Archive for December 10, 2025

SandboxAQ and DoW CIO Partner to Strengthen U.S. Defenses Against Quantum and AI-Driven Cyber Threats

Posted in Commentary with tags on December 10, 2025 by itnerd

SandboxAQ is providing its technology and expertise to the Department of War (DoW) Chief Information Officer (CIO) to accelerate the discovery and inventory of cryptographic assets within the DoW’s environment. This is a foundational step for a managed transition to post-quantum cryptography (PQC) and supports overall cyber readiness.

Building on SandboxAQ’s successful demonstration of its advanced capabilities in quantum-resistant cryptography during a prototype project with DISA Emerging Technology’s QRC PKI program, the DoW CIO is now leveraging the company’s AQtive Guard platform for comprehensive, automated cryptographic discovery and inventory (ACDI) across its systems. This strategic move comes as organizations face increasing pressure to modernize their cybersecurity infrastructure in the face of sophisticated AI-powered attacks, a proliferation of non-human identities, and the looming threat of quantum computing. With Gartner warning that “quantum computing will render traditional cryptography unsafe by 2029,” migrating to PQC is a crucial step that agencies must urgently take as part of a broader modernization effort to secure critical systems.

AQtive Guard provides a centralized platform for managing cryptographic security, empowering organizations to efficiently discover and inventory cryptographic assets and dependencies within their environment. This agreement paves the way for other DoW agencies to access and implement AQtive Guard, enabling a foundational understanding of their cryptographic footprint across the department. AQtive Guard provides agencies with continuous visibility into cryptographic assets, enabling them to anticipate and counter emerging threats as AI adoption accelerates and systems increase in complexity.

Visit the website to learn more about SandboxAQ or book a demo here.

Leave a comment »

DeadLock Ransomware Uses New “BYOVD” Method to Disable EDR 

Posted in Commentary on December 10, 2025 by itnerd

Researchers have revealed that a financially motivated threat actor deploying DeadLock ransomware has adopted a sophisticated Bring Your Own Vulnerable Driver (BYOVD) tactic to bypass and disable endpoint detection and response (EDR) mechanisms.

Talos observed a threat actor leveraging a BYOVD technique to disable endpoint detection and escalate privileges in an attack that eventually delivered DeadLock ransomware as the payload. 

The attack relied on “BdApiUtil.sys”, a legitimate Baidu Antivirus driver containing an Improper Privilege Management vulnerability with CVE-2024-51324  which the actor disguised using the file name “DriverGay.sys”. This Improper Privilege Management vulnerability exposes a critical function in the driver program that allows unprivileged users to terminate any process on the system at the kernel level. 

Commenting on this is Borja Rodriguez, Manager of Threat Intelligence Operations at Outpost24:

“This technique is not new. It follows a pattern we have seen for many years. The concept of abusing signed drivers is old.  Drivers have long been a privileged entry point to the kernel (and thus attractive for attackers). But such abuses often occurred under vague names (“rootkits,” “driver exploitation,” “kernel-mode malware”), that weren’t necessarily documented under a unified label like “BYOVD.”

Campaigns like InvisiMole and Slingshot APT (both reported in 2018) already used similar methods, taking advantage of vulnerable or malicious drivers to gain high privileges, hide activity, and bypass security tools. These cases showed early examples of what we now call BYOVD attacks.

In the ransomware world, this isn’t new either. Groups such as Cuba Ransomware have already used BYOVD techniques to disable security products by loading vulnerable drivers and terminating protection processes. The technique itself hasn’t changed much. What has really changed is that attackers have learned how profitable ransomware can be, so they are reusing methods that previously appeared mainly in espionage operations.

Overall, this reflects a simple trend: if a technique works for one threat actor, others will copy it. Just like trends in other industries, proven tactics tend to come back again and again.”

This is one of those cases where everything old is new again. That’s something for defenders to keep in mind as they work to keep their organizations secure.

UPDATE: Ensar Seker, CISO at SOCRadar adds this: 

“The use of BYOVD by the DeadLock ransomware group is a stark reminder that ransomware actors are no longer just encrypting files, they’re now going after the very defenses meant to stop them. By leveraging signed but vulnerable drivers to disable EDR, threat actors can effectively go ‘under the radar,’ removing visibility at the precise moment an attack unfolds. This is no longer just a red team tactic, it’s now weaponized in the wild by financially motivated actors. Organizations must harden their driver policies, implement driver blocklists like Microsoft’s recommended vulnerable driver list, and monitor for suspicious driver loads in telemetry. Endpoint protection alone is no longer enough; a layered, adversary-aware defense model is required.”

