A Weak Password Tanks 158 Year Old Company

Posted in Commentary with tags on July 22, 2025 by itnerd

Getting pwned has its costs. Which is why one should do everything possible not to get pwned.

Too bad KNP which is a transport company in the UK didn’t follow that advice. Because one weak password allowed hackers to not only pwn them, but put this 158 year old company out of business:

KNP director Paul Abbott says he hasn’t told the employee that their compromised password most likely led to the destruction of the company.

“Would you want to know if it was you?” he asks.

And:

In 2023, KNP was running 500 lorries – most under the brand name Knights of Old.

The company said its IT complied with industry standards and it had taken out insurance against cyber-attack.

But a gang of hackers, known as Akira, got into the system leaving staff unable to access any of the data needed to run the business. The only way to get the data back, said the hackers, was to pay.

“If you’re reading this it means the internal infrastructure of your company is fully or partially dead…Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue,” read the ransom note.

The hackers didn’t name a price, but a specialist ransomware negotiation firm estimated the sum could be as much as £5m. KNP didn’t have that kind of money. In the end all the data was lost, and the company went under.

Darren James, a Senior Product Manager at Specops Software had this to say:

“While high-profile cases make headlines, over 19,000 ransomware attacks hit UK businesses last year, many going unnoticed except by those directly impacted. A common cause? Weak, reused, or already breached passwords.”

“Stronger password policies, continuous breached password scanning, secure self-service resets, and proper service desk verification are simple, cost-effective measures that can dramatically reduce risk. In today’s cyber threat landscape, your first line of defense is still one of the most critical.”

Consider this example a warning to get your house in order. Because it doesn’t take much for a bad actor to kill your company.

Leave a comment »

Guest Post – Meta’s Shrug, Your Risk: How Facebook’s Data Leaks Became the New Normal in Silicon Valley

Posted in Commentary with tags on July 22, 2025 by itnerd

By Jurgita Lapienytė

It began, as these stories often do, not with a bang but with a boast. Almost two months ago, a hacker, posting on a shadowy forum, claimed to have siphoned off 1.2 billion Facebook user records – names, email addresses, phone numbers, birthdays, locations, the digital breadcrumbs of real lives. 

The research team at Cybernews set out to verify the claim. They examined a sample of 100,000 unique Facebook user records shared by the attackers, and the data appeared legitimate.

If the hacker’s numbers are even half right, it means hundreds of millions of people could soon find their inboxes flooded with targeted phishing scams, their phone numbers sold to spammers, and their personal details circulating in criminal marketplaces – fuel for identity theft, financial fraud, and years of privacy headaches.

However, Meta’s response was a shrug and a hyperlink: a brief statement, then a redirect to a four-year-old blog post about “combating scraping.” No fresh explanation, no sense of urgency. Just another corporate brush-off, as if the world’s largest social network hadn’t just sprung another leak. It’s as if they don’t even understand what we’re fussing about.

This isn’t a one-off. In 2021, Facebook lost control of data on over 500 million users, and the price was a European slap on the wrist – $266 million. Since then, the leaks have kept coming, each time with the same ritual: denial, deflection, and a vague promise to “do better.”

Why does this keep happening? Because the modern internet runs on APIs – digital pipelines that let apps and services talk to each other, and, too often, let bad actors – in many cases, opportunistic marketists not bothered by ethics or troubled by the notion of privacy – siphon off whatever they please. Facebook’s APIs are gold for anyone with a script and a grudge. In the past few years, many companies – such as LinkedIn, Dell, Duolingo, and DeepSeek – have seen their APIs probed and plundered.

What can criminals do with this data? With a haul this size, they can automate scams at industrial scale. They can impersonate, phish, and defraud with uncanny precision. For the average person, it means a future where your inbox, your phone, and your sense of privacy are under constant siege.

