Author Archive

« Older Entries
Newer Entries »

KnowBe4 Deploys Additional Agentic Capabilities to Bolster Customers’ AI Defenses

Posted in Commentary with tags on August 6, 2025 by itnerd

KnowBe4 is proud to highlight the success of its customers in achieving remarkable transformations in their HRM programs. By leveraging KnowBe4’s HRM+ platform and advanced AI-driven products including AIDA (Artificial Intelligence Defense Agents), customers like First Community Credit Union have reduced their Phish-prone Percentage (PPP) to a near-perfect one percent.

AIDA combines human expertise with advanced AI to give organizations a clear view of their human risk and the tools to reduce it. Powered by the SmartRisk Agent, it utilizes 316 indicators influencing 37 factors across seven knowledge areas. It automates targeted actions based on each organization’s unique threat landscape, helping security teams work faster, train smarter, and strengthen defenses. KnowBe4’s agentic AI capabilities are rooted in having the industry’s largest data set of simulated phishing and people-centric cybersecurity defense measures collected from over 13 million global users and 15 years.

Bryan Perkola, senior vice president of information security at First Community Credit Union in Houston, shared in a video how KnowBe4 has been instrumental in reshaping their approach to security awareness.

In addition to AIDA, PhishML Insights is now available as part of PhishER+. This AI capability enables InfoSec teams to better understand emerging attack patterns by setting customized confidence thresholds for email threat classification while receiving detailed explanations of why each message was tagged as clean, spam, or a threat.

To hear more customer success stories, visit the KnowBe4 testimonials website or visit KnowBe4 at booth number 1661 at Black Hat USA August 6-7, 2025.

Leave a comment »

Staffbase announces integration with ServiceNow

Posted in Commentary with tags , on August 6, 2025 by itnerd

Staffbase today announced a product integration with ServiceNow to unify digital workflows with internal communications, helping organizations extend the power of the ServiceNow AI Platform across the entire workforce. The joint effort enables Staffbase to create better experiences and drive value for customers by surfacing critical ServiceNow workflows in a way that is intuitive, accessible, and engaging for all employees, including frontline and non-desk workers.

As a Build Partner, the certified Staffbase–ServiceNow integration provides embedded ServiceNow widgets and search functionality within the Staffbase platform and is available via the Staffbase website and the ServiceNow Store.

Staffbase ensures that ServiceNow workflows are easily discoverable and usable for all employees through its mobile-first communications platform, solving a potential disconnect between digital systems and employee adoption. The result: higher ServiceNow adoption, faster task resolution, and greater ROI on digital investments.

Leave a comment »

Fake Browser Update Campaign Driving Attacks Worldwide

Posted in Commentary with tags on August 6, 2025 by itnerd

TodaySilent Push released an in-depth analysis of SocGholish (operated by TA569)—functioning as a sophisticated Malware-as-a-Service operation, selling access to compromised systems to various financially motivated cybercriminal clients. The malware acts as an Initial Access Broker (IAB), enabling other notorious groups and even the Russian GRU’s Unit 29155 to conduct follow-on attacks, including ransomware deployments.

The research dives into how SocGholish uses fake browser updates to lure victims in and leads them to drive-by malware downloads. The group also leverages Traffic Distribution Systems (including Parrot and Keitaro TDS) to filter and redirect victims to malicious content.

Additionally, the group’s use of domain shadowing and rotates its domains frequently to evade detection, making proactive threat intelligence crucial for defense and keeps them one step ahead of the game. 

You can read more here: https://www.silentpush.com/blog/socgholish

Leave a comment »

Black Kite Unveils Adversary Susceptibility Index

Posted in Commentary with tags on August 6, 2025 by itnerd

Black Kite today announced Adversary Susceptibility Index (ASI). Purpose-built for Third-Party Risk Management (TPRM) teams, ASI empowers them to proactively identify which vendors in their ecosystem are most vulnerable to specific threat actors before threats become a breach. 

