New KnowBe4 Report Reveals Spike in Ransomware Payloads and AI-Powered Polymorphic Phishing Campaigns

Posted in Commentary with tags on March 20, 2025 by itnerd

Today, KnowBe4 published its Phishing Threat Trend Report, Vol 5 which details threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025.

The report highlights the growing threat of ransomware and explores how cybercriminals are using sophisticated tactics to bypass native security and secure email gateways (SEGs).

It also examines how AI is being leveraged to create polymorphic phishing campaigns, how attackers are infiltrating the hiring process to access systems and data, and the increasing success of attacks evading traditional defenses.

Key Findings From the Report:

  • Between September 15, 2024 and February 14, 2025 there was a 17.3% increase in phishing emails compared to the previous six months.
  • 82.6% of all phishing emails analyzed exhibited some use of AI.
  • The report observes a 22.6% increase in ransomware payloads.
  • The phishing hyperlink, malware, and social engineering payloads getting through traditional detection have surged, with phishing hyperlinks increasing by 36.8%, malware by 20%, and social engineering tactics by 14.2% compared to the previous six months.
  • Additionally, there has been a 57.9% increase in attacks being sent from compromised accounts getting through traditional detection.
  • The top five legitimate platforms used to send phishing emails include DocuSign, Paypal, Microsoft, Google Drive, and Salesforce.
  • Currently the most impersonated brands include Microsoft, Docusign, Adobe, Paypal, and LinkedIn. 

For full details, see below release. The Phishing Threat Trends Report, Vol 5 is available for download here

Leave a comment »

SpyX data breach affects almost 2 million

Posted in Commentary with tags on March 20, 2025 by itnerd

It is being reported by HaveIBeenPwned.com that a consumer-grade spyware operation called SpyX was hit by a data breach last year. SpyX and two other related mobile apps had records on almost two million people at the time of the breach, including thousands of Apple users:

In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target’s email address and plain text Apple password.

Needless to say, that’s not good. Javvad Malik, Lead Security Awareness Advocate at KnowBe4 had this to say: 

“The irony of an entity purporting to offer surveillance capabilities itself falling prey to a breach is not lost with this one. However, this breach not only exposes the victims to further risks but starkly highlights the inherent vulnerabilities within these spyware operations.”

“The fact that a large number of Apple users were impacted is a reminder that while some technologies are more robust than others, no platform is invulnerable to being breached. Beyond the breach, the apparent inaction and silence by SpyX showcases a lack of responsibility.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech adds this: 

“By law, companies must report breaches like this to the authorities. SpyX is a UK-based company, and the UK has strict breach disclosure laws. SpyX appears to be in violation of those laws by knowingly not reporting a major breach. SpyX does business in the US, which also has breach disclosure laws. SpyX’s failure to report the breach is negligent and puts Apple users at risk, but it’s not surprising given the app’s shady business model.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy offers up this:

“It is inexcusable for a firm to experience a data breach and not notify the authorities and the affected parties. While normally I would applaud a stalkery firm like this being hit with hack attacks, data breaches like this one put millions of users at risk, possibly leaving Apple users open to being hacked on iCloud. Both UK and US laws require reporting of breaches like this, meaning SpyX could be subject to penalties from both countries.”

“iCloud users who have used SpyX should immediately visit the Have I Been Pwned website and enter their e-mail address(es) to determine whether their information was exposed in the breach.”

Now I went to HaveIBeenPwned.com and my iCloud email address isn’t part of the breach. Not that I expected it to be. But it doesn’t hurt to be sure. Regardless, it’s bad when a company who does what SpyX does gets pwned. Hopefully this not only serves as a wake up call in general, but people distrust SpyX to such a degree that they no longer exist.

Leave a comment »

York University and ventureLAB strengthen partnership with renewed Memorandum of Understanding

Posted in Commentary with tags on March 20, 2025 by itnerd

York University and ventureLAB signed a renewed Memorandum of Understanding (MoU) to expand their collaboration in talent development, research, and industry-driven innovation. This agreement reinforces their commitment to bridging academia and industry, creating opportunities for students, researchers, and entrepreneurs to drive growth in Canada’s technology sector.

As a leading innovation hub, ventureLAB’s mission is to power hardtech founders to build and scale globally competitive ventures that advance Canada’s knowledge-based economy, making this partnership a natural extension of its work in fostering a globally competitive technology ecosystem.

