“TgToxic” PW stealer uses SMS Text To Hack phones

Posted in Commentary with tags on February 26, 2025 by itnerd

A Feb. 24 analysis by Intel471 threat intelligence researchers details upgrades to the TgToxic Android info-stealing trojan, enhancing its evasion tactics and attack scope. Though first observed by security experts in July 2002, Intel471’s report highlights a newly updated version detected in the wild.

TgToxic was designed from the ground up to steal user credentials and originally targeted Southeast Asian users. This new version has expanded its geographic reach, and as of October 2024, it includes both Europe and Latin America.

Ted Miracco, Approov CEO had this to say:

  “TgToxic stands out as a highly sophisticated Android banking trojan due to its advanced anti-analysis techniques, including obfuscation, payload encryption, and anti-emulation mechanisms that evade detection by security tools. Its use of dynamic command-and-control (C2) strategies, such as domain generation algorithms (DGA), and its automation capabilities enable it to hijack user interfaces, steal credentials, and perform unauthorized transactions with stealth and resilience against countermeasures.

  “Mitigating threats like TgToxic demand an advanced security approach. While MFA is essential, it’s no longer sufficient on its own. Implementing Runtime Application Self-Protection (RASP) for real-time threat detection and leveraging device attestation to verify integrity are critical steps to ensure robust security in today’s evolving threat landscape. Over-the-air (OTA) updates should also be mandatory security practices for mobile fintech applications as you must react quickly to new threats and cannot be dependent upon AppStores to release updates. “

I would suggest that those responsible for managing devices in their organization read the mitigation section of this report by Intel471 as they offer a lot of good advice in terms of how not to be a victim of this threat. And of course, everyone should practice good computing habits to stay safe.

Leave a comment »

Apple Rolls Back Advanced Data Protection Due To UK Government Demands

Posted in Commentary with tags on February 26, 2025 by itnerd

Apple has a really cool feature for those who are paranoid about their security called advanced data protection. Here’s what Apple says it does:

Advanced Data Protection for iCloud is an optional setting that offers Apple’s highest level of cloud data security. When a user turns on Advanced Data Protection, their trusted devices retain sole access to the encryption keys for the majority of their iCloud data, thereby protecting it with end-to-end encryption. For users who turn on Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises from 14 to 23 and includes iCloud Backup, Photos, Notes, and more.

The problem with that, if you want to call it a problem, is that nobody including Apple can look at your data. That was a problem for the UK government apparently who demanded a “backdoor” so that they could look at anything that they wanted. Apple’s response to that was to pull the feature from the UK. That’s a non-trivial move. And Vincentas Baubonis, Head of Security Research at Cybernews agrees:

“Apple’s decision to drop Advanced Data Protection in the UK is a massive step backward for user privacy. End-to-end encryption is what keeps personal data truly safe – without it, iCloud backups become a goldmine for hackers, governments, and anyone looking to exploit sensitive information.

The biggest concern here is that Apple made this decision under government pressure. If the UK can force one of the world’s most powerful tech companies to weaken security, other governments will take note and may push for similar concessions. This could lead to a domino effect where encryption is gradually abandoned, and that would put users everywhere at greater risk.

In cases like this, it’s not just law enforcement that benefits – cybercriminals do too. A single security vulnerability can open the floodgates to mass data breaches, identity theft, and financial fraud. Now, millions of UK users have fewer options to secure their personal data compared to users in other countries – at a time when cyber threats are escalating for both individuals and businesses.

Instead of increasing safety, stripping encryption protections makes people more vulnerable. If governments truly want to protect their citizens, they should be pushing for stronger encryption, not weaker.”

Now nobody knows what Apple’s reasoning for pulling this feature might be. And we may never know. But it would have been nice to have Apple stand up to the UK government on this because every citizen deserves privacy. Including from their governments.

Leave a comment »

NordLayer unveils plans for revolutionary enterprise browser

Posted in Commentary with tags on February 26, 2025 by itnerd

NordLayer, a toggle-ready network security platform for business from the cybersecurity powerhouse that created NordVPN, is preparing to launch a new-generation enterprise browser. The upcoming NordLayer Enterprise Browser, built on years of experience developing tools to combat cyber threats, will feature a wide range of security capabilities to protect modern businesses as their daily tasks shift to the web.