ASI builds on Black Kite’s Ransomware Susceptibility Index® (RSI™) by mapping ransomware exposure to the specific threat actor groups behind the risk. ASI does this by revealing vendors that exhibit known vulnerabilities, behaviors, or configurations linked to that actor’s tactics, techniques, and procedures (TTPs); exposure indicators, such as open RDP ports, unpatched CVEs, or stealer log leaks; and third parties warranting immediate outreach and coordinated remediation. As a result, organizations can quickly and accurately identify which vendors are most likely to be targeted based on each group’s known behaviors, tools, and tactics, adding precision and context to their prioritization strategy.

Key Features and Benefits Include:
  • Threat Actor Intelligence for Suppliers: Instantly see which vendors align with a known adversary profile
  • Vendor Sorting by Susceptibility: Prioritize outreach based on real-world exposure and targeted actor tactics
  • Industry and Geography-Aware Risk: Assess risk with contextual intelligence, including actor-specific industries, regions, and motivations
  • Proactive Vendor Engagement: Deliveractor-specific insights to suppliers to accelerate mitigation and build trust

ASI brings a new level of precision to cyber risk management by embedding threat actor intelligence directly into third-party risk workflows. Rather than relying on static indicators, ASI enables organizations to prioritize suppliers based on real-world adversary behavior. With this capability, Black Kite delivers a unified, intelligence-driven approach to vendor cyber risk.

For more information, visit blackkite.com/threat-actor-monitoring.

Leave a comment »

Guest Post – Insider threats are the costliest cyber risk: Why aren’t business defenses holding up?

Posted in Commentary with tags on August 6, 2025 by itnerd

Is the biggest business enemy actually on the inside? Cybersecurity expert explains why insider threats are getting harder to control in browser-first working environments

As trusted members of an organization, employees can inadvertently or maliciously engage in risky cybersecurity behavior that is harder to detect and lead to data breaches that can cost millions of dollars to remediate. Andrius Buinovskis, a cybersecurity expert at NordLayer, says that as more companies adopt a browser-first approach, mitigating insider threats will become even more challenging due to the limited visibility security administrators have into employee activity within the browser.

Cybersecurity risks that originate from within a company are referred to as insider threats. The term encompasses all threats emerging from dangerous employee activity, whether intentional or not. Deliberate employee actions — such as selling confidential data to competitors or leaking private information out of spite — are also called malicious insider threats.

In their most recent annual report, IBM found that malicious insider threats were the cause of the most financially devastating data breaches in 2024, with an average cost of $4.99 million per incident. Buinovskis explains several reasons why these cybersecurity incidents can pack a hefty punch.

“Employees have access to incredibly sensitive data and resources which, when leaked, can have devastating consequences to a company’s reputation, result in GDPR fines, or be used for ransomware demands,” says Buinovskis. “Insider threats pose a significant danger due to their high impact, but they’re also harder to detect. Employees are trusted members of the organization, and their malicious actions can blend in with usual activity, potentially going unnoticed for months.”

Insider threats lurking in the browser

Buinovskis highlights that spotting malicious activity inside the organization has become even more challenging due to the rise of web-based software as a service (SaaS) applications.

“Consumer-grade browsers do not offer security admins a comprehensive view into employee activity, creating the perfect environment to carry out malicious activities without getting caught,” says Buinovskis. “As a result, the risk of data exfiltration, sharing credentials and confidential information, data theft, unauthorized web application use, and even sabotage by deleting or modifying critical information are all amplified in cloud-first, browser-heavy working environments.”

He explains that in traditional IT environments, these threats can be mitigated by ADR (automated detection and response) and XDR (extended detection and response), which observe network connections, file-based systems, and desktop applications. However, their observability of browser activity is very limited — for example, they cannot distinguish between normal work tasks and data exfiltration or which records were accessed or downloaded.

Additionally, consumer-grade browsers do not offer the possibility of enforcing centralized security controls. Consequently, employees can act as they please: download malicious browser extensions, screenshot or copy sensitive data, and share it with outside parties — all of which can lead to devastating data breaches.

“Companies are shifting to a browser-based working environment for greater efficiency and collaboration; however, as the reliance on the browser continues to grow, so will the cyber risks,” says Buinovskis. “This is especially true for small to medium businesses that might not even have had robust ADR and XDR solutions in the first place and now, consequently, have even less observability into their employee activity.”

