million

Posted in Commentary with tags on November 5, 2025 by itnerd

The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. The ransomware gang, Datacarry, has claimed this attack. Here are details:

Sweden is investigating one of the largest data breaches in its history: an attack on IT systems provider Miljödata compromised the data of around 1.5 million citizens. Cybercriminals stole the information and published it on the darknet, and the regulator IMY has already started a GDPR compliance check. The Swedish Privacy Authority (IMY) announced the launch of an investigation after cybercriminals hacked the systems of Miljödata, a provider of IT solutions for 80% of the country’s municipalities.

The attack caused disruptions to government services in the regions of: Halland, Gotland, Skellefteå, Kalmar, Karlstad, Mönsterås. Later, the hacker group Datacarry published the stolen 224 MB archive on its darknet portal. The service Have I Been Pwned confirmed the appearance of the data and added it to its database.

Lidia Lopez, Senior Threat Intelligence Analyst at Outpost24, commented: 

“‘Datacarry’ is a financially-motivated ransomware group active since at least June 2024, the date when they claim to have targeted their first victim. They maintain a Data Leak Site (DLS) where they publish data from victim companies that didn’t pay the ransom amount requested to recover encrypted files. Datacarry ransomware attacks are presumably opportunistic, but most victims reported so far are medium-size businesses located in European countries. 

It is believed that Datacarry does not own a custom encryption tool, but like many other double extortion ransomware groups, they rely on the leaked Conti ransomware builder to encrypt victim files. For initial access, they have been observed targeting the vulnerable Fortinet EMS servers affected by CVE-2023-48788 vulnerability.”

These attacks keep getting worse and worse. And what’s really bad is the group behind this is effectively using “off the shelf tools” to pull this off. That shows that ransomware is getting to the point where it is close to being completely out of control. Which in terms means that the time for action to reverse this is now.

Leave a comment »

RunSafe Security Comments On A New CISA Advisory

Posted in Commentary with tags , on November 5, 2025 by itnerd

The CISA’s latest advisory (issued on Tuesday) underscores a persistent challenge across industrial and critical manufacturing sectors: software vulnerabilities that open the door to potential code execution — even when the risk appears to be local or limited in scope.

Commenting on this is Joe Saunders, Founder & CEO, RunSafe Security

On ICSA-25-308-01 – Fuji Electric Monitouch V-SFT-6

“While the Fuji Electric Monitouch V-SFT-6 vulnerabilities may not be remotely exploitable, the underlying pattern is familiar — buffer overflows in configuration tools or project files that can be weaponized as part of a supply chain or lateral movement strategy. These flaws highlight why protecting binaries before deployment is essential to breaking exploit chains.”

“RunSafe’s approach focuses on preemptive binary protection, eliminating exploit reuse and mitigating memory corruption risks like those identified here — without requiring source code changes or developer intervention. As these advisories remind us, defense-in-depth must now include securing the software itself at its most fundamental level.” 

On ICSA-25-308-03 Delta Electronics CNCSoft-G2

“The recently disclosed vulnerability in Delta Electronics’ CNCSoft-G2 software is another reminder that even trusted engineering and configuration tools can become points of entry for cyber threats. In this case, a simple stack-based buffer overflow — with low attack complexity — could allow arbitrary code execution once a malicious file is opened.”

“Although this vulnerability is not remotely exploitable, it highlights a recurring and systemic issue across industrial control software: unprotected binaries that remain vulnerable to memory corruption and exploit reuse. These weaknesses can be leveraged in multi-stage or supply chain attacks to move deeper into critical systems.”

“RunSafe Security focuses on eliminating these risks before they can be exploited — by protecting binaries at build time and making every software instance unique. This approach prevents attackers from reusing exploits or achieving code execution, even when a vulnerability exists. As this and similar advisories show, securing software at the binary level must now be part of every defense-in-depth strategy.”

Leave a comment »

RunSafe Security Releases New License Compliance Feature on the Company’s RunSafe Security Platform

Posted in Commentary with tags on November 5, 2025 by itnerd

RunSafe Security today announced the addition of a new license compliance feature to its RunSafe Security Platform. The rollout of this critical new feature underscores RunSafe Security’s unwavering commitment to remaining the leader in software supply chain security for embedded systems, from generating build-time Software Bill of Materials (SBOMs) to identifying vulnerabilities and preventing exploitation of embedded software at runtime.

The license compliance feature in the RunSafe Security Platform is designed to give embedded teams control over open source licenses and set policies based on their organization’s risk profile. The feature is aimed at companies needing to prevent “copyleft” licenses, which can legally require companies to open-source proprietary code if they inadvertently distribute code with licenses that are not permissive. With this feature enhancement, RunSafe customers can easily decide which licenses are safe, which licenses are off-limits, and how they want their build pipelines to react if an undesirable license is included in a software product.

