Tax Day and the Seasonal Urgency that Cybercriminals Love to Exploit

Posted in Commentary with tags on April 14, 2025 by itnerd

With Tax Day just one day away and people rushing to file their tax returns, cybersecurity experts are warning of the increased risk that comes with this time. 

Cybercriminals are quick to exploit seasonal events — and tax season is no exception. It’s a yearly honeypot for cybercriminals, who take advantage of heightened stress, tight deadlines, and sensitive financial data.

The KnowBe4 Threat Labs has published a threat alert finding a spike in tax-related phishing scams this spring. 

The full alert can be read here: https://blog.knowbe4.com/beware-tax-trap-seasonal-urgency-drives-spike-in-tax-related-phishing

According to the alert, the researchers observed a 27.9% increased in phishing attacks in March 2025 compared with the previous month. Across both the US and the EU, many of these phishing attacks contained financially-themed payloads. 

In particular, they identified a sharp spike in tax-related phishing activity on March 14, 2025, with 16% of all phishing emails processed that day containing the word “tax” in the subject line. Interestingly, only 4.3% of these tax-themed phishing emails were sent from free email services.

Nearly half of all identified attacks (48.8%) originated from compromised business email accounts, while 7.8% leveraged the legitimate QuickBooks service, as observed in previous incidents. 

In this alert, the KnowBe4 Threat Labs dives into several different tactics that cybercriminals are employing including embedded QR codes, polymorphic subject lines, and lookalike email domains, as well as what organizations can do to respond to this heightened threat. 

Additionally, Chris Hauk, Consumer Privacy Champion at Pixel Privacy has provided the following commentary on the subject of tax season/tax day. 

“U.S. taxpayers need to stay alert for scammers that tell you to “pay now or else.” IRS agents do want to make you pay, but they will usually work with taxpayers and work out a reasonable payment schedule to pay their tax debt. Tax scammers posing as IRS agents may also threaten victims with arrest or deportation if they don’t immediately receive a “tax payment.””

“Make sure you use a reputable tax accountant to do your taxes. Don’t take “tax advice” from anyone on social media. In many cases, videos on social media try to convince viewers that they know of loopholes that can be used to avoid paying taxes, or misinform viewers about the number of exemptions they can claim.”

Stay safe out there.

Leave a comment »

Organizations Fix Less Than Half of All Exploitable Vulnerabilities, with Just 21% of GenAI App Flaws Resolved

Posted in Commentary with tags on April 14, 2025 by itnerd

Cobalt today announced its seventh annual State of Pentesting Report 2025, revealing that organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of genAI app flaws being resolved. 

The Cobalt State of Pentesting Report aims to explore the landscape of vulnerabilities organizations battle today and identifies how security leaders’ understanding of their security posture can be contradicted by the number of unremediated threats in their organization. Based on an analysis of pentests carried out by Cobalt, combined with the results of surveyed security leaders, Cobalt found crucial discrepancies exist between how “safe” security leaders believe their organizations are versus the reality. 

Key findings include:

  • Over-confidence: 81% of security leaders are “confident” in their firm’s security posture, despite 31% of the serious findings discovered having not been resolved.
  • Too many findings left unresolved: Overall, firms are remediating just 48% of all pentest results, however, this number significantly improves (69%) for findings labeled serious (vulnerabilities rated high and critical severity). 
  • GenAI vulnerabilities are most vulnerable: Organizations are particularly struggling with vulnerabilities within their genAI Large Language Model (LLM) web apps. Most (95%) firms have performed pentesting on these apps in the last year with a third (32%) of tests finding vulnerabilities warranting a serious rating.
    • Of those findings, a mere 21% of vulnerabilities were fixed, with risks including prompt injection, model manipulation, and data leakage.
    • 72% ranked AI attacks as their number one concern–ahead of risks associated with third-party software, exploited vulnerabilities, insider threats, and nation state actors. 
    • Only 64% say they are “well equipped to address all security implications of genAI.”
  • Speed over security: More than half of security leaders (52%) say they are getting pressure to support speed at the cost of security.
  • Lack in software security assurance: Just half (50%) fully trust that they can identify and prevent a vulnerability from their software suppliers–a particular concern given that 82% are required by customers/regulators to provide software security assurance.

