184M+ Credential Exposed on Suspected InfoStealer Malware Breach 

Posted in Commentary with tags on May 22, 2025 by itnerd

Recently, cybersecurity researcher Jeremiah Fowler discovered and reported to Website Planet about a non-password-protected database containing over 184 million credential records from a suspected InfoStealer malware breach affecting a wide range of services, applications, and accounts, including email providers, Microsoft products, Facebook, Instagram, Snapchat, Roblox, and many more.

What happened:

A publicly exposed database was found containing 184,162,718 records with a total size of 47.42 GB. The exposed data includes emails, login account names, passwords, authorization URLs, and more.

Why it matters:

This kind of breach could lead to targeted phishing attacks, identity theft or financial fraud, social engineering and more.

Read the full report here: https://www.websiteplanet.com/news/infostealer-breach-report/

Leave a comment »

ESET Participates In Lumma Stealer Takedown

Posted in Commentary with tags on May 22, 2025 by itnerd

Yesterday I reported on a takedown of the Lumma Stealer network which is a big deal as this infostealer is a huge threat to computer users everywhere. Today ESET announced that has taken part in this takedown. The operation, spearheaded by Microsoft and supported by BitSight, Lumen, Cloudflare, CleanDNS, GMO Registry, and ESET, has successfully disrupted key elements of Lumma Stealer’s infrastructure, significantly impeding its ability to exfiltrate sensitive data from victims worldwide.

Key Contributions by ESET:

ESET contributed to the disruption by analyzing and processing tens of thousands of Lumma Stealer samples, identifying C&C servers, affiliate identifiers, and tracking the malware’s evolution in real time. Our automated telemetry enabled continuous monitoring of Lumma Stealer’s activities, supporting the takedown of over 3,000 malicious domains used since mid-2024.

ESET provided in-depth technical analysis and statistical breakdowns, helping cluster threat actors and understand the malware’s changing tactics.

The Threat of Lumma Stealer

Lumma Stealer (also known as LummaC or LummaC2) has been one of the most active infostealers in the cybercrime landscape over the past two years. Operated on a subscription-based MaaS model, it allowed cybercriminals to steal browser data, credentials, cryptocurrency wallets, and more, which are frequently sold on underground marketplaces to ransomware groups and other threat actors.

The malware’s infrastructure included Telegram-based dead-drop resolvers, weekly domain updates, and an elaborate affiliate tracking system through unique LID and UID identifiers. Its modular design and advanced anti-analysis techniques like control flow flattening and encrypted stack strings made detection and mitigation difficult—until now.

Global Disruption Impact

The collaborative disruption effort has rendered large portions of Lumma Stealer’s command-and-control network inoperable, striking a major blow to its ability to continue operations. While the actors behind Lumma Stealer are likely to attempt to regroup or pivot, this intervention marks a significant disruption to one of the most pervasive infostealer operations in recent years.

What Comes Next

ESET will continue to monitor the cybercrime ecosystem for signs of Lumma Stealer’s return or rebranding and remains committed to disrupting infostealer malware families that put organizations and individuals at risk.

Read the Full Technical Report

To explore the complete in-depth technical analysis, infrastructure breakdowns, sample statistics, and obfuscation techniques used by Lumma Stealer, visit the ESET We Live Security Blog: https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer/

Leave a comment »

iOS app Sleep Journey: Insomnia Helper exposed over 25,000 users’ data 

Posted in Commentary with tags on May 22, 2025 by itnerd

The Cybernews research team has discovered that the iOS sleep management app Sleep Journey: Insomnia Helper exposed over 25,000 users via a misconfigured Firebase database.

The leaked data revealed names, email addresses, dates of birth, gender, sleeping data, habits such as alcohol and nicotine consumption, before-sleep activities, and medication use.