Additionally, the feature allows customers to configure organization-wide rules to stop the delivery of code licensed under restrictive licensing terms, automatically enforcing license policy within the CI/CD pipeline to prevent the distribution of disallowed licenses in a software release. Unlike complex alternatives that require extensive manual configuration, RunSafe’s approach offers a balanced mix of control and simplicity. Whether a customer wants to automatically fail pipelines that include restricted licenses or allow by default, the settings are configurable to each customer’s business rules. If an organization’s team is using RunSafe’s SBOM generator and adds new dependencies, RunSafe automatically tracks any new or “unset” licenses.

For more information about RunSafe’s approach to licence compliance, vulnerability identification, and protecting embedded software systems, please visit https://runsafesecurity.com.

Leave a comment »

Hypori Unveils Full Secure Workspace Ecosystem to Transform Virtual Access at Scale

Posted in Commentary with tags on November 5, 2025 by itnerd

Hypori today announced the expansion of its platform with the launch of the Hypori Secure Workspace Ecosystem, a suite of next-generation products designed to give organizations greater flexibility, scalability, and control over secure mobile access. The new portfolio introduces Hypori Mobile and the Hypori Lyte product lines, reflecting the company’s continued investment in research and development (R&D) to meet evolving cybersecurity threats and mission demands. This is in addition to the launch of Hypori Secure Messaging on October 21.

Hypori Mobile: Full Virtual Workspace, Re-Engineered

Hypori Mobile, the company’s full virtual workspace product, has undergone its most significant architectural innovation to date—redefining how virtual devices are delivered, managed, and experienced. By running Android OS natively on dedicated ARM-based cloud instances, Hypori eliminates shared compute environments to deliver a faster, more responsive, and isolated experience for every user.

This re-architected design boosts performance, strengthens security, and streamlines administration—enabling secure mobility at scale. With a modernized data plane and enhanced management flexibility, Hypori Mobile sets a new standard for virtual mobile infrastructure, empowering both end users and IT teams alike. Additional new capabilities with Hypori Mobile include, “App Gallery” delivers a Google Play Store-like experience, letting users easily install and remove optional apps on demand; enhanced notifications and expanded support for Gmail, Chat, Calendar, and Meet improves user awareness without compromising device security; as well as faster resume times with hibernation that allows virtual sessions to restore more quickly after idle periods, while also reducing cloud resource consumption.

Hypori Lyte: Lightweight, Mission-Focused Access

For government and enterprise customers who do not require a full virtual device or workspace, Hypori now offers three new lightweight deployment options under the Hypori Lyte family—tailored to specific mission and budget needs:

  • Lyte for Secure Messaging: A stand-alone, auditable, and secure messaging app that’s  lightweight and simple to deploy.
  • Lyte for Enterprise Browser: Delivers zero trust browsing and privacy-first design, enabling secure web access from any device without local data exposure.
  • Lyte for Applications: Provides secure access to a single application—such as email, customer relationship management (CRM), or human resource (HR) systems and others—in a compliant environment that protects corporate data without intrusive device management.

Availability

Hypori Mobile and Hypori Lyte for Secure Messaging are now available to all customers. Existing customers using the full virtual workspace—including government organizations operating in IL5 and FedRAMP High environments—have been seamlessly migrated to Hypori Mobile with no user action required. All data and credentials remain intact, allowing users to pick up right where they left off.

Hypori Lyte for Enterprise Browser and Hypori Lyte for Applications will be available for purchase in early 2026.

The Hypori Secure Workspace Ecosystem represents the next chapter in secure mobility—empowering organizations to operate faster, safer, and smarter. To learn more about the Hypori Secure Workspace Ecosystem, visit www.hypori.com or request a demo.

Leave a comment »

First Questrade, Then Wealthsimple And TD, And Now The Threat Actors Behind This Large Scale Phishing Campaign Are Now Going After National Bank Customers

Posted in Commentary on November 5, 2025 by itnerd

I have been tracking a threat actor who has used first Questrade and then Wealthsimple along with TD customers. But last night, I found evidence that the threat actor behind this campaign has shifted tactics to go after National Bank customers as evidenced by this:

Unlike the email that the sent masquerading as TD, this email is well done. But if you compare it to the other e-mails that have been used in this phishing campaign, it uses the same text claiming that you need to fill out a tax form with very similar text. So it’s the same threat actors.

And the website that they send you to is very high quality as well:

The only thing that gives it away as a phishing site is this:

The real domain for National Bank is https://www.nbc.ca. Highlighting the fact that you need to double and triple check where you are surfing to before you enter any information.

Clearly these threat actors are not stopping their activities. That absolutely means that they must be getting paid via stealing money from people who fall for this. Even if it is 2% of people that get scammed, it illustrates that a scam doesn’t have to be successful in volume to be successful.

Leave a comment »