It’s not only criminals who can and will make use of such data. Advertising firms and various data brokers simply blossom on these datasets. With them, our privacy is dead on arrival, as numerous examples show. They don’t even shy away from publicly acknowledging they’re listening to you using your phone just so they could serve you better ads.

We should stop pretending this is a technical inevitability. It’s a choice – a choice to treat user data as a resource to be mined, not a trust to be guarded. It’s a choice to react to breaches with PR instead of prevention.

What would real accountability look like? For starters, transparency: Meta should spell out exactly what was taken, how, and what it’s doing to prevent the next round. 

Regulators should stop accepting apologies and start demanding airtight safeguards for APIs and user data, and also impose penalties that actually sting. 

And we, as users, should demand tools that put control of our digital lives back in our own hands – because accepting business as usual only guarantees we’ll be the next victims.

Until then, the cycle will repeat. Another breach, another apology, another round of “unprecedented” headlines. The only thing truly unprecedented is our willingness to look away.

ABOUT THE EXPERT 

Jurgita Lapienytė is the Editor-in-Chief at Cybernews, where she leads a team of journalists and security experts dedicated to uncovering cyber threats through research, testing, and data-driven reporting. With a career spanning over 15 years, she has reported on major global events, including the 2008 financial crisis and the 2015 Paris terror attacks, and has driven transparency through investigative journalism. A passionate advocate for cybersecurity awareness and women in tech, Jurgita has interviewed leading cybersecurity figures and amplifies underrepresented voices in the industry. Recognized as the Cybersecurity Journalist of the Year and featured in Top Cyber News Magazine’s 40 Under 40 in Cybersecurity, she is a thought leader shaping the conversation around cybersecurity. Jurgita has been quoted internationally – by Metro UK,  The Epoch TimesExtra BladetComputer Bild, and more. Her team reports on proprietary research highlighted in such outlets as the BBC, Forbes, TechRadar, Daily Mail, Fox News, Yahoo, and much more. 

Leave a comment »

Xona and Dicofra Partner to Deliver Secure Access for Critical Infrastructure Across Mexico, Latin America, and the United States

Posted in Commentary with tags on July 22, 2025 by itnerd

Xona today announced a new channel partnership with Dicofra Cyber Security, a leading OT cybersecurity solutions provider based in Mexico. The partnership enables Dicofra to deliver, deploy, and support Xona’s secure access platform for critical infrastructure operators throughout Mexico, Latin America, and the United States.

As demand for secure remote access solutions accelerates across Latin America’s energy, utilities, manufacturing, and transportation sectors, this partnership expands access with a purpose-built platform that enables operational teams, OEMs, and third-party vendors to connect to industrial assets—without exposing critical systems to insecure endpoints or compromising uptime.

As an official Xona channel partner, Dicofra will provide sales, deployment, and tier-one technical support for the Xona Platform, leveraging their local engineering teams and regional presence. Customers in Mexico, Latin America, and the U.S. will benefit from onboarding, training, and support—alongside Dicofra’s OT cybersecurity offerings, including threat detection, managed services, and regulatory compliance advisory.

Dicofra will also offer the Xona Platform as a managed service, enabling flexible deployment as a standalone secure access solution or integrated with platforms such as Nozomi Networks, enhancing both access visibility and OT threat detection. This approach is designed to reduce the cyber risk of VPNs, jump servers, and legacy remote access tools—while accelerating digital transformation across industries.

Leave a comment »

TELUS Announces$2 Billion Fibre Investment

Posted in Commentary with tags on July 21, 2025 by itnerd

TELUS has to announced a $2-billion investment to deliver broadband services across Ontario and Quebec over the next five years. This investment comes as a result of the CRTC confirmation of the wholesale fibre-to-the-premise (FTTP) framework and serves as a complement to their wholesale fibre access agreements, allowing TELUS to deliver national scale, accelerate network builds and drive investment, competition and affordability in Canada. This marks a significant milestone in TELUS’ ongoing efforts to bring Canada’s fastest and most reliable broadband services to more communities – fueling economic growth and ensuring all Canadians have access to next generation digital services.


