Cybernews Researchers Uncover 1.5M private photos exposed from LGBTQ+, BDSM & sugar dating apps

Posted in Commentary with tags on March 27, 2025 by itnerd

The Cybernews research team has uncovered a massive privacy oversight: iOS dating apps catering to the LGBTQ+, BDSM, and sugar dating communities have leaked nearly 1.5 million private user photos – including explicit images sent in private messages.

Apps developed by M.A.D Mobile Apps Developers Limited, including BDSM People, CHICA, TRANSLOVE, PINK, and BRISH, were found exposing sensitive user data due to publicly accessible hardcoded secrets in their code. 

This flaw allowed unauthorized access to storage buckets containing highly sensitive content, putting users at risk of extortion, social engineering attacks, and, in some cases, even persecution in countries where LGBTQ+ identities are criminalized.

Key takeaways:

  • 1.5 million private images exposed, including verification photos, chat images, and moderator-removed content.
  • BDSM People app alone leaked 541,000 private images, including 90,000 from direct messages.
  • Sugar dating app CHICA leaked 133,000 photos, including private chats.
  • Three LGBTQ+ dating apps exposed over 1.1 million images, with BRISH, PINK, and TRANSLOVE all compromised.
  • Hardcoded API keys and storage credentials allowed full access to Google Cloud storage, requiring no authentication.

Given the sensitive nature of these dating platforms, these weak spots could have severe personal and legal consequences for affected users. Cybernews researchers have reached out to the developers, but no response has been received.

Read the full report here

Leave a comment »

Fortra’s 2025 Email Security Report Is Out

Posted in Commentary with tags on March 27, 2025 by itnerd

Fortra has published the results of its 2025 Email Threat Landscape report which describes how the email threat landscape evolved in 2024 and forecasts what defenders should expect in 2025. Fortra analyzed more than 1 million email threats, many of which bypassed traditional email security measures.

Some of the main findings include:

  • 99% of email threats reaching corporate user inboxes in 2024 were response-based social engineering attacks or contained phishing links, without delivering malware.
  • Scammers are exploiting leaked personal data, such as home addresses, to craft highly personalized attacks and extortion schemes.
  • Legitimate services are being heavily abused to get malicious emails into user inboxes. Misuse of developer tools grew sharply, increasing more than 200% in 2024.
  • Multichannel attacks are luring victims out of secure email environments. Methods include malicious QR codes and hybrid vishing, which surged in Q4 2024 to account for 40% of response-based email threats.

You can read the report here.

Leave a comment »

Datadobi Announces StorageMAP 7.2

Posted in Commentary with tags on March 27, 2025 by itnerd

Datadobi has announced the general availability of the next version of its software platform, StorageMAP 7.2. The latest release introduces powerful new metadata insights and expanded data reporting, giving Infrastructure & Operations (I&O) leaders the ability to unlock and maximize data value with unparalleled visibility and control over their sprawling data environments. StorageMAP 7.2 lowers cost, optimizes storage, reduces risk, and aligns data strategies with evolving business and regulatory demands.

With unstructured data growing at an annual rate of 30–50%, I&O leaders face mounting challenges across cost management, security and governance. According to Gartner® “By

2028, over 70% of I&O leaders will implement hybrid cloud storage strategies, a significant increase from just 30% last year”. StorageMAP 7.2 has been designed to meet this demand by helping businesses make more effective data-driven decisions.

Among the improvements delivered by StorageMAP 7.2 are enhanced metadata query capabilities, which enable organisations to track cost, carbon emission levels, and StorageMAP tags with greater precision. The update also introduces automated discovery for Dell ECS™ and NetApp StorageGRID™ object stores, allowing enterprises to instantly identify tenants and their associated S3 buckets, simplifying the management of large-scale object storage environments.