Leave a comment »

Crossroads Church Transforms Campus Safety and Visibility with EnGenius AI-Powered Surveillance and Cloud-Managed Network Upgrade

Posted in Commentary with tags on December 10, 2025 by itnerd

EnGenius Technologies today announced that Crossroads Church in Rowlett, Texas has completed a comprehensive security and network modernization project using EnGenius AI cameras, multigigabit switches, and Wi-Fi 7 access points. The upgrade delivers complete visibility across the church’s 30,000-square-foot facility and 15-acre campus, providing staff, volunteers, and families with unprecedented peace of mind.

Rapid Growth Drives Need for Enhanced Safety

Serving more than 1,200 members and hosting daily activities including worship services, youth programs, daycare, and community outreach, Crossroads Church faced increasing challenges with its aging surveillance system. The church’s legacy NVR-based surveillance system left numerous blind spots and lacked the clarity, storage, and analytics needed to support a large, active campus.

A Unified EnGenius Solution

Crossroads Church partnered with Smart Technology Solutions to implement a full-scale modernization built on EnGenius cloud-managed technology. The deployment includes:

  • 57 EnGenius ECC100 AI surveillance cameras for complete indoor, outdoor, and parking-lot coverage
  • Multi-gig EnGenius ECS2552FP and ECS2528FP switches supporting high-capacity video, livestreaming, and campus-wide traffic
  • 12 EnGenius ECW536 Wi-Fi 7 access points providing fast and reliable wireless connectivity for staff, classrooms, and production teams
  • single-pane-of-glass cloud dashboard delivering centralized management, real-time monitoring, and instant event review

AI Features Unlock the Future of Campus Security

The church has begun using contextual AI analytics, including event detection, vehicle tracking, and customizable alerts. Over time, leadership plans to expand their use of EnGenius AI capabilities to detect human activity, interpret complex scenarios, analyze movement trends, and enhance after-hours oversight — further improving campus safety.

Meet the AI That Turns Video into Insight.

Ever spent hours scrubbing through video just to find one five-second moment? With EnGenius Cloud AI, those days are over. It eliminates the biggest headaches of traditional surveillance—false alerts, slow investigations, and endless manual review—by delivering real-time intelligence and natural language search. Instead of generic motion notifications, the system interprets what it sees, recognizing behaviors with context so the team receives fewer false alarms and earlier warnings when something seems off.

And when it’s time to find footage, there’s no need to dig through timelines—simply enter a description like “person in a red hoodie with a black backpack,” and the system instantly retrieves the precise clips from any camera or location. This smarter, context-aware approach helps staff work faster, respond with confidence, and stay focused on what matters most. More than a camera system, it’s a smart security assistant that makes investigations faster, simpler, and far more effective.

Key Camera Features

  • 5MP HDR Clarity: Sony Starvis sensor ensures clear day-and-night visuals. 
  • Ultra-Wide Coverage: 132° view and 20m IR distance for versatile environments. 
  • 8GB eMMC Flash Storage + 4GB DDR4 Memory: Delivers reliable onboard flash storage and efficient multitasking for smooth, stable performance.
  • Built-in Storage, No NVR Needed: ECC100 includes 256GB of reliable onboard storage, supporting continuous and event recording 24/7 for immediate footage access.
  • Durable Build: IP67 weatherproof and IK10 vandal-resistant design. 
  • Cloud Access & Mobile Monitoring: Manage cameras anytime, anywhere. 

The Next Era of Intelligent Surveillance

With the launch of its AI Cloud Surveillance Solution and ECC100 AI Camera, EnGenius once again sets a new benchmark for intelligent security—empowering businesses to stay one step ahead with smarter, faster, and more reliable protection.

Availability

The ECC100 is available from EnGenius authorized resellers and distribution partners. For additional product specifications and purchasing information, visit:
https://www.engeniustech.com/casestudies/crossroads-church-gains-peace-of-mind-and-complete-visibility-with-engenius-ai-surveillance-camera-setup/

Leave a comment »

Over 4 billion lead-generation records exposed, including LinkedIn profiles 

Posted in Commentary with tags on December 10, 2025 by itnerd

Cybernews has discovered an unprotected 16TB database leaking 4.3 billion lead-generation records. The data included professional and corporate intelligence data such as LinkedIn URLs. The leak has now been closed, but it is unclear how long the data was exposed before Cybernews discovered it.