Gartner predicts that by 2030, enterprise browsers will be the go-to platform for productivity and security. They’ll work across both managed and unmanaged devices, making hybrid work smoother than ever. 

The NordLayer Enterprise Browser will help organizations to navigate and combat the cybersecurity challenges emerging from current workplace trends, such as the shift to a web-based software-as-a-service (SaaS) application environment. According to research, 50% of employees claim they can complete all of their work using a web browser, and 80% rely on one for most tasks due to the growing transition to the web. 

The switch from desktop to web-based apps requires more safety measures in the browser itself. The enterprise browser will provide defense against critical web-based threats, including phishing attacks, malware infiltration, unauthorized data sharing, and dangerous file transfer vulnerabilities. NordLayer’s solution will offer centralized security control for CISOs and security teams. It will make setting up and enforcing advanced security policies in the browser easier, safeguarding sensitive business data. Additionally, the product will provide high-level observability and quicker incident response, while the built-in security features will ensure stronger threat prevention. 

The enterprise browser will also address the risks associated with the increasing adoption of the bring your own device (BYOD) policy. Two-thirds of surveyed organizations estimate that at least 50% of devices on their network are unmanaged. The NordLayer Enterprise Browser will simplify network security for organizations with unmanaged devices. It will eliminate the need to deploy and maintain other endpoint software on personal hardware and lower the expenses of containing unmanaged devices on an organization’s network. Consequently, the browser will refine device oversight by allowing companies to transition from fully managed to partially or unmanaged hardware, reducing device management costs in general.

The product will further support BYOD equipment, ensuring employees can securely access the organization’s resources through the browser alone without installing additional intrusive security apps on personal devices, providing a user-friendly experience.  

Key capabilities to expect from the NordLayer Enterprise Browser:

  • Enhanced security measures and more control. The solution will offer high-level observability and full-scale response features — all in one package.
  • A combination of ZTNA and SWG for a unified solution. The browser will merge years of NordLayer experience and capability to combine zero trust network access (ZTNA) and secure web gateway (SWG) features into one solution.
  • Data loss prevention (DLP)Controls for copy-paste functionality as well as camera and microphone use and prevention of unauthorized downloads and uploads will help protect sensitive company information. 
  • Centralized control. The enterprise browser will allow CISOs and security teams to establish and enforce advanced security policies for all users effortlessly.
  • Support for business growth. Designed to scale with businesses, it will ensure security without disrupting workflows or compromising employee productivity. 

To join the waitlist, please visit NordLayer’s website.

Leave a comment »

BlueCat appoints Peter Brennan as Chief Revenue Officer

Posted in Commentary with tags on February 26, 2025 by itnerd

BlueCat Networks has announced Peter Brennan as its new Chief Revenue Officer (CRO).

Brennan, who joined the company in January, is responsible for driving revenue growth and providing leadership for field teams, including sales, technical, channel, and alliances. Previously, he was the CEO for Scality, Inc., a leader in software-defined storage and data management, and the worldwide CRO for Scality, Grp.

Earlier in his career, Brennan achieved record growth over two decades in executive roles at Hewlett Packard Enterprise and VMware.

In October, BlueCat announced it was acquiring LiveAction, Inc., a global provider of network observability and intelligence solutions. Adding LiveAction’s industry-leading network performance monitoring, packet capture, and forensics offerings has strengthened BlueCat’s mission-critical DNS, DHCP, and IP address management (together known as DDI) and network infrastructure management solutions. Audax Private Equity is a strategic growth investor in BlueCat Networks.

Leave a comment »

Business Disruption, AI-Assisted Attacks, Insider Threats and Accelerated Intrusions on Multiple Fronts Define the New Cyberthreat Landscape says Palo Alto Networks

Posted in Commentary with tags on February 26, 2025 by itnerd

Palo Alto Networks Unit 42 released its 2025 Global Incident Response Report, revealing that 86% of major cyber incidents in 2024 resulted in operational downtime, reputational damage or financial loss.

The report (based on 500 major cyber incidents that Unit 42 responded to across 38 countries and every major industry) highlights a new trend: financially motivated attackers have shifted their focus to deliberate operational disruption, prioritizing sabotage – destroying systems, locking customers out and causing prolonged downtime – to maximize impact and pressure organizations into paying extortion demands.