Methodology

The report analyzes two different datasets. The majority of analysis is based on data collected during Cobalt pentests. This is supplemented by insights collected via a survey by a third-party research firm, Emerald Research. All penetration testing data analyzed in this report was collected through Cobalt pentests. This spans more than 2,700 organizations. Metadata from these pentests was exported from the Cobalt Offensive Security Platform, sanitized to remove client-identifying and other sensitive details, and provided to Cyentia Institute for independent analysis. 

Leave a comment »

Millions of UK Healthcare Workers’ Records Exposed in Data Breach

Posted in Commentary with tags on April 14, 2025 by itnerd

vpnMentor just published a report about a major data breach discovered by cybersecurity researcher, Jeremiah Fowler, exposing nearly 8 million records contained in over 1TB of data and including UK healthcare workers’ passports, driver’s licenses, background checks, national insurance numbers, employment documents and some more.

You can find the full report here: https://www.vpnmentor.com/news/report-logezy-breach/

Leave a comment »

Guest Post – Windows 10 EOL: A danger for enterprises, the golden ticket for infostealers

Posted in Commentary with tags on April 14, 2025 by itnerd

Enterprises are dragging their feet with migrating to Windows 11, leaving millions of devices exposed to more effective infostealer attacks

Windows 10 will reach end of life on October 14, 2025, creating a critical security inflection point for businesses delaying migration to Windows 11. Findings from NordStellar, a threat exposure management platform, reveal that 59% of systems affected by infostealers in December 2024 still run Windows 10 — putting a large pool of machines at greater risk of effective attacks as the operating system eventually ceases to receive technical support.

“The number of systems affected by infostealers closely mirror the overall operational system market share — Windows 10 has been heavily targeted for years due to its popularity. However,  it will have an even bigger target on its back in the wake of its end of life, which will eventually create new vulnerabilities,” says Vakaris Noreika, a cybersecurity expert at NordStellar. “Once an operational system reaches this deadline, it no longer receives any security updates, vulnerability patches, or support from the software creator. These vulnerabilities are widely known and often exploited — infostealers can be coded to target these weaknesses more efficiently, resulting in more effective attacks against outdated systems.”

Businesses aren’t migrating fast enough

Market share data and NordStellar findings on systems affected by infostealers reveal that the Windows 11 adoption rate has been increasing since November 2024. Noreika points out that despite the growing numbers, the adoption rate is still too low at this point, meaning many enterprises are still at risk.

“Migrating to a new operational system takes time — based on the current adoption rate, we estimate that approximately 30-40% of systems may still be running Windows 10 when it reaches end of life in October, creating a substantial attack surface for cybercriminals,” says Noreika. “We saw a similar pattern of delayed migration with Windows 7. Six months until the operational system’s end of life, it held a 23% market share. When the deadline finally arrived in July 2020, its market share dropped by just 3%, lowering its dominance to 20%.”

Noreika says that almost five years later, Windows 7 holds a 2% market share and is still being targeted by infostealers, which successfully exploit the operational system’s vulnerabilities to compromise user devices and steal data.

The hefty hidden price of delayed migration 

According to Noreika, infostealers are just the tip of the iceberg regarding threats emerging from outdated operational systems vulnerabilities. Malware and new data exfiltration and exploitation techniques are some of the concerns enterprises should bear in mind if they’re still dragging their feet to migrate to Windows 11. 

“Considering just how many enterprises might still be running Windows 10 after its end of life, there’s a high possibility that we’ll see a growth in various cybersecurity incidents if businesses continue to delay migration. Outdated operational system vulnerabilities will act as a helping hand in increasing the effectiveness of cyberattacks that can result in data leaks. Taking into account the financial and reputational losses that come with a data breach, delaying migration can be a decision that eventually costs the company millions of dollars and their client’s trust, which will take years to regain,” Noreika says. 

