iOS app meant for privacy exposes private texts and more

Posted in Commentary with tags on April 24, 2025 by itnerd

The Cybernews research team has uncovered a severe data leak affecting a popular iOS app, Second Phone Number, which has been downloaded nearly 4 million times – over 3 million in the US alone. Marketed as a solution for “private calls and texts,” the app has instead exposed exactly what it promises to protect.

In our latest investigation, we found that a misconfigured Firebase instance has been leaking user messages, media as well as sender and recipient details.

This leak opens the door to identity theft, blackmail, and fraud. Some users employed the app for business or dating. Others sought anonymity for deeply personal reasons. In either case, their data is now vulnerable to cybercriminals who can scrape Firebase in real-time for new data.

Here’s why this story matters:

  • It’s a systemic problem. This discovery is part of the large-scale research of 156,000 iOS apps. We found that 71% leak at least one sensitive secret.
  • Users trust the App Store. Apple’s ecosystem is perceived as safe. This story challenges that perception.
  • The implications are serious. Leaked messages could be used to impersonate, harass, or blackmail users. Developers could lose access to paid services due to leaked API keys.

Despite multiple outreach attempts, the app’s creators have not secured the database. This is an ongoing and active leak – users are still at risk.

Please find the full report here

Leave a comment »

EDR Killers: What They Are, Why They Matter, and How Organizations Can Stay Protected 

Posted in Commentary with tags on April 24, 2025 by itnerd

ESET is warning organizations to stay alert as “EDR killers” – tools designed to disable Endpoint Detection and Response (EDR) solutions- grow more accessible and more widely used by ransomware affiliates. While not a new threat, these tools are becoming easier to deploy, making them relevant for enterprises and mid-sized organizations alike. 

An EDR killer works by disabling or impairing EDR agents on compromised machines, blinding defenders and paving the way for attackers to move stealthily and deliver malicious payloads. These tools are typically deployed after initial access has already been achieved, a process that itself should set off multiple alarms in a well-defended environment. 

Once used only by highly skilled threat actors, EDR killers are now distributed by ransomware-as-a-service (RaaS) operators like RansomHub, lowering the technical bar for attackers. Variants range from basic script-based tools to more advanced versions that exploit vulnerable drivers or repurpose legitimate software, like rootkit removal tools, to disable security systems. 

Despite these developments, ESET stresses that EDR killers aren’t cause for panic, but they are a reminder of the importance of strong, layered security. Organizations with solid defences, good detection practices, and well-trained staff remain in a strong position to detect and disrupt these tools before they cause severe damage. 

ESET recommends the following best practices to reduce exposure: 

  • Use a hardened, updated EDR solution: Leading tools already detect many known EDR killer behaviours. 
  • Restrict user permissions: Prevent users without admin rights from modifying or disabling security controls. 
  • Monitor for suspicious downloads and file transfers: Watch for scripts, drivers, or tools commonly used in these attacks. 
  • Block Potentially Unsafe Applications (PUSA): Review app control policies to minimize exposure to misused software. 
  • Invest in staff training: Phishing awareness and safe file handling are still your first line of defence. 

The rise of EDR killers reflects an evolving cybercrime landscape, where increasingly advanced tools are being commercialized and shared. As attackers adapt their tactics, defenders must do the same. A resilient, multi-layered approach, backed by regular reviews and user education, remains the best strategy for staying ahead. 

ESET continues to track the development of EDR killer tools and their use in real-world attacks. For further insights and technical analysis, visit ESET’s threat research blog, WeLiveSecurity

Leave a comment »

Digital Dexterity Crisis Threatens to Derail AI Transformation

Posted in Commentary with tags on April 24, 2025 by itnerd

Nexthink today announced new research exploring the challenges IT leaders face in preparing for the next wave of AI-driven digital transformation. Most IT leaders (92%) believe this new era of digital transformation will increase digital friction and less than half (47%) of employees have the requisite digital dexterity to adapt to technological changes. A further 88% expect workers to be daunted by new technologies such as Generative AI.