The 2025 Global Incident Response Report highlights several trends:

  • Cyberattacks Are Moving Faster than Ever
  • The Rise of Insider Threats 
  • Multipronged Attacks Are the New Norm
  • Phishing Makes a Comeback
  • Cloud Attacks Are Increasing
  • AI Is Accelerating the Attack Lifecycle 

The speed, sophistication and scale of attacks have reached unprecedented levels with AI-assisted threats and multipronged intrusions, underscoring that organizations faced an increasingly volatile threat landscape in 2024.

To see the results from this year’s report, please visit the accompanying blog as well as the full report.

Leave a comment »

Bridgetown Research raises $19M from Lightspeed and Accel to deploy AI business research agents

Posted in Commentary with tags on February 26, 2025 by itnerd

Strategic business decisions have traditionally been expensive and slow for a fundamental reason: they don’t happen enough. This means companies lack both historical data to learn from and experts who have seen enough similar cases. Bridgetown Research is changing that. Today, the AI decision science startup announced $19 million in Series A funding led by Lightspeed and Accel, with participation from a leading research university.

Bridgetown Research has developed AI agents that autonomously execute research. Most notable amongst these agents are voice bots trained to recruit and interview industry experts, gathering primary data that can be analyzed alongside alternative data sourced from their partners. 

Founded by Harsh Sahai, who previously led machine learning teams at Amazon before leading strategy engagements at McKinsey & Co., Bridgetown Research was born from a simple observation: the majority of business analyses are a permutation of a small number of automatable tasks. The founding team, comprising former professionals from McKinsey, Bain, Amazon, and leading tech startups, brings together extensive experience across strategy consulting and technology.

While many AI solutions focus on searching and summarizing information using LLMs, real world business decisions require much more than synthesising the open web. They need proprietary data such as primary data from experts and customer surveys, along with frameworks to understand markets, what Harsh Sahai calls “ontologies”. Moreover, outputs need to be repeatable and auditable for a business to use them to make decisions with tens of millions of dollars at stake. Bridgetown Research is the only player using agents to gather primary data and systematically find patterns in it to generate original insights. 

Bridgetown Research started with a focus on private equity deal screening diligence. Multiple top-tier PE & VC firms already use Bridgetown Research for deal screening and deeper commercial diligence. They’re able to screen their pipeline much faster with initial analysis taking 24 hours instead of weeks without Bridgetown enabling teams to focus on actual decision making instead of research and analysis. For other customers Bridgetown has enabled voice of customer conversations that cover hundreds of respondents in parallel, and within days. 

As global markets become increasingly complex, the demand for efficient and effective decision-making tools continues to rise. With this funding round, Bridgetown Research plans to invest further in training its AI agents to perform a broader set of analyses across a broader range of domains, and deepening industry partnerships to enhance access to domain-specific intelligence.

Leave a comment »

The World Is Losing Its Mind Over The Bug Related To Trump On Apple Devices

Posted in Commentary with tags on February 26, 2025 by itnerd

Yesterday it came to light that there’s a bug on iOS devices where if you use the dictation function, and say the word “Trump” as in Donald Trump, it prints the word “Racist”. Now I did test this and I could reproduce this. But I could get other words to appear. But it really doesn’t matter at this point as the planet is hung up on the “Trump” and “Racist” connection. And all the usual nonsense that you would expect to happen is happening.

Scott Stephenson, Founder and CEO of Deepgram had this comment:

“AI is only as smart as the data it’s trained on. Voice recognition should be about understanding, not assuming. This is a reminder that companies need to constantly refine their models to avoid bizarre and potentially harmful mix-ups. The goal isn’t just accuracy, it’s trust.”

“Voice AI is exploding because, let’s face it, talking is faster than typing. But speed means nothing without precision. If AI can’t truly understand what we’re saying – accents, slang, emotions – then it’s just noise. The next wave of innovation is about making AI listen smarter, not just faster.”

On one hand, I am surprised that this wasn’t caught in QA. But on the other hand, I am not surprised because how far do you go to test a speech to text engine like this one? You can’t test every single word or name out there. Thus you can expect something like this to happen again. And chances are there’s nothing nefarious going on.

Leave a comment »

Guest Post: Is Cyber a Frog in the AI-Native Pot? 