New fibre-optic infrastructure will also serve as the backbone of TELUS’ world-leading 5G wireless network, ensuring that people and businesses have the tools they need to manage their lives and drive business success in our digital world. Importantly, TELUS PureFibre is 85% more energy-efficient than copper, and more durable against extreme weather and environmental factors, making it a more sustainable and reliable technology.

This $2-billion investment will be part of their annual budget and will be supported by investments from their strategic build partnerships. This investment program comes on top of the $70 billion TELUS announced earlier this year to enhance connectivity, support Canadian AI leadership and fuel economic growth through 2029, and builds on the more than $276 billion TELUS has committed since 2000 to boost productivity and support a robust national economy.

These investments are consistent with TELUS’ guidance for 2025, including capital expenditures, as disclosed in the company’s fourth quarter 2024 results and 2025 targets news release dated February 12, 2025 and in the company’s first quarter 2025 results news release dated May 9, 2025. This investment profile aligns with the company’s longer-term capital-intensity aspirations and our deleveraging target for 2027, including the removal of the dividend reinvestment plan discount.

For more information about the TELUS PureFibre network and its benefits, visit telus.com/purefibre.

Leave a comment »

Dior Starts To Send Data Breach Notifications To US Customers

Posted in Commentary with tags on July 21, 2025 by itnerd

A couple of months ago, I posted a story on fashion house Dior getting pwned in a cyberattack. Today Dior is sending data breach notifications to U.S. customers informing them that a May cybersecurity incident compromised their personal information:

Based on the findings of the investigation, the following information has been exposed:

  • Full names
  • Contact details
  • Physical address
  • Date of birth
  • Passport or government ID number (in some cases)
  • Social Security Number (in some cases)

The company clarifies that no payment details, such as bank account or payment card information, were contained in the compromised database, so this information remains safe.

Law enforcement was notified accordingly, while third-party cybersecurity experts were engaged to help contain the incident.

Erich Kron, Security Awareness Advocate at KnowBe4

“While we often focus on credit card details in situations like this, the elephant in the room is the fact that so much personal information about the clients was lost. It would be no shock to find out that many of these customers are those of high net worth, and probably value their privacy. This breach exposes phone numbers, addresses, possibly passport and tax ID information, as well as other things that the customers of the luxury brand would probably not like made public. In other words, this could be a bit of a mess for Dior. Cybercriminals can use the information that was leaked to target individuals in future attempts of thievery and deception.”

“Those impacted by this breach should be especially careful moving forward and may want to consider locking their credit or taking other similar steps to fight against potential identity theft. For organizations that handle sensitive information such as this, it’s absolutely critical that their employees are trained to spot and report attempted social engineering attacks and that data privacy controls are in place within the organization to secure this information. This means a robust Human Risk Management (HRM) program that is bolstered by other technical controls as well.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“U.S. customers of House of Dior should immediately take advantage of the free 24-month credit monitoring and identity theft protection package offered by the company. They also need to stay alert for any phishing emails, texts, or phone scams using the purloined information in an attempt to get more info.”

“Meanwhile, customers of Louis Vuitton should be proactive in protecting their accounts and personal information, even though the company has not yet officially announced that they were affected by a similar data breach.”

About that Louis Vuitton thing… It appears that they got pwned as well. I’ll be looking into that and posting about that when I get more details.

Leave a comment »

Microsoft Pushed Out An Emergency Fix On Sunday For An Actively Exploited SharePoint Vulnerability

Posted in Commentary with tags on July 21, 2025 by itnerd

Microsoft on Sunday issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. To be clear, this is applicable to those with SharePoint on premise. In an advisory, Microsoft said this:

We are working on security updates for supported versions of SharePoint 2019 and SharePoint 2016. Please check this blog for updates.