The Science of Productivity: AI, Adoption, And Employee Experience report details the findings of a survey of 1,100 global IT decision makers, with 95% of IT leaders saying the upcoming wave of AI-powered digital transformation will be the most impactful and intensive seen thus far. 

But with IT spend set to reach $5.61 trillion in 2025, and $644 billion on Generative AI alone, it is clear that solving digital friction and improving the employee experience must become a priority, or risk undermining the impact of investments. Yet despite this, 42% of IT leaders admit they struggle to put exact monetary value on AI investments, while 93% want to improve their ability to identify underperforming investments. 

The pace of change is relentless

IT leaders anticipate a 43% rise in the volume of applications being used over the next three years. In fact, 66% report that their organization rolls out a new application, tool, or platform every month. But this rapid expansion is stretching IT teams to breaking point, with 69% admitting there are too many users in the organization for IT to provide adequate adoption support for everyone. Without proper guidance, application rollouts suffer, leading to lower productivity (61%), reduced collaboration (51%), increased IT support tickets (46%), and higher employee dissatisfaction (46%).

To keep up with this accelerating change, IT leaders are clear on the need to improve digital dexterity across the workforce. 96% want to enhance their ability to accurately identify users’ digital friction, which would significantly strengthen digital transformation efforts. With AI reshaping the way people work, 96% say they need to enhance digital adoption support to help employees adapt to AI, with 95% highlighting that tailored digital employee experience (DEX) insights are more essential than ever. The impact of improving digital dexterity is clear: faster adoption of new tools (46%), higher productivity (38%), and enhanced innovation (37%).

To read the full report or to find out more about the new era of AI-powered digital transformation, click here.

Leave a comment »

Wallarm Unveils Findings from Q1 2025 API Threat Report, Uncovering Evolving API Threats Across Multiple Industries

Posted in Commentary with tags on April 24, 2025 by itnerd

Wallarm today announced the findings of The Rise of Agentic AI, the API ThreatStats report for Q1 2025. The report found that evolving API threats are fueled by the rise of agentic AI systems, growing complexity in cloud-native infrastructure, and a surge in software supply chain risks, and uncovered patterns and actionable insights to help organizations prioritize risks and harden their defenses.

While APIs are central to all Agentic workflows, cybersecurity standards such as CVE and CISA KEV are trailing indicators of API and overall security risks presented by Agentic AI. In order to gain insights into current and future trends, Wallarm researchers took a deep dive into GitHub security issues for Agentic repositories. Of the approximate 4,700 security issues analyzed in Agentic AI projects, they found that half were API-related (49%), underscoring the inseparability of agent and API security.

The report also analyzed API breaches that occurred in Q1 2025. No industry was immune, as highlighted by breaches impacting organizations such as Oracle Cloud, DeepSeek, CommonCrawl, Volkswagen, National Health Service (NHS) UK, Microsoft, BeyondTrust, and OmniGPT.

Key findings include:

  • Nearly half of all security issues in Agentic AI repositories (49%) are API-related and over 1,000 issues remain unaddressed.
  • 22% of reported security issues remain open, with some lingering for 1,200-plus days, highlighting a critical gap between vulnerability discovery and remediation.
  • The top five API breaches span cloud, AI, automotive, and healthcare, underscoring industry-wide concerns and urgent relevance to cybersecurity worldwide.
  • With 60% of top vulnerabilities found to be access control-related, access control remains prevalent across APIs.

APIs are not just part of the attack surface — they are the attack surface. From legacy system exposures to AI-native risks, attackers are increasingly targeting APIs as both the entry point and objective. In order to protect themselves from these threats, organizations need to take proactive measures to ensure existing threat models account for the current environment and prioritize API security by updating API threat models and security workflows, creating Agentic AI security strategies, implementing real-time monitoring of API traffic, and updating both threat intelligence and API discovery methodology.

