Archive for November 19, 2025

PlushDaemon Compromises Network Devices for Adversary-in-the-Middle Attacks

Posted in Commentary with tags on November 19, 2025 by itnerd

ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks.

You can read more here: https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/

Ensar Seker, CISO at SOCRadar, commented:

“The attack outlined in recent reports marks a deeply concerning evolution in supply chain and update‑mechanism compromise. PlushDaemon is exploiting edge network devices, routers and similar infrastructure, via implants such as EdgeStepper to intercept DNS queries and redirect software‑update traffic toward attacker‑controlled infrastructure.   By hijacking a trusted software‑update channel, the group manages to deliver custom downloaders (e.g., LittleDaemon, DaemonicLogistics) and ultimately the SlowStepper backdoor toolkit without triggering the usual defenses around malicious attachments or phishing. 

“What makes this campaign particularly dangerous is two‑fold. First, the compromise occurs at the network infrastructure layer rather than the endpoint meaning it bypasses most EDRs, user‑based filters, and conventional supply‑chain checks.

Second, the software update system is treated as a trusted delivery mechanism, making detection and attribution extremely difficult. The attacker doesn’t need to persuade a user to click a link or open a file; they simply hijack the trust in the update process itself. This underscores how sophisticated adversaries are blending network compromise with supply chain tradecraft.

“For security teams, the implications are clear: controlling and monitoring just the “software packages” is no longer enough. Organizations must treat the update infrastructure, DNS routing paths, device firmware/routers, and trust chains as part of their threat surface. I ‘d recommend organizations map out their trusted update hierarchies, enforce signed updates end‑to‑end, monitor outbound DNS resolution patterns for anomalies (especially from network devices), and segment update‐delivery systems from general user infrastructure. The fact that PlushDaemon is operating across multiple sectors, including universities, manufacturing, automotive and regions U.S., Taiwan, New Zealand, South Korea means that no industry can consider itself immune.”

I have to admit that this is the most interesting man in the middle attack that I have seen. And it’s concerning as it requires zero user interaction. On top of that it happens further up the attack chain. That should put defenders on alert as this would be difficult to defend against.

Leave a comment »

CData Software Celebrates Fourth Consecutive Inclusion in Deloitte’s 2025 Technology Fast 500

Posted in Commentary with tags on November 19, 2025 by itnerd

CData Software today announced it ranked on the Deloitte Technology Fast 500™, a ranking of the 500 fastest-growing technology, media, telecommunications, life sciences, fintech, and energy tech companies in North America, now in its 31st year.

CData Co-founder and CEO Amit Sharma attributes the company’s sustained growth and profitability to surging enterprise demand for real-time data connectivity and CData’s expanding ecosystem of global technology partners, including Salesforce, Google, Palantir, and SAP. As organizations accelerate their adoption of AI, analytics, and automation, CData’s solutions deliver the unified, secure, and scalable data access required to fuel those initiatives.

2025 Milestones & Momentum

In 2025, CData delivered a series of standout milestones that underscore its leadership in data connectivity:

