How Social Media Platforms Really Enforce Community Guideline

Posted in Commentary with tags on April 15, 2025 by itnerd

The research team at SafetyDetectives just wrapped up a really interesting study, where they compare the censorship and content moderation policies of major platforms and investigate whether they are actually effective or just security theater.

Key findings at a glance:

  • Censorship patterns for videos on major social media show that, profanity is the most censored type of content at 55.6%, followed by violence and conflict and sexual Abuse at 7%On the other hand, the less censored are Self-Harm and People’s Faces tied at 2.3%.
  • News outlets and credible informational accounts are sometimes subject to different moderation standards. On the other hand, comedic and entertainment posts still experienced strict regulations on profanity, even on news outlets.
  • Content depicting graphic violence is the most widely prohibited in platforms’ policies, with only Meta allowing it with conditions. While YouTube is the only one to impose a blanket prohibition on gory or distressing materials.
  • Content censorship appears to be more performative than functional and double standards are also apparentin other platforms whose owners haveclear political ties.

Considering their findings, they believe that individuals and organizations must practice careful scrutiny when consuming media or information on these platforms, given the seemingly one-sided implementation of policies on different social media sites.

You can access their report here: https://www.safetydetectives.com/blog/community-guidelines-comparison-research/

Leave a comment »

Hertz Has Been Pwned Via A Third Party Vulnerability

Posted in Commentary on April 15, 2025 by itnerd

Rental car company Hertz says it suffered a data breach, attributed to software maker Cleo, that included customers personal information and driver’s licenses. Hertz has put up a page on this which you can see here:

hertz.com/content/dam/hertz/global/resources/Notice_of_Data_Incident-United_States.pdf

Ensar Seker, CISO at SOCRadar had this comment:

The data breach impacting Hertz and its associated brands is a textbook example of how third-party vulnerabilities can cascade into massive data exposure, even for well-established enterprises. What makes this breach especially concerning is the type of data compromisednot just names and contact details, but driver’s licenses, payment card information, Social Security numbers, and even workers’ compensation claims. This is prime identity theft material, and unfortunately, once it’s leaked, there’s no putting the genie back in the bottle.

“The breach relates to a known vulnerability exploited by the Clop ransomware group in Cleo’s enterprise file transfer solution. Last year, Cleo was already on the radar for widespread exploitation by Russian-linked actors, yet many organizations were slow to identify and isolate exposure paths. This reinforces a painful truth: companies are only as secure as their most vulnerable vendor.

“Hertz may not have been directly compromised, but its vendor relationships introduced risk vectors that weren’t fully mitigated. This is a growing pattern across the ransomware landscape, where attackers target software supply chains to scale their reach and impact.

“For consumers, the aftermath is frustratingly familiar. A driver’s license or Social Security number cannot be ‘reset’ like a password. These data points are permanent identifiers, and once they are exposed, victims become vulnerable to synthetic identity fraud, targeted phishing, and even fraudulent claims or loans.

“This breach highlights the necessity for increased proactive vendor due diligence, enhanced threat intelligence sharing, and stronger regulatory pressure on third-party software providers to comply with contemporary security standards. The risks impact millions of individuals and the public’s trust in digital infrastructure.”

Javvad Malik, lead security awareness advocate at KnowBe4 follows with this:

Zero-day vulnerabilities are rare, but when they occur have a large impact. Even if Hertz had all their systems patched and up to date, it would have been difficult to protect against the Cleo zero day attack. Offering identity monitoring is all well and good, but it is very much a case of bolting the barn door once the horse has bolted. The real challenge lies in staying ahead of these evolving threats. Organizations need to shift their mindset from reactive to proactive. Defense in depth needs to be adequately configured so that even if one system is compromised through a zero day, the whole infrastructure doesn’t fall like a house of cards. Part of this is building a strong security culture, where security is embedded throughout the organization and not just limited to the security team. 

This is something that I will watch closely as my wife and I used Hertz when we were in France in 2023. Thus there is always the possibility that we’re impacted. Regardless, this is another example of you’re only as secure as the people your company works with. On top of that, why did it take so long for Hertz to report this? That’s a question that I would like answered sooner rather than later.