To download the full Q1 2025 API Threat Report, visit http://www.wallarm.com/press-releases/wallarm-unveils-findings-from-q1-2025-api-threat-report-uncovering-evolving-api-threats-across-multiple-industries

Leave a comment »

Saviynt Hires Identity Veteran Roger Hsu to Accelerate Asia Growth

Posted in Commentary with tags on April 23, 2025 by itnerd

Saviynt has appointed Roger Hsu as Regional Vice President (RVP), Asia. The move signals the company’s deepening investment and accelerated growth in the region.

Hsu joins Saviynt following a successful tenure at SailPoint, bringing over two decades of cybersecurity and identity management expertise. He will lead Saviynt’s go-to-market strategy across Asia, with a strong focus on helping enterprises secure digital identities in an increasingly complex threat landscape.

The urgency for modern identity governance has never been greater. According to IBM’s 2024 Cost of a Data Breach Report, Asia-Pacific remains the most-targeted region globally, with compromised credentials and misconfigured identity systems among the leading causes of breaches.

Saviynt has steadily grown its presence in Asia, working with Fortune 500 companies and regional enterprises across financial services, healthcare, manufacturing, and critical infrastructure. The company is making strategic investments in local talent, partnerships, and region-specific solutions to meet soaring demand for intelligent identity governance.

The appointment of Hsu signals Saviynt’s continued commitment to Asia as a strategic growth market and its vision to redefine identity security for the modern enterprise.

To learn more about Saviynt’s Identity Cloud, please visit the website.

Leave a comment »

Blue Shield of CA Leaked PHI of 4.7 Million Members to Google…. WTF??

Posted in Commentary with tags on April 23, 2025 by itnerd

News is out that Blue Shield of California leaked the health data of 4.7 million members to Google. And upon reading this, my jaw hit the ground:

Blue Shield said it used Google Analytics to track how its customers used its websites, but a misconfiguration had allowed for personal and health information to be collected as well, such as the search terms that patients used on its website to find healthcare providers.

The insurance giant said Google “may have used this data to conduct focused ad campaigns back to those individual members.” 

Blue Shield said the collected data also included insurance plan names, types and group numbers, along with personal information such as patients’ city, zip code, gender and family size. Details of Blue Shield-assigned member account numbers, claim service dates and service providers, patient names and patients’ financial responsibility were also shared. 

Per a legally required disclosure with the U.S. government’s health department, Blue Shield of California said it is notifying 4.7 million individuals affected by the breach. The breach is thought to affect the majority of its customers; Blue Shield had 4.5 million members as of 2022.

Ensar Seker, CISO at SOCRadar:

“In this case, the unintentional exposure of protected health information (PHI) from 4.7 million members to Google’s analytics and advertising platforms raises serious questions about how healthcare providers manage third-party tracking technologies.”

“This isn’t just a technical misstep. It’s a HIPAA compliance failure. PHI should never be sent to platforms like Google Ads or Analytics, especially without explicit patient consent and proper business associate agreements (BAAs) in place. When you consider the type of data potentially exposed (names, IP addresses, search terms, and in some cases sensitive health-related activity) the privacy implications are significant. Such data can be used to infer medical conditions, insurance status, or treatment history, and that creates a risk not just of identity theft, but of discrimination, stigma, and profiling.”

“What’s particularly troubling is the duration of exposure. nearly three years before it was identified and addressed. That suggests a systemic gap in data flow visibility, audit logging, and vendor oversight. Many healthcare organizations unknowingly introduce risk through website trackers, pixel tags, and marketing scripts. tools that are standard in e-commerce, but dangerously misapplied in regulated environments like healthcare.”

“At the end of the day, this incident wasn’t about a hacker breaking in, it was about data leaking out due to weak controls. And that’s often the more dangerous, and more preventable, type of breach.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech

“Victims should be on the lookout for insurance fraud. Check your hospital bills and prescriptions for any unfamiliar charges that could indicate someone else is using your insurance to get drugs or other care in your name.”

“Patients might have seen ads targeted at them based on confidential information in Blue Shield’s database.” 