Key findings:

  • Nine collections of data were uncovered inside the leaked dataset, containing a total of 4.3 billion records. 
  • At least three collections included personally identifiable information (PII), such as full names, emails, phone numbers, LinkedIn data, location, and social media accounts.
  • The leak most likely stemmed from a common mistake where databases are left exposed without proper authentication due to human error.
  • The data may have been collected within the last two years, spanning multiple regions worldwide.

The dataset likely belongs to a specific lead-generation company that helps 700 million professionals connect with each other. After researchers notified the company about the potential data leak, the exposed instance was closed the next day. However, there is a chance another party is at fault, which is why we have refrained from naming the company.

For more information on this, here’s the full report: https://cybernews.com/security/database-exposes-billions-records-linkedin-data/ 

UPDATE: I have some commentary on this news:

Noelle Murata, Sr. Security Engineer, Xcape, Inc.:

   “This data leak is shocking, not just because of its sheer size, over 4 billion records and 16 terabytes, but because it’s meticulously organized. It’s LinkedIn-sourced information, mapping individuals, their employers, and company connections, which is exactly what attackers need for sophisticated phishing and business email compromise (BEC) attacks. The unique data collections and intent suggest a curated enrichment process, transforming scraped data into a ready-to-use targeting tool.

   “Leaving a MongoDB instance unprotected is a basic error, yet the ramifications are significant: years of employment histories, contact networks, and social connections, all difficult to change or mitigate. With the owner still unidentified, victims can’t even hold anyone accountable or demand fixes, a concerning trend in large-scale data breaches.

   “This isn’t a hack, but a blatant oversight: a simple misconfiguration exposed a huge amount of sensitive corporate relationship data for an unknown period. The unknown owner now faces immense liability, essentially providing bad actors with an unauthorized, pre-built resource.”

   “When security posture management is ignored, a single misconfigured database becomes a multi-billion-dollar master key for global corporate espionage.”  

Aaron Colclough, VP of Operations, Suzu Labs:

   “This isn’t the first time we’ve seen MongoDB misconfigurations expose millions of data points, and it likely won’t be the last. The ‘secure by default’ principle still isn’t being followed leaving these databases often deployed with authentication disabled for convenience during development, then pushed to production without remediation.

   “4.3 billion records with 16 terabytes of enriched professional data represents one of the largest exposures of business intelligence data we’ve seen. It’s complete professional dossiers including employment history, education, certifications, and behavioral intent data. This is a social engineering goldmine. The ‘intent’ collection with over 2 billion documents is particularly concerning. Combined with the profile data, this enables highly targeted spear-phishing campaigns that reference specific professional interests or recent activities.

   “Most professionals don’t realize that their LinkedIn profile, employment history, and even behavioral patterns are being aggregated, enriched, and sold by platforms they’ve never heard of. When these data brokers fail to secure their databases, the professionals whose data they’ve collected suffer the consequences, but have no contractual relationship to seek damages.”

Hom Bahmanyar, Global Enablement Officer, Ridge Security Technology Inc.:

   “The widespread misconception that detection of weak credentials across an organization’s assets requires specialized GPUs and scheduled downtime has unfortunately led to inaction on the part of many organizations.

   “Brute-force detection of weak credentials is an easy win that’s often ignored. It can serve as a practical interim measure and later be expanded into more sophisticated solutions.

   “Security Validation platforms generally provide credential dictionaries for various applications, databases, and protocols to support brute-force weak credential detection. Incidents like the unsecured MongoDB breach could have been easily avoided with such measures.”

Leave a comment »

TELUS partners with Qohash to bring advanced data security to Fuel iX

Posted in Commentary with tags on December 10, 2025 by itnerd

TELUS and Qohash, Canada’s leader in data security posture management, today announced a strategic partnership that will embed enhanced data protection into TELUS’ generative AI platform, 

Fuel iX™, and enable users to leverage its AI capabilities with real-time visibility into how sensitive data is continuously protected.

Qohash’s patented edge data security technology, Qostodian, will be integrated into Fuel iX™ and TELUS Digital’s AI-powered 

customer service solutions to deliver unmatched visibility and control, providing users with real-time identification of sensitive data, classification and continuous monitoring capabilities across their AI workflows. A pan-Canadian solution and the only Canadian data security company with intellectual property entirely researched, designed, and owned domestically, Qohash provides end-to-end control over the entire technology stack and value chain — a critical requirement for organizations in defence and other high-assurance sectors.