The MOU establishes a strong talent pipeline, connecting York University’s distinguished professors and researchers with ventureLAB’s influential network of founders. It also provides York University students with hands-on internship opportunities, equipping them with real-world experience in the hardtech, semiconductor, AI and medtech industries.

With the launch of York University’s new Markham Campus, this partnership is expanding to create even greater opportunities for students, faculty, and industry professionals. Located near the new campus, ventureLAB will serve as a key hub for experiential learning, giving students direct access to its state-of-the-art Innovation Centre and resources. This collaboration will drive new joint programming initiatives and strengthen the synergy between York University’s STEM, management, and business programs and ventureLAB’s dynamic innovation ecosystem. By fostering cutting-edge research, commercialization, and talent acceleration, York University and ventureLAB are shaping the future of Canada’s technology sector.

York University continues to be a valuable partner in ventureLAB’s flagship programs, including the Hardware Catalyst Initiative and Accelerate AI. As part of this renewed agreement, York University professors will now have direct access to ventureLAB’s leading-edge hardware lab, enabling groundbreaking research and industry collaborations that will drive advancements in Canada’s semiconductor, AI, and deep-tech industries.

This renewed partnership underscores the transformative potential of collaboration between academia and industry, creating a stronger pipeline of talent and innovation that will shape the future of Canada’s tech sector. As York University and ventureLAB continue to strengthen their alliance, they remain dedicated to fostering technological advancements, supporting high-impact research, and equipping the next generation of leaders with the tools to thrive.

Leave a comment »

Team Cymru Announces Integration With Microsoft Security Copilot to Bring Immediate AI-Generated Context to Security Teams

Posted in Commentary with tags on March 20, 2025 by itnerd

Team Cymru today announced the general availability of its Pure Signal™ Scout Plugin for Microsoft Security Copilot.

For two decades, Team Cymru has transformed the way security professionals monitor, analyze, and respond to potential threats. Now, these same capabilities enable SOC teams to take immediate action at scale. Using the Microsoft Copilot plugin, SOC teams can seamlessly query the Team Cymru Pure Signal™ data ocean, transforming tedious investigations with immediate, context rich AI powered responses.

Security Copilot is the first AI-powered security product that enables security professionals to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes. It combines an advanced large language model (LLM) with a security-specific model that is informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals.

Learn how to become AI-enabled with Copilot here

Leave a comment »

Apple won’t build a backdoor – yet iOS apps leak secrets anyway 

Posted in Commentary with tags on March 20, 2025 by itnerd

Apple’s UK encryption rollback has reignited the global debate on privacy. But while all eyes are on government backdoors, the latest Cybernews research exposes an even bigger risk – iOS apps are leaking sensitive data at scale, and Apple isn’t doing much if anything to stop it.

Last week, the Cybernews research team revealed that 71% of 156,000 iOS apps are leaking hardcoded secrets – a serious security flaw with major implications for businesses and consumers.

Now, their latest report dives deeper into the top 10 most commonly exposed secrets and why they pose a significant risk to user data, whether owned by consumers or businesses.

Here’s a quick look at the top 3 threats for businesses and individuals:

  • Project ID (Google) exposes app resources, logs, and potentially weakly secured services, increasing the likelihood of data breaches.
  • Google App ID can be used to impersonate apps, granting unauthorized access to user data, APIs, and backend systems.
  • API Keys (Google): if exposed, these can lead to unauthorized service access, risking data loss, tampering, and breaches of user privacy.

This is the first research of its kind at this scale – no one has ever published even approximate findings on Apple’s secret leaks before. These findings raise a bigger question: is Apple’s App Store security review failing to catch these weak spots? 

With stolen credentials linked to 31% of all breaches and an increasing reliance on mobile devices for sensitive transactions, this is a problem that app users and developers must address.

For more details, including a look at the most sensitive leaked secrets, read the full article here.

Leave a comment »

10000% VPN Surge in Turkey After Social Media Restrictions

Posted in Commentary with tags on March 20, 2025 by itnerd

VPNMentor just published a report about a staggering increase of VPN demand in Turkey amidst the controversial detention of Istanbul Mayor Ekrem İmamoğlu and after authorities restricted access to social media and messaging platforms across the country.

Their research team conducted an analysis of user demand data in Turkey after authorities restricted access to social media and messaging platforms and VPNMentor detected a surge of 10,104% in VPN demand.

