Atlantis AIO Automates Credential Stuffing Attacks Across 140+ Platforms

Posted in Commentary with tags on March 26, 2025 by itnerd

Researchers have uncovered a powerful weapon in the cybercriminal arsenal dubbed Atlantis AIO that enables attackers to test millions of stolen credentials in rapid succession. It also provides pre-configured modules to automate the targeting of specific services from email providers.

You can go into the weeds on this here: https://abnormalsecurity.com/blog/atlantis-aio-credential-stuffing-140-platforms

Darren James, Senior Product Manager at Specops Software, commented:

“Threat actors who use these tools are looking for username and password pairs that work on any of these targeted systems. They rely on the fact that many people re-use these credentials across multiple websites.

Consumer credentials are useful for specific account takeover, but usernames that are from the affected persons work account are often prized highly, as these accounts can be used to steal data or blackmail an entire organization rather than a single individual.

Organizations can protect themselves by using tools that continuously monitor business accounts for breached passwords, and Digital Risk Protection systems that look for these credential pairs, and can either warn you about your “risky” users or even force the user to change that compromised password.

The risk of having a password becoming compromised has increased over time with advice from various organization’s being that password expiry dates should be removed. This advice, however, always comes with a caveat that the user’s password must be changed if it becomes compromised. However, without the additional tools I mentioned above, this is extremely difficult to detect until it’s too late.”

This is a perfect example as to why password hygiene matters. By having good password hygiene, you make yourself less of a target. Thus you should spend a weekend or two looking at all your passwords and making them as complex and unique as possible. Other tips on good password hygiene can be found here.

Leave a comment »

How do American screen times compare to the rest of the world?

Posted in Commentary with tags on March 26, 2025 by itnerd

Have you ever wondered whether your (or your kids’)  screen time is above average? On Wednesday, Comparitech researchers will be publishing a study looking at the screen times of Americans compared to the rest of the world. The report also looks at the data of what kind of media people are using their screens for. 

Key findings include: 

  • The average American spends almost 7 hours looking at a screen each day.
  • Worldwide, the average user spends 2 hours and 52 minutes looking at their computer screens and 3 hours and 46 minutes looking at their mobiles.
  • Americans are above average for their desktop screen consumption (3 hours and 18 minutes) but are just below average for their mobile consumption 3 hours and 22 minutes).
  • Worldwide, the average person spends 2 hours and 21 minutes on social media each day. Americans consume less than this, averaging 2 hours and 9 minutes per day.

You can read the full research here.

Leave a comment »

Valimail Launches Industry-First BIMI Simulator

Posted in Commentary with tags on March 25, 2025 by itnerd

Valimail today announced the launch of its BIMI Simulator, a comprehensive suite of tools designed to empower brands to visualize and optimize their email presence through Brand Indicators for Message Identification (BIMI). This first-of-its-kind platform allows users to see what their email could look like with BIMI, understand the potential brand impression opportunity by implementing BIMI, and be inspired by what other companies and competitors are doing with their logos.

Valimail has been at the forefront of BIMI since 2018 as part of the AuthIndicators Working Group, the founding group of BIMI, and has been instrumental in the development of industry standards enabling brands to deliver their logos alongside email messages to billions of inboxes worldwide, increasing customer engagement with those messages and boosting brand trust. More recently, Valimail was a key partner in introducing a new capability to enhance BIMI with Common Mark Certificate (CMC), which provides greater flexibility and more affordable pathways for brands of all sizes that either do not have the right product trademark or do not have a trademark at all, looking to enhance their email marketing efforts while ensuring the security of their email communications. 

According to Wombatmail, BIMI adoption has seen a growth of 28.4% between January 2024 and January 2025, measured by the number of domains with BIMI logo records published in the top ten million domains. BIMI drives significant marketing advantages, including increased brand visibility, higher user engagement, and a consistent brand experience. In addition a recent Yahoo Mail study found that BIMI implementation can increase email engagement up to 10%. Furthermore, BIMI provides a cost-effective channel for brand visibility, offering low-cost brand impressions compared to traditional advertising methods. 

With major email providers like Google, Apple, and Yahoo! supporting BIMI verification standards, Valimail’s BIMI Simulator empowers brands to make the case for implementing BIMI, by visualizing its impact to improve brand awareness and protect against impersonation. This provides a comprehensive view and practical application of BIMI, available in a downloadable report, which includes:

BIMI Simulator: A tool that allows teams to simulate and visualize how the company’s logo will be displayed to recipients of BIMI-compliant email providers.

BIMI Audience Insights Report: A tool that allows businesses to visualize the breakdown of outbound mail that the organization sent to mailboxes that support BIMI in the past 30 days.