Building on its existing orphaned data reporting functionality over the SMB Protocol, StorageMAP 7.2 now extends support to NFS environments, enabling businesses to identify and report on orphaned data for all data accessed over SMB and/or NFS protocols. This approach enables quick identification of data that is not currently owned by any active employee. Additionally, an enhanced licensing model provides organisations with the flexibility to scale their use of StorageMAP’s features according to their specific requirements.

StorageMAP 7.2 also optimizes the storage of data by helping businesses free up primary storage capacity and optimize AI data workflows. This includes new archiving capabilities that allow organizations to identify and relocate old or inactive data to archive storage, ensuring that high-value primary storage remains efficient and cost-effective. Additionally, the platform enhances AI readiness by finding and classifying data suitable for GenAI processing, enabling businesses to feed data lakes with relevant, high-quality datasets.

Leave a comment »

Financial Records & PII Exposed in Australian Fintech Data Leak 

Posted in Commentary with tags on March 27, 2025 by itnerd

A data breach involving Vroom by YouX an Australia-based Fintech company specializing in automotive financing, was discovered and reported to Website Planet by cybersecurity researcher Jeremiah Fowler.

What happened:
non-password-protected Amazon S3 database containing 27,000 records was publicly exposed. The leaked files included images of driver’s licenses, Medicaid cards, bank statements including account numbers and partial credit card numbers, employment statements, and more.

Why it matters:
Exposing this kind of sensitive financial and identification data poses serious risks, including identity theft, impersonation, financial social engineering, and other forms of fraud involving identification documents or financial information.

Read their full report here: https://www.websiteplanet.com/news/vroom-report-breach/

Leave a comment »

Targus launches versatile 2-in-1 backpack designed for mobile workers

Posted in Commentary with tags on March 26, 2025 by itnerd

Targus today announced that it has introduced its modular 15-16” Work+™ EcoSmart® Backpack (TBB657GL). This 2-in-1 backpack is designed specifically for mobile workers to stay organized and productive anywhere, while keeping their valuable tech and gear safe and protected.

This versatile 2-in-1 backpack enables people to work more productively, securely, and comfortably in any environment while keeping their valuable tech and other everyday essentials organized and secure. Designed to complement their on-the-go lifestyles, the 15-16” Work+ EcoSmart Backpack easily transforms from a daypack to tech pack, while offering several features and benefits that provide ultimate organization, versatility, and peace of mind. A detachable tech organizer keeps devices and small accessories neatly stored, accessible, and secure when carried in and outside of the bag. The backpack’s secure, magnetic clasp keeps a laptop and tablet secure for the long haul, while its adjustable Multi-Flex Strap converts from a sternum strap to a trolley strap, to a security or utility strap.

 It also has spacious front and rear compartments to flexibly manage and optimize storage space for multiple items, lockable compartments, and a hidden side pocket to stash smaller, must-have items. The backpack’s expandable side pocket is perfect for storing a water bottle or tripod, and a soft-lined top access pocket adds a touch of luxury. As an added bonus, the backpack’s interior is made from Global Recycle Standard (GRS)-certified materials equivalent to seven water bottles, making it a smarter choice for the planet.

Priced at $74.99 SRP, the 15-16” Work+ EcoSmart Backpack is now available for sale at Targus.com and participating retailers.

Leave a comment »

IDC Report Brings To Light The Power Of AI In Relation To Document Technology

Posted in Commentary with tags on March 26, 2025 by itnerd

There’s a recent report from IDC, commissioned by Foxit, titled, “Adding the Power of AI to Document Technology.” This IDC analyst brief is newsworthy for several compelling reasons – it’s relevant, timely, and packed with actionable insight:

Relevance

  • AI is a top priority for IT leaders in 2025, second only to security and compliance. The report speaks directly to the current mindset of tech decision-makers and outlines how AI is already impacting daily operations.

Timeliness

  • The report is based on fresh data from mid- and late-2024 IDC surveys, showing how organizations are actively budgeting for AI tools right now.
  • It captures the current wave of GenAI implementation in practical terms – moving the conversation beyond hype to actual deployment and ROI.

