Guest Post – The browser blind spot: Hidden security risks behind employee web activity

Posted in Commentary with tags on May 7, 2025 by itnerd

From leaking sensitive corporate data to selling industry secrets — a cybersecurity expert outlines dangerous employee browser activity that can go undetected.

Enterprise reliance on browsers is growing, and so are the associated risks stemming from dangerous employee web behavior. According to a cybersecurity expert at NordLayer, a toggle-ready network security platform for business, some employee activity that may go undetected by security teams can result in confidential data and industry secrets leaks or violations of GDPR. 

Research has found that 80% of employees can complete 80% of their work tasks using the browser. While the shift to the browser can increase productivity and collaboration by speeding up processes, it’s also accompanied by risks.

“Companies are embracing web-based software as a service (SaaS) applications for various benefits, such as cost reduction and increased efficiency. However, due to increasing dependency, the browser is becoming a significant cybersecurity concern,” says Buinovskis. “Aside from attracting the attention of cybercriminals, it’s also become a hub for insider threats or employee error, which can result in devastating security breaches. The most concerning element is the lack of observability security teams might have into employee activity in the browser, creating an alarming blind spot.”

Can security teams see what employees are doing in the browser? 

According to Buinovskis, if employees use a traditional browser, security teams’ observability of what people do in the browser is existent yet limited. Solutions like ADR (automated detection and response) and XDR (extended detection and response) can incorporate TLS (transport layer security) inspection and provide extensive activity monitoring and securing capabilities. However, they require significant financial and human resources to implement and maintain. The hefty price tag might ward off small to medium-sized businesses from the investment, exposing them to browser-based threats. 

“Traditional browsers are not built with security and observability in mind — their primary target is to provide a user-friendly interface. These capabilities are more or less sufficient for personal use but are inadequate to safeguard a business,” says Buinovskis. “Even if a company has an extensive cybersecurity strategy and a large team of security experts at their disposal, the lack of built-in security and monitoring features in a traditional browser still leaves them vulnerable and more likely to experience a safety incident.” 

The most dangerous threats to look out for

According to Buinovskis, the most dangerous threats that can result from employee activity in the browser include:

  • Data exfiltration. Ill-intended employees can use the browser’s limited observability to steal confidential company information, such as industry secrets or client data stored on web-based apps, and share it through email or social media without being detected.
  • Install unauthorized browser extensions. Some of these extensions are malicious and prey on unsuspecting users to collect sensitive data, modify browser behavior, and create security vulnerabilities. If a company uses a traditional browser, it’s challenging to monitor and control which extensions employees can download and minimize the risk of them installing malicious add-ons. 
  • Engage with unauthorized browser-based applications (shadow IT). Not all web-based SaaS applications are safe to use — some might have significant security vulnerabilities, resulting in data leaks or compliance violations. Without proper monitoring, these applications can go undetected, expanding the scope of unmanaged apps (shadow IT).
  • Other insider threats. The traditional browser’s lack of observability and behavioral analytics makes it easier for malicious employees to fly under the radar and access sensitive data or converse with third parties. Depending on the scope, these actions can have dire consequences, such as industry secrets ending up in the hands of the competition. 

“To safeguard against browser-based threats, companies need to invest in building and maintaining a comprehensive cybersecurity strategy that would provide a higher level of observability into employees’ activity on the browser or opt for browsers with built-in monitoring and security features,” says Buinovskis. “However, it’s worth noting that even with comprehensive cybersecurity measures, monitoring browser usage across an organization remains challenging if it lacks built-in security features. This gap allows certain user activity to go undetected.”

Buinovskis highlights that cybersecurity awareness training for employees is also a worthwhile investment. It helps to minimize the possibility of user error, such as interacting with unauthorized apps or downloading malicious browser extensions.

