Appdome Brings Mobile Account Protection to the New Frontline of Account Takeovers and On-Device Fraud

Posted in Commentary with tags on April 3, 2025 by itnerd

Appdome today announced it is strengthening its Account Takeover Protection suite with 32 new AI-Native dynamic defense plugins that provide Mobile Account Protection to the new frontline of Account Takeovers (ATOs) and On-Device Fraud (ODF). The new plugins are designed to help mobile brands and businesses maintain trust in the mobile experience and combat increasingly sophisticated malware that targets user identity, account creation, and transactions in mCommerce and other applications. Like all Appdome AI-Native defenses, each of the 32 new dynamic defense plugins for Mobile Account Protection is available by choice using the Appdome Platform without the need to integrate code, perform manual coding, implement SDKs, or deploy servers.

The growing complexity of mobile applications, including Super Apps, the sophistication of threats, including those that leverage AI and AI-Agents, as well as the proliferation of on-device malware, have greatly lowered the barrier for attackers to carry out Account Takeovers in mobile businesses.  Further, new tools and techniques are emerging to capture or exploit mobile identities and account data at the point of user entry, download, processing and/or choice in a mobile app. Traditional fraud detection and prevention products don’t safeguard these critical functions in the mobile application. Instead, these point products look for ATOs after the fact, often looking for the same attack vectors as other security and bot defense products to distinguish and mitigate fraud. Appdome’s Mobile Account Protection is designed to go beyond legacy security, anti-fraud and bot detection methods and protect the critical identity and account functions from deep inside the execution layer of the mobile application. If a threat is detected, Appdome’s AI-Native Mobile Account Protection plugins can either defend the user automatically or notify the application (or application backend) when fraudsters and other attackers try to compromise these functions. The result is proactive, pre-emptive defense to stop fraud and ATOs before they are successful.

The 32 new AI-Native Mobile Account Protection plugins for the Appdome Platform fall into three mobile defense categories:

  • Appdome Trusted Execution Environment (TEE). This series of plugins allows Android & iOS applications to use a segmented and secure execution environment to create, store, and retrieve critical account, identity and transaction data within Android and iOS applications. Within Appdome’s TEE, Appdome protects the application memory, state, workers, activities, notifications, IPCs, APIs, and CPCs, performs session management, and provides a dedicated secrets manager for the application to use.
  • Dynamic Memory Protection: Attackers are increasingly targeting the mobile application memory to harvest account credentials, alter critical account information, or manipulate account values such as in program or loyalty abuse. Appdome provides a series of new plugins designed to detect when attackers attempt to access or dump the application memory, manipulate application values in memory, or harvest sensitive data and keys stored in an application’s memory with memory editing tools.
  • Identity Theft Prevention: Appdome’s new Mobile Account Protection suite now includes plugins designed to protect mobile application users from identity theft, including SIM swaps, overlay attacks, fake screens, key logging, tap hijacking, clipboard hijacks and more.

Combined, Appdome’s Mobile Account Protection suite ensures mobile accounts and critical account data in Android and iOS applications is secure and exploit-proof, adding a layer of fraud detection and prevention deep in the execution layer of a mobile app. This level of protection against ATOs and ODF has never existed in the mobile economy before Appdome.

The new plugins combine the power of choice-driven defense in depth, and no-code, no SDK delivery with innovative on-device detection, defense, and intelligence options to satisfy any implementation objective. All Appdome Mobile Application Protection Plugins are available with Appdome’s Threat-Events™ Intelligence and Control Framework and Appdome ThreatScope™ Threat Analytics service. Threat-Events allows mobile brands to gather data on each attack, control the user experience and create beautiful on-brand mobile experiences when attacks happen. Mobile brands can use Threat-Events to create unique workflows and user messages leveraging the power of their brand voice when threats are present. Mobile brands can track and monitor ATO attacks via Appdome’s ThreatScope™, either before or after the deployment of Mobile Account Protection features.

Learn more about Appdome’s Mobile Account Protection.

Leave a comment »

Inc Ransomware Gang Claims Responsibility For Texas State Bar Data Breach

Posted in Commentary with tags on April 3, 2025 by itnerd

The State Bar of Texas this week confirmed it notified 2,700 Texans about a January 2025 data breach that compromised names, SSNs, financial account info including account numbers, credit and debit card numbers, driver’s licenses or other government-issued ID, medical info, and health insurance info. 

The Ransomware gang Inc claimed responsibility for the attack but the State Bar of Texas has not verified Inc’s claim.

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote: 

“Inc is a ransomware gang that emerged in July 2023 and targets a wide range of victims in healthcare, education, and government. Its methods involve spear phishing and exploiting known vulnerabilities in software.”