BIMI Inspiration: A comprehensive catalog of public BIMI records and logos of leading brands using BIMI, fostering inspiration and competitive insights.

One critical component of BIMI implementation is achieving Domain-based Message Authentication, Reporting, and Conformance (DMARC) at enforcement, an email security protocol that helps companies protect against email spoofing by verifying email senders and protecting domain owners from unauthorized use. By adding BIMI to DMARC, companies transform email authentication from a technical requirement into a visible brand asset, driving organizations to prioritize and achieve DMARC enforcement to unlock the full potential of BIMI.

All BIMI Simulator features are complimentary enhancements available to current Valimail customers using Monitor, Enforce, and Amplify. Valimail will showcase these new features in an upcoming webinar on Wednesday, March 26; register to join here

Leave a comment »

Troy Hunt Says A Phishing Attack Led To Threat Actors Stealing The Email Addresses Of 16K Subscribers

Posted in Commentary with tags on March 25, 2025 by itnerd

Have I Been Pwned’s creator Troy Hunt has disclosed that phishers compromised his Mailchimp account exfiltrating the mailing list for his blog and exposing the email addresses of 16,000 subscribers. He posted the details here:

https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

It’s never a good day when the guy who lets you know if you’ve been pwned or not gets pwned. Anyway, Erich Kron, security awareness advocate at KnowBe4, commented:

“This is an example of how even a seasoned professional can fall victim to a well done phishing attack. Social engineering is largely getting the right message to the right person at the right time, and that combination can lead to unfortunate situations such as this. This is one reason we should avoid shaming users who have made a mistake and potentially clicked on a link or performed some other action. Organizations should work toward a security culture that celebrates reporting and a way to receive guidance on something that may seem odd or out of place, without worrying about being made to feel bad about an inquiry.

Fortunately, in this case there was not a lot of information available, and Mr. Hunt deserves kudos for speaking about it publicly, admitting his error and using this to help educate others.”

This should highlight the fact that we are all vulnerable to phishing, social engineering, or any multitude of attacks. Thus every one of us needs to be on guard to ensure that everything that one can do to avoid being a victim is being done.

Leave a comment »

Guest Post: Why It’s a Bad Idea to Share Secrets, Even Via the Safest Apps

Posted in Commentary with tags on March 25, 2025 by itnerd

The Trump Administration discussed a secret military operation on Signal, inadvertently adding Jeffrey Goldberg, the editor-in-chief of The Atlantic, to the thread. Until the bombs started dropping in Yemen, Goldberg couldn’t believe what he was reading.

Even if Goldberg hadn’t been included in the chat, it remains a terrible idea to discuss matters of national security via any app, no matter how secure it is considered. This point, while likely to ruffle some feathers in the political arena, should also serve as a stark reminder that nothing you do online is truly anonymous.

Here’s what you should consider before confiding your secrets to technology

1. You are more interesting than you think.

      It’s a common misconception that regular citizens like you and me are of no interest to hackers. However, a threat actor could exploit your device to gain access to your employer. By exploiting the data on your phone, a hacker could steal your identity and potentially cripple the entire organization.

      2. Don’t blindly trust what technology companies tell you.

        Encrypted chat apps Signal and WhatsApp are publicly debating which one is more secure. Meredith Whittaker, the president of Signal, appears to be particularly annoyed by WhatsApp’s Will Cathcart, who suggests there are hardly any differences between WhatsApp and Signal.

        While Signal is generally considered a more trustworthy choice by the security community — and it’s worth noting that WhatsApp is owned by Meta — I still recommend exercising caution when using either app.

        Recall how in 2021, Proton, another security-focused company, provided the IP address of a French activist to law enforcement due to legal obligations. Many remain upset about this incident, but it also serves as a reminder, as Proton’s Andy Yen noted, that “the Internet is generally not anonymous.”

        3. Governments are increasingly asking for a backdoor.

          The “good guys,” meaning law enforcement, want to have a key to your communication just in case it can be instrumental in some criminal case. Governments have long argued that end-to-end encrypted communication is an obstacle when trying to solve high-profile human trafficking, drug trafficking, and child exploitation cases, among others.

          In some countries, the “good guys” might actually succeed in having those backdoors installed. While such amendments are theoretically intended to target only criminals, they set a very dangerous precedent. This is because governments often view protesters, dissidents, and political opponents as threats to national security or even sovereignty, effectively treating them as criminals.

          4. Your phone might get stolen.

            Are you the only one who knows your phone’s passcode? Is it a random sequence of numbers or something more meaningful, like someone’s birthday? Imagine what would happen if Goldberg’s phone were stolen. While it’s not child’s play to unlock it, it can be cracked through brute force.