Leave a comment »

Guest Post: Fake PDF Converters Used to Deploy ArechClient2 Malware Warns CloudSEK

Posted in Commentary with tags on April 15, 2025 by itnerd

CloudSEK’s security researchers have uncovered a sophisticated malware campaign using fake PDF-to-DOCX conversion tools to infect unsuspecting users with a powerful information stealer. This comes just weeks after the FBI’s Denver office issued a public alert warning of malicious online file converters being leveraged to deliver malware.

The report reveals how cybercriminals have crafted deceptive websites, such as candyxpdf[.]com and candyconverterpdf[.]com, that meticulously mimic the legitimate pdfcandy.com service. 

These fraudulent platforms lure users into executing a malicious PowerShell command, initiating a complex infection chain that delivers malware capable of stealing sensitive data, including browser credentials, cryptocurrency wallets, and other personal information. 

A Sophisticated Blend of Deception and Technology

The campaign employs advanced social engineering to exploit users’ trust. Victims uploading a PDF for conversion encounter a fake processing animation, followed by an unexpected CAPTCHA prompt designed to enhance the site’s perceived legitimacy and rush users into action. This leads to instructions to run a PowerShell command, which triggers a redirection chain through domains like bind-new-connect[.]click, ultimately delivering a malicious “adobe.zip” payload. The archive contains “audiobit[.]exe,” which leverages legitimate Windows tools like MSBuild[.]exe to deploy Arechclient2. (Read Full Report, For More Information)

“This campaign highlights how cybercriminals exploit everyday digital tools. By combining psychological manipulation with technical sophistication, these attackers turn routine tasks like file conversion into opportunities for data theft. Our research aims to equip individuals and organizations with the knowledge to stay safe,” said Varun Ajmera, Threat Intelligence Researcher, CloudSEK.

The scale of this threat becomes clear when considering the popularity of the legitimate PDFCandy.com, which attracts approximately 2.8 million monthly visits. Notably, India represents the largest segment of its user base, accounting for 19.07% or roughly 533,960 monthly visitors. This substantial audience provides a vast pool of potential victims for the threat actors behind this malicious campaign. While the fraudulent sites, candyxpdf[.]com and candyconverterpdf[.]com, saw approximately 2,300 and 4,100 visits respectively in March 2025, these numbers demonstrate active exploitation of the impersonated service’s popularity.

How the Attack Works

  • Spoofed Websites: Domains like candyxpdf[.]com and candyconverterpdf[.]com imitate the real PDFCandy website.
     
  • Deceptive Flow: Fake file conversion followed by a CAPTCHA prompt creates trust and urgency.
     
  • Malware Trigger: Users are prompted to run a PowerShell command, leading to the download of a malicious ZIP file masquerading as a legitimate Adobe resource.
     
  • Payload Execution: The ZIP contains audiobit.exe, which executes via MSBuild.exe – a legitimate Windows utility weaponized to run ArechClient2(Read Full Report, For More Information)
     

CloudSEK’s technical analysis traced the malware delivery chain through multiple redirections, eventually landing on a known malicious domain (bind-new-connect[.]click) to deliver the payload. The attacker’s infrastructure, command chain, and payload hashes are included in the full report.

Wider Implications

This campaign demonstrates a growing trend where attackers prey on routine digital activities—like file conversion—to compromise systems. Given the increasing use of online converters in corporate and personal workflows, this type of attack has wide-ranging implications for cybersecurity hygiene.

Protecting Against the Threat

CloudSEK’s report provides actionable recommendations to safeguard individuals and organizations:

  • Stick to Trusted Tools: Use reputable file conversion services from official websites and avoid unverified “free” converters.
  • Strengthen Technical Defenses: Keep antivirus software updated, deploy endpoint detection and response (EDR) solutions, and use DNS filtering to block malicious domains.
  • Educate Users: Train employees to recognize red flags, such as suspicious URLs, unexpected CAPTCHAs, or prompts to run command-line instructions.
  • Incident Response: Isolate compromised devices, change passwords from a clean device, and report incidents to authorities promptly.
  • Offline Alternatives: Consider offline conversion tools to avoid uploading sensitive files to remote servers.