To mitigate potential attacks customers should:

  • Rotate SharePoint Server ASP.NET machine keys
  • Use supported versions of on-premises SharePoint Server
  • Apply the latest security updates, including the July 2025 Security Update
  • Ensure the Antimalware Scan Interface (AMSI) is turned on and configured correctly, with an appropriate antivirus solution such as Defender Antivirus
  • Deploy Microsoft Defender for Endpoint protection, or equivalent threat solutions

The Washington Post is reporting that the U.S. government and partners in Canada and Australia are investigating this situation.

Andrew Obadiaru, CISO, Cobalt, an offensive security company, had this to say:

     “Zero-day vulnerabilities in widely deployed platforms like SharePoint are a goldmine for attackers because they provide immediate, scalable access to high-value environments. The challenge isn’t just patching—it’s that attackers typically implant persistence mechanisms within hours, ensuring long-term footholds. Defense strategies need to assume breach and validate controls through proactive testing, including red teaming and continuous pentesting, to uncover weaknesses before adversaries do. In today’s threat landscape, reactive security alone is a losing game.”

If you’re a SharePoint on premise user, drop what you are doing and patch your SharePoint instance to make sure that you don’t get pwned or you have not already been pwned seeing as this is an actively exploited exploit. Because this is a today problem to say the least.

UPDATE: Adrian Culley, Senior Sales Engineer, SafeBreach had this to say:

“This CVE represents a critical security incident: it was exploited as a zero-day vulnerability in active attacks against production systems before any patches were available—the most severe type of threat organizations face. The absence of a single remediation patch further complicates the situation. Microsoft has taken the unusual step of advising organizations to assume compromise and conduct thorough investigations to verify their security posture—language that underscores the severity of this vulnerability.

SharePoint Server 2016 environments face particular challenges, as no immediate technical remediation is available. Organizations must rely on breach and attack simulation exercises alongside their existing security controls to assess exposure. Proactive defense requires targeted hardening measures and resilience improvements to prevent falling victim to this sophisticated attack vector.”

Leave a comment »

SellYourMac.com Founder Brian Burke to Speak on Breaking Through the Noise at ITAD Summit 2025

Posted in Commentary with tags on July 21, 2025 by itnerd

SellYourMac.com the leading reCommerce and IT Asset Transition Service provider dedicated exclusively to Apple products and an Other World Computing company, today announced SellYourMac.com Founder and CEO, Brian Burke, will join a panel discussion titled, “Standing out in the Noise – a Dive into Marketing Your Products and Services to the Masses” at the ITAD Summit 2025 (July 29 – 30, Bellagio Hotel & Casino, Las Vegas, NV). 

Joining Brian The Mac Man on the panel, set to take place on July 29, from 1:00 – 2:00 pm, will be Rachael Weir, Head of Marketing, Vyta, and Danae Gullicksen, Marketing Professional, URT. Together, they will dive into effective strategies for marketing ITAD products and services in a crowded marketplace, with insights on how to differentiate brands, build visibility, and engage target audiences at scale.

About Brian Burke, Founder/CEO, SellYourMac

Brian Burke is a seasoned tech entrepreneur and thought leader who founded SellYourMac.com and now serves as the Mac Man at Other World Computing, specializing in Apple product resale, IT asset disposition, artificial intelligence, and digital innovation.

Brian The Mac Man is passionate about empowering underprivileged students through gifting Apple technology. He believes gifting them a Mac can truly change their lives, their outlook on the world, and their future job prospects.

As a lifelong learner, Brian is a 2x TEDx Talk speaker, has become a Sommelier, an Apple Certified Mac Technician, a Notary Public, an Ordained Minister, a PADI Certified Scuba Diver, a professional speaker on LinkedIn optimization, having now grown his LinkedIn network to 210,000+, and a professional speaker on ChatGPT!

Leave a comment »

Over 3.5 Million Customer Records Exposed in Australian Fashion Brand Data Breach

Posted in Commentary with tags on July 21, 2025 by itnerd

VPNmentor just published cybersecurity researcher Jeremiah Fowler’s latest findings, revealing a non-password-protected database containing 3,587,960 records totaling 292 GB, tied to SABO, a well known global fashion brand based in Australia.