  • Expanded Partnership with Google Cloud: CData broadened its collaboration with Google Cloud, extending native connectivity across BigQuery, Looker, and Vertex AI to simplify real-time data access and analytics in Google Cloud environments.
  • Launch of CData Embedded Cloud: The company introduced a new cloud-based connectivity platform enabling software providers to embed CData connectors without managing infrastructure, accelerating development cycles and time-to-market.
  • Strengthened Partnership with Palantir Foundry: CData expanded its embedded integration capabilities within Palantir Foundry, enabling secure, governed access to hundreds of enterprise data sources directly through CData’s connectors.
  • Introduction of CData Connect AI: The company launched Connect AI, the industry’s first managed Metadata, Connectivity & Processing (MCP) platform, empowering enterprises to connect AI applications to live, governed data across more than 300 enterprise systems.
  • Expanded Integration Accelerator Portfolio: CData launched a suite of no-code Integration Accelerators for Snowflake, Microsoft Fabric, and Databricks, dramatically simplifying real-time, multi-cloud data integration and speeding time-to-insight for analytics and AI initiatives. 
  • Strengthened Partnership with SAP: CData announced expanded connectivity support for SAP Datasphere and SAP Business Data Cloud, enabling enterprises to unify SAP and non-SAP data for enhanced analytics.
  • Collaboration with Microsoft to Power Enterprise AI Agents: CData introduced Model Context Protocol (MCP) connectivity for Microsoft Copilot Studio and Microsoft Agent 365 through its Connect AI platform, enabling enterprises to build intelligent AI agents with real-time, semantic-rich access to 350+ data sources and enterprise-grade governance.
  • Inc. 5000 Recognition: CData was once again named to the Inc. 5000 list, marking its second consecutive year of recognition for rapid growth and innovation.
  • Named to Accel’s 2025 US AI 100: CData was recognized by Accel as one of the top companies shaping the future of AI and cloud innovation, underscoring the rising importance of seamless, governed data access as enterprises deploy AI assistants and intelligent agents at scale.

About the 2025 Deloitte Technology Fast 500

Now in its 31st year, the Deloitte Technology Fast 500 provides a ranking of the fastest-growing technology, media, telecommunications, life sciences, fintech, and energy tech companies — both public and private — in North America. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth from 2021 to 2024.

In order to be eligible for Technology Fast 500 recognition, companies must own proprietary intellectual property or proprietary technology that significantly contributes to the company’s operating revenues. Companies must have base-year operating revenues of at least US$50,000, and current-year operating revenues of at least US$5 million, with a growth rate of 50% or greater. Additionally, companies must be in business for a minimum of four years and be headquartered within North America (United States and Canada).

Leave a comment »

Review: Rosebud

Posted in Products with tags on November 19, 2025 by itnerd

I am not a journaling type of person. Likely because I have not seen the need for doing that. But I may change my mind on that after reviewing Rosebud which is billed as an AI based “interactive journal and self-care companion”. I’ve been using it for the last couple of weeks to journal my daily experiences and thoughts.

For the most part I have been using the Morning Intention and Evening Reflection to get my thoughts, feelings and experiences into the app. You can also see from the screen shot above a prompt for “What small focus can bring you joy today?” Regardless of the section that you enter your thoughts in, you’re prompted  with questions like “What’s your top priority today?” and “What was the highlight of your day?” That helped me get my thoughts into the app easier. The app will prompt you to go deeper to provide it more detail. And when you’re done, the AI will presents its thoughts and insights. This is where I found Rosebud to be really helpful. The AI looked at my first week and found the following insights from their AI:

And on top of that, it give me a look at my wins for the week.

Some of this stuff, specifically that I might benefit from exploring what specifically about my work feels misaligned with my working style, is new to me. It gave me something to think about as maybe my working style isn’t working in my favour.

Now let’s go down the rabbit hole on their AI and your data. Because if you’re typing your thoughts, feelings and experiences into an app, you have to know what is going to happen with all of that. The company’s Privacy Policy does note that it has agreements OpenAI, Anthropic, and Groq to not store your data, and to not pass along personally identifiable information. That’s good. On top of that, have BAAs and Zero Data Retention (ZDR) agreements in place which forces those companies to handle data in compliance with HIPAA standards. Which is also good. The rest of the doesn’t have anything that jumps out at me as being bad or concerning, other than the fact that the company has not conducted third party security risk assessments which I found in section 5 under “Security Audits”. If I could give Rosebud a piece of advice from someone who does IT security among other things for a living, you might want to get third parties looking at your setup and report on what they find and how you remedy any concerns that they find as that will give your users that extra piece of mind. Finally, you can lock down Rosebud using Face ID if you have an iPhone. Meaning that if someone somehow gets physical access to your unlocked iPhone, your private thoughts will stay safe.

Rosebud is free to download. But if you really want the full experience that I had, you can sign up for $12.99 USD a month or $107.99 USD a year. I have to admit that this was an app that was worth it for me to use. And I will continue to use it to see what sort of additional insights about myself that I can gain from from it. If you’re looking for the same thing, I say give it a try.