A Call to Vigilance

As online file converters remain a staple in digital workflows, this campaign underscores the need for heightened awareness. “As threat actors become more creative with their tactics, cybersecurity must evolve to prioritize behavior-based detection, user awareness, and zero-trust principles. Organizations should invest in robust endpoint security, DNS filtering, and employee training. Most importantly, we need to reduce reliance on unknown web-based tools and encourage the use of secure, offline alternatives for tasks like file conversion,” said Varun Ajmera, Threat Intelligence Researcher, CloudSEK.

About CloudSEK: CloudSEK is a contextual AI company that predicts Cyber Threats. Our Cloud SaaS platform constantly seeks security solutions for our customers’ digital risks.
To learn more about how CloudSEK can strengthen your external security posture and deliver value from Day One, visit https://cloudsek.com or drop a note to info@cloudsek.com. 

Leave a comment »

Arcitecta Named a Leader and Fast Mover in the 2025 GigaOm Radar Report for Unstructured Data Management

Posted in Commentary with tags on April 15, 2025 by itnerd

 Arcitecta, a creative and innovative data management software company, today announced it has been named a Leader and Fast Mover in the 2025 GigaOm Radar Report for Unstructured Data Management. The report recognized the innovation and leadership of the Arcitecta Mediaflux® data management platform, awarding it with “Exceptional” 5-star scores across crucial categories that included Metadata Analytics, Global Content Search, Workload Orchestration, Data Protection, Scalability, Flexibility, Performance and Manageability. These scores earned Arcitecta the top ratings for Key Features and Business Criteria, with the sole top average rating across business criteria comparisons (4.7 out of 5.0) and tying with IBM and Cohesity for the top average rating across key feature comparisons (each with 4.4 out of 5.0).

Unstructured data management has evolved from a storage-centric discipline into a strategic imperative for modern enterprises, requiring critical tools for transforming data repositories into actionable business assets, as noted in the GigaOm report. Organizations are facing exponential data growth – petabyte scale is the new normal. Without proper data acquisition and data management, the full value of all this data is often unrealized.

Arcitecta’s Mediaflux is an open platform with robust security and access controls, powered by hyperscale database technology and a simple API. It integrates data management, metadata curation and business policies into a single distributed solution, connecting business systems, compute infrastructure and data holdings.

The GigaOm report highlights the following key strengths that distinguish Arcitecta from its peers and fortify its position as a market leader:
 

  • Metadata Analytics: Arcitecta stands out with its sophisticated metadata analytics capabilities powered by its XODB database. This enables comprehensive data lifecycle management and empowers organizations to make informed decisions through real-time analysis and reporting.
     
  • Global Content Search: Arcitecta delivers exceptional performance with its implementation of a unified global namespace, facilitating efficient content search across distributed environments. With response times measured in milliseconds, even when handling billions of files, this feature ensures rapid and reliable data access.
     
  • Workload Orchestration: Arcitecta shines with its advanced orchestration capabilities, which effectively manage sequencing, storage allocation and computational resources throughout the data lifecycle. These features are complemented by robust error handling and recovery mechanisms, ensuring seamless operations.
     

The Mediaflux Difference

Mediaflux offers an advanced, comprehensive data management platform that can operate on a massive scale to help organizations better manage their data throughout its entire lifecycle. Its suite of solutions enables organizations to organize, search, share and preserve their data well into the future for lasting value and includes the following:
 

  • Mediaflux Real-Time. An ideal solution for growing file management, video, live sports, broadcast, experimentation and more. Arcitecta’s Mediaflux Real-Time provides nearly instant access to live data as it is being generated and delivers it to edge locations where it can be utilized. It supports real-time editing, removes workflow bottlenecks and enhances remote collaboration, enabling faster content delivery and seamless media management.
     
  • Mediaflux Point in Time. A revolutionary new backup and recovery approach that redefines data resilience at scale. Point in Time eliminates the cost and business impact of lost or corrupted data and provides self-service data recovery. It allows users or IT administrators to go back to any point in time to recover needed files – even in the event of a cyberattack where files have been encrypted. It provides a strong first line of defense against crypto locking with the ability to roll back ransomware attacks, enabling the complete and immediate recovery of data – a recovery time objective (RTO) of zero – and virtually no downtime with a recovery point objective (RPO) near zero, typically within milliseconds.  
     