“Inc has claimed responsibility for 86 confirmed ransomware attacks, plus another 280 unconfirmed claims that haven’t been acknowledged by the targeted organizations. In 2025, Inc claimed seven confirmed attacks and 61 unconfirmed.”

“Ransomware attacks on US government agencies and departments can lock down computer and steal data. Those organizations are then forced to either pay a ransom or face extended downtime, data loss, and putting data subjects at increased risk of fraud. Comparitech resea

Honestly, this is a problem that is simply getting worse and not better. That’s not a good place as the focus should be to put gangs like Inc out of business which makes the world a whole lot safer.

UPDATE: Roger Grimes, data-driven defense evangelist at KnowBe4, commented:

“If I was impacted by the breach and I’m still with the organization, I would want to know how it happened and that they are taking steps to make sure it doesn’t happen, at least the same way, again. Most ransomware attacks occur because of social engineering, and after that, unpatched software or firmware. Was that how it happened? Do they know? Because if you don’t know how it happened, you can’t assure me you’ve taken steps to make sure it can’t happen again.”

Leave a comment »

DuploCloud Wins Two Silver Globee Awards for Cybersecurity Excellence

Posted in Commentary with tags on April 3, 2025 by itnerd

DuploCloud has been named a Silver Winner in two categories at the 21st Annual 2025 Globee® Awards for Cybersecurity: Hot Cybersecurity Company of the Year and SaaS Security Solutions.

The Globee® Awards for Cybersecurity honor organizations that demonstrate excellence in risk management, threat detection, cloud security, and regulatory compliance. Winners are selected through a data-driven review process by more than 2,000 experts and industry leaders worldwide. DuploCloud stood out among a competitive pool of global nominees for its platform’s ability to radically simplify secure infrastructure deployment while accelerating time-to-market for cloud applications.

Hot Cybersecurity Company of the Year (Silver Winner)

DuploCloud was recognized for its record-breaking 62% year-over-year growth, significant new product innovations, and momentum across key industries including fintech, healthcare, and SaaS. The company’s unique approach – putting DevOps and security on autopilot – has resonated with startups and enterprises alike, helping engineering teams reduce operational complexity without compromising on security or compliance.

SaaS Security Solutions (Silver Winner)

DuploCloud also earned recognition for its Advanced Observability Suite, a powerful solution that provides developers with deep insights into cloud infrastructure, security posture, and compliance status in real-time. This integrated capability empowers teams to identify misconfigurations, monitor for policy violations, and maintain continuous compliance with frameworks like SOC 2, PCI-DSS, HIPAA, and ISO standards – without the need for extensive DevSecOps resources.

DuploCloud’s low-code platform automatically translates high-level application specifications into production-grade cloud configurations with embedded security controls. Its support for multi-cloud environments and Kubernetes orchestration makes it a go-to choice for organizations scaling rapidly in regulated industries.

Learn more about DuploCloud’s suite of DevOps solutions at https://duplocloud.com/platform/.

Leave a comment »

BforeAI Has New Threat Research About Threat Actors Targeting Bybit Users Following Breach

Posted in Commentary with tags on April 3, 2025 by itnerd

BforeAI has published its latest malicious infrastructure attack report on Bybit opportunists. In the three weeks following the Bybit breach announcement, the threat research team at BforeAI collected 596 suspicious domains originating from at least 13 countries. 

The domains reveal a range of methods employed to siphon cryptocurrency assets by targeting Bybit users. Of the almost 600 suspicious domains, 119 (20%) were confirmed by BforeAI as malicious actions. 

The threat research team documented various websites designed to resemble Bybit funds recovery. The websites highlighted the term “unauthorized activities”, creating a sense of urgency around the recent incident and the fear of financial loss to psychologically trigger a victim to take immediate action without considering the source. 

The research team also noted an automated strategy for rapid domain deployment. Ordered “-a,” “-b,” “-c,” “-d,” “-e,” and “-f” suffixes indicate variations of the main domain likely made for phishing attacks while maintaining a naming convention for legitimacy. 

While most Bybit-related domains were successfully detected and mitigated, researchers observed a new evasion tactic: truncated domains using ‘bb, ‘ which allowed phishing campaigns to remain undetected and active.

You can read the report here.

Leave a comment »

SafeBreach Labs discovers bypass for Google’s Quick Share vulnerability fix

Posted in Commentary with tags on April 2, 2025 by itnerd

As a follow-up to their DEF CON 32 presentation QuickSell: Sharing Is Caring about an RCE Attack Chain on Quick Share the SafeBreach Labs team has discovered a critical bypass to Google’s fix for one of the vulnerabilities they previously identified in the Quick Share data transfer utility for Windows.