Buinovskis explains that investing in cybersecurity awareness training for employees is the first step in mitigating unintentional insider threats. However, he emphasizes that businesses need to have comprehensive defenses in place to safeguard against employee error and malicious insiders.

“The longer malicious employee activity remains undetected, the greater its impact and the more extensive the resulting damage. This underscores the importance of robust observability and rapid incident response,” says Buinovskis. “Companies must prioritize strict access controls, strong user authentication, and continuous employee activity monitoring to mitigate insider threats effectively. For organizations operating in a web-based SaaS environment, leveraging the built-in security tools and enhanced observability of an enterprise browser is essential for comprehensive protection.”

ABOUT NORDLAYER

NordLayer offers reliable connection, protection, threat detection, and response for businesses needing strong network security. Built on NordVPN standards, NordLayer is a trusted cybersecurity platform that integrates easily with any network and technology stack, all with unmatched support. NordLayer is part of the cybersecurity powerhouse Nord Security. For more information: https://nordlayer.com/

Leave a comment »

MIND Launches the First Autonomous DLP Platform

Posted in Commentary with tags on August 6, 2025 by itnerd

MIND today announced the general availability of the first autonomous DLP platform. Designed for security teams to allow organizations to safely use GenAI, go beyond compliance and finally make DLP useful, MIND puts data protection on autopilot, covering every IT environment, reducing manual work and stopping sensitive data leaks before they happen.

As the first AI-native DLP platform built from the ground up to automate the entire lifecycle of data protection, MIND delivers:

  • Industry-leading data discovery: Automated and continuous inventory of sensitive data at rest and user/agentic AI/non-human activities to remove data security blind spots.
  • Autonomous, AI-powered classification: 91% more accurate than legacy DLP tools, eliminating alert fatigue and false positives with MIND AI, a multi-layer classification engine that goes beyond RegEx pattern matching and uniquely categorizes sensitive file types like never before.
  • Business-aligned policies: Simple, intuitive policy creation with out-of-the-box templates to achieve faster time-to-value.
  • Effortless remediation: Automated responses, guided workflows and integration with current remediation platforms to reduce data security risks and exposure.
  • Secure data at rest and protect data in motion: MIND actively prevents leaks wherever data lives or moves across IT environments, including GenAI, SaaS, endpoints, emails and on-premise file shares, eliminating blind spots due to legacy DLP silos.
  • User-centric prevention: Real-time, context-aware controls that help users follow security policy, not just block them, dramatically reducing the user friction caused by traditional DLP tools.
  • Rapid time-to-value: With a simple deployment, the MIND platform quickly brings real security value to organizations in days, not months.

Data security posture management isn’t enough – just knowing where your sensitive data lives doesn’t keep it safe. Security teams need real prevention, not just visibility and orchestration. As corporate data volumes skyrocket and organizations race to adopt cloud, SaaS and GenAI tools, legacy DLP solutions and modern posture management tools have failed to keep up. Today’s security teams are buried in manual work, false positives and operational complexity, while 73% of sensitive data remains exposed, according to our recent research with TechTarget’s Enterprise Strategy Group (ESG), a leading IT analyst, research and strategy firm.

Security teams today face an overwhelming amount of stress trying to keep pace with DLP alerts. Almost 92% of DLP alerts are false positives, not addressed in 24 hours or never remediated at all. An automated approach to data security, one that brings discovery, classification, remediation, policy management and prevention together, is the key to protecting sensitive data and lowering the stress security teams face. It’s time for stress-free DLP.

Key Industry Insights:

  • 78% of organizations find DLP administration challenging
  • Only 27% of sensitive data is properly discovered and classified
  • On average, enterprises experience 4.2 known sensitive data loss events per year, despite using multiple DLP tools

MIND customers have seen DLP management time drop by 80%, false positives cut by 95% and results delivered within hours of deployment, including uncovering critical data risks and blocking exfiltration of sensitive data.