  • Mediaflux Livewire. A file transfer software solution that leverages the power of metadata to optimize data movement via parallelized data transfers across latent networks and eliminate redundant file transfers. Livewire enables customers to transmit large amounts of data over very low-bandwidth and unreliable network connections. It allows customers with smaller networks, especially relative to the size of data they need to transmit, to easily keep large amounts of data synchronized between sites and transmit data in both directions, regardless of low network bandwidth and reliability.
     
  • Mediaflux Universal Data System. A convergence of data management, data orchestration, multi-protocol access, and storage in one platform. The system manages the entire data lifecycle, both on-premise and in the cloud, with globally distributed access. With Mediaflux Universal Data System, data- and research-intensive organizations can easily share data across locations while achieving massive scalability, high performance and dramatic cost savings.
     
  • Mediaflux Multi-SiteMediaflux Edge and Mediaflux Burst. These solutions enable users within geographically dispersed workforces to collaborate more efficiently, spend far less time waiting for data when needed and avoid unnecessary investments in compute resources when usage times peak. As part of Arcitecta’s evolving ecosystem of advanced data management capabilities, these solutions ensure data is moved to the right location for the right user at the right time, accelerating innovation, discoveries and business outcomes.

Leave a comment »

ConnectSecure Launches Google Workspace Assessments to Strengthen Cloud Security Posture for MSPs

Posted in Commentary on April 15, 2025 by itnerd

ConnectSecure today announced the launch of its new Google Workspace Assessments. This powerful new capability enhances ConnectSecure’s vulnerability platform by empowering MSPs to assess, detect, and mitigate risks within their clients’ Google Workspace environments. With this addition, ConnectSecure expands its cloud assessment capabilities beyond Microsoft 365, offering broader protection across key collaboration platforms.

As cloud adoption accelerates, the need for visibility and control over third-party platforms has never been greater. With the new Google Workspace Assessments, MSPs can now identify vulnerabilities, flag configuration issues, and generate client-facing reports — all within minutes. This offering is designed to proactively reduce risk across a suite of cloud applications, including Gmail, Google Drive, Google Meet and Calendar.

Key benefits of ConnectSecure’s Google Workspace Assessments include:

  • Immediate Deployment: Simple setup with fast results — run assessments in just minutes.
  • Client-Friendly Reports: Translate technical findings into clear, actionable insights for end users.
  • Risk Detection & Prioritization: Uncover and address risks across Gmail, Drive, Calendar and Meet.
  • Revenue Growth Opportunity: Equip MSPs to enhance service offerings and expand client trust through value-added cybersecurity services.

This new offering complements ConnectSecure’s broader mission: to deliver a single, unified platform for risk assessments across networks, endpoints, vulnerabilities, Microsoft 365 and now Google Workspace.

Leave a comment »

Review: TP-Link Archer GE800 BE19000

Posted in Products with tags on April 15, 2025 by itnerd

WiFi 7 is quickly becoming mainstream. I say that because all sorts of new WiFi 7 hardware options are coming onto the market every time I look around. Today’s example of this is the TP-Link Archer GE800 BE19000:

The first thing that came to mind when I saw this was that it looked like an Imperial Shuttle from Star Wars: Return Of The Jedi. But this shape does give it some party tricks for your enjoyment. Before I get to those, you get buttons on the front that do the following easily:

  • WPS button
  • Wi-Fi on/off
  • Game Acceleration. This accelerates game applications, game devices, mobile games, and the like with WTFast GPN.
  • Turning on/off the LED lights

I am going to assume that the antennas are in each “wing.” But that’s not all that’s in them.

There’s RGB lighting on the sides which you can tweak with via the TP-Link Tether app.

Not to mention that there’s RGB lighting on the bottom as well. Now I had to turn these off during my testing as my wife thought that it was beyond over the top and ordered me to disable all of it the second she saw it. So for those of you who have significant others, you might want to keep that in mind and proactively turn the RGB effects off.