            Even though Signal offers encryption, the recent leak of military plans emphasizes the need for caution, even on trusted platforms. It’s crucial for every user, including government officials, to double-check contact identities, use additional layers like two-factor authentication, and be mindful of what’s shared. No tool is foolproof, and the failure to implement proper security measures shows that awareness and caution are just as important as the technology in use.

            ABOUT THE EXPERT 

            Jurgita Lapienytė is the Editor-in-Chief at Cybernews, where she leads a team of journalists and security experts dedicated to uncovering cyber threats through research, testing, and data-driven reporting. With a career spanning over 15 years, she has reported on major global events, including the 2008 financial crisis and the 2015 Paris terror attacks, and has driven transparency through investigative journalism. A passionate advocate for cybersecurity awareness and women in tech, Jurgita has interviewed leading cybersecurity figures and amplifies underrepresented voices in the industry. Recognized as the Cybersecurity Journalist of the Year and featured in Top Cyber News Magazine’s 40 Under 40 in Cybersecurity, she is a thought leader shaping the conversation around cybersecurity.

            Leave a comment »

            OnX Celebrates 40+ Years of Excellence and a Decade of Double-Digit Growth in Canada

            Posted in Commentary with tags on March 25, 2025 by itnerd

            OnX is proud to celebrate a significant milestone in its more than 40-year history of delivering industry-leading technology solutions to public and private organizations across Canada. Recently marking 10 consecutive years of double-digit growth, the company remains dedicated to driving innovation and transformative outcomes for its customers.

            OnX is a trusted partner to public and private organizations looking to align advanced technologies—including AI—with clear, outcome-driven business goals. By combining a best-in-class technology portfolio with comprehensive professional and managed services, OnX delivers the agility, scalability, and resilience needed to lead in today’s evolving digital landscape.

            Core strengths are centered in a multidisciplinary team of certified engineers, solution architects, analysts, and data specialists with deep expertise across cloud, infrastructure, digital workplace, and data intelligence. From AI-enabled automation and data readiness to proactive service management, OnX empowers clients to modernize operations, enhance service delivery, and unlock measurable business value.

            Specializing in cloud, consulting, cybersecurity, digital workplace, application modernization, infrastructure, and managed services, OnX is also making significant investments to become a forward-thinking Canadian AI enablement provider. These investments aim to help organizations capitalize on AI’s transformative potential by ensuring data readiness, implementing strategically aligned AI infrastructure, developing governance frameworks, and building processes to integrate AI into core business operations, creating meaningful competitive advantages.

            As part of its AI initiative, OnX is pleased to welcome Celio Casadei as the Senior Vice President of Cloud and AI. A dynamic leader, Celio brings extensive expertise in managing and delivering large-scale cloud, data, and AI solutions. His proven track record of driving operational excellence, optimizing modern infrastructure, and advancing AI innovations spans industries including financial services, telecom, insurance, and government.

            Leave a comment »

            Hisense Expands Popular CanvasTV Lineup with New Larger Sizes to Curate Even Bigger Spaces

            Posted in Commentary with tags on March 25, 2025 by itnerd

            Hisense is expanding its CanvasTV™ lineup with new 75-inch and 85-inch models, reinforcing its commitment to big-screen entertainment that seamlessly integrates into modern home design. As demand for larger, more immersive screens grows, the new CanvasTV models allow consumers to embrace even bigger screen experiences without sacrificing style. Featuring Hisense’s premium picture technologies, anti-glare Hi-Matte display and ultra-slim wall mount for near zero gap installation, these new sizes continue the brand’s mission of delivering elevated home entertainment that complements contemporary living spaces. 

            Bigger Screens, Elevated Design 

            As consumer demand for larger, more immersive TVs continues to rise, CanvasTV proves that bigger doesn’t mean sacrificing style. Designed for those who want a cinematic viewing experience without disrupting their home’s aesthetic, the new 75-inch and 85-inch CanvasTV models offer the perfect blend of technology and artistry. Featuring 4K QLED with Quantum Dot Colour technology, anti-glare Hi-Matte display and Dolby Vision® support, these new sizes provide the ultimate entertainment experience while doubling as a sophisticated digital art piece when not in use. 

            Immersive Art Mode Meets Customizable Style 

            Like the original 55-inch and 65-inch versions, the new larger CanvasTV models feature Art Mode, enabling users to effortlessly display curated artwork or their personal photos. The included teak magnetic frame seamlessly blends into any space, while optional frames (sold separately) allow owners to further personalize the CanvasTV to match their home’s aesthetic. The UltraSlim wall mount ensures a sleek installation reminiscent of a framed masterpiece. 

