Roku Is Apparently Testing Ads That Load Before Your Home Screen That May Be “Unskippable”…. WTF?

Posted in Commentary with tags on March 18, 2025 by itnerd

As a Roku TV owner. Twice, this story from ARS Technica got my attention this morning. According to the story, owners of Roku devices are seeing ads before the home screen loads:

Reports of Roku customers seeing video ads automatically play before they could view the OS’ home screen started appearing online this week. A Reddit user, for example, posted yesterday: “I just turned on my Roku and got an … ad for a movie, before I got to the regular Roku home screen.” Multiple apparent users reported seeing an ad for the movie Moana 2. The ads have a close option, but some users appear to have not seen it.

When ARS Technica reached out to Roku about this, this is what they said:

When reached for comment, a Roku spokesperson shared a company statement that confirms that the autoplaying ads are expected behavior but not a permanent part of Roku OS currently. Instead, Roku claimed, it was just trying the ad capability out.

Roku’s representative said that Roku’s business “has and will always require continuous testing and innovation across design, navigation, content, and our first-rate advertising products,” adding:

Our recent test is just the latest example, as we explore new ways to showcase brands and programming while still providing a delightful and simple user experience.

Here’s some feedback for Roku. Ads that you can’t skip do not make a “delightful and simple user experience.” Now I have not seen this on my Roku TV, but when I asked my wife what she thought of this, her response was that she would tell me to buy a “dumb” TV and put an Apple TV device on it. Apparently Roku users feel the same way:

Most of the comments that Ars Technica has reviewed about the marketing “test” have suggested that customers would get rid of their Roku device if the software continues to force them to watch an ad before getting to the content they actually want to see. A user on Roku’s community forum wrote:

I hope this was a fluke. I trashed all of my Amazon boxes years ago because of this garbage. If it keeps up, my Rokus will be next.

Forum users who worried the change was permanent called the ads “unacceptable” and “intrusive.”

If Roku increases its ad load on customer devices from still images to ads with moving pictures with sound, it will test customers’ limits. Some who have tolerated a static image on a neglected part of their screen may not be as accepting of more distracting ad formats.

“I could accept the static ad on the side. Forcing a loud commercial is awful,” one Redditor wrote.

While I get that Roku is likely in the ad business as I can’t see them making large amounts of money off of selling devices and licensing their tech to TV manufacturers, not to mention getting a cut of streaming revenue, this sort of behaviour is not cool. And Roku would be well advised to rethink this given that there has been user blowback and people like me are talking about this in a negative way. Let’s see if Roku decides to do that.

Leave a comment »

Myriad360 Named to the Prestigious CRN Tech Elite 250 for 2025

Posted in Commentary with tags on March 18, 2025 by itnerd

Myriad360, today announced that CRN, a brand of The Channel Company, has recognized Myriad360 on its 2025 Tech Elite 250 list.

This annual list highlights solution providers based in the U.S. and Canada that are committed to excellence and distinguish themselves by attaining top-tier certifications and specializations from leading technology vendors in the areas of artificial intelligence (AI), infrastructure, cloud, and security.

To support customers through the growing complexities of IT and the rise of cutting-edge technologies like AI, the solution providers on this list uphold rigorous levels of training and certification from strategic IT vendors, often aiming for the pinnacle tiers within these vendors’ partner programs. Whether they are strategic service providers, systems integrators, managed service providers, or value-added resellers, these elite solution providers are committed to their clients’ success.

Myriad360 earned its place on this year’s Tech Elite 250 by investing heavily in expanding its technical capabilities across AI infrastructure, cybersecurity, advanced networking, and cloud solutions. A repeat honoree, Myriad360 has been recognized on CRN’s Tech Elite 250 multiple times in past years, underscoring its long-standing commitment to technical excellence and innovation.

In 2024, the company scaled its team of certified engineers and AI specialists, focused on implementing and cabling GPU-powered systems to meet the surging demand for scalable, secure, and AI-driven solutions. Myriad360 also broadened its global presence to enhance logistics and delivery, ensuring seamless support for clients worldwide. These initiatives, alongside partnerships with elite technology vendors such as Nvidia, Cisco, Palo Alto Networks, and Fortinet, showcase Myriad360’s dedication to delivering transformative outcomes for clients.

Coverage of the Tech Elite 250 will be featured in the April issue of CRN Magazine and is currently online at www.CRN.com/techelite250.