Leave a comment »

Digital IDs: 50 countries ranked by digital ID requirements and privacy risks

Posted in Commentary with tags on November 19, 2025 by itnerd

More and more, Digital IDs are hailed by governments as a convenient way to prevent identity theft, access key services (e.g., health and social welfare benefits), and create efficient systems. And, as the UK government is hoping to demonstrate, they may also help combat illegal immigration by making digital IDs a mandatory requirement for those seeking work.  

Comparitech researchers have released an in-depth study comparing digital ID requirements and privacy risks across 50 countries, finding that already 37 countries have implemented digital ID schemes. Additionally, 9 more are in the process of creating them.

Additionally, this research comes along the same time that Apple has launched digital IDs for United States passport holders. 

Rebecca Moody, Head of Data Research at Comparitech, provided the following commentary:

“It goes without saying that digital IDs have their advantages, from providing easy access to online services and streamlining government processes to always having access to your ID wherever you go (so long as you’ve got your phone).

But where digital IDs become a huge cause for concern from a privacy perspective is when they’re introduced as a mandatory requirement (or citizens find it difficult to perform certain tasks without one), they’re used to surveil citizens’ movements and activities, and/or they’re introduced under the guise of providing one solution but soon become needed to access other key services.

For example, Apple’s digital IDs for US passports will no doubt be a hugely convenient service for US citizens and domestic travelers as they’ll eliminate the need to carry a physical passport. And, as it stands, Apple says users’ use of the digital ID won’t be tracked. But, over time, it may be implemented in other sectors and for other services, which may increase the risk of surveillance and what is known as “function creep.” This is also the case with the UK’s proposed BritCard, which will only apply to those seeking work (at first), but will likely expand to include other government services in time.

Ultimately, digital IDs are often introduced as a convenient tool that might not seem to encroach on a user’s privacy too much. But, as more users adopt the ID and more services are added to it, it can quickly become an invasive method of government control. And, once they become mandatory (like the UK’s BritCard), there’s no going back.”

You can read the research here: https://www.comparitech.com/blog/vpn-privacy/digital-ids-study/

Leave a comment »

CloudSEK Becomes First Active Indian Cybersecurity Firm to Partner with Seed Group, a Company of The Private Office of Sheikh Saeed bin Ahmed Al Maktoum

Posted in Commentary with tags on November 19, 2025 by itnerd

Strengthening the UAE’s cybersecurity ecosystem, Seed Group, a company of The Private Office of Sheikh Saeed bin Ahmed Al Maktoum, has entered into a strategic partnership with CloudSEK, a leading AI-powered cybersecurity firm from India.

With this alliance, CloudSEK becomes part of Seed Group’s ecosystem of global innovators, marking a significant milestone for Indian-origin cybersecurity on the global stage. Founded in 2015 by threat researcher-turned-entrepreneur Rahul Sasi, CloudSEK is a leading AI-powered cyber threat intelligence platform focused on predicting and preventing cyber threats.

A Strategic Alliance for a Resilient Digital Future

Seed Group, recognised for catalysing the success of innovative businesses entering the UAE and GCC markets, will work with cyber threat intelligence firm CloudSEK to empower both public- and private-sector organisations with next-generation cyber risk-management capabilities.

This collaboration brings CloudSEK’s AI-powered Cyber Threat Intelligence technologies to the heart of the Middle East’s digital economy. The platform enables faster detection, contextual analysis, and mitigation of cyber threats before they escalate into incidents, offering a proactive approach to security.

As the UAE cements its position as a global hub for trade and innovation, the demand for advanced cybersecurity has never been higher. Through Seed Group’s deep regional insight and network, CloudSEK will address these needs with solutions that integrate threat intelligence, brand protection, attack-surface monitoring, and supply-chain security into a unified, intelligence-driven platform.