Posted in Commentary with tags on February 26, 2025 by itnerd

By Tom Tovar, CEO of Appdome

Everyone knows the story of a frog placed in a pot of cold water. As the water heats up, the frog remains still until it’s too late. Today, the cyber function faces the same challenge as the frog, as the rest of the enterprise transitions to AI Native.

What is AI Native? 

“AI Native” refers to organizations, teams, or functions that fully integrate artificial intelligence into core operations. Rather than treating AI as an add-on, these entities leverage AI as a foundational element of their business, execution, delivery, and decision-making. They operate with AI at their core, embedding it into every process for speed, automation, improved efficiency, and to reduce dependencies on human capital, and other resources.

The Enterprise-Wide Shift Towards AI Native 

Across industries, enterprises are now shifting to an AI-Native approach. In 2025, key parts of the enterprise are moving beyond experimentation to complete restructuring. Departments, workflows, decision-making, and strategic planning are being reshaped around AI-driven automation and analysis for productivity. Key areas include:

  1. Software Development and Engineering: AI-powered coding assistants accelerate development, improve software quality, and streamline DevOps with automated testing and CI/CD processes. 
  2. Marketing: AI-driven platforms analyze consumer behavior, enabling hyper-personalized campaigns and optimized ad spend. 
  3. Customer Support & Experience: AI chatbots can handle customer service at scale, reducing dependence on humans.
  4. Fraud & Risk Management: AI enhances for fraud detection and risk modeling, quickly identifying anomalies and mitigating financial risks.
  5. Supply Chain and Logistics: AI predictive analytics optimize inventory while automating procurement and delivery. 
  6. HR and Talent Management: AI streamlines recruitment, identifies top talent faster, and enhances workforce management.

The goal is clear: faster decision-making, increased efficiency, and minimized human error while maximizing value. 

Cybersecurity Must Adapt…or Get Boiled Alive

Currently, cybersecurity teams focus on addressing the risks of AI adoption rather than embedding AI into their own cyber operations. This misalignment threatens their role as enterprises adopt AI-Native models at an accelerated pace. Without becoming AI-Native, the water will get too hot too fast. Cyber teams are falling behind as AI-Native organizations accelerate.  

Why Cybersecurity Must Go AI-Native Now

Cybersecurity must go beyond AI-enhanced tools. Here are the top 5 reasons why the cyber teams need to go AI-Native:

  1. AI-Driven Threats Require AI-Driven Defense

Cybercriminals leapt into the AI boom to create highly sophisticated attacks, from deepfake-powered facial recognition bypasses to large-scale social engineering attacks at scale and autonomous malware evading detection. To counter these threats, organizations need an AI-Native defense that adapts, responds, and mitigates attacks in real time..

  • Maintain Control of the Defense Lifecycle 

An AI-Native approach automates the entire defense lifecycle, including defense delivery, compliance, threat identification, and incident response, as well as guiding end users through resolving an attack. Gone are the days when the cyber function and the security operation center (SOC) could rely on AI for threat detection, but still depend on manual processes to resolve threats. With AI-Native cybersecurity, teams can control automatically every aspect of defense, eliminating delays caused by dependencies on multiple departments and manual actions. 

  • Improve Decision-Making & Incident Response

Security leaders rely on multiple data sources, logs, and reports. AI-driven analytics provide deep insights and early warnings on emerging threats, along with benchmark comparisons and dynamic risk analysis. An AI-Native approach accelerates decision-making in incident response, automating defenses in real time before escalation.

  • Eliminate Dependence on Other Departments

Many security teams are constrained by IT, engineering, and operations for critical tasks like threat modeling, infrastructure changes, and security tool integrations. With AI-Native defense, the cyber function can automate defense delivery independently of external teams. Now security teams can automate defense enforcement, reducing delays while accelerating security measures. 

  • Guarantee Business Protection and Revenue Security

As AI drives efficiency across enterprise functions, cybersecurity teams must keep up with rapid innovation. New applications, capabilities, revenue sources, threats, and vulnerabilities are evolving faster than ever. AI-Native security delivers continuous fraud prevention, automated security updates, and preemptive threat mitigation. With AI-Native, cyber and fraud defenses can be deployed instantly and ensure continuous defense.

Cyber’s Top Priority for 2025: Become AI Native.  

Looking forward, CISOs and cybersecurity teams can no longer afford to see AI merely as a tool but must embrace AI as their foundation. Just as other enterprise functions use AI for speed, efficiency, and agility, cybersecurity must do the same – eliminating manual tasks, handoffs and learning curves.