After Google addressed the original vulnerabilities discovered by researchers Or Yair and Shmuel Cohen, the team set out to verify the effectiveness of these fixes. They discovered that the solution implemented for CVE-2024-38272 – a critical vulnerability that allowed attackers to send files directly to users’ devices without approval – could be bypassed. Researchers could still deposit unauthorized files onto target devices despite Google’s initial patch by manipulating payload IDs during file transfers.

Even though Google has been responsive to these additional findings and has issued a new CVE along with an updated fix to address the bypass, this research shows the complexity involved in securing data transfer applications and the value of thorough verification testing after security patches are applied.

You can read the research here.

Leave a comment »

Saviynt Hires Cybersecurity Executive Nitin Varma as SVP and Managing Director for India and SAARC

Posted in Commentary with tags on April 2, 2025 by itnerd

Saviynt today announced that Nitin Varma has joined the company as Senior Vice President and Managing Director for India and SAARC. Saviynt has a significant existing presence in the region, with nearly 600 employees in India serving all corporate functions. Varma’s appointment will strengthen Saviynt’s go-to-market efforts and is emblematic of the company’s overall commitment to the region. Varma will be leading Saviynt’s new customer acquisition efforts, building and enhancing technical and consulting partnerships, and elevating the company’s overall position as a trusted provider of identity security solutions in India and SAARC.

Varma has over two decades of leadership experience in cybersecurity and technology, including with organizations like CrowdStrike, Palo Alto Networks, and Cisco. In his last assignment as Managing Director at CrowdStrike he was responsible for building, scaling, and creating a strong market presence across India and SAARC.

To learn more about Saviynt’s Identity Cloud, please visit the website.

Leave a comment »

Outpost24 Puts Up A Blog Post On The CrushFTP Authentication Bypass Vulnerability… And The Events That Led To Mass Attacks

Posted in Commentary with tags on April 2, 2025 by itnerd

Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. 

Today, the team posted a blog detailing the process of their reporting, including how other parties circulating this news under a different CVE caused media confusion. 

The vulnerability is now being exploited by remote attackers, who are using it to gain unauthenticated access to devices running unpatched versions of CrushFTP v10 or v11. There have been over 1,500 vulnerable instances exposed online. The threat is particularly concerning as file transfer products like CrushFTP are often targeted by ransomware gangs. 

The blog runs through how the vulnerability works, how Outpost24 found it, and the timeline of events around the botched disclosure of this issue.  

For full details, you can read the blog in full here: https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/

Leave a comment »

Here’s Some Additional Commentary From Comparitech And KnowBe4 Regarding The 200 Million Twitter/X User Records That Were Leaked

Posted in Commentary with tags , on April 2, 2025 by itnerd

Following the news that 200 million Twitter/X user records have reportedly been leaked, I have sourced commentary from cybersecurity experts at Comparitech and KnowBe4:

Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4:

“When reading the news that 200 million X user records are now being freely shared online, my brain was instantly brought back the story and allegations made by Alan Rosa, X’s former Head of InfoSec. Rosa was fired after pushing back against Elon Musk’s demand to slash their security budget by 50%, including cutting core protections like vulnerability management and penetration testing. This breach feels like exactly the kind of consequence he warned about. (Even before the takeover, Twitter already did not have a great reputation in taking privacy and user security seriously. Think about the allegations made by Peiter ‘Mudge’ Zatko in 2022). This is just another reminder that companies can’t cut corners on cybersecurity without it catching up to them. For us, the users, we need to remember to be extra vigilant, ensure we have MFA enabled, change passwords (these were not included apparently in the breach but with X’s track record they may be somewhere else up for grabs) and to leave this platform for good if possible.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“Social networks like X will always be an attractive target for hackers and criminals, thanks to being a gold mine of information that can be sold on the dark web. While we currently don’t know the extent of what was exposed, users need to stay vigilant for any phishing attacks that may be made possible by the information. I strongly recommend that users make use of disposable email addresses and phone numbers to sign up for social networks. This will ensure that bad actors won’t gain access to additional data, even if your favorite social network is hacked.”

Brian Higgins, Security Specialist at Comparitech:

“Any global platform with the profile of X and its owner will constantly be a target for pretty much every type of cybercriminal. It’s a modern occupational hazard faced by all providers. On this occasion it doesn’t look like any major private data has been exfiltrated at this stage, but the attacker could have plenty of historic content that users may wish had been deleted.” 

“Any entrepreneurial and innovative individual or group wouldn’t have much problem monetizing the information that’s made it into the wild. This attack is at the difficult stage where we only really know what the bad guys claim they have. Hopefully more information will be forthcoming but all those affected can do right now is be vigilant about their online presence and look at ways to raise their security game.”