Here’s why this story matters:

  • Leaking sensitive information like sleep patterns, substance use, and medical habits alongside names and emails gives cybercriminals everything they need to launch highly personalized and targeted attacks.
  • It’s not just user data — it’s app infrastructure. Secrets like API keys, client IDs, and storage bucket credentials were hardcoded into the iOS app, potentially giving attackers high-level access to backend systems and user devices.
  • Cybercriminals could use automated scrapers to harvest sensitive data in real-time — putting user privacy and service integrity at serious risk.
  • It’s part of a larger, systemic issue. This breach was uncovered during Cybernews’ investigation into 156,000 iOS apps — revealing that 71% leak at least one secret, showing just how widespread insecure coding practices are.

To read the full research, please click here.

Leave a comment »

Arms Cyber Launches Full Anti-Ransomware Support for macOS

Posted in Commentary with tags on May 22, 2025 by itnerd

Arms Cyber, the leading anti-ransomware platform, today announced full-featured support for macOS, becoming the first company in the industry to deliver comprehensive ransomware protection across all major operating systems — Windows, Linux, and now Mac. 

This milestone marks a major advancement in enterprise cybersecurity, addressing a critical gap in protection that has long left macOS users vulnerable. Arms Cyber’s solution brings this enhanced product offering with its existing Windows and Linux offerings — including preemption, blocking, and reporting capabilities specifically engineered to stop state-of-the-art ransomware threats. 

A Complete and Cost-Effective Solution 
With ransomware attacks on macOS systems rising sharply, Arms Cyber’s cross-platform protection fills a growing void for both enterprise IT leaders and individual users. Until now, organizations were often forced to focus their anti-ransomware efforts solely on Windows due to vendor limitations, leaving other systems exposed and at risk. 
This macOS support eliminates that exposure, offering a low-cost, unified solution that closes the gap across all enterprise endpoints. 

Market-Defining Differentiation 
Arms Cyber now stands alone in the cybersecurity space as the only company offering robust ransomware protection across Windows, Linux, and Mac platforms. While other anti-ransomware vendors provide partial support — typically detection-only on Linux and nothing on Mac — Arms Cyber delivers full-stack protection across all systems. 
This achievement places the company several years ahead of the competition in platform breadth and ransomware-specific defense capabilities. 

Solving the Real Problem: Platform Blind Spots 
With ransomware attackers increasingly shifting focus to under-protected systems like Linux and macOS, security teams face growing risks and rising costs from incident response and downtime. Arms Cyber’s complete coverage allows CISOs and IT leaders to: 

  • Minimize operational risk 
  • Streamline security investments 
  • Reduce the frequency and impact of ransomware events 

Leave a comment »

2,300 Domains Seized in Lumma Infostealer Disruption

Posted in Commentary with tags on May 21, 2025 by itnerd

Microsoft’s Digital Crimes Unit facilitated the takedown, suspension, and blocking of about 2,300 malicious domains that formed the infrastructure backbone of Lumma Stealer, an info-stealing malware used by hundreds of cyber threat actors to steal passwords, credit cards, bank accounts, and cryptocurrency wallets. Lumma Stealer has also enabled criminals to hold schools for ransom, empty bank accounts, and disrupt critical services.

Microsoft has a blog post on this here: https://blogs.microsoft.com/on-the-issues/2025/05/21/microsoft-leads-global-action-against-favored-cybercrime-tool/

Ensar Seker, CISO at SOCRadar, commented:

“The coordinated takedown of Lumma Stealer’s infrastructure marks a pivotal moment in combating the proliferation of Malware-as-a-Service (MaaS) platforms. Lumma Stealer, also known as LummaC2, has been a formidable tool in the cybercriminal arsenal, facilitating the theft of sensitive data including credentials, financial information, and cryptocurrency wallets from nearly 400,000 Windows systems globally between March and May 2025.

“This operation, led by Microsoft’s Digital Crimes Unit in collaboration with international law enforcement agencies, successfully seized over 2,300 domains integral to Lumma’s operations and dismantled its command-and-control infrastructure . Such actions not only disrupt the immediate threat but also send a clear message to cybercriminals about the increasing capabilities and resolve of global cybersecurity alliances. However, the resilience of such malware underscores the necessity for continuous vigilance. Lumma’s ability to adapt employing phishing, malvertising, and exploiting trusted platforms highlights the evolving tactics of threat actors.