Aside from accelerating migration efforts, Noreika highlights investing into cybersecurity awareness training for employees, building a comprehensive cybersecurity strategy, and keeping a close eye on the company’s attack surface and the dark web for potential data leaks as the key components in safeguarding the enterprise from cyberattacks. 

ABOUT NORDSTELLAR

NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.

Leave a comment »

Review: Samsung Galaxy S25 Ultra

Posted in Products with tags on April 14, 2025 by itnerd

I’ll get right to the point. The Samsung Galaxy S25 Ultra is the best phone money can buy right now. And you’ll need less money to score one as of last week when Samsung cut the price. Let’s start with the design of the phone itself.

It’s a flat sided phone just like every phone seems to be these days. The thing is, that it felt really comfortable to hold in my hand, and didn’t have any sharp edges that I could feel. And despite being a big phone, it didn’t feel big. The screen also has really thin bezels as well as being bright, clear and fluid. So far I have zero complaints.

The back is where things get interesting. The Galaxy S25 Ultra features a 200MP main camera, a 50MP ultra-wide lens, and two telephoto lenses (50MP with 5x optical zoom and 10MP with 3x optical zoom), along with a 12MP front camera. And these cameras are top shelf. Let me show you three photos. Starting with a 12 MP photo:

Followed by a 200 MP photo:

Both of these photos really look good and detailed. Let’s try something different. As in a photo where I did a semi – macro shot to get this picture:

There is some blur, but it’s pretty decent. How about zoomed in photos?

It’s a weird place to see a pair football cleats, but this photo is pretty clear. Here’s a lower light shot.

Again, there’s nothing to complain about when it comes to this photo. Let’s move over to video. Here’s a 4K HDR video for you to look at:

Followed by an 8K video:

Both videos look good. But I have to say that the 4K video looks sharper than the 8K video. Likely because the 8K video is shot at 30 fps which is what the max that this phone will do at this resolution. But I seriously don’t think you’ll complain.

I usually don’t do speed tests because they are kind of meaningless at this point. Phones in general are pretty fast these days with iPhones tending to be at the top of the food chain. But the S25 Ultra isn’t too shabby putting in a Geekbench single-core score of 2,099 and a multi-core score of 8,103 from the Snapdragon 8 Elite processor. As for all the AI stuff that the phone comes with, let me boil it down to this:

  • The now brief that gives you an overview of your day wasn’t useful to me.
  • Gemini was pretty good as it allowed for conversational AI that was useful to me. Plus I can use the camera to identify objects. That’s something that I did use a few times with good results. It also goes without saying that this destroys Apple Intelligence without trying too hard.

Let’s move over to some complaints if you want to call them that. I’ll start with battery life. This phone can make it through the day. But just barely. I suspect that it has to do with the fact that it has a 5000 mAh battery and the Snapdragon 8 Elite processor isn’t exactly power friendly. A bigger battery to take you late into the night would have been welcome. Then there’s the S Pen. Some have complained that because Bluetooth support in the S Pen is gone, that hobbles the S Pen. I disagree because in my week and a bit that I used the S25 Ultra, I never used the S Pen once. So I have to wonder should it even be there in the first place as I didn’t really encounter a situation where I needed to use it. Comment below and share your thoughts on that if you are an S Pen fan.

Finally, there’s the price. The starting price of the S25 Ultra is normally $1,918 with 256GB of storage. That is pretty pricey, but after last week’s price cut, I am guessing that this will spur sales. Which means that if you want an S25 Ultra, now would be a good time to get one. It has a great set of cameras, it has decent battery life, AI features that are useful, and a build that is top shelf. You honestly can’t go wrong with this phone.