This should be a wake up call for Twitter/X to up their game when it comes to security. And it should be a wake up call for users of Twitter/X that their personal information may not be as secure as they think. Thus they might consider this yet another reason to leave the platform.

Leave a comment »

Other World Computing (OWC) Launches OWC Archive Pro Ethernet Network-based LTO Backup and Archiving Solution

Posted in Commentary with tags on April 2, 2025 by itnerd

Other World Computing today announced the launch of the OWC Archive Pro Ethernet, a fast and reliable network-based LTO backup and archiving solution engineered for media and entertainment (M&E) pros, government agencies, and any sized business that needs to protect large volumes of critical data. The new and powerful OWC Archive Pro Ethernet can be seen for the first time – live – at NAB 2025, taking place April 5-9, 2025, in Las Vegas, at the Las Vegas Convention Center (LVCC), in OWC Booth SUL2 and ATTO Booth South Hall Lower — SL5616.

With the OWC Archive Pro Ethernet tapes are accessed like a normal drive, files appear in folders, and moving/retrieving files is drag-and-drop easy. Thanks to built-in ATTO XstreamCORE 8100T technology, the OWC Archive Pro Ethernet can be placed in a separate room or different building for enhanced security, less noise, better host compatibility, and improved user collaboration. With up to 76% cost savings versus HDD-based archiving plus a tape shelf life of 30 years vs. seven years for unpowered HDDs, the OWC Archive Pro Ethernet offers the best ROI of any storage format.

OWC Archive Pro Ethernet Key Features/Functionality:

  • Optimized (High-Speed) Data Transfers at Scale – Support for network-based shareable storage access via iSCSI
  • Powered by ATTO XstreamCORE® 8100T Technology – an industry-leading bridging platform that shares up to four SAS tape drives over a 10Gb iSCSI Ethernet network
  • ATTO Xtend SAN™ iSCSI Initiator for macOS® – enables macOS users to have a reliable, secure, highly interoperable connection to iSCSI storage
  • Instant ROI – Offers a 501% ROI with up to 76% lower cost vs HDD storage
  • Stores More – Up to 18TB native, up to 45TB compressed storage capacity per tape cartridge
  • Fast Tape Creation – Up to 400MB/s native, up to 1000MB/s compressed transfer rates
  • Two 10GbE Ports – Effortless integration into existing infrastructure, ensuring shared connectivity for demanding media and backup workflows
  • Flexible – Built-in IBM LTO-7, LTO-8, or LTO-9 made in Japan premium drive options
  • Intuitive – Simple GUI for managing and configuring network settings
  • Easy – Drag, drop, and retrieve files with the included Hedge Canister archiving app – a $399 value
  • LTFS Compatible – Archive files/folders with drag and drop ease and no proprietary software/hardware concerns
  • Secure: TAA compliant; supports AES 256-bit encryption for sensitive data
  • Compliance Ready – Supports non-LTFS compatible WORM cartridges required by legal and regulatory record-keeping
  • Complete – Includes LTO-data tape and cleaning tape
  • Certified: Meets Intel Thunderbolt and OWC operating certifications for assured performance and reliability on MacOS and Windows

With general availability (GA) shipment planned for April 2025, the OWC Archive Pro Ethernet will be offered in LTO-7, LTO-8, and LTO-9 configurations, with each solution including a tape cartridge, cleaning cartridge, Ethernet cable, and Hedge Canister software, with a starting price of $7,799. To learn more and purchase, please visit owc.com.

Leave a comment »

50K users exposed in “Gay Daddy” iOS app security lapse – Cybernews

Posted in Commentary with tags on April 2, 2025 by itnerd

Last week, I posted findings from Cybernews on the security weaknesses in popular iOS dating apps such as BDSM People and PINK. Today, I’m bringing your attention to another shocking discovery: a serious security flaw in the app Gay Daddy: 40+ Date & Chat that directly threatens the privacy and safety of its users.

Cybernews researchers uncovered that the app is leaking over 50,000 user profiles and 124,000 private messages, exposing sensitive data such as names, ages, relationship status, HIV status, location data, and even private photos – everything from awkward selfies to, well, let’s just say, less-than-innocent “self-expressions.”

Why? Hardcoded credentials and misconfigured Firebase security left the app’s backend wide open to anyone with basic technical knowledge. While the app markets itself as a “private and anonymous community,” the reality was anything but secure.

The app’s API keys and cloud storage credentials were also leaked, which makes exploitation even easier.

The app has an estimated 20,000+ downloads and a 3.7-star rating on the App Store in the US.

Due to this flaw, users could be targeted by scammers, blackmailers, or even face physical harm, especially in regions where LGBTQ+ individuals face discrimination.

Read the full report here

Leave a comment »

« Older Entries
Newer Entries »