“While this takedown is a commendable achievement, it also serves as a reminder of the persistent and evolving nature of cyber threats. Ongoing collaboration between private sector entities and international law enforcement is essential to stay ahead.”

Takedowns are nice. But sometimes they’re a game of “whack a mole” where the threat actors pop up someplace else. Which is why these sorts of efforts need to be ongoing and not a one time thing.

1 Comment »

Ivanti vulnerabilities being actively chained in the wild

Posted in Commentary with tags on May 21, 2025 by itnerd

Wiz researchers report that two recently patched Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities—CVE-2025-4427 and CVE-2025-4428—are being actively chained in the wild to achieve unauthenticated remote code execution (RCE). The first flaw is an authentication bypass stemming from misconfigured Spring framework routing, while the second involves unsafe handling of Java Expression Language in error messages, allowing arbitrary code execution. Although each vulnerability is individually rated medium severity, their combination creates a critical exploitation path. Attackers are deploying Sliver beacons to known malicious infrastructure also used against Palo Alto PAN-OS products, suggesting targeted, opportunistic exploitation across vulnerable platforms. Ivanti issued patches on May 13, but organizations not filtering access to the affected APIs remain at elevated risk.

Wade Ellery, Field CTO, Radiant Logic had this to say:

“This is a textbook example of how low-to-moderate vulnerabilities can escalate into high-impact breaches when chained together. It’s also a reminder that the complexity and interdependencies throughout today’s IT infrastructure creates almost continuous opportunities for attack.  Given these vulnerabilities it is even more critical that the last line of defense to a breach, the identity first security layer, be as fortified as possible. Identity observability provides a 360 degree view and active management of identity data attack vectors when proactively deployed and maintained.  As attackers continue to innovate, but without the ability to compromise account access their impact is severely blunted.”

This underscores the need to “patch all the things” the moment that patches for something become available as threat actors will simply do what’s illustrated here. Which isn’t good if you haven’t patched all your gear.

Leave a comment »

Today’s Outage Was Caused By A Bell Software Update

Posted in Commentary with tags on May 21, 2025 by itnerd

Well, today was an eventful day. After people in Ontario and Quebec lost Internet access just after 9AM EST, but got it back just after 10AM EST or later, there were questions as to what happened. To my surprise, Bell who seemed to bear the brunt of this outage actually admitted what happened on Twitter:

To be completely frank, I am shocked that Bell is being this transparent about what happened as I have never seen this level of detail from Bell before. Maybe they’re doing this to head off what happened to Rogers when they had that outage that pretty much took the entire country down a few years ago. Which is that there were a lot of inquiries, investigations and government interventions that must have made Rogers feel that they were having a proctology exam. Now to be clear, today’s outage wasn’t nearly as bad as the Rogers outage, but it was far from good. Hopefully Bell learns the lessons from this and doesn’t repeat history anytime soon if ever.

1 Comment »

Hyper Launches Unique Tool-Free Cable Lock Designed to Secure MacBook Pro Laptops

Posted in Commentary with tags on May 21, 2025 by itnerd

HYPER today announced the launch of its HyperShield® MacBook Pro Cable Lock, a tool-less cable lock designed exclusively for 14” and 16” MacBook Pro models.  

The HyperShield Cable Lock offers a simple, hassle-free installation process—attaching directly to the MacBook Pro’s air vent without any tools, adhesives, or screws needed, making it extremely functional and easy-to-use. Its sleek design combined with robust security features enable MacBook Pro users to protect their devices in shared workspaces or on the go. 