MIND is the first platform to unite data discovery, AI classification, policy management, automated remediation and intelligent prevention, all in one, easy-to-deploy-and-manage solution. With coverage for GenAI, SaaS, endpoints, emails and on-premise file shares, MIND helps organizations mind what matters and regain confidence in their data security.

MIND is on a roll with industry recognition in 2025, recently being named one of Fortune’s Top 50 Cybersecurity Companies of 2025 in partnership with Evolution Equity Partners, underscoring MIND’s exceptional leadership in the cybersecurity industry and the only DLP solution on this prestigious list. Selected from hundreds of nominees, this inclusion in the Top 50 reflects a rigorous evaluation by a panel of top investors and cybersecurity experts. The judging criteria included technical innovation, operational excellence and a steadfast commitment to strengthening global cyber resilience.

Recently recognized as an Honorable Mention by the expert-led judging panel of the Black Hat Startup Spotlight Competition, MIND stood out among hundreds of submissions to identify the brightest new stars that have demonstrated innovation to address today’s critical cybersecurity challenges. MIND is one of only two startups that have been honored in the RSAC™ 2025 Conference 20th Annual Innovation Sandbox Contest and Black Hat Startup Spotlight Competition. Experience MIND’s award-winning, stress-free DLP platform at Black Hat booth #4833 from August 6 to 7.

The MIND autonomous DLP platform is available now. To learn more or schedule a demo, visit https://mind.io/product.

Leave a comment »

Deutsche Telekom‘s streaming service MagentaTV leaks over 324 million log entries

Posted in Commentary with tags on August 6, 2025 by itnerd

The Cybernews research team uncovered that MagentaTV, Deutsche Telekom’s TV and streaming platform, exposed over 324 million log entries — totaling 729GB of data — via an ad delivery platform. MagentaTV is estimated to have around 4.4 million users.

Researchers also claim that the exposed instance received new log entries every day, with anywhere from 4 to 18 million logs being added daily.

Moreover, the team believes that the instance was publicly accessible at least since early February 2025, with the company removing it from public view after our team contacted them in June.

What details did the MagentaTV leak?

While the majority of the information accessible via the exposed instance could be considered non-sensitive, some of the leaked logs contained HTTP headers from requests sent by MagentaTV customers.

According to the researchers, some user data was also exposed in the leak, including:

  • IP addresses
  • MAC addresses
  • Session IDs
  • Customer IDs
  • User agents

Potential risks for users

Attackers could potentially utilize leaked data to track user locations, identify them, and direct targeted attacks against specific devices.

Additionally, customers may face additional risks if attackers cross-reference the leaked data with older breaches, especially using IP addresses to identify users.

To read the full research report, please click here.

Leave a comment »

Guest Post- Turning Social Engineering Crises into Cybersecurity Lessons: Effective Crisis Management Strategies

Posted in Commentary with tags on August 6, 2025 by itnerd

By Erich Kron, Security Awareness Advocate at KnowBe4

Social Engineering Day brings the perfect opportunity to discuss why organizations must prioritize awareness and preparedness in the face of the growing threat of social engineering. Social engineering is the use of emotional manipulation to execute a cyberattack. Threat actors will often prey on the emotions of their victims, especially fear, making this tactic highly effective. 

For example, KnowBe4’s March 2025 Phishing Threat Trends report revealed that phishing emails increased 17.3% over a six-month period, highlighting the critical need for awareness and preparation.  The increase shows this tactic remains a preferred method for cybercriminals, especially as they continually improve their tactics. For this reason, organizations must proactively prepare for possible social engineering crises.  

Understanding Social Engineering

Social engineering attackers are skilled at exploiting human vulnerabilities, such as trust and urgency, to gain unauthorized access to organizational systems. Often, threat actors will impersonate internal departments like HR or IT. According to the same report, nearly 49% of top-clicked phishing links originate from email addresses pretending to be these departments.  

Likewise, ransomware phishing attacks, such as the notorious LockBit ransomware delivered via phishing, increased 22.6% within just a six-month period. Meanwhile, high-profile attacks using AI-driven polymorphic phishing techniques now represent 92% of all attacks, highlighting the increased sophistication of social engineering hackers.  