Leave a comment »

Leaseweb Partners with CDNetworks

Posted in Commentary with tags on March 18, 2025 by itnerd

Leaseweb Global, a leading cloud services provider, today announced a strategic partnership with CDNetworks, an APAC-leading network with over 2,800 global Points of Presence, providing customers with faster, more secure, and more reliable content delivery solutions to ensure seamless digital experiences across Asia and global markets. The partnership will strengthen Leaseweb’s position as a leading provider of scalable, low-latency content delivery services for businesses in AdTech, media, gaming, and SaaS sectors.

By integrating CDNetworks into its content delivery infrastructure, Leaseweb can offer customers the benefits of its proven Multi-CDN service, including intelligent traffic routing, improved load balancing, and reduced latency, even in high-demand environments. The partnership also offers Leaseweb customers greater resilience and scalability for high-bandwidth applications, including ad delivery, live streaming, on-demand video, and large-scale software downloads.

About CDNetworks

As the APAC-leading network with over 2,800 global Points of Presence and more than 20 years of technology experience, CDNetworks embraces the new era of Edge and takes it to the next level by using the Edge as a service to deliver the fastest and most secure digital experiences to end users. Our diverse products and services include web performance, media delivery, cloud security, zero trust security, and colocation services — all of which are uniquely designed to spur business innovation. To learn more, visit cdnetworks.com.

About Leaseweb

Leaseweb is a leading Infrastructure as a Service (IaaS) provider serving a worldwide portfolio of 20,000 customers ranging from SMBs to Enterprises. Services include Public Cloud, Private Cloud,  Dedicated Servers,  Colocation,  Content Delivery Network, and Cyber Security Services supported by exceptional customer service and technical support. With more than 80,000 servers, Leaseweb has provided infrastructure for mission-critical websites, Internet applications, email servers, security, and storage services since 1997. The company operates 28 data centers in locations across Europe, Asia, Australia, and North America, all of which are backed by a superior worldwide network with a total capacity of more than 10 Tbps.

Leaseweb offers services through its various Leaseweb Sales Entities which are Leaseweb Netherlands B.V., Leaseweb USA, Inc., Leaseweb Singapore PTE. LTD, Leaseweb Deutschland GmbH, Leaseweb Australia Ltd., Leaseweb UK Ltd, Leaseweb Japan KK, Leaseweb Hong Kong LTD, and Leaseweb Canada Inc. For more information, please visit: http://www.leaseweb.com

Leave a comment »

Which passwords are attackers using against RDP ports right now?

Posted in Commentary with tags on March 18, 2025 by itnerd

A new research report reveals the 10 most common passwords attackers are using and analyzes their wordlists for the most common complexity rules and password lengths. Results of a similar analysis were completed in 2022, so this research is now refreshed and up to date for 2025. The launch of the report also coincides with the latest addition of over 85 million compromised passwords to the Specops Breached Password Protection service. These passwords come from Specops honeypot network and threat intelligence sources.

The key points in the report are:

  • 85 million compromised passwords added to Specops Breached Password Protection
  • Top 10 passwords being used in honeypot attacks
  • Welcome1 is an interesting one—emphasizes the need for secure employee onboarding as new passwords are set and maybe never changed, making them an easy target for attack
  • 24% of all honeypot attack passwords are solely numbers
  • Enabling push-spam resistant MFA to RDP connections adds a layer of protection, even if the password was to be breached
  • Keep Windows servers and clients patched and up to date to protect against CVEs 
  • Check for misconfiguration – ensure the TCP port 3389 is using an SSL connection and isn’t exposed directly to the internet 
  • Limit the range of IP addresses that can use RDP connections 

You can read the report here.

Leave a comment »

Apple’s QA #Fails Again With The Company Breaking iCloud Mail On iOS 18.3.2

Posted in Commentary with tags on March 18, 2025 by itnerd

I’ve been saying for years that Apple’s QA has become pretty bad as there’s been example, after example, after example, after example,  after example of Apple dropping the ball when it comes to their QA processes.

Well, they’ve done it again with iOS 18.3.2. While this update contains an important security fix that was actively exploited in highly targeted attacks. Which is good. It also breaks iCloud mail for many. Which is bad. There are complaints on Reddit from users who have discovered that iCloud email is not pushing automatically to their devices. Instead, you have to open the mail app and have them come down to your iPhone. Push email from other providers like Microsoft appears to be working fine.

There’s no known fix for this that I am aware of. So it’s on Apple to come out with a fix for this, which will likely be iOS 18.4 seeing as that’s due to be released in April sometime. But honestly, this issues should never have gotten out the door. And to add to that, the fact that this is happening with Apple’s own email service is downright embarrassing. I have to honestly wonder if Apple is trying anymore to make quality products that excite and delight people. It really doesn’t seem so.