            Smart Features, Seamless Integration 

            CanvasTV owners will also discover 800+ free live TV channels, plus 700,000+ movies and shows available across 10,000+ apps with Google TV™, while advanced connectivity options like HDMI eARC, Wi-Fi 5 and compatibility with Amazon Alexa, Google Assistant and Apple HomeKit ensure seamless integration into any smart home setup. 

            Availability 

            CanvasTV by Hisense continues to redefine home entertainment, merging stunning design, customizable frames and premium display technology for a truly immersive viewing experience. The new Hisense CanvasTV models will be available in Canada in July 2025 at Hisense authorized retailers.  

            Leave a comment »

            St. Joseph’s College of Maine notifies 126K people of data breach via Clop ransomware 

            Posted in Commentary with tags on March 24, 2025 by itnerd

            St. Joseph’s College of Maine over the weekend confirmed that it notified 126,580 people of a December 2023 data breach that compromised SSNs and other private data. Ransomware gang Clop claimed responsibility for the breach in March 2024. Something to note is that it took the school more than a year after discovering the breach to notify victims.

            In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote: 

            “Clop, or Cl0p, is a high-profile ransomware group that first surfaced in 2019. Its latest wave of claims mostly involve exploiting vulnerabilities in the Cleo file transfer software, which is used by many organizations. Like some other ransomware groups, Clop doesn’t always encrypt files. Instead, it demands ransoms solely in exchange for not selling or publishing stolen data.”

            “Clop claimed some of the largest ransomware attacks to date, including those on Fortra (GoAnywhere) and MOVEit (Ipswitch). Those two attacks alone breached about 102 million records.”

            “In 2025 so far, Clop claimed one confirmed attack on manufacturing company Uniek. The group claimed another 331 unconfirmed attacks this year that haven’t been acknowledged by the targeted organizations. Most of those claims stem from the Cleo vulnerability exploit.”

            “Comparitech researchers logged 124 confirmed ransomware attacks on US schools colleges, and other educational institutions in 2023, compromising more than 3 million records. 2024 saw a dip with 72 such attacks compromising 2.5 million records. In 2025 so far, we have tracked 10 confirmed attacks on US schools. The average ransom is just under $700,000.”

            “Ransomware attacks on schools and other education facilities can disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Ransomware attacks are often two-pronged: they lock down systems and steal data. Schools that refuse to pay can face extended downtime, lose data, and put students and faculty at increased risk of fraud.”

            The fact this is coming out a year later means that victims have no hope of even attempting to protect themselves. That’s because their data is likely already out there. That’s rally bad as 126K people are guaranteed to be repeated victims through no fault of their own. And that really sucks.

            Leave a comment »

            Can I Delete My 23andMe Data? Yes…. But It May Not Matter

            Posted in Commentary with tags on March 24, 2025 by itnerd

            So after posting this story this morning, I got a number of enquiries about how one can delete their 23andMe data. I did some looking around and I found that The Verge has excellent instructions on how to delete your data.

            That’s the good news. Here’s the bad news. Deleting your data may not matter. Here’s why:

            One of the notable issues is that this process also won’t delete all of your data — according to 23andMe’s privacy disclosure, your genetic information, date of birth, and sex will be retained for an undisclosed amount of time to comply with the company’s legal obligations, alongside “limited information related to your account,” such as your email address and communications around your data deletion request.

            As I said this morning, the DNA or related genetic information is going to be super valuable to any company that wants to buy 23andMe, or what’s left of it. So It doesn’t surprise me that this verbiage exists. And it means that anyone who took a 23andMe test will have their data floating around in some form for a very long time, if not forever.

            The take away from this whole episode is that perhaps you need to think twice before you use one of these services as this could be the end result.

            UPDATE: Ensar Seker, CISO at SOCRadar had this comment:

            “With 23andMe facing bankruptcy, there are serious concerns about what happens to millions of users’ genetic and personal health information (PHI). This isn’t just a typical data set; it includes deeply sensitive, immutable biological data that can be tied to individuals and their families for generations. Unlike a password or credit card number, you can’t change your DNA.”

            “The most immediate risk is that this highly valuable dataset could be sold during bankruptcy proceedings, either to repay creditors or as part of asset acquisition. While regulations such as HIPAA and data use agreements exist, bankruptcy can complicate consent, data retention, and transfer policies, especially if the company is acquired by a foreign entity or a data broker.”