ABOUT NORDLAYER

NordLayer provides toggle-ready, scalable, and seamless network security for businesses of all sizes. Built on the standard of NordVPN, the platform empowers distributed teams with secure connections that align with today’s compliance needs. As cyber threats become more sophisticated, NordLayer utilizes the ZTNA, SWG, and FWaaS frameworks, offering tailored security plans and layered solutions that simplify network protection and scale with a business. NordLayer is part of the cybersecurity powerhouse Nord Security. For more information: https://nordlayer.com/

Leave a comment »

New Recruitment Scams: 3 Threat Actors Exploit Government of Singapore, US Logistics Recruiter, Digital Development Agenc

Posted in Commentary with tags on May 7, 2025 by itnerd

Netcraft has observed a recent spike in recruitment scams, uncovering significant impact from three unique adversaries, each leveraging different tactics to target job seekers:

  • Threat Actor #1 impersonates employers in the tech vertical using advance fee fraud (AFF) tactics – Celadonsoft & SoftServ 
  • Threat Actor #2 impersonates a logistics recruitment agency using similar AFF tactics: localized scams focused on 18 geographies & 63,000 people targeted in the U.S. alone – Picked Well
  • Threat Actor #3 impersonates the Government of Singapore to steal victims’ personal identity number and Telegram account details 

You can find the blog now live at https://www.netcraft.com/blog/diving-into-the-talent-pool-threat-actors-target-job-seekers-with-complex-recruitment-scams/

Leave a comment »

The SafetyDetectives Takes A Look Women’s Safety Around the World

Posted in Commentary with tags on May 7, 2025 by itnerd

The research team at SafetyDetectives just updated one of their past studies, where they explore countries around the world to see which are the safest and most dangerous for women, in terms of the number of crimes committed against them and the laws protecting them.

Key findings at a glance:

  • On average, 80% of women are victims of sexual harassment at some point in their lifetimeFurthermore, 1/3 of women around the world have experienced physical and/or sexual violence
  • According to their research, the top most dangerous countries for women are South Africa and Sweden. On the other hand, the safest countries are considered to be Japan, Poland, Bosnia and Herzegovina.
  • Just in the United States data shows that, 50% of native women have reported being stalked while 56% have experienced sexual violence in their lifetime.
  • In the EU, 43% of women have endured psychologically abusing or controlling behavior from their partner.

Ultimately, violence against women is not a geographically isolated phenomenon; it’s a problem all over the world, even in places that are relatively safer than others. And even those of us who do feel safe have a moral responsibility to help those that do not, for any reason and at any time.
You can access their report here: https://www.safetydetectives.com/blog/womens-safety-research/

Leave a comment »

While AI makes writing code easier than ever, CodeAnt AI secures $2M to make it easy to review

Posted in Commentary with tags on May 7, 2025 by itnerd

AI might be great at helping engineers write code, but it’s creating a new problem – all that code still needs to be reviewed by humans. CodeAnt AI is stepping in with a solution that uses AI to tackle the review process itself, raising $2 million in seed funding to help engineering teams move faster without sacrificing quality or security.

The funding, CodeAnt AI’s first institutional round, values the company at $20 million. It will be used to expand the engineering and business development teams and to scale CodeAnt AI’s code quality and application security platform. For engineering teams already feeling the pressure to ship faster, the investment comes at the perfect time. 

The funding round was led by Y Combinator, VitalStage Ventures, and Uncorrelated Ventures, and with participation from DeVC, Transpose Platform, Entrepreneur First, and a number of marquee angel investors.

CodeAnt AI’s platform plugs right into GitHub, GitLab, Bitbucket, and Azure DevOps, giving developers instant feedback on their code across more than 30 programming languages. More impressively, it doesn’t just find problems – it suggests fixes that developers can apply with a single click, turning reviews that used to take hours into proactive quick, five-minute sessions. For companies racing to get products out the door, this means fewer delays and higher quality code. It also means cost savings – fixing problems during code reviews costs 10x less compared to fixing them later during CI/CD or after production deployments. 

The company was founded by Amartya Jha and Chinmay Bharti, who both saw the same problem from different angles. Jha worked on scaling infrastructure at Zeta and ShareChat, where he noticed how easily critical bugs slipped through when reviews weren’t thorough. Bharti, with a master’s specialising in AI from IIT Bombay, faced similar issues while building high-frequency trading software at Blu Analytics – where a single bug could have serious financial consequences. Together, they built CodeAnt AI and were accepted into Y Combinator.

What makes CodeAnt AI different is the technology under the hood. The company built  a proprietary language-agnostic AST engine that actually understands how different parts of a codebase connect, letting it spot issues that isolated code reviews would miss. The platform also pulls in data from major security databases and lets companies set up their own rules based on their specific needs. For security-conscious organizations, CodeAnt AI can run entirely within their own infrastructure, ensuring code never leaves their environment.