Immediately Actionable Advice

  • The brief goes deep into specific use cases by department (e.g., Legal, Finance, HR, IT Ops), offering real examples of how AI copilots and assistants are transforming manual work into streamlined, insight-rich processes.
  • It advises organizations on key considerations when selecting AI-powered content solutions – including cost predictability, security safeguards, and how to evaluate ROI with measurable metrics like throughput and cycle time.
  • It emphasizes the importance of trusted technology partnerships, especially for SMBs, giving practical direction to resource-constrained IT leaders.

The report can be found here: https://www.foxit.com/landingpage/2025/idc-analyst-brief-power-ai/

Leave a comment »

A threat actor named “RedCurl” has created ransomware to encrypt Hyper-V servers

Posted in Commentary with tags on March 26, 2025 by itnerd

A threat actor named ‘RedCurl,’ known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. This is what Bitdefender had to say:

This research, conducted by Bitdefender Labs, presents the first documented analysis of a ransomware campaign attributed to the RedCurl group (also known as Earth Kapre or Red Wolf). RedCurl has historically maintained a low profile, relying heavily on Living-off-the-Land (LOTL) techniques for corporate cyber espionage and data exfiltration. This shift to ransomware marks a significant evolution in their tactics.

This new ransomware, which we have named QWCrypt based on a self-reference ‘qwc’ found within the executable, is previously undocumented and distinct from known ransomware families.

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, commented:

“While targeting Microsoft Hyper-V servers is nothing new (example: https://cybercx.com/blog/akira-ransomware/), this indicates an increased focus on Hyper-V and virtualization platforms in general. It’s actually far easier to bring down an organization using an enterprise virtualization platform than one with hundreds of disparate, separately located on-premise servers. If I get on your VM host server, now, with one compromise, I can more easily control and manipulate the whole kingdom. I can more easily encrypt entire servers. I can more easily exfiltrate large amounts of sensitive data. I can more easily corrupt backup services. It’s not good. But the question you need to ask is how the bad guy got to your VM host servers in the first place? Was it social engineering? Was it unpatched software or firmware? Was it stolen logon credentials or bypassed phishable MFA? Because those are the most likely reasons and if you don’t figure those out your environment is not going to be safe no matter what else you do.”

Leave a comment »

Samsung Featured in Amazon’s Big Spring Sale

Posted in Commentary with tags on March 26, 2025 by itnerd

Amazon’s Big Spring Sale is happening March 25–31, offering Prime Day-style deals with no membership required. It’s a great time for shoppers to score serious savings on top tech—and Samsung has some standout offers. Here are a few highlights:

Samsung Galaxy S25 5G – Now $998.99 (Was $1,198.99)

A powerful newly launched AI-driven smartphone packed with premium features.

o   6.2″ AMOLED Display, 50MP camera, Cross App, Night Video mode

o   Available in ICY Blue, 128GB storage

Samsung Galaxy S25 Ultra – Now $1,617.99 (Was $1,918.99)

A top-tier flagship phone designed for ultimate performance and creativity.

o   6.9″ AMOLED Display, 200MP camera, S-Pen, Cross App, Night Video mode

Samsung Galaxy Tab S10+ – Now $999.99 (Was $1,349.99)

o   A premium tablet built for power users—perfect for professionals, creatives, or anyone looking for a high-performance device for work and play.

Samsung Galaxy Watch7 – Now $317.99 (Was $407.99)

A stylish and functional smartwatch with advanced health and fitness tracking.

o   40mm, BioActive Sensor, Sleep Coaching, Bluetooth connectivity

o   Available in Forest Green

Samsung Galaxy Watch Ultra LTE – Now $728.99 (Was $879.99)

A premium smartwatch designed for durability and peak performance.

o   Titanium Gray, LTE connectivity, rugged and stylish design.