TELUS Sovereign AI Factory while having complete confidence that their sensitive data is protected and monitored with Canadian resilience at its core. This is about enabling secure-by-design AI for the enterprise, with the sovereignty and performance that Canadian organizations demand.”

This alliance sets a new standard for digital trust in Canada and strengthens TELUS’ position as Canada’s premier AI provider. Fuel iX™ customers will also be able to access models running on the TELUS Sovereign AI Factory, internationally recognized as Canada’s fastest and most powerful supercomputer on the global 

TOP500 list, enabling organizations to harness cutting-edge AI capabilities while upholding rigorous data protection standards with an unwavering commitment to sovereignty.

Qohash’s Qostodian platform employs patented edge data security technology that detects, classifies and protects sensitive data, – including personal, health, corporate and financial information – where it resides, whether on-premises, in private clouds or within enterprise AI workflows. Unlike traditional security tools that move data to third-party environments for processing, Qostodian secures data directly at the source, providing continuous oversight, automated compliance monitoring and reduced risk of data exposure. This protection strengthens operational sovereignty, optimizes storage environments, and enables Canadian organizations in highly regulated sectors to meet stringent data residency and security requirements – a core capability for businesses as data control becomes a decisive competitive advantage.

The partnership addresses a critical gap in Canada’s AI ecosystem: organizations need both high-performance AI infrastructure and advanced data protection to confidently deploy AI for their most sensitive workloads. By combining TELUS’ Sovereign-by-Design infrastructure to maximize Canadian operational control across every layer, from chips to software to networks, with Qohash’s patented edge security technology, Canadian organizations gain unprecedented capability to innovate while maintaining sovereignty. This is particularly critical for sovereignty-sensitive sectors already leveraging TELUS’ infrastructure, including healthcare, government and financial services sectors.

Leave a comment »

2026 Security Predictions From HP

Posted in Commentary with tags on December 10, 2025 by itnerd

Attackers will accelerate their investments in cookie theft

Ian Pratt, HP Global Head of Personal Systems Security

Generalized MFA deployment will accelerate threat actors’ switch to stealing cookies and tokens instead of passwords. This means threat actors will need to act swiftly from time of theft, utilizing the stolen cookie before it expires to insert backdoors that then grant them persistent access. Online marketplaces will expand to enable this with rapid trading and exploitation.

Defenses against cookie and token theft are not mature and are inconvenient for users. This means that we will see attacks involving such theft becoming increasingly commonplace. This is particularly serious for privileged users such as sysadmins, who frequently use web browsers to access high value administrative web sites, such as EntraID, InTune, or AWS web portals, where cookie theft creates an easy path to a catastrophic enterprise breach.

Issuing sysadmins with a second PC, a Privileged Access Workstation (PAW), is today’s recommended best practice, but is far from universally implemented, and there are plenty of examples where PAWs themselves have become compromised.

For critical applications, enterprises are going to need to look toward additional layers of defense, such as strong isolation and application security posture attestation.

Cybercriminal Groups Will Rely on AI Agents to Automate Reconnaissance and Target
Organizations

Alex Holland, Principal Threat Researcher in the HP Security Lab

“In 2026, we expect to see organized crime groups automate workflows and outsource more tasks using AI agents in their attacks, especially preparatory tasks like researching victims to target. Beyond this, rapid improvements in large language models and agentic AI systems are expanding their role in the attack lifecycle. Threat actors will no longer limit their AI use to basic automation or phishing content creation. They will also start using AI to assist with complex tasks like vulnerability discovery.

“AI assistance will help threat actors to scale their operations, making campaigns more efficient by reducing the resources and skills attackers need to breach targets.

“Against a barrage of AI-assisted attacks, even the best detection tools will miss some threats. Instead, organizations need to ensure threats can be contained, isolated and remediated, safeguarding their fleets, maximizing uptime and ultimately securing the future of work.”

Physical Attacks on Devices Will Become Cheaper and Easier for Cybercriminals

Boris Balacheff, Chief Technologist for Security Research and Head of the HP Security Lab

“Hybrid work is accelerating the commoditization of attacks enabled by physical access to devices. This is because devices are more exposed as employees are more mobile and distributed, and the tools needed for device tampering become increasingly accessible and affordable. Next year, IT leaders should anticipate this will continue, with easy-to-use exploitation kits and investment by threat actors into new physical attack techniques. In response, security auditors will increasingly focus on how organizations deploy best practices to protect data and device integrity across their fleets of devices.