The exposed data includes invoices, packing slips, and other documents containing personally identifiable information (PII) such as customer names, physical and email addresses, phone numbers, and order details—impacting both retail and commercial buyers.

This breach raises significant concerns about privacy and data security in the retail industry. Given the scale and nature of the exposure, the risks include phishing, social engineering, and financial fraud.

You can find the full report here: https://www.vpnmentor.com/news/report-sabo-breach/

Leave a comment »

Guest Post – From beaches to breaches: Summer work habits put enterprise data at risk

Posted in Commentary with tags on July 21, 2025 by itnerd

As more companies embrace remote work and “workations” during the summer,  a cybersecurity expert warns that swapping the office for scenic views could put corporate data at serious risk

Businesses are adopting mixed work models, and summer is the perfect time to embrace greater workplace flexibility. However, when employees swap the office for a more relaxing setting, it can expose enterprises to additional cybersecurity risks — and, without proper measures, increase the likelihood of a data breach.

A survey by DayForce has found that 41% of employees feel they’re less productive in the summer, and 58% stated that their employer offers some type of flexibility during this time, including increased work-from-home or work-from-anywhere options. According to Andrius Buinovskis, a cybersecurity expert at NordLayer, a toggle-ready cybersecurity platform for business, while employees might appreciate the added benefits, enterprises mustn’t underestimate the risks behind such perks.

“Many companies offer mixed working models, such as remote or hybrid working. Work from anywhere or ‘workations’ allowing employees to work from abroad have also gained popularity,” says Buinovskis. “This additional flexibility is a great bonus for employees. However, businesses mustn’t offer it to employees without knowing the risks. Remote work opens the door for an array of security vulnerabilities, which, if exploited, can lead to devastating data breaches, resulting in reputational and financial loss.”

The main cybersecurity risks

Buinovskis explains that the most common threat from remote work comes from using unsecured public networks. Cybercriminals can intercept Wi-Fi to steal employee credentials, install malware, or hijack accounts.

“Employees that change their routines are more likely to reduce VPN usage due to distractions. Due to their unfamiliarity with the environment, they’re also an attractive target for scammers, and their lack of vigilance can make them more likely to fall for phishing scams in general,” says Buinovskis. “Additionally, employees may be asked to share more personal data in countries with fewer GDPR restrictions, increasing the risk of misuse. Another major concern is that if they use  personal devices, those devices lack centralized security, may run outdated software, and are more vulnerable to attacks.”

He emphasizes that personal devices offer less physical security than company-issued hardware since friends and family members can access them. While travelling, work devices are also at a greater risk, as they may be lost or stolen. If that happens, the information stored on these devices could be misused, and according to Buinovskis, just one compromised device or account is enough to trigger a significant data breach.

How to ensure cybersecurity while maintaining flexibility

Even though remote work models come with cybersecurity challenges, it doesn’t mean that businesses should abandon these perks altogether. According to Buinovskis, the main cybersecurity measures companies should implement to ensure that their data is protected include:

●       Strong network encryption. It secures data in transit, transforming it into an unreadable format and safeguarding it from potential attackers.

●       Password management policies. Hackers can easily target and compromise accounts protected by weak, reused, or easy-to-access passwords. Enforcing strict password management policies requiring unique, long, and complex passwords, and educating employees on how to store them securely minimizes the possibility of falling victim to cybercriminals.

●       Multi-factor authentication. Access controls, like multi-factor authentication, make it more difficult for cybercriminals to access accounts with stolen credentials, adding a layer of protection.

●       Zero trust architecture. The constant verification process of all devices and users trying to access the network significantly reduces the possibility of a hacker successfully infiltrating the business.

●       Network segmentation. If a bad actor does manage to infiltrate the network, ensuring it’s segmented helps to minimize the potential damage. Not granting all employees access to the whole network and limiting it to the parts essential for their work helps reduce the scope of the data an infiltrator can access.