The North Korean Fake Employee Problem

Social engineering attackers have become so sophisticated that a new phenomenon has crept into the U.S. hiring market. North Koreans have started to pose as U.S. job candidates to infiltrate companies for financial gain, espionage and other nefarious activities. They use fake resumes, AI-manipulated headshots and stolen Social Security numbers to get hired as part of their scheme. In fact, many have been hired in companies across the U.S., going undetected for an extended period of time.   

Social engineering comes in many forms, and this is one recent example of how manipulation can be utilized in unique ways for cybercrime activities. These are the types of situations that we can learn from and use as an opportunity to educate others about the risks of social engineering.  

Proactive Measures and a Crisis Response Framework

All organizations are at risk of social engineering attacks. To effectively prepare, they must develop a detailed crisis response framework outlining an action plan for how they will react in the case of attempted and successful social engineering attacks.  

Essential proactive measures include:  

  1. Pre-employment screenings that detect potential insider threats early on.  
  2. Continuous security awareness training (SAT) and simulations. SAT reduces employee susceptibility to phishing by 89.5% after 12 months, reducing the Phish-proneTM rate from 37.1% to about 3.9%.  
  3. Adopting a “no-blame” reporting culture within the organization. By not punishing employees who click on a bad link, the workforce will be more likely to report and identify threats.  

In the event of a successful social engineering attack, it is just as important for organizations to have a reactive plan. Essential crisis response measures include:  

  1. Maintaining real-time updates for situational awareness, both internally and externally.   
  2. Being transparent to build trust among employees, stakeholders and the public.  
  3. Utilizing AI and advanced monitoring tools for early detection and rapid response.  

Lessons for Organizations

In the case of successful social engineering attacks, leadership visibility and proactive communication are crucial for maintaining organizational credibility. By implementing continuous employee education on how to recognize and respond to social engineering attacks, organizations significantly decrease the likelihood of actually being hit by one of these attacks.  

Likewise, public education builds broader trust and reinforces organizational resilience. If the majority of people become knowledgeable about the risk of social engineering, hackers employing this method will face greater challenges when taking advantage of these human vulnerabilities.  

National Social Engineering Day may be here, but it is essential for organizations to prioritize social engineering awareness and crisis management strategies throughout the entire year. Social engineering may not disappear anytime soon, but through proactive and reactive preparedness, organizations and individuals can become well-equipped to handle any potential crisis.  

Leave a comment »

Rillet raises $70M to replace 20th-century accounting software with AI-native ERP built by accountants

Posted in Commentary with tags on August 6, 2025 by itnerd

Ambitious companies don’t rise or fall by product alone – they win or lose by how they run finance and accounting. Rillet, the AI-native ERP (enterprise resource planning) platform built for modern finance teams, today announced a $70 million Series B co-led by Andreessen Horowitz and ICONIQ with participation from Sequoia, Oak HC/FT and earlier investors. In conjunction with the new funding, Andreessen Horowitz General Partner Alex Rampell and ICONIQ General Partner Seth Pierrepont are joining the board.

This round comes just 10 weeks after Rillet announced a $25m Series A round from Sequoia, the company has now raised over $100 million in under a year. Since launch, Rillet has signed over 200 customers and doubled its ARR over the past 12 weeks. The rapid growth has also resulted in strategic partnerships with many of the nation’s top accounting firms like Armanino (top 20) and Wiss (top 50).

The investment accelerates the company’s mission to rebuild enterprise accounting from the ground up, giving finance leaders the ability to scale multi-billion dollar companies with teams a fraction of the size.

The transformation they envisioned is now a reality. PostScript, a unicorn with over $100 million in ARR and global operations, closes their books in just three days using Rillet. Windsurf, one of the fastest-growing companies in recent memory, runs their entire finance operation with a lean team of two people. Customers consistently report cutting their close times to just a few days while implementing Rillet as fast as 4 weeks vs the 12 months required in traditional systems.