Leave a comment »

Red Canary Threat Report uncovers 4x increase in identity attacks

Posted in Commentary with tags on March 18, 2025 by itnerd

Red Canary today unveiled its seventh annual Threat Detection Report, examining the trends, cyber threats, and adversary techniques that organizations should prioritize in the coming months and years. The report tracks the MITRE ATT&CK® techniques that adversaries abuse most frequently, and this year noted four times as many identity attacks compared to the 2024 edition. After debuting in the top 10 in 2024, cloud-native and identity-enabled techniques surged in this year’s report, with Cloud Accounts, Email Forwarding Rule, and Email Hiding Rules ranking among the top five.

Research highlights major shifts in the threat landscape

The data that powers Red Canary and this report are not mere software signals—this data set is the result of hundreds of thousands of investigations across millions of protected systems and identities. Each of the threats Red Canary detected in 2024 were not prevented by the customers’ expansive security controls. They are the result of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.

Red Canary’s 2025 report provides in-depth analysis of nearly 93,000 threats detected within more than 308 petabytes of security telemetry from customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications over the past year. The total number of threats detected increased by more than a third compared to 2024’s report as a result of not only more customers, but also Red Canary’s expanded visibility into cloud and identity infrastructure. 

The analysis shows that while the threat landscape continues to shift and evolve, adversaries’ motivations do not. The tools and techniques they deploy remain consistent, with some notable exceptions. Key findings include:

  • Click, paste, compromised – One of the most successful new initial access techniques observed this year was paste and run, also known as “ClickFix” and “fakeCAPTCHA.” In this attack, adversaries socially engineer users into executing malicious scripts under the pretense that doing so will fix something, like providing access to a video or document.
  • VPN abuse is rampant and difficult to detect – Adversaries constantly use virtual private networks (VPNs) to conceal their location and bypass network controls, but employees also rely on them for legitimate activity. Strikingly, organizations in the educational services sector accounted for 63 percent of all VPN use – a disproportionately high share given their smaller presence among Red Canary’s data. This highlights that environments from organizations in this sector are a potential hotspot for VPN-related security risks.
  • RMM exploitation is on the rise – The use of remote monitoring and management (RMM) tools for command and control and lateral movement is growing, enabling adversaries to drop malicious payloads including ransomware. This year, Red Canary saw malicious use of NetSupport Manager break its yearly top 10, highlighting the popularity of RMM tools amongst adversaries.
  • The not-so-helpful IT desk – Phishing remains prevalent in many forms. Email, QR code (aka “quishing”), SMS, and voice phishing attacks all increased in 2024. Often adversaries posed as IT personnel, asking victims to download malicious or remote control software. In 2024, Black Basta paired email bombing with social engineering, posing as IT personnel “helping” with the issue to gain access and install RMM tools.

The rise of LLMJacking to attack cloud infrastructure

While cloud attacks rose overall in 2024, the techniques adversaries abused have largely remained the same as in past years. However, adversaries have shifted more of their efforts to attacking and compromising cloud infrastructure and platforms:

  • Red Canary observed adversaries attempting to impair defenses inside cloud environments by disabling or modifying firewall rules and logging. Gaining access through compromised cloud accounts or valid credentials, adversaries elevate their privileges by granting the identity additional roles. 
  • With the rise of LLM usage, cloud services such as AWS Bedrock, Azure OpenAI, and GCP Vertex AI have become prime targets for adversaries in an attack known as “LLMJacking.” Adversaries have reportedly sold access to these hijacked models as part of their own SaaS “business” and passed all LLM usage costs to the victim.

Info-stealing malware is the ultimate identity threat

In 2024, stealer malware infections were on the rise across Windows and macOS platforms. Adversaries use stealers to gather identity information and other data at scale. In 2024 there were some interesting variations in the use of infostealers, including:

  • LummaC2 was the most prevalent stealer detected in 2024, operating under a malware-as-a-service (MaaS), and selling for anywhere from $250 per month to a one-time payment of $20,000. Its growing popularity and expanded scope make it a major threat, exposing user credentials and enabling adversaries to gain initial access to organizations using legitimate accounts.
  • Adversaries commonly use LummaC2 to deliver NetSupport Manager, Red Canary’s seventh most detected threat detected in 2024 – giving them a gateway to deploy other malicious payloads as a follow-up to their initial attack.

Mac malware ran rampant

In 2024, macOS experienced the same phenomenon that Windows did: an exponential increase in stealer malware.