Pricing starts at $10 per developer per month for the basic AI code review features, with a full package including code quality, security, and compliance tools available for $40 per developer per month.

As AI continues to transform how code gets written, CodeAnt AI is positioning itself as the bridge to a future where code can be both rapidly created and confidently deployed. The founders envision a world where AI doesn’t just help developers write code faster, but also ensures that every line shipped to production is secure, efficient, and ready for the real world – giving engineering teams the confidence to move at the speed their businesses demand.

Leave a comment »

ServiceNow reimagines CRM for the AI era with single system of action that goesbeyond sales to drive end-to-end growth

Posted in Commentary with tags on May 6, 2025 by itnerd

Today, at ServiceNow’s annual customer and partner event, Knowledge 2025, ServiceNow unveiled the next milestone in its groundbreaking CRM designed to disrupt an industry long dominated by outdated, overbuilt systems. In a bold move to challenge the status quo, ServiceNow is bringing together data, AI, and workflows into a single system of action.

Customers can sell, fulfill, and service on a unified platform, built to deliver consistent, end-to end customer experiences. In addition, ServiceNow announced new AI agents for CRM that make true self-service a reality by completing tasks autonomously, reducing time spent swiveling between applications and customer requests. Using ServiceNow CRM, The Whole Group is delivering 40% faster time to value and unlocking dynamic, AI-powered business models for its customers. ServiceNow CRM is setting a new standard for advanced, seamless customer
experiences.

Traditional CRM serves as a system of record ending at the front office, putting customer acquisition and retention at risk, but ServiceNow CRM is built for an AI-first world, providing personalized and proactive experiences across the entire customer lifecycle. The ServiceNow AI Platform connects workflows across systems and departments, eliminating inefficient processes tied together by spreadsheets, shared inboxes, and human middleware.

ServiceNow CRM is growing at an impressive rate as customers demand a better way to connect sellers, agents, and field technicians all on the same unified platform. CRM is the company’s fastest-growing workflow business with cumulative annual contract value (CACV) of $1.4 billion, growing 30% year-over-year as of year-end 2024. The entire customer experience resides on a single platform supercharged with agentic AI capabilities, so businesses can deliver what customers want quickly, drive increased productivity, sell more and foster a whole new level of customer loyalty.

ServiceNow CRM partner The Whole Group has experienced the power of seamlessly connected data and AI-powered workflows that maximize revenue, profit and operational efficiency. The company has both accelerated time to value and decreased the cost of business model transformation by 40% when its customers leverage ServiceNow for CRM and build AI-powered customer journeys on the ServiceNow platform.

AI Agents power seamless, intelligent customer experiences

Today’s customers expect more than fast service—they expect personalized, proactive experiences that anticipate their needs and resolve issues without friction. New capabilities in ServiceNow CRM deliver intelligent solutions to help businesses shift from reactive customer service to proactive engagement and ensure consistent end-to-end service experiences across departments.

ServiceNow today unveiled CRM AI Agents, a suite of specialized AI agents that autonomously orchestrate and complete tasks across the entire customer lifecycle—from selling and fulfilling to servicing. Unlike traditional automation requiring predefined rules, these AI agents dynamically determine the best course of action by resolving inquiries instantly, routing complex cases with full context, and managing workflows across departments. These agents start with conversational interactions to capture customer requests, then seamlessly manage the entire fulfillment process, coordinating with live agents when human intervention is needed.

At ServiceNow, AI agents are already automating 37% of the company’s customer support case
workflows. By scaling live call center agents, they boost efficiency, accelerate resolutions, and
enhance customer engagement, enabling businesses to shift from reactive support to proactive,
autonomous AI-driven experiences.

The news follows a drum beat of innovation from the ServiceNow CRM and Industry Workflows business, an innovator in the customer service and support market since 2016. In March, ServiceNow signed a definitive agreement to acquire Logik.ai, an industry leader with a modern, AI-powered, and composable CPQ solution to expand ServiceNow’s growing CRM footprint and empower sales organizations to close deals faster, boost productivity levels, and achieve greater efficiency. ServiceNow’s recent Yokohama platform release also strengthened CRM capabilities like self-service commerce portals, turnkey CCaaS integrations, and AI agents designed specifically for CRM use cases.

By connecting AI, data, and workflows organization-wide on a single platform, ServiceNow is advancing in its CRM leadership to service, sell, and deliver, from first contact to resolution.