Leave a comment »

Price Drop Alert: Galaxy S25 Ultra Now Available at a Reduced Price

Posted in Commentary with tags on April 11, 2025 by itnerd

Samsung has just announced a limited-time price drop on its flagship Galaxy S25 Ultra, known for its 200MP industry-leading camera system, all-day battery life, and sleek design. For a limited time, the device will be available for 35% offmaking it more accessible than ever for users looking to upgrade. 

With consumer interest in affordable premium devices on the rise, this move is part of Samsung’s broader push to make cutting-edge technology more accessible. 

The Galaxy S25 Ultra also pairs nicely with the Galaxy Tab S10 FE and Galaxy Book5 Pro in case someone wants to be “matchy matchy.”

1 Comment »

Lee University notifies 137K people of data breach compromising SSNs 

Posted in Commentary with tags on April 11, 2025 by itnerd

Lee University in TN this week confirmed it notified 136,928 people of a March 2024 data breach that compromised the following personal info: names, Social Security numbers, government-issued ID numbers (e.g. driver’s license, passport), financial info including credit and debit card numbers, and medical info. 

Ransomware gang Medusa in April 2024 claimed responsibility for the breach, saying it stole nearly 388 GB of data from the school. Medusa demanded $1 million in ransom.

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote: 

“Medusa is a ransomware gang that first surfaced in September 2019. It debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay both to decrypt their systems and for not selling or publishing stolen data.”

“In 2024, Medusa claimed responsibility for 66 confirmed ransomware attacks affecting 2.4 million records. Its average ransom demand is $590,000. This attack on Lee University is Medusa’s second largest to date by number of records compromised, following the 1.8 million records impacted in the group’s attack on Summit Pathology.”

“Ransomware attacks are a growing threat to schools and colleges worldwide. They take down key systems, shut schools for days on end, and prevent teachers from accessing lesson plans and student data. Schools must either pay a ransom or face extended downtime, data loss, and putting students and staff at increased risk of fraud.”

Schools along with hospitals are easy targets for ransomware gangs. What needs to happen is that these sectors need to get the funding that will allow them to better defend themselves. The problem is that this funding isn’t coming. So you’ll be seeing me write stories about organizations in these sectors getting pwned until that changes.

Leave a comment »

US lab testing provider exposed health data of 1.6 million people

Posted in Commentary with tags on April 11, 2025 by itnerd

A US lab testing provider, Laboratory Services Cooperative, yesterday confirmed the exposure of 1.6 million people from its systems in an October 2024 attack. Data exposed in this breach includes names, SSNs, license numbers, diagnoses, lab results, treatments, insurance details, billing details and more. 

Oops.

Ensar Seker, CISO at SOCRadar had this to say:

“The data breach at Laboratory Services Cooperative (LSC), affecting 1.6 million individuals, is one of the most significant healthcare sector incidents we’ve seen this year. Not just in terms of scale, but in terms of sensitivity and impact. LSC’s role as a centralized lab service provider to organizations like Planned Parenthood and others across more than 35 states makes this not just a health data incident, but a targeted attack on reproductive healthcare infrastructure.”

“What makes this breach especially damaging is the breadth of data exposed. We’re talking about a full-spectrum compromise. Personally identifiable information (PII), medical diagnoses and treatments, lab results, financial data, and even government-issued IDs like passports and Social Security numbers. This creates a perfect storm for identity theft, medical fraud, and social engineering attacks.”

“Unfortunately, the healthcare sector continues to be a prime target for threat actors because the data is both extremely valuable on the black market and difficult to change. You can cancel a credit card but you can’t cancel your diagnosis, your birth date, or your lab history.”

“From a threat intelligence perspective, we’re already seeing evidence that threat actors are prioritizing healthcare organizations not just for financial gain, but to cause disruption, especially in politically sensitive areas like reproductive health. This makes it even more urgent for medical organizations and their partners to move beyond basic compliance and adopt a threat-informed, zero-trust security model.”

