Guest Post: Safer Internet Day – Getting Serious With Passwords

Posted in Commentary with tags on February 11, 2025 by itnerd

By Darren James – Senior Product Manager and cyber security expert at Specops Software

To celebrate Safer Internet Day (SID) and raise further awareness around promoting the safe and positive use of digital technology for the theme “Together for a better Internet,” we’ve decided to focus on a critical element within security that many people will be familiar with but seemingly don’t give due attention: passwords.

For the modern person, our daily lives largely involve the internet. Whether that be online banking, connecting with friends and family on social media, checking email, shopping for groceries, or so on. Access to all of these services requires a login and a password. Now, you may think users are using strong, unbreakable, long passwords, not least because many sites now mandate passwords to meet certain requirements. After all, passwords are often all that separates the outside world from gaining entry to our sensitive information.

However, this isn’t the case as many people are still either not changing the default password or using generic, easy-to-crack credentials instead. Speaking plainly, most of us are guilty of using lazy passwords, or reusing credentials at some point in our lives.

This poor display of security behaviour is very visible in the working world and our recent findings in the 2025 Breached Password Report only highlight the critical importance of SID’s mission in improving cybersecurity habits for everyone.

The password “123456” was the most frequently compromised, appearing in more than 1.4 million leaked credentials. Alarmingly, among the 1.8 million breached administrator credentials, 40,000 admin portal accounts used “admin” as the password, highlighting that even IT professionals may not be prioritizing security.

Over a 12-month period, more than one billion credentials and passwords were stolen through malware attacks. This alarming statistic underscores the need for robust cybersecurity measures and increased awareness about online threats.

One of the key findings is that 230 million of the stolen passwords met common complexity requirements (over eight characters, including uppercase letters, numbers, and special characters). This indicates that adhering to standard password policies alone is insufficient to protect against sophisticated attacks.

With breaches often costing companies millions for each incident, the cost of lazy passwords could be seriously detrimental to any business.

The stats highlight the brutal truth that relying on end users to maintain strong password security is a losing battle. Even with cybersecurity training and strict password policies, human error remains the weakest link. Security professionals must take a proactive approach (that does not rely on end users) by implementing robust security measures – such as multi-factor authentication (MFA) and password managers – rather than assuming awareness alone will keep systems secure.

Enhancing password security is crucial for protecting organizations against cyber threats. Here are five key tips to strengthen your organization’s password practices:

Train Employees on Secure Password Practices

Educate staff on password security risks, such as weak storage methods and easily guessed passwords. Ultimately, we want to help users by providing detailed, local language feedback when they set or change their passwords.

Enforce Strong Password Policies

We want to encourage the use of longer passphrases, using memorable words so that users are less likely to write them down. Policies can include increased password expiry time but to avoid users incrementing the same password, organizations must continuously check the password and require it to be changed if it becomes breached. Furthermore, certain departments or individuals may require specific password policies for compliance requirements, so this needs to be accounted for.

Defend Against Brute-Force Attacks

Protect accounts by locking them after multiple failed login attempts and blocking suspicious IP addresses. Configure these settings in Active Directory and other security systems. Organizations can start by blocking easy-to-