            “From a security perspective, if proper safeguards and access controls aren’t maintained during this uncertain period, there’s a high risk that this data could be exfiltrated, sold on the dark web, or used in nation-state-level surveillance and profiling operations. It could even be leveraged in advanced identity fraud, blackmail, or discriminatory practices, especially if combined with breached data from other sources.”

            “Additionally, given the military, political, and economic interest some governments have in genomic data, there’s also a strategic threat vector here. DNA data can reveal not just ancestry but predispositions to diseases, behavioral traits, and vulnerabilities, information that could be abused in both commercial and geopolitical contexts.”

            “The bottom line is that 23andMe’s bankruptcy shouldn’t just be seen as a business failure. It’s a data stewardship crisis. Regulators, privacy watchdogs, and even national security agencies should step in to ensure that this dataset doesn’t fall into the wrong hands. Transparency, oversight, and ethical responsibility are now more important than ever.”

            Chris Hauk, Consumer Privacy Champion at Pixel Privacy follows with this:

            “23andMe is based in South San Francisco, California, so the company’s data is subject to the stricter privacy protections enforced in California. The bankruptcy is Chapter 11, meaning the company will likely continue operating until a new buyer is found. This means 23andme customers do still have time to request that the company delete all of their data, including their genetic data. I strongly recommend that affected customers make a deletion request as soon as possible, to ensure that your data is not sold.”

            Paul Bischoff, Consumer Privacy Advocate at Comparitech adds this:

            “The privacy policy that 23andMe customers agreed to may no longer apply if another company acquires it or its assets. Furthermore, genetic data is not considered medical info in the USA, and 23andMe is not considered a healthcare provider, so it’s not subject to HIPAA protections. Whoever acquires 23andMe will be free to change the privacy policy. I recommend deleting your 23andMe account immediately and requesting your personal data be deleted. Given the company’s data breach and compliance with law enforcement, this should be a no-brainer for privacy.”

            Brian Higgins, Security Specialist at Comparitech offers this:

            “It really depends on where the company is registered. In the case of a U.K. bankruptcy, according to the Insolvency Service, “The official receiver will become the data controller for personal data held by the bankrupt.” This at least gives some confidence to those customers affected by the failure of the company as regulations regarding storage, security and access ought to be maintained.”

            “If 23andme were incorporated/registered elsewhere then it would be worth checking the data protection regulations of the jurisdiction concerned as there are some major differences in provision across the globe.”

            Martin Jartelius, CISO at Outpost24 provided this:

            “When any organization goes under, it will be harder to maintain privacy and control of information. We do not know who will pick it up, we do not know if sunsetting will be needed and we do not know how said sunsetting would work. The cyber element of personal data is generally related to credibility, such as the ability to refer to a relationship or bond to instigate an action of others, or simply the use of information related to the platform for the purposes of fraud or extortion – none of those are immediate and none are disastrous.”

            Leave a comment »

            Industry Leaders Collaborate on Abstract Security’s vendor agnostic eBook called “Applied Security Data Strategy”

            Posted in Commentary with tags on March 24, 2025 by itnerd

            In today’s hyperconnected world, cybersecurity professionals face an unprecedented challenge: managing an overwhelming flood of security data. According to recent research by the Enterprise Strategy Group (ESG), nearly half of cybersecurity and IT professionals say handling security data has become significantly more difficult in just the past two years. With every endpoint, server, application, and network device generating endless streams of logs and alerts, security teams are caught in a rat race—drowning in information yet struggling to detect and mitigate real threats efficiently.

            The root cause is an expanding attack surface driven by cloud adoption, remote work, and the rapid proliferation of IoT devices. This ever-evolving threat landscape results in fragmented data sources, performance bottlenecks, and compliance challenges. Most organizations rely on multiple security repositories such as SIEM, XDR, NDR, and EDR platforms—creating visibility gaps and making security operations more complex than ever.

            Abstract Security, along with several other industry leading authors, is have published an eBook entitled Applied Security Data Strategy. The book contains chapters including:

            • Data: The New Oil, Refining the Future
            • Data Discovery
            • Data Collection & Ingestion
            • Data Processing
            • Data Storage
            • Data Analysis
            • Data Reporting
            • Data Governance and Security
            • Understanding Common Data Platforms and Tools
            • Time to Build Your Own Security Data Fortress

            Industry authors include:

            • Alan Czarnecki
            • Alex Gilelach
            • Ryan Moon
            • Matt Carothers
            • Paul Keim
            • Don Mallory
            • Greg Olmstead
            • Jon Oltsik
            • Justin Borland and Aqsa Taylor from Abstract

            You can have a look at the eBook here.

            Leave a comment »

            « Older Entries
            Newer Entries »