The Middle East cybersecurity market, valued at USD 16.75 billion in 2025, is projected to reach USD 26.04 billion by 2030, growing at a 9.2% CAGR. The region faces escalating threats, with the UAE alone confronting over 200,000 cyberattacks daily—34.9% targeting government entities, 21.3% financial firms, 14% energy sectors, and 11.6% insurance companies. The financial impact is severe: the average data breach cost in the Middle East reached USD 8.75 million in 2024, nearly 10% higher than in 2023, underscoring the urgent need for advanced, predictive cybersecurity solutions like those offered by CloudSEK.

CloudSEK’s approach goes beyond traditional detection and response. By continuously mapping an organisation’s external digital footprint, analysing vast data from open, deep, and dark-web sources, and delivering real-time, actionable intelligence, CloudSEK enables decision-makers to stay ahead of adversaries.

The company’s proprietary AI engine has proven its mettle by identifying and preventing large-scale data breaches for major financial institutions well ahead of an actual attack. By continuously analysing massive volumes of threat data across the digital ecosystem, CloudSEK delivers actionable intelligence across 170 use cases, offering comprehensive solutions in brand monitoring, digital risk protection, attack surface monitoring, and supply chain security. The top cyber threat intelligence cloud provider, CloudSEK, helps major companies around the world spot and address cyber threats to reduce risks to their operations, finances, and reputation.

Its technology helps enterprises and governments across the world mitigate risks, strengthen cyber-resilience, and build digital trust—protecting reputation, revenue, and operations in an era of borderless cyber threats.

A Global Vote of Confidence in Indian Cybersecurity

CloudSEK’s success highlights India’s evolution from a services-led technology hub to a global originator of cybersecurity innovation.

This partnership not only accelerates CloudSEK’s presence in the Middle East but also represents a broader trend: nations and enterprises worldwide are increasingly looking to Indian firms for sophisticated, scalable, and affordable cybersecurity intelligence.

Leave a comment »

Black Kite announced the release of its AI Agent

Posted in Commentary with tags on November 19, 2025 by itnerd

Black Kite today announced the release of Black Kite AI Agent, a super agent that automatically investigates, assesses, and reports on third-party risk. Black Kite has achieved record growth, with a 5-year Compound Annual Growth Rate (CAGR) of 70%, driven by customer success and satisfaction scores that exceed industry standards. These results are quantitative proof that organizations see Black Kite as an indispensable partner. Building on this momentum, the newly released Black Kite AI Agent empowers security teams to be more effective and automated in managing third-party risk.

Super Agent Investigates, Assesses, and Reports on Third-Party Risk

Black Kite was founded with a mission to give security professionals a complete and accurate view of their cyber ecosystem risk. From the very beginning, AI has played a central role in achieving that mission. The Black Kite AI Agent exposes these advanced AI capabilities directly to customers, enabling security teams to investigate, assess, and report on third-party risk more efficiently. With this new capability, Black Kite continues to set itself apart and lead the future of Third-Party Cyber Risk Management (TPCRM).

Fully embedded across the platform, Black Kite AI Agent enables users to ask questions in the context of any page or use pre-built “Blueprints” to launch deep investigations, generate custom reports, and more. Black Kite AI Agent is powered by a network of sub-agents so that when a user asks a question or uses a Blueprint, the appropriate sub-agents are automatically launched to handle the task.

Key features and benefits include:

  • Deep Investigations: Investigates vendor findings, changes in risk scores, cyber ratings, RSI™, and the impact of breaches on third-party networks.
  • Executive and Board Reporting: Generates custom reports and board communication packages with risk trends, concentration areas, and impact with charts and metrics.
  • Procurement Decision Support: Benchmarks prospective vendors with side-by-side risk scores, RSI™, breach history, and financial impact analysis to support onboarding decisions and contract negotiations. 
  • Navigation Guidance: Provides instant answers, guidance, and navigation tips based on best practices, help articles, and support tickets to maximize platform utilization and value.
  • Build and Scale TPRM: Gives expert TPRM advice to guide in building and scaling a third-party risk management program, such as key processes, team structure, and R&Rs.
  • Vendor Prioritization: Ranks vendors by severity and business impact, analyzing findings, FocusTags™, score changes, RSI™, and more to highlight the most urgent cases for action.
  • Document Q&A: Enables the ability to query vendor documents (e.g., SOC 2 reports, ISO certifications, policies) by asking plain-text questions (e.g., “Do they require MFA?”) to extract control-specific information. 