You’ll find all the details to our findings here: https://www.vpnmentor.com/news/turkey-vpn-surge/

Leave a comment »

Bell Pure Fibre 8 Gbps now available for business in select areas 

Posted in Commentary with tags on March 20, 2025 by itnerd

Following up on Bell’s previous announcement regarding the re-launch of Bell Pure Fibre 8 Gbps for residential customers, Bell has passed along to me that this high-speed Internet option is now available for businesses in select areas of Ontario and Québec.

This significant speed increase offers businesses enhanced connectivity capabilities, supporting various business needs and applications. Bell Pure Fibre 8 Gbps provides businesses with a powerful Internet solution.

Currently, their 8 Gbps coverage includes the following areas (for residential and businesses):

Ontario:

  • Toronto, GTA (stretching from Ajax/Whitby to Brampton/Mississauga)
  • Ottawa and surrounding suburban areas (i.e., Kanata, Orleans)
  • London
  • Guelph
  • Kitchener
  • Georgetown

Quebec:

  • Montreal, Laval and GMA (Greater Montreal Area)
  • Québec City
  • Levis

Their 8 Gbps coverage will continue to expand, customers (whether residential or business) are encouraged to check Bell.ca regularly to see if they qualify.

Businesses interested in exploring this high-speed option can also learn more and review available plans by visiting Bell.ca/smallbusiness.

Leave a comment »

Guest Post: SAP Concur Delivers Joule, American Express Integration at Fusion 2025

Posted in Commentary with tags on March 20, 2025 by itnerd

At SAP Concur Fusion 2025 today, we are bringing together customers and partners to explore how SAP Concur delivers AI, and greater visibility, to travel and expense management. At the event, we’re debuting new product innovations and strategic partnerships that harness AI, enhance visibility, automate tasks, and drive compliance—unlocking new efficiencies, spend insights, and improved employee experiences.

SAP Concur Debuts Joule with Concur Travel and Expense

SAP is transforming the way businesses run with Joule, its generative AI copilot. Now, this evolution will extend to business travel and expense management. SAP is embedding Joule in SAP Concur solutions, bringing the portfolio one step closer toward a fully automated travel and expense management process. In Concur Expense, Joule helps to ensure that expense reports are ready for submission with minimal effort. For example, Joule can assemble a timeline view of expenses, review for mistakes or missing expenses, and make recommendations for how best to complete the expense report. Additionally, Joule can answer employees’ questions so they no longer have to search through Concur Expense or the SAP Help portal, resulting in fewer support cases and improved efficiency for both employees and administrators. Joule with Concur Expense is expected to be generally available in the second quarter 2025.

SAP Concur also will embed Joule in Concur Travel initially to help with planning locations for offsite meetings. Joule can provide meeting location recommendations and high-level flight and hotel cost estimates based on meeting attendees’ origination points. Once the meeting site and hotel options are selected, Joule will create an email template to send to team members with a link to book directly in Concur. Joule with Concur Travel is available now as part of the early adopter program with general availability expected later this year.

Automating Expense Management in Concur Expense

SAP Concur and American Express (Amex) are expanding their partnership to simplify expense management for shared customers. One-third of SAP Concur customers use the Amex corporate card to capture expense transactions. To streamline the end-to-end experience, SAP Concur and Amex are launching a real-time authorization data capability whereby American Express Corporate Card purchases automatically generate and categorize expenses, starting with meal transactions, in Concur Expense at the time of spend. This integration will include real time mobile notifications via the Concur mobile app that alerts the employee with expense policy reminders in the moment to help drive policy adherence and minimize manual effort.

The most common type of expense submitted within Concur Expense is meals. In fact, a quarter of all expenses are meals, which is why the capability will first be available for meal expenses. For example, when users purchase lunch with their Amex Corporate Card, an expense entry is automatically created and the user can be notified if additional information is required, such as capturing the receipt image or adding attendees.

SAP Concur is on a journey to fully automate the expense management process, from purchase to reimbursement. Last year, we took a big step with our partnership with Mastercard. With the integration, meal expenses purchased with participating Mastercard corporate cards are automatically populated in Concur Expense, and alerts are issued if any additional information is needed.

We’ve heard from customers that they love the hands-free experience, commenting:

  • The automation is really nice, and keeps the trips organized.
  • Much faster data, and less time organizing expense reports.
  • Solicits faster receipt capture while reducing duplicate risk.

We’re working to expand access to the integration so more Mastercard customers can benefit from a simpler and more efficient experience.