Here’s the business end of the router. Besides a USB 3.0 port for a storage device like a hard drive, you get two 10 Gbps ports. One of them is a LAN port, the other is a combo WAN port which gives you the option of running an SFP+ module. So if you have fibre Internet and you don’t need to use an optical networking terminal like I do, you can plug the fibre cable straight into the router for maximum speed. Nice! There’s also four 2.5 Gbps LAN ports but one is a dedicated gaming port. Meaning that any device connected to this port will be automatically prioritized. Which in turn means that it will give you that extra millisecond or two to pwn n00bz.

With the looks and connectivity out of the way, let’s get to the WiFi part of this. This is what you get out of the box:

  • 4×4 2.4GHz BE: Up to 1376Mbps 
    (20/40MHz)
  • 4×4 5GHz BE: Up to 5760Mbps (20/40/80/160MHz)
  • 4×4 6GHz BE: Up to 11520Mbps (20/40/80/160/320MHz)

That’s not all. You can create an SSID (network name) for each of the three bands which allows you to support special use cases such as mine where I want all the bands separate to make sure that devices, especially IoT devices have no issues connecting. And on top of that you can create an MLO (multi link operation) SSID for your WiFi devices that support MLO. That was easily done through the TP-Link Tether app. But it also has a web interface that also gives you way more customization if you want to tinker with your router’s setup. I should also mention that this router supports TP-Link’s EasyMesh which allows you to add a compatible TP-Link router to create a mesh network should the need arise.

Set up is going to be easy for most using theTether app. By that I mean that if you have a straight forward Internet connection, you can be set up in under five minutes. But it took me about 20 due to the fact that my Internet connection isn’t straight forward as it uses PPPoE and a VLAN on top of that. Thus I had to spend some time figuring out how to set that up. But once it was set up, and I did a firmware update, I was ready to go with my testing.

Let’s start with 5 Ghz testing. Frankly I wasn’t impressed when I tested this router with my iPhone 14 Pro:

I’ve gotten much faster 5 Ghz speeds with other routers in the past. But my lack of enthusiasm quickly changed when I tested the 6 Ghz band via my M2 Pro Mac mini. When I did that, here’s what I got:

My Internet connection is a symmetrical 1 Gbps fibre connection. So over WiFi it not only came close to maxing out my Internet connection, but it also recorded the fastest speeds from a router that I have ever tested. Or put another way, if I had a faster Internet connection, This TP-Link router has the headroom to support it. Impressive. And range wasn’t an issue as I was getting insanely fast speeds through walls and even outside my condo in the hallway.

Gripes? Well for starters, this router has a fan to keep things cool. Which it needs as I could feel the heat coming out the various vents that the router has. Now I had to really make things quiet to come close to hearing the hum it made. And to be clear that hum wasn’t objectionable. But I have to wonder if that fan will survive the test of time as any moving part in any device will eventually fail at some point. My advice is to make sure it’s in an open space so that heat and the potential of a fan failure less of a potential issue.

My other gripe is that features like Security+ which makes your router more secure by implementing features like intrusion detection and prevention as well as scanning your web traffic for harmful content such as malware, as well as parental controls are paid subscription services. That’s a bit of a #fail and I say that because ASUS for example just tosses these features into the cost of the router. While that does make ASUS routers more expensive than the TP-Link equivalent, at least you those features out of the gate and don’t have to sign up for yet another subscription to get those features. Plus it makes users more secure in the process as users will simply turn on those features rather than think about taking out their credit cards in order to be as secure as possible.

The TP-Link Archer GE800 BE19000 is currently $900 on Amazon.ca which is a good price for a router that performs this well. If TP-Link added the security and parental control features as part of the price, or increased the price of the router to include those features by a reasonable amount, it in my mind would go from a great router, to an almost perfect router as I really didn’t find any flaws with it. That makes this router worth a look if you are a gamer, or you have an Internet connection that can fully leverage it.

Leave a comment »

Help your mom level up her health tracking this Mother’s Day with Samsung AI-powered smartphones and wearables

Posted in Commentary with tags on April 14, 2025 by itnerd

Tracking your health is no easy feat, especially for the busy mom who’s always on the go. This Mother’s Day, help your mom take their health tracking to the next level with Samsung AI-powered smartphones and wearables that support their routines, passions, and overall wellbeing. Whether she’s tracking her wellness goals, capturing precious family moments, or just needs a device that can keep up, Samsung has a smart gift to match. 