Rillet’s breakthrough lies in how it redefines financial systems architecture. Legacy ERPs are, at their core, “dumb databases”. They store transactions, but the real work happens in spreadsheets and bolt-on analytics tools. Rillet flips that model. It starts with native integrations, which enable structured data to flow into their smart general ledger. AI is then applied directly within the system, empowering finance teams to collaborate in real time, automate workflows natively and get insightful reporting the moment something happens, not days or weeks later.

Although accounting is the single biggest category in enterprise software –  a $500B+ global market that nearly every company on Earth depends on –  the space is dominated by incumbents owned by slow-moving conglomerates: NetSuite by Oracle, Intacct by Sage, Dynamics by Microsoft. Even more recent players like Acumatica are being folded into private equity portfolios. 

Rillet is a clean-slate rethink for this new era – built for speed, intelligence, and scale. And unlike those legacy platforms, Rillet is built by accountants. Its Chief Product Officer is a former EY controller; the Head of Customer Success came from PwC; and the VP of Implementations is a CPA and former customer. This DNA shows up in every workflow, every implementation, and every customer result.

The timing here is critical. The accounting industry is facing a major talent crunch, with 75% of accountants expected to retire in the next 15 years. At the same time, 80% of routine financial operations could be automated according to Accenture. Rillet sits right at this crossroads, creating a new platform shift in how humans and AI work together in finance. The result is transformative: finance teams get more done with fewer people, while shifting their focus from manual grunt work to strategic analysis that actually moves the needle for their business.

Looking ahead, Rillet’s plan is to expand its AI capabilities and deepen integrations across the financial technology stack. The team’s ultimate vision extends far beyond automation; they’re building towards a collaborative platform where AI agents and human expertise work together to transform how businesses understand and manage their financial performance. 

With several customers expected to go public on Rillet’s platform in the next 6-12 months, the company is set to prove that today’s most ambitious businesses can scale from startup to IPO on truly AI-native financial infrastructure – signaling the first major shift in years in how companies run, and win, with finance.

Leave a comment »

Pandora Pwned In Salesforce Related Attack

Posted in Commentary with tags on August 6, 2025 by itnerd

Another retailer suffered a cyberattack. Danish jewelry company Pandora sent emails to its customers informing them that their data might have been stolen

Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks.

Pandora is one of the largest jewellery brands in the world, with 2,700 locations and over 37,000 employees.

“We are writing to inform you that your contact information was accessed by an unauthorized party through a third-party platform we use,” reads a Pandora data breach notification sent to customers.

“We stopped the access and have further strengthened our security measures.”

As first reported by Forbes, only customers’ names, birthdates, and email addresses were stolen in the attack. Passwords, IDs, and financial information were not exposed.

Ignas Valancius, head of engineering at cybersecurity company NordPass, comments:

“This is not the first time this year that an attack was carried out by exploiting the weaknesses of third-party business partners. I don’t want to point fingers, but those cases are quite high profile and were discussed in the media. Actually, according to a Verizon report, around 30% of data breaches in 2025 involved third-party suppliers. You would think that large, experienced companies would learn from others’ mistakes and check their partners’ cybersecurity policies and practices. But apparently, it’s not the case. 

“I know it’s not as easy as it sounds. Companies today use dozens or even hundreds of different vendors, from coffee suppliers to cloud providers and remote support desk services, which greatly increases the risk of being exposed through their system. We use quite a few third-party services ourselves. I know it takes time and effort to set security requirements for partners and verify their compliance, but discussing cybersecurity matters with them is a very healthy business exercise. 

“If the news reports are accurate, Pandora customers should be in no immediate danger. Cybercriminals allegedly were able to access only names and email addresses. Passwords and credit card details were not disclosed. However, people should be vigilant, as such breaches are often followed by phishing attacks. Don’t fall into the trap and start clicking jewelry discount links you suddenly receive. Carefully read the addresses from which you receive emails and do not click on links in unsolicited communication. – it’s better to go to the website directly. I also highly recommend turning on multi-factor authentication.”

Here’s a quick primer on the ongoing Salesforce attacks that are mentioned in the article.

This highlights the fact that companies need to do a much better job of stopping attacks like this. It’s a lot of effort, but it’s well worth it to not be Pandora.

Leave a comment »

« Older Entries
Newer Entries »