“Employees today work in cafés, bars, hotels, and conference centers across the globe, using shared infrastructure and peripherals, and giving threat actors ample opportunity to tamper with a device when its owner steps away. With physical tampering, threat actors can seek to exfiltrate data, grasp control of compromised devices to gain broader access to enterprise networks, and even mount destructive attacks to brick devices that are not designed with self-healing built in from the ground up.

“To ensure the Future of Work is secure, organizations will need to prioritize hardware with security and resilience built in at every level. They will need to look for device security capabilities to help protect hardware and firmware integrity, as well as data security, from physical attacks, and learn to integrate hardware-level authentication and attestation into their zero-trust architecture strategies.”

Organizations will Finally Take Notice of IoT, Edge, and Print Security After a String of Attacks

Steve Inch, Global Senior Print Security Strategist at HP Inc.

“After a year of high-profile attacks against connected devices, organizations will finally prioritize security for devices at the network edge. For example, security vulnerabilities allowed for remote takeovers of printers, highlighting the risks of leaving printers unprotected.

“For too long, printers have been the lowest priority on every security team’s list. Many organizations lack basic visibility and control over print infrastructure. This creates security blind spots – from exploitation attempts to insider threats, outdated firmware, malicious updates and misconfigurations, such as open ports or unchanged default credentials.

“These security gaps give threat actors a potential launchpad to not only compromise a printer and the data it holds but also other devices on the network. In the year ahead, organizations and governments will demand that endpoint devices like printers come with continuous and active system monitoring throughout their lifecycle.

“To defend the Future of Work, organizations need to secure their complete device ecosystem, including their printers. They should prioritize the ability to automate print fleet security compliance and automatically assess fleet firmware vulnerability status, minimizing IT overhead in 2026.”

Quantum Resistance will Become a Vendor Requirement

Thalia Laing, Principal Cryptographer at HP Security Lab

“A year on from the introduction of new NIST standards for quantum-resistant asymmetric cryptography, public sector and critical infrastructure companies are going to accelerate planning and vendor engagements to chart a path towards migration. This process will reveal the scale of the challenge: with NIST intending to deprecate RSA-2048 by 2030 and all RSA and Elliptic Curve Cryptography by 2035, many vendors are likely to seize the opportunity to move directly from RSA 2048 to quantum resistant algorithms, particularly in critical industries and long-life systems, such as hardware.

With ongoing advances in quantum computing, the prospect of a quantum computer capable of breaking asymmetric cryptography within a decade is becoming increasingly plausible. The US government’s decision to set a quantum-resistance deadline of 2027 for new National Security System devices signals this urgency.

“To become quantum resilient, organizations must start by preparing their long-lived hardware, including their printers and PCs. With a typical commercial PC refresh averaging at just over 4 years and an even longer lifespan for office-class commercial printers – devices procured in 2026 have the potential to be in use within the timeframe of a cryptographically relevant quantum computer.

“From 2026 onwards, quantum resilience will increasingly influence hardware procurement decisions. This will increase pressure on device manufacturers to future-proof their devices by embedding quantum resistant cryptography into their products, while pushing for the protection of long-life data. By embedding quantum resilience now, organizations can maintain trust in the
technologies shaping the Future of Work.”

The Spotlight draws over Identity, Provenance, and Persistent Control

Peter Blanchard, Document Workflow Security Strategy Principal at HP Inc.

“In 2026, we’ll see efforts within enterprise security shift from fragmented identity frameworks and perimeter-based controls to a unified, data-centric model. Today’s zero-trust implementations often create complexity and fatigue, with identity scattered across users, apps, and devices. This fragmentation leads to blind spots, inconsistent enforcement, and poor user experience. The next phase will prioritize consolidation: centralized identity orchestration that simplifies access, strengthens governance, and reduces operational risk.

At the same time, we’ll see security move from focusing on point of entry, to managing the custody of data throughout its lifecycle. Organizations will need visibility into where data originates, how it is used, and who has access – even after it leaves their boundaries. Identity and policy will travel with the data, embedded through persistent controls, telemetry, and rich metadata. Dynamic permissions such as ‘can I share this?’ will evolve into continuous oversight, ensuring compliance online and offline.

Provenance and lifecycle control will become critical in the age of AI, where transparency and trust are non-negotiable. By embedding identity, custody, and governance controls into the core of digital ecosystems, organizations will achieve stronger, adaptive security that protects without adding friction, safeguarding the Future of Work.”

Leave a comment »