Here are four standout picks to consider for your Mother’s Day coverage: 

  • Wellness That Fits Her Life – The Samsung Galaxy Ring (Starting at $549.99 CAD): 

Minimal, powerful, and designed for 24/7 wear, the Samsung Galaxy Ring is the newest way to stay connected to health. Paired with the Samsung Health app, it delivers deep insights through features like Sleep Tracking and Cycle Tracking such as sleep quality, heart rate, and stress. It’s wellness support that moves with her. 

  • Built for Multi-Tasking Moms – Galaxy Tab S10 FE (Starting at $699.99 CAD): 

Whether she’s streaming her favorite series, managing the family calendar, or sketching out ideas with the included S Pen, the Galaxy Tab S10 FE makes it all seamless. A vibrant display, long battery life, and smooth app performance help her do more—comfortably, from anywhere. 

  • Celebrate Her with the Best – Galaxy S25 Series (Starting at $1,198.99 CAD): 

The Galaxy S25 is more than a smartphone—it’s a daily companion that supports balance, connection, and self-care. With innovative Galaxy AI and intuitive tools like the Now Bar and Now Brief, everyday tasks feel effortless. Built-in Samsung Health features like Energy Score and Sleep Tracking make it easy to track sleep, stress, and steps, while the pro-grade camera captures every mindful moment in stunning detail. It’s AI-powered wellness, seamless connectivity, and elevated style—all in one device. 

  • Personalized Health, powered by AI – Galaxy Watch7 (Starting at $519.99 CAD): 

Whether she’s training for a 10K or just wants better sleep, the Galaxy Watch7 gives her tailored, real-time insights through the Samsung Health app. With advanced sensor tech and AI-powered health tracking, it’s the ultimate sidekick for movement, mindfulness, and motivation—right on her wrist. 

Leave a comment »

Kidney Dialysis Provider DaVita Reports Ransomware Attack

Posted in Commentary with tags on April 14, 2025 by itnerd

Today, kidney dialysis provider DaVita disclosed that it was hit with a ransomware attack that encrypted certain elements of its network.

Erich Kron, security awareness advocate at KnowBe4, commented:

“Ransomware attacks such as this against healthcare facilities can cause significant issues for current and past patients. While the release does not currently mention a theft of data, it is extremely common for that to occur alongside the encryption component. This means patients should keep an eye open for future notifications from DaVita related to their data being breached or for unusual credit transactions being attempted. Ransomware groups often plan these attacks to fall over weekends or during holiday times with the hope that response times by the victim organization will be slower than during the week. Since many people are less easily contacted over the weekends, or may be unavailable, this slowdown in response can allow the attackers to steal and encrypt more data, which gives them more leverage in ransom negotiations than they might be able to take advantage of during the work week.

“When these attacks occur in medical facilities, it can lead to significant issues for patients of the organization. Not only can services be canceled or delayed, with the usual computerized systems offline, there is an increased chance of human error being introduced into the processes, especially if the employees are not used to working with the manual methods that organizations often must fall back to during a ransomware event. 

“Organizations that might be subject to ransomware events such as this should ensure they have a robust human risk management program in place, good backups that have been tested, and data loss prevention controls deployed to limit the amount of, or completely stop, the exfiltration of data. In addition, organizations should have a plan in place to deal with emergencies that happen after hours or during holidays and weekends, and the plan should be tested on a regular basis.

This might sound familiar, but healthcare is one of those sectors that really requires a cash infusion to stop this sort of thing from happening. And I will keep saying that until this is addressed because this is getting out of hand.

Leave a comment »

Tax Day and the Seasonal Urgency that Cybercriminals Love to Exploit

Posted in Commentary with tags on April 14, 2025 by itnerd

With Tax Day just one day away and people rushing to file their tax returns, cybersecurity experts are warning of the increased risk that comes with this time. 

Cybercriminals are quick to exploit seasonal events — and tax season is no exception. It’s a yearly honeypot for cybercriminals, who take advantage of heightened stress, tight deadlines, and sensitive financial data.

The KnowBe4 Threat Labs has published a threat alert finding a spike in tax-related phishing scams this spring. 