“High observability into employee activity and centralized security are crucial for defending against remote work-related cyber threats, especially because personal devices and unauthorized applications greatly expand a company’s attack surface,” Buinovskis says. “Given the real risk of data breaches and the financial and reputational damage they could potentially cause, overlooking security gaps is a serious gamble that isn’t worth taking.”

Buinovskis also emphasizes that employees are often the weakest link in a company’s cybersecurity. Cybersecurity awareness training is essential to minimize the risk of data breaches — regardless of the work model. This training should cover how to recognize phishing scams, the risks of using public Wi-Fi, and effective password management practices.

ABOUT NORDLAYER

NordLayer offers reliable connection, protection, threat detection, and response for businesses needing strong network security. Built on NordVPN standards, NordLayer is a trusted cybersecurity platform that integrates easily with any network and technology stack, all with unmatched support. NordLayer is part of the cybersecurity powerhouse Nord Security. For more information: https://nordlayer.com/

Leave a comment »

The ASUS Security Situation Is Actually Way Worse Than I Thought

Posted in Commentary on July 21, 2025 by itnerd

A few months ago, I posted a story on ASUS having vulnerabilities in their router products that could lead to you not only getting pwned, but your ASUS router being part of a botnet. Related to that, I offered up some advice as to how to check if you’ve been pwned. But this was the second time this year that ASUS has found itself in a situation where their had serous security vulnerabilities. Because earlier this year ASUS had to fess up to the fact that their AI Cloud feature which allows for remote access to their routers was vulnerable to being pwned.

A couple of days ago, things got way worse for ASUS. YouTube channel Gamers Nexus, who had previously called out ASUS for their shady warranty practices did a video on a number of other vulnerabilities that have been discovered in a variety of ASUS products. If you want to watch the video, here it is:

For those of you who want to skip past watching the video, here’s the TL:DR.

Security researcher Paul “Mr. Bruh” discovered a zero-click remote code execution vulnerability in Asus DriverHub and hardcoded administrator credentials within MyAsus and the RMA portal—exposing user data including names, birthdates, addresses, and phone numbers. As it stands, ASUS claims to have fixed this.

Cisco Talos researcher Marson Icewall Noga also documented two kernel-level exploits in Armory Crate’s ASIO3 driver, enabling physical memory mapping and low-level hardware access. It gets worse because Armory Crate is built into to ASUS motherboards. Which means that even if you nuke Windows and reinstall it, Armory Crate will simply reinstall itself unless you dig into your BIOS and turn off the ability for it to install. For those of you who have Armory Crate installed, removing it is the recommended way to protect yourself. Another reason why you should get rid of Armory Crate is that I noted that when I was testing HYAS Protect At Home, I noted that Armory Crate which was on the ASUS PC that I owned at the time, sent and received a lot of data to and from the Internet for reasons that I couldn’t discern. But given that ASUS seems to have other security problems, that’s another reason why you should strongly consider removing their software ASAP.

And that’s on top of their router issues. And I have to admit, that was one of the motivating factors that made me dump this router from ASUS for this Unifi router. Currently the only ASUS product that I have left on my network is a pair of Zen WiFiXT8’s that I am using in access point mode. I am currently researching how to replace them with Unifi products that have as good or ideally better performance in a mesh setup. But given how bad ASUS security is, I am now making that a today problem Because clearly ASUS is really dropping the ball when it comes to security. And that is on top of their RMA issues and their technical support issues. Which the TL:DR on that is that ASUS tech support is horrifically bad.

The bottom line is that ASUS is really becoming a company to avoid. I don’t know how how else to put it. And honestly the sooner that ASUS products are gone from my network, the better off that I will be be. And if you own ASUS products, you might want to consider getting rid of them as well as you’ll likely be better off as well.

Leave a comment »

« Older Entries
Newer Entries »