  • Red Canary detected 400 percent more macOS threats in 2024 than in 2023, including an exponential increase in malware driven by Atomic, Poseidon, Banshee, and Cuckoo stealers. Atomic Stealer was the most prevalent, appearing on Red Canary’s monthly top 10 threat rankings five times.
  • In September 2024, detections dropped off sharply after Apple remediated a popular Gatekeeper bypass technique abused by numerous malware families. 95 percent of stealer infections happened before September and just five percent occurred after, highlighting the dramatic and immediate impact that patching can have.

Recommended actions:

  • Limit unsanctioned VPN usage. Tighter policies around acceptable use of VPNs will mean that abuse is rare and becomes a potential signal of suspicious logins and other malicious activity when they are present.
  • Manage your centralized identity management solution. A central identity solution isn’t an excuse to kick back. Centralized identity solutions make organizations more secure, but they’re also a priority target for adversaries. Organizations should pay special attention to the evolving threat landscape and be careful to manage their identity infrastructure as safely and securely as possible.
  • Mitigate risk by making patching a top priority. It remains one of the best ways to protect yourself from risk. Unpatched vulnerabilities are one of the most common entry points for adversaries, making timely updates critical to reducing exposure.
  • Balance accessibility to cloud systems with protection. Verify that permissions and configurations are correctly set, and stay informed on how your organization uses cloud infrastructure. Distinguishing between legitimate and suspicious activity requires a deep understanding of what’s normal in your environment.
  • Assess and test your defenses. Look at the top threats and techniques and ask: ‘am I confident in my ability to defend each of these?’ Red Canary’s open source test library Atomic Red Team is free and easy to adopt. 

Learn more

About the Threat Detection Report

The full report is intended as a reference library for security practitioners to improve their ability to prevent, mitigate, detect, and emulate cyber threats. It offers detailed guidance on data sources that log relevant evidence of adversary behaviors, tools that collect from those data sources, insight into how security teams can use this visibility to develop detection coverage, and much more deeply actionable information.

The Threat Detection Report sets itself apart from other annual reports by offering unique data and insights, accompanied by recommended actions derived from a combination of expansive visibility and expert, human-led investigation and confirmation of threats.

Each of the nearly 93,000 threats Red Canary detected in 2024 were not prevented by the customers’ expansive security controls. They are the result of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.

Leave a comment »

MIND Reveals Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations

Posted in Commentary with tags on March 18, 2025 by itnerd

MIND™ today announced the release of The State of Data Loss Prevention – Current Struggles and Future Expectations. The report examines trends driving the need for data loss prevention (DLP) solutions to secure sensitive information from unauthorized access, leakage and theft, and key challenges as enterprise security teams struggle with outdated or incomplete tools. The report’s findings underscore the importance of modernizing DLP programs so that organizations can efficiently scale sensitive data visibility, classification, detection, remediation and loss prevention.

The report found that enterprise environments are more complex and data stores are exponentially growing, further exacerbating security team difficulties, such as maintaining and evolving DLP policies, dealing with a majority of alerts that are false positives and lack of resources to address and investigate every incident. In fact, 78% of organizations report being challenged in administering and maintaining existing DLP technology solutions and policies, and 94% report using at least two tools and, on average, more than three tools with DLP capabilities, resulting in significant man-hours to administer and maintain multiple solutions. Additionally, nearly all organizations (91%) said it is important to reduce alert noise produced by their current DLP controls due to simple, poor and outdated classification schemes.

These challenges highlight the importance of adopting a future-ready DLP strategy that autonomously discovers and classifies sensitive data that matter, proactively detects issues with a context-aware and risk-based approach and automatically prevents and remediates data leaks. By delivering on these modern capabilities, organizations can expect to experience unprecedented visibility and understanding of their data risks, simplified solution management, dramatic reduction of false positives and efficient data loss prevention and issue remediation.

The report’s key findings include:

  • Persistent data leaks: Despite using multiple DLP tools, 53% of respondents reported two or more unstructured data loss events that they know of and, on average, more than four data loss events in the last 12 months. There were likely many more data loss events that are unknown.
  • Lack of visibility and understanding of data risks: Organizations report that more than 73% of their unstructured sensitive data has not been discovered and classified, leading to potential data risk landmines and unknowns.
  • Debilitating alert fatigue: Organizations are overwhelmed by DLP alerts, with 92% either deferred/left for inspection  after 24 hours or false positives/not remediated. 47% of DLP alerts that are inspected within 24 hours are false positive.
  • Administrative burdens: 68% of companies manage multiple DLP policy sets across their IT environments with disparate, siloed tools.

Download the full report here.