“At SAP Concur, we’re creating a world where travel and expenses practically manage themselves,” said Brian Veloso, Managing Director at SAP Concur Canada. “We continue to deliver on that journey with these touchless experiences enabled by industry-leading generative AI and close partnerships with top payment providers.”

Additionally, American Express Global Business Travel has integrated its hotel marketplace, featuring over 2 million properties across 180 countries with competitive rates, into the new Concur Travel solution, providing customers access to comprehensive hotel content, including negotiated programs and preferred partner rates.

With its Concur Travel and Expense solutions, SAP remains the market share leader for worldwide travel and expense management software, with 49.6 percent 2023 market share [source: IDC]. These leading solutions are part of the SAP Business Suite, SAP’s comprehensive portfolio of integrated solutions that combines our core Cloud ERP and Line of Business applications, fueled by the world’s most powerful business data and actionable AI.

“We are redefining the business travel experience, raising the bar for integrated travel and expense management like never before with the power of SAP Business AI,” said Brian Veloso, Managing Director at SAP Concur Canada. “It’s exciting to see our large, global customer base benefit from continual innovations that enhance the user experience and serve the needs of travelers, travel managers and CFOs.”

To learn more about announcements at SAP Concur Fusion or to join the virtual event visit here.

Leave a comment »

Pennsylvania State Education Association notifies 500K people of data breach VIA a ransomware gang

Posted in Commentary with tags on March 19, 2025 by itnerd

The Pennsylvania State Education Association this week confirmed it notified 517,487 people of a July 2024 data breach that compromised the following personal info including SSNs, passwords, routing numbers, credit/debit card numbers, and a lot more. 

Ransomware gang Rhysida claimed responsibility for the breach in September 2024 but the PSEA has not yet verified Rhysida’s claim.

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote: 

“Rhysida is thought to have ties to the ransomware group Vice Society and first surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom both for deleting stolen data and for a key to restore infected systems. Rhysida has claimed 82 confirmed ransomware attacks since it began, compromising more than 5.3 million records. Its average ransom demand is $1.08 million.”

“Ransomware attacks can both steal data and lock down computer systems. Organizations are then forced to either pay a ransom or face extended downtime, data loss, and putting data subjects at increased risk of fraud.”

“In 2024, Comparitech researchers logged 74 confirmed ransomware attacks on the US education sector, 72 of which were against schools and colleges. These attacks compromised more than 3 million records in total. Rhysida’s attack on the PSEA is the third-largest of the year by number of records affected. The largest such attacks in 2024 were on Texas Tech University Health Sciences Center (1.5 million) and Chicago Public Schools (700,000).”

“In 2025 so far, we are tracking nine confirmed ransomware attacks on US education, plus another 31 unconfirmed claims that haven’t been acknowledged by the targeted organizations.”

This is yet another bad situation where a threat actor is about to cause lots of misery to lots of people for many years to come. That illustrates why we all need to wrap our heads around protecting organizations from threat actors who mean to do harm to us all.

Leave a comment »

StilachiRAT Targeting Credentials and Crypto Wallets Warns Microsoft

Posted in Commentary with tags on March 19, 2025 by itnerd

News of a novel remote access trojan named StilachiRAT, which Microsoft has warned employs advanced techniques to sidestep detection and persist within target environments.

In November 2024, Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) we named StilachiRAT that demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored in the clipboard, as well as system information.

Microsoft has not yet attributed StilachiRAT to a specific threat actor or geolocation. Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time. However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape.

Erich Kron, Security Awareness Advocate at KnowBe4, has the following comments:

“People who work or play in the cryptocurrency world are significant targets for bad actors due to the unregulated nature of the funds, the possibility for anonymity, and the fact that once a transaction is complete, unlike with wire transfers or other more traditional methods, there is no way to undo it.”

“As cryptocurrency continues to become more mainstream, attackers will adjust their tactics as they refine their efficiency and speed. Many people just getting started with cryptocurrency are not familiar with its pitfalls, and are sometimes excited to make a profit, so they take foolish risks.”

“For those people dealing with cryptocurrency, it is important that accounts use extremely strong passwords that are unique and impossible to guess. In addition, accounts should be protected by MFA, and the individuals should educate themselves about common cryptocurrency scams and cyberattack methods.”

This is all good advice not just for anyone in the crypto space, but in general. Things like MFA and strong passwords are going to mitigate threat actors like this one from carrying out attacks of any sort. Crypto related or not.

Leave a comment »

« Older Entries
Newer Entries »