With AI-Native, cyber teams use technology platforms to automate the entire defense lifecycle, ensuring readiness, reducing bottlenecks, and ensuring that security, ant-fraud and bot defense are delivered continuously. The future of cybersecurity isn’t just AI-aided — it’s AI-Native. Don’t be the cyber frog in the pot. The time to act is now.

Leave a comment »

Microsoft 365 Targeted by Massive Botnet in Password Spraying Attacks

Posted in Commentary with tags on February 26, 2025 by itnerd

Researchers have discovered botnet of over 130,000 compromised devices that is launching password spraying attacks against Microsoft 365 accounts. Most if not all of which are service accounts. Details can be found here:

https://securityscorecard.com/research/massive-botnet-targets-m365-with-stealthy-password-spraying-attacks/

Darren James, Senior Product Manager at Specops Software, commented:

“This is certainly an interesting and often overlooked attack vector, password spraying of service accounts rather than users.

Service Accounts are regularly used to run business critical systems, their passwords are rarely changed, don’t have any type of 2FA applied and they usually have some elevated privilege depending on their function. Meaning they are a good target for attack.

We often see service accounts on our breached password and duplicate password reports when customers run our free tool Specops Password Auditor. These passwords are usually set by the IT admin who is installing the service and then never changed again, and it’s fairly common that the passwords set on these accounts aren’t strong or may have been used on other accounts in the past.

When we are discussing the results of the report, admins are always worried about making changes to service accounts as that might cause disruption to a business critical solution, but as this latest attack highlights, that approach does leave companies at risk.

Businesses should look to enforce very strong and long passwords on service accounts wherever possible, scan these accounts continuously for breached passwords, enforce the use of password vaults and randomly generated passwords for these types of accounts, or if possible, move to using a managed service account that allows the system to set, and regularly change, the passwords of service accounts without human intervention.”

Now would be a good time to change any Microsoft 365 service accounts passwords. Because the only reason why this attack is out there, is because it is likely meeting with some amount of success.

Leave a comment »

CHIPS Act At Risk Because Of DOGE

Posted in Commentary with tags , on February 26, 2025 by itnerd

The CHIPS Act (Creating Helpful Incentives to Produce Semiconductors Act) is likely to be severely impacted by DOGE, notes the author of this post CHIPS Act dies because employees are fired – NIST CHIPS people are probationary on SemiWiki, an open forum for semiconductor professionals.

The CHIPS Act was passed to advance US silicon supply chain security, R&D and stability. The post cites informed sources as reporting that the National Institute of Standards and Technology (NIST) is preparing to cut 497 people, including 74 postdocs, 57% of CHIPS staff focused on incentives, and 67% of CHIPS staff focused on R&D. The post also notes that President Trump has also not yet announced a nominee to head up NIST.

Willy Leichter, CMO, AppSOC, offers perspective:

  “As the Trump administration continues to indiscriminately hack its way through federal agencies, the latest victim appears to be NIST, reportedly losing at least 500 staff. Using the logic of “last in, first out,” DOGE is ignoring the merits of employee roles or projects, and simply terminating anyone they can easily dump. The other mandate seems to be to kill any initiative of the Biden administration, regardless the context or value. On the chopping block are the new AI Safety Institute, tasked with ensuring safety of AI models and systems, and the Chips for America program intended to protect sensitive chips technology from foreign (largely Chinese) theft. This comes on top of dismantling public/provide collaboration with the Cyber Safety Review Boards.

  “NIST provides a critical backbone for all cybersecurity with essential resources such as the National Vulnerability Database. The agency is small by federal standards with only 3,400 employees. Cutting 500 jobs is about 15% of the total workforce – an enormous cut, at a time when cyber risks are accelerating and direct attacks on U.S. critical infrastructure and government systems have never been higher. AI is also a massive security wild card, and destroying important government safety checks could be devastating. The net effect will be to demoralize a critical and highly respected agency, embolden our adversaries to ratchet up their attacks, and put all of us at a direct financial and security risk.”

This is another short sighted and frankly stupid move by Trump and Elon Musk that will only result in the USA being hurt in the process. You have to wonder when these two will figure that out. I’m guessing that they will only when it’s way too late.

Leave a comment »

« Older Entries
Newer Entries »