Samsung Galaxy Book5 Pro – Now $1,799.99 (Was $2,049.99)

A high-performance AI-powered laptop designed for work and play.

o   14″ Touch AMOLED Display, Intel U7H processor

o   16GB RAM, 512GB storage

o   Copilot+ AI features for enhanced productivity

Leave a comment »

KnowBe4 Earns Prestigious 2025 USA TODAY Top Workplaces Award

Posted in Commentary with tags on March 26, 2025 by itnerd

KnowBe4 is proud to announce that it has earned the prestigious 2025 USA TODAY Top Workplaces award.

The award honors organizations with 150 or more employees that have created exceptional, people-first cultures. This year, more than 42,000 organizations were invited to participate. The winners are recognized for their commitment to fostering a workplace environment that values employee listening and engagement. USA TODAY showcased the winners online and at the National Awards Summit in Las Vegas.

The winners are determined by authentic employee feedback captured through a confidential survey conducted by Energage, the HR research and technology company behind the Top Workplaces program since 2006. The results are calculated based on employee responses to statements about Workplace Experience Themes, which are proven indicators of high performance.

To view open positions at KnowBe4, please visit www.knowbe4.com/careers.

Leave a comment »

SafeBreach Launches Enhanced MSSP Program for Advanced Security Validation

Posted in Commentary with tags on March 26, 2025 by itnerd

 SafeBreach today announced the launch of its enhanced Managed Security Service Provider (MSSP) program, an expanded element of the company’s successful “Elevate” partner initiative that was unveiled in 2024. The new MSSP program is specifically designed to support service providers who host, manage, or resell SafeBreach’s continuous security validation solutions, enabling them to deliver greater value to their clients while accelerating their own business growth.

Following the recent launch of the SafeBreach exposure validation platform in February, this new MSSP program represents the company’s continued commitment to empowering partners with the tools, resources, and support needed to address the evolving cybersecurity challenges that organizations face today.

The enhanced MSSP program builds on the strengths of SafeBreach’s previous partner framework, incorporating industry best practices to enhance growth, scalability, and reliability. The program provides a clear framework for partners to establish consistent client engagement expectations, ensuring successful deployment and ongoing management of SafeBreach’s security validation solutions.

SafeBreach empowers partners to accelerate business growth by expanding their client services portfolio with advanced, continuous security validation. Through scalable and automated simulations, partners can help their clients better understand, detect, and defend against cyber threats.

Key benefits of the enhanced MSSP program include:

  • Comprehensive Solution Portfolio: Partners can offer clients continuous security validation through SafeBreach’s Validate and Propagate solutions, providing a more holistic view of cyber risk
  • Seamless Technology Integration: The SafeBreach ecosystem integrates into existing client technology stacks, giving partners confidence in compatibility and enhancing client satisfaction
  • Accelerated Sales Cycles: By streamlining security vendor evaluations, SafeBreach enables clients to make faster, more informed product decisions
  • Increased Revenue Opportunities: Partners can assess clients’ security postures and offer targeted recommendations, such as optimizing existing licenses or identifying opportunities for new security solutions

With traditional, point-in-time security control validation tactics like penetration testing and red teaming proving insufficient, organizations increasingly need comprehensive and continuous views of security performance combined with prioritized remediation of gaps. The SafeBreach exposure validation platform addresses this need with an innovative combination of breach and attack simulation (BAS) and attack path validation that provides enterprises with deeper insight into threat exposure and a more holistic view of cyber risk.

Through this enhanced MSSP program, SafeBreach partners can now more effectively help their clients combat the ongoing challenges of an evolving threat landscape. “The updates to the SafeBreach MSSP program and strategy build on the strengths of our previous program to position our partners as trusted advisors,” added Wilkinson. “As a result, they can better help their clients select, validate, and implement a comprehensive security validation platform.”

For more information on the Elevate MSSP program, visit https://www.safebreach.com/partners/

Leave a comment »

« Older Entries
Newer Entries »