“The wildest part about this is that it happened over nearly three years. Luckily, it doesn’t seem like cybercriminals took advantage. The only unauthorized third party that saw the leaked data was Google, according to the disclosure. It doesn’t seem like Google shared identifiable info with any of its advertisers or publishers on Google Ads.”

This is firmly within the realm of WTF. I simply cannot believe that something like this happened as you would never happen. But in this case, it did. And normally I would say that there needs to be an investigation by the relevant government authorities and making sure that those who are responsible for this monumental screw up are punished. But given the times that the US are living in, I am going to guess that this won’t happen.

UPDATE: Jim Routh, Chief Trust Officer at Saviynt provided the following comments:

“The industry is likely to see similar types of data breaches going forward. Google has invested in and implemented highly sophisticated data models (Google Analytics) to harvest user online behavioral information (what products are consumed) along with individual attributes, which is then packaged for advertising platforms. The settings for Google Analytics and similar platforms need to be configured and reviewed by the healthcare insurance provider (Blue Shield of California) and other enterprises sharing consumer information. 

“The good news is that this data did not include SSNs and other sensitive information, but the bad news is it was health-specific information for consumers that should not be shared. The notification of this incident comes several months after it was identified (February 11, 2025).”

Leave a comment »

Fraudsters Abuse Google Forms via Phishing to Steal Logins

Posted in Commentary with tags , , on April 23, 2025 by itnerd

According to researchers, fraudsters are abusing Google Forms via phishing campaigns that steal email logins. You can read more here: https://www.welivesecurity.com/en/scams/how-fraudsters-abuse-google-forms-spread-scams/

Here’s the TL:DR:

Malicious actors are always looking for ways to add legitimacy to scams and evade email security filters. Google Forms offers a great opportunity to do both. It is favored by cybercriminals because it is:

  • Free, meaning threat actors can launch campaigns at scale with a potentially lucrative return on their investment
  • Trusted by users, which increases the chances of victims believing that the Google Form they’re being sent or redirected to is legitimate
  • A legitimate service, meaning that malicious Google Forms and links to malicious forms are often waved through by traditional email security tools
  • Easy to use, which is good for users but also handy for cybercriminals – meaning they can launch convincing phishing campaigns with very little effort or prior knowledge of the tool
  • Cybercriminals also take advantage of the fact that Google Forms communications are encrypted with TLS, which may make it harder for security tools to peer in and check for any malicious activity. Similarly, the solution often uses dynamic URLs, which may make it challenging for some email security filters to spot malicious forms.

Roger Grimes, data-driven defense evangelist at KnowBe4, commented:

“All public services like Google Forms, need to be better at defeating phishing attempts that use their product. I think most people can easily come up with a dozen signs that they can easily see in a message that indicates a scam. These services need to be doing more to fight cybercriminals using their products to conduct scams. Because they don’t, it causes trust issues and lessens the value of those products. Each of these services will tell you that they are already spending a bazillion dollars and lots of resources to fight scammers, but they simply aren’t doing enough. They are letting the revenue they are making by being bad at spotting cybercriminals get in the way of them better detecting and spotting scammers. It’s a business decision. One that isn’t being made correctly by many service providers and it’s unfortunate.”

This isn’t the first time that I’ve seen Google Forms used for nefarious purposes. And to Google’s credit, when I’ve reported a dodgy form, they’ve been quick to take it down. But it often pops up again in hours or days. I am not sure how Google addresses this, but they do need to address it.

Leave a comment »

RESEARCH: Mandatory SIM-Card Laws Across the Globe

Posted in Commentary with tags on April 23, 2025 by itnerd

Comparitech today released research looking at worldwide laws regarding SIM-card registration.

According to the report, the majority of national governments (over 160) require mandatory SIM-card registration. Users must register their real name and personal details to sign up for a phone service. Just over 35 countries also require biometrics, e.g., your fingerprints or a facial scan. More countries are in the process of adding biometric requirements, or they have some requirements but not for everyone (e.g., tourists only).