“This breach is a painful reminder that cybersecurity is patient safety, especially in sectors handling deeply personal and politically sensitive information.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech adds this: 

“Cyber attacks against healthcare providers like this are very common and very costly. They are usually ransomware attacks. Hospitals and other providers can’t afford downtime, which makes them more likely to pay a ransom to quickly restore operations. Downtime is often more costly than paying a ransom, and ransomware gangs know this.”

“If an organization refuses to pay the ransom, it could face extended downtime, data loss, and putting data subjects at increased risk of fraud. From 2018 to 2024, we tracked 654 confirmed ransomware attacks on US healthcare organizations. The resulting downtime costs an estimated $1.9 million per day per organization on average, with an average downtime of 17 days.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy follows with this:

“Customers who may have had their data exposed in the LSC breach will need to stay alert for phishing attempts, new accounts being opened under their name, calls claiming to be bill collectors, and more. Affected parties should take advantage of any credit monitoring services that may be offered by LSC.”

This is normally the part where I would say that this situation is unacceptable and that they need to be hauled in front the relevant authorities to face the music. But unfortunately, given what is going on in the US at the moment, the latter half of that is likely not going to happen no matter how unacceptable this is. Which is going to be a huge problem as companies won’t be “incentivized” to do better to avoid any sort of meaningful punishment.

UPDATE: Erich Kron, security awareness advocate at KnowBe4, commented:

“While the focus on breaches such as this are often around the personal information that was stolen and could be used to steal an identity, the other data often included can be used to create social engineering attacks that could be very damaging.

If an attacker knows a specific time and place where an individual was, or has information about a specific procedure that was performed, it can be easy for them to pretend that they are associated with the hospital, insurance company, or other organization related to the procedure and demand payment for services. For example, a bad actor could contact a victim, referencing the procedure, and saying that part of that procedure was not covered, and that the person needed to pay them now or be turned over to collections. The complex and expensive process of modern healthcare procedures can make an approach such as this very believable.

It is critical that people impacted by a breach, such as this, are quickly informed of the data loss and are aware of the threats they now face. Victims of the breach should be very cautious of any organization that contacts them and references information that could have been included in this breach.”

Leave a comment »

Storm-2372: Russian APT Using Device Code Phishing in Advanced Attacks

Posted in Commentary with tags on April 11, 2025 by itnerd

SOCRadar this week released research diving a new cyber campaign by Storm-2372, a Russian state-backed group which has recently been exploiting device code phishing to bypass MFA and infiltrate high value targets such as government, defense, healthcare, and financial institutions across the US, UK, and more. 

In this blog, the researchers outline what device code phishing is, how it works, who is being targeted, key indicators of compromise, as well as mitigation strategies. 

For full details, the research can be read here: https://socradar.io/storm-2372-russian-apt-using-device-code-phishing-in-advanced-attacks/

Leave a comment »

The Biggest Corporate Scams of the Last 25 Years

Posted in Commentary with tags on April 10, 2025 by itnerd

The research team at vpnMentor, explored the most notorious corporate scams of the last 25 years, which includes names like Lehman Brothers, FTX, Boeing, PayPal, Google AdSense, and examine who fell, who endured, and who managed to profit despite their wrongdoing.

Key findings at a glance:

  • Over a quarter (29.3%) of the companies involved in big corporate scandals belong to the Finance and Banking sector.
  • The majority of the analyzed companies (70.7%) faced some reputational and financial damage but continued operations after the scandal.
  • 85% of the publicly traded companies that continued operations had their lowest stock price as a direct result of the scandal coming to light.
  • PayPal, Google, and JPMorgan Chase seemingly faced no significant repercussions for their unethical actions, continuing to make large profits when the scandals broke out.

Ultimately, these scandals serve as reminders of the importance of transparency, accountability, and ethical leadership in business. They underscore that while some may profit in the short term, the long-term costs of dishonesty often outweigh any gains.

You can access this report here: https://www.vpnmentor.com/blog/biggest-company-scams-research/

Leave a comment »

« Older Entries
Newer Entries »