Leave a comment »

New KnowBe4 Report Finds Education Sector Unprepared for Escalating Cyberattacks

Posted in Commentary with tags on March 17, 2025 by itnerd

 KnowBe4, today announced a new report, “From Primary Schools to Universities, The Global Education Sector is Unprepared for Escalating Cyber Attacks”.

The education sector was the most targeted industry for cyberattacks in 2024, according to several reports, including one from Check Point Research. The sector has also seen a stark increase in cyberattacks.

Key findings from the report include:

  • Both primary and higher education institutions heavily rely on third-party vendors for software-as-a-service, cloud storage, and IT services. This creates a risk, as vulnerabilities or breaches within third-party systems could later affect all institutions using these services, which often goes on undetected.
  • An attacker’s search for an open door is helped by the fact that with limited resources, and increasing demands for modernization, schools and universities often mix modern and legacy IT systems, which can leave highly sensitive personal information on outdated and exploitable systems.
  • In its 2024 Data Breach Investigation Report (DBIR), Verizon examined 30,458 security incidents in total, of which 10,626 were confirmed data breaches. Of these, 1,780 incidents (17%) were attacks against the education system,1,537 (14%) with confirmed data disclosure; a figure that put education in the top five of all industries breached globally.
  • In 2023, Trustwave researchers monitored 352 ransomware claims against educational institutions. Phishing stood out in the Trustwave study as the most commonly exploited method for gaining an initial foothold in an organization.

The report demonstrates the significant impact of security awareness training on reducing human risk in educational institutions. Employee susceptibility to phishing attacks dropped dramatically from 33.4% to 3.9% in small educational institutions after one year or more of sustained training and simulated phishing evaluations.

To download the report, visit here.

Leave a comment »

Cl0p Pwns Western Alliance Bank

Posted in Commentary with tags on March 17, 2025 by itnerd

 Western Alliance Bank over the weekend confirmed that it notified 21,899 people about an October 2024 data breach that compromised info such as SSNs, Tax ID Numbers, DOBs, Passports, etc. The infamous ransomware gang Clop has claimed responsibility for the breach. 

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech,wrote: 

“Clop, or Cl0p, is a high-profile ransomware group that first surfaced in 2019. Its latest wave of claims mostly involve exploiting vulnerabilities in the Cleo file transfer software, which is used by many organizations. Like some other ransomware groups, Clop doesn’t always encrypt files. Instead, it demands ransoms solely in exchange for not selling or publishing stolen data.”

“In 2024, Clop claimed nine confirmed ransomware attacks, plus 74 unconfirmed attacks that haven’t been acknowledged by the targeted organizations. 55 of the 74 unconfirmed claims are related to the same Cleo vulnerability used to breach Western Alliance Bank. In 2025, Cl0p has claimed responsibility for 332 unconfirmed attacks, the vast majority of which exploited Cleo.”

“Ransomware attacks on US finance can endanger clients and delay day-to-day operations until systems are restored. Banks and other financial institutions must either pay a ransom or face extended downtime, data loss, and putting customers at increased risk of fraud. In 2024, Comparitech researchers logged 61 confirmed ransomware attacks on the US finance sector, compromising more than 34.9 million records. The average ransom demand is $1.05 million.”

Clearly the fact that there’s a $10 million reward available for anyone who can serve up information on Cl0p has clearly not deterred them. Illustrating that crime does pay apparently. Speaking of rewards, if you do have information on Cl0p, this Tweet will help to get your info into the right hands.

Leave a comment »

KnowBe4 Sees 98% Spike in Phishing Campaigns Leveraging Russian (.ru) Domains

Posted in Commentary with tags on March 17, 2025 by itnerd

 KnowBe4 has observed a 98% rise in phishing campaigns hosted on Russian (.ru) top-level domains (TLDs) from December 2024 to January 2025, primarily used for credential harvesting. 

These Russian .ru domains are run by so-called “bullet-proof” hosting providers, that are known to keep malicious domains running and ignore abuse reports which is ideal for cybercriminals.  

Many of the phishing emails that we identified and investigated had passed through one or more security products including Exchange Online Protection, Barracuda Email Security Gateway, Mimecast, and Cisco Ironport. 

KEY FINDINGS 

  • 98% increase in phishing sites using .ru TLDs from December 2024 to January 2025 
  • 1,500 unique .ru domains identified as part of the campaign 
  • 377 new domains registered with “bulletproof” registrar R01-RU 
  • More than 13,000 malicious emails with the domain were reported 
  • 2.2% of observed emails from .ru domains were phishing emails  
  • 7.4 days average age of a .ru domain 

You can get the full details here.

Leave a comment »

« Older Entries
Newer Entries »