The Trusted Choice for Third-Party Cyber Risk Intelligence

Black Kite has achieved a 5-year Compound Annual Growth Rate (CAGR) of 70%. Further fueling Black Kite’s momentum, the company surpassed key milestones, including expansion of its leadership team, high customer satisfaction scores that go beyond industry standards, recognition by leading industry analysts, and winning prestigious cybersecurity awards for innovation and excellence.

Key highlights include:

  • Achieved a 5-year Compound Annual Growth Rate (CAGR) of 70%.
  • Achieved record high industry standards in customer satisfaction, including: NPS score of 74-plus; 93% Customer Satisfaction Score (CSAT) for onboarding; and consistently receiving a 100% CSAT in customer support for 12 months with a 96% first call resolution rate.
  • A 100% channel-first organization, Black Kite has a powerful network that includes 300-plus partners. From global resellers and managed services providers to GRC leaders and technology integrators, partners include Aravo, Guidepoint, Optiv, Onspring, Avertium, ServiceNow, LogicGate, CGS CyberDefense, and Carahsoft, to name a few.
  • Black Kite Bridge™, the industry’s first solution enabling customer-vendor collaboration, has built a strong community of thousands of third parties, growing over 100% quarter over quarter.
  • Expanded its leadership with Jack Jones, originator of the industry’s standard risk measurement model known as Factor Analysis of Information Risk (FAIR) and the FAIR Controls Analytics Model (FAIR-CAM), who joined as Strategic Advisor. Additionally, appointed Jessica Stanford as Chief Marketing Officer (CMO) and David Sauer as Vice President of Strategic Alliances to drive growth, enhance brand positioning, and expand strategic partnerships in the cybersecurity industry. 
  • Recognized as a Sample Vendor in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025, which we feel validates that Black Kite’s focus on evidence-based, quantifiable, and transparent risk intelligence is precisely where industry analysts see the market heading. 

For more information on Black Kite AI Agent, visit https://blackkite.com/ai.

Leave a comment »

Legacy Tech/Shadow AI Jeopardizes Healthcare

Posted in Commentary with tags on November 19, 2025 by itnerd

A new survey of 1,000+ frontline healthcare professionals has revealed that outdated legacy technology jeopardizes healthcare cybersecurity with nearly all (98%) of respondents reporting inefficient technology creates delays or errors in patient care.

You can find more details here: https://www.presidio.com/news/presidios-new-healthcare-ai-report-reveals-industry-is-facing-a-technology-crisis/

Henrique Teixeira, SVP of Strategy at cybersecurity company Saviynt, commented:

“Shadow AI is quickly becoming a bigger danger than shadow IT. Spinning up unsanctioned SaaS apps was already a problem, but AI reaches far more users. Essentially everyone in a hospital or university touches AI tools every day. Many are creating and using AI agents that behave and have permissions similar to employees. Research from Presidio shows that more than 60% of frontline healthcare professionals say their systems are outdated and inefficient, and nearly 90% say their tools don’t meet their needs. Meanwhile, 55% of U.S. healthcare workers are planning to switch jobs in 2026.

“Healthcare is, in my view, one of the most complex identity environments: doctors will continue to switch jobs, and many juggle multiple hospital roles and even patient-identities. Add unmanaged ‘shadow AI agents’ into that mix and the attack surface explodes. Organizations need an identity program that unifies the governance of humans, machines and AI agents because least privilege principles must apply to everyone, and everything. Including our AI coworkers, sanctioned or not.”

This is another example of healthcare getting the short end of the stick and as a result, there are knock on effects in terms of tech which in turn affects people who need care. This needs to change. But you knew that already.

Leave a comment »