Key findings Include:

  • 6 countries have enforced mandatory SIM-card registration or increased restrictions in the last few years– Brunei Darussalam, Burkina Faso, Cyprus, Lithuania, Maldives, and Serbia. Among these, Brunei Darussalam requests users re-register their SIMs, while Burkina Faso and the Maldives have placed limits on the number of SIM cards available to customers (two and ten per person, respectively).
  • Cambodia and Thailand introduced a mandatory IMEI database, bringing the total number of countries with one of these to 24.
  • Mauritius was the only country that retracted its SIM-card registration requirement. The Council of Ministers approved the decision on December 27, 2024, replacing the 2023 SIM registration rules with fresh 2024 regulations. Mobile operators must now delete all previously stored photos as well.
  • In contrast, several countries introduced or strengthened their biometric identification measures, including Argentina, Eswatini (Swaziland), India, Laos, and Mauritania. Mozambique’s new requirements come into effect at the end of the year.
  • What to watch: Russia is tightening its biometric registration measures. From the start of this year, any foreigners buying SIM cards in Russia will have to provide their biometrics.

The full research can be read here: https://www.comparitech.com/blog/vpn-privacy/sim-card-registration-laws/

Leave a comment »

Xbox App Now Available on LG Smart TVs

Posted in Commentary with tags on April 23, 2025 by itnerd

Today, Xbox announced the launch of the Xbox app on LG Smart TVs, furthering our mission to bring more games to more devices through Xbox Cloud Gaming (Beta). The Xbox app will be available on LG TV’s running the latest webOS 24 and newer – including 2022 OLED TVs, and select 2023 LG Smart TVs, and newer models, along with smart monitors running webOS 24 or later versions in over 25 countries. Now, players can instantly access hundreds of games directly from the Xbox app, including AvowedSouth of Midnight, and upcoming games like Towerborne as part of their Xbox Game Pass Ultimate membership. Game Pass Ultimate members can also stream select cloud-playable games they own, even if they are not included with Game Pass Ultimate. You can find the full list with over 100 supported titles in the Stream Your Own Game collection here.   

By adding the Xbox app to LG TVs, players can experience the benefits of Xbox Cloud Gaming (Beta), such as sending invite links to join cloud gaming sessionsseamlessly switch between games, and having mouse & keyboard support for select games through Cloud gaming. Additionally, game developers are continuing to utilize Xbox Play Anywhere as developers releasing games on Xbox have embraced Xbox Play Anywhere for their games. 

With Mother’s Day, graduation and Father’s Day around the corner, this is the perfect time to celebrate with the family and play Xbox on your LG Smart TV with the whole family. Xbox is continuing its efforts to ensure players can play anywhere by partnering with LG, bringing more ways to play Xbox. 

For more information about Xbox Cloud Gaming on LG Smart TVs, please visit today’s Xbox Wire blog post here.  

Leave a comment »

Marks and Spencer Pwned In A Cyberattack

Posted in Commentary with tags on April 23, 2025 by itnerd

Marks and Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations. As it stands the only way to buy something from the company is with cash. And if you ordered something, you may not be able to collect it.

Javvad Malik, Lead Security Awareness Advocate at KnowBe4 commented:

“The recent cybersecurity incident at Marks & Spencer serves as a reminder of the interdependencies in modern retail operations. The disruption to Click and Collect services and contactless payments underscores how any technical issue can have far-reaching consequences across an entire organization.”

“M&S’s prompt communication and engagement with the ICO demonstrate a commendable level of transparency and regulatory compliance. However, the event also reveals potential gaps in cyber resilience and crisis management strategies.”

“The key lesson here is the importance of cultivating a positive and strong security culture throughout the organization. Cybersecurity can no longer be siloed within IT departments; it must be integrated into every aspect of business operations and decision-making processes.”

“Moving forward, organizations must prioritize the development of a security-first mindset at all levels, from the boardroom to the retail store.”

Whenever M&S recovers from this, I hope that they take the required steps to make sure that this sort of event cannot happen again. Because as bad as this is, it could easily have been way worse.

1 Comment »

« Older Entries
Newer Entries »