The full alert can be read here: https://blog.knowbe4.com/beware-tax-trap-seasonal-urgency-drives-spike-in-tax-related-phishing

According to the alert, the researchers observed a 27.9% increased in phishing attacks in March 2025 compared with the previous month. Across both the US and the EU, many of these phishing attacks contained financially-themed payloads. 

In particular, they identified a sharp spike in tax-related phishing activity on March 14, 2025, with 16% of all phishing emails processed that day containing the word “tax” in the subject line. Interestingly, only 4.3% of these tax-themed phishing emails were sent from free email services.

Nearly half of all identified attacks (48.8%) originated from compromised business email accounts, while 7.8% leveraged the legitimate QuickBooks service, as observed in previous incidents. 

In this alert, the KnowBe4 Threat Labs dives into several different tactics that cybercriminals are employing including embedded QR codes, polymorphic subject lines, and lookalike email domains, as well as what organizations can do to respond to this heightened threat. 

Additionally, Chris Hauk, Consumer Privacy Champion at Pixel Privacy has provided the following commentary on the subject of tax season/tax day. 

“U.S. taxpayers need to stay alert for scammers that tell you to “pay now or else.” IRS agents do want to make you pay, but they will usually work with taxpayers and work out a reasonable payment schedule to pay their tax debt. Tax scammers posing as IRS agents may also threaten victims with arrest or deportation if they don’t immediately receive a “tax payment.””

“Make sure you use a reputable tax accountant to do your taxes. Don’t take “tax advice” from anyone on social media. In many cases, videos on social media try to convince viewers that they know of loopholes that can be used to avoid paying taxes, or misinform viewers about the number of exemptions they can claim.”

Stay safe out there.

Leave a comment »

Organizations Fix Less Than Half of All Exploitable Vulnerabilities, with Just 21% of GenAI App Flaws Resolved

Posted in Commentary with tags on April 14, 2025 by itnerd

Cobalt today announced its seventh annual State of Pentesting Report 2025, revealing that organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of genAI app flaws being resolved. 

The Cobalt State of Pentesting Report aims to explore the landscape of vulnerabilities organizations battle today and identifies how security leaders’ understanding of their security posture can be contradicted by the number of unremediated threats in their organization. Based on an analysis of pentests carried out by Cobalt, combined with the results of surveyed security leaders, Cobalt found crucial discrepancies exist between how “safe” security leaders believe their organizations are versus the reality. 

Key findings include:

  • Over-confidence: 81% of security leaders are “confident” in their firm’s security posture, despite 31% of the serious findings discovered having not been resolved.
  • Too many findings left unresolved: Overall, firms are remediating just 48% of all pentest results, however, this number significantly improves (69%) for findings labeled serious (vulnerabilities rated high and critical severity). 
  • GenAI vulnerabilities are most vulnerable: Organizations are particularly struggling with vulnerabilities within their genAI Large Language Model (LLM) web apps. Most (95%) firms have performed pentesting on these apps in the last year with a third (32%) of tests finding vulnerabilities warranting a serious rating.
    • Of those findings, a mere 21% of vulnerabilities were fixed, with risks including prompt injection, model manipulation, and data leakage.
    • 72% ranked AI attacks as their number one concern–ahead of risks associated with third-party software, exploited vulnerabilities, insider threats, and nation state actors. 
    • Only 64% say they are “well equipped to address all security implications of genAI.”
  • Speed over security: More than half of security leaders (52%) say they are getting pressure to support speed at the cost of security.
  • Lack in software security assurance: Just half (50%) fully trust that they can identify and prevent a vulnerability from their software suppliers–a particular concern given that 82% are required by customers/regulators to provide software security assurance.

Methodology

The report analyzes two different datasets. The majority of analysis is based on data collected during Cobalt pentests. This is supplemented by insights collected via a survey by a third-party research firm, Emerald Research. All penetration testing data analyzed in this report was collected through Cobalt pentests. This spans more than 2,700 organizations. Metadata from these pentests was exported from the Cobalt Offensive Security Platform, sanitized to remove client-identifying and other sensitive details, and provided to Cyentia Institute for independent analysis. 

Leave a comment »

« Older Entries
Newer Entries »