Smart Security for Professionals on the Go 

The HyperShield MacBook Pro Cable Lock introduces a new standard in device security by offering the following key features: 

  • Tool-less Design for MacBook Pro – Install in seconds by attaching the lock directly to the MacBook Pro air vent, preserving its minimalist aesthetic.
  • Full Port Accessibility – Unlike traditional locks, this innovative solution keeps all USB-C ports unobstructed, allowing users to charge their devices and connect peripherals effortlessly.
  • Durable Galvanized Steel Cable – The 6.5ft cut-resistant cable ensures reliable protection and secures the MacBook Pro to a variety of anchor points.
  • Lightweight, Portable Design – Compact enough to fit in a bag, the HyperShield lock is perfect for remote workers, professionals, and students on the move.
  • Peace of Mind with Secure Key Locking – Each lock comes with two keys, delivering an added layer of reassurance for users in busy, shared environments. The HyperShield Cable Lock is a versatile security solution, ideal for protecting your MacBook Pro in coffee shops, libraries, co-working spaces, offices, and even classrooms. It’s compatible with all M1, M2, M3, and M4 14” and 16” MacBook Pro models.
  • Tested Tough – A rigorous test of 2,500 lid open/close cycles—representing over two years of daily use—showed no visible impact on the MacBook Pro’s display or hinge, with the silicone sleeve preventing scratches and pressure marks.
    * Test results are based on internal testing under controlled conditions. Actual performance may vary.  

Security Solution for Remote Workers, Professionals, and Students 

The HyperShield Cable Lock caters to the needs of modern users who demand portability, security, and reliability, such as remote workers securing their workspace in a bustling coffee shop, professionals who need to protect data and devices in open offices, or students safeguarding their laptop on campus. 

Pricing and Availability 

The HyperShield MacBook Pro Cable Lock is now available for sale starting today at $59.99 on Hypershop.com and through select retailers. 

Leave a comment »

US Network Administrator Salary & Employment Study – How Much Does a Network Admin Make by State?

Posted in Commentary with tags on May 21, 2025 by itnerd

Today, Comparitech researchers released a study looking into the salary and employment statistics of network administrators across the US. 

Since a network administrator plays a crucial role in ensuring the smooth and efficient operation of an organization’s IT infrastructure, it is interesting to see that the number of people is set to decline by -3 percent in the next 10 years. 

Average US-wide changes include:

  • Average annual salary for network administrators increased by 0.6 percent from $100,580 (2023) to $101,190 (2024)
  • # of people in network administrators roles decreased by 0.3 percent from 322,500 (2023) to 321,580 (2024)
  • Employment per 1,000 people (the number of jobs in the given occupation per 1,000 jobs in the given area) decreased by over 8 percent from 2.22 (2022) to 2.04 (2024)
  • # of vacancies available decreased by 24.5 percent from 7,354 (2022) to 5,552 (2025)
  • 10-year growth projection for roles decreased from 3 percent for 2021-2031 to -3 percent for 2023-2033 (according to the latest BLS data)

For full details, including a breakdown of the differences of the network administration role across the United States, please see the study here: https://www.comparitech.com/net-admin/us-network-administrator-salary-employment-study/

Leave a comment »

BREAKING: Massive Outage Takes Out Numerous ISPs And Apps In Canada [UPDATE: Resolved]

Posted in Commentary with tags on May 21, 2025 by itnerd

About 45 minutes ago I started getting calls from numerous clients about not being able to get email or surf the Internet. On top of that my wife texted me to say that our Internet was out. I knew that wasn’t a good sign and a quick look at Down Detector confirmed what I was thinking:

Clearly numerous ISP’s including Rogers, Cogeco, Bell, Ebox, and Distributel have issues at the moment. On top of that, I note that Scotiabank is down as well. From what I can tell this outage covers the Greater Toronto Area and beyond. And clearly Bell and related companies are affect more than others. I’ll be keeping an eye on this as clearly this is very serious and wide spread.

UPDATE: This outage apparently covers Ontario and Quebec. So this is big.

UPDATE #2: This outage seems to be resolved as of roughly 10AM EST.

1 Comment »

« Older Entries
Newer Entries »