All features announced today are generally available and can be found in the ServiceNow Store.

Leave a comment »

SIOS Technology to Demonstrate High Availability Clustering Software for Mission-Critical Applications at Red Hat Summit, Milestone Technology Day and XPerience Day, and SQLBits 2025 

Posted in Commentary with tags on May 6, 2025 by itnerd

SIOS Technology Corp today announced it will demonstrate its high availability clustering software for business-critical applications at four leading technology events this spring. SIOS also announced that it is inviting all IT practitioners to participate in its newly launched 2025 HA/DR Practices Survey, designed to gather insights into current trends, challenges, and strategies for ensuring application uptime and data protection.

At each event, SIOS experts will demonstrate how SIOS LifeKeeper and DataKeeper software provide high availability and disaster recovery for critical applications like SQL Server, SAP, and Oracle. Attendees will learn how SIOS clustering software ensures application uptime, eliminates data loss, and simplifies HA/DR across physical, virtual, cloud, and hybrid environments.

SIOS clustering software enables IT teams to create highly available application environments without the need for shared storage. Through intelligent application monitoring, real-time data replication, and automated failover and recovery, SIOS ensures business continuity with minimal complexity and reduced cost. With support for Windows and Linux in any infrastructure, SIOS solutions are trusted by enterprises worldwide to protect mission-critical operations.

SIOS Launches Survey to Gather Insights on HA/DR Practices

As part of its commitment to advancing resilience strategies in the enterprise, SIOS is launching its 2025 HA/DR Practices Survey to collect insights into the challenges, priorities, and real-world strategies used by IT professionals to ensure application uptime and data protection. The results will be compiled into the SIOS 2025 State of High Availability and Disaster Recovery Report, providing valuable benchmarks for the industry.

All practitioners, including attendees of the Red Hat Summit, Milestone Technology Day, Milestone XPerience Day, and SQLBits, are invited to participate in the survey here.

Leave a comment »

Posted in Commentary on May 6, 2025 by itnerd

A threat group called “Venom Spider” is targeting hiring managers with spear-phishing emails. The group abuses legitimate messaging services and job platforms to apply for real jobs via fake malicious resumes that drop a backdoor called More_eggs. The backdoor can be used for a wide scope of malicious activities, from credential theft to stealing sensitive customer payment data, intellectual property or trade secrets.  

You read about this threat actor here.

Roger Grimes, data-driven defense evangelist at KnowBe4, commented:

“This is far from a new tactic, but is definitely getting more use by malicious hackers. It used to be that HR was very sparingly targeted, but now they have become a target of choice. When doing cybersecurity risk management, I’d put anyone in the HR hiring path, including recruiters, hiring managers, people who interview new recruits, etc., on the list of your highest risk employees, alongside the previously identified high-risk positions in IT, C-level employees, and accounts payable. HR, in general, has become a hotbed for scammers and malicious never-do-wells. We’ve got fake employees, fake employers, outgunned recruiters, and paid advertising by malicious hackers entering the hiring ecosystem in a way that has never been before. It’s nation-state level stuff, highly resourced, and coming for your company for sure!”

This is a pretty crafty attack. One that shows that this threat actor has sophistication and an endgame. That should put all of us on edge as it implies that they can pivot to another attack vector and likely be successful.

Leave a comment »

Texas school district notifies 47K students and staff of data breach that leaked SSNs, credit cards, and more

Posted in Commentary with tags on May 5, 2025 by itnerd

Alvin Independent School District over the weekend confirmed it notified 47,606 people about a June 2024 data breach that compromised the personal info including names, SSNs, credit and debit card numbers, financial account numbers, medical and health insurance info, and more. Ransomware gang Fog claimed responsibility for this attack in July 2024, but AISD has not yet verified this claim. 

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:

“Fog is a ransomware gang that first started claiming attacks on its website in July 2024. It has a history of targeting US schools but is not limited to them. In addition to encrypting files, Fog also steals data and targets development environments. Fog has claimed a total of 20 confirmed ransomware attacks, 12 of which were on educational institutions. Most recently, the gang attacked the University of Applied Sciences and Arts Northwestern in Switzerland. Fog claimed another 157 unconfirmed attacks that haven’t been acknowledged by the targeted organizations, 80 of which it claimed in 2025. However, the group stopped posting new victims in April.”

“In 2024, Comparitech researchers logged 79 confirmed ransomware attacks on US schools and colleges. Those attacks compromised 2,857,156 records and came with an average ransom demand of $827,000. In 2025 to date, we’ve tracked 15 confirmed ransomware attacks on US education, plus 36 unconfirmed claims.”

This incident highlights how vulnerable schools are. Which is why more time and effort needs to be put into defending them so that they stop being the easiest targets for threat actors. And the sooner that happens the better.

Leave a comment »

Saviynt Appoints Chillisoft as Strategic Distribution Partner

Posted in Commentary with tags on May 5, 2025 by itnerd

Saviynt today named Chillisoft, New Zealand’s premier cybersecurity software distributor, as its official distribution partner in the region. As a value-added distributor with a strong portfolio of enterprise security solutions and an established reseller network, Chillisoft brings a deep understanding of the local market and the evolving cybersecurity needs of businesses across New Zealand.

According to the National Cyber Security Centre (NCSC), New Zealand experienced a 58% increase in reported cyber incidents in Q3 2024, totaling 1,905 cases. Notably, phishing and credential harvesting attacks rose by 70%, while unauthorized access incidents nearly doubled, highlighting the escalating sophistication of cybercriminal activities. This strategic partnership marks a significant milestone in Saviynt’s expansion across the Asia-Pacific market, reinforcing its commitment to delivering next-generation identity security solutions at scale.

This new alliance enhances Saviynt’s ability to provide tailored support and training to partners in New Zealand, while empowering enterprises with modern, intelligent identity security solutions that drive compliance, agility, and operational efficiency.

To learn more about Saviynt’s Identity Cloud, please visit the website.

Leave a comment »

Surfshark launches privacy-oriented public DNS service

Posted in Commentary with tags on May 5, 2025 by itnerd

Surfshark, has announced that it is launching a public DNS (Domain Name System). Unlike the default DNS servers provided by ISPs (Internet Service Providers), which often track and record user activity, Surfshark’s new public DNS server ensures privacy by not logging browsing history, data transfers, or any other internet behavior. Surfshark DNS was created for privacy-conscious individuals and organizations, helping them to take the first step towards privacy and security by using this tool.

Many people rely on the default DNS provided by their ISP or other big companies, often overlooking the potential to enhance their browsing experience. A public DNS service hosted by a trustworthy entity would have a positive impact on privacy online and may even improve overall network performance. However, it’s important to note that UDP and TCP DNS queries are still sent over the internet in plaintext, making them susceptible to interception. To counter this, Surfshark’s DNS server supports secure DNS protocols such as DoT, DoH, and DoQ to keep browsing activity private.

What is a DNS server

DNS server works as a translator of domain names like bbc.com or thenewyorktimes.com, into IP (Internet Protocol) addresses that computers can understand. K. Kaciulis explained that it acts as the phonebook of the internet, ensuring users can access websites using easy-to-remember names instead of numerical IP addresses.

How does a DNS work

When a request is made to access any website on the browser, the DNS resolution process is initiated. During this step, the domain name entered into a browser is converted to the corresponding IP address required to locate the desired web resource. The initial DNS query is sent to a resolver, which first contacts a root server to get information about the correct top-level domain (TLD), such as .com or .org. This TLD data then helps direct the request to the server responsible for the specific domain.

Finally, it reaches the authoritative name server, which holds the exact IP address for the website. This address is then sent back so the site can be loaded.

Benefits of using Surfshark public DNS

ISPs may collect and log users’ DNS queries for user identification. They can also monitor DNS traffic, both passively and actively, and are capable of blocking specific hostnames when necessary. Additionally, user data can be used for targeted advertising or sold to third parties. Surfshark DNS server is different, it operates under a strict no-logs policy, which means no collection, storage, or sharing of browsing activity. 

Using a Surfshark DNS may lead to a positive improvement in overall network performance. Unlike default ISP DNS servers, which can become overloaded. Since the Surfshark public DNS infrastructure is spread out, it has a better understanding of geolocation, which can provide users with closer servers. As a result, it may reduce delays, connection drops, and improve overall browsing reliability.

I will be testing this and providing my feedback on how this works as I never use ISP provided DNS servers for speed, security and privacy reasons. Stay tuned for that.

Leave a comment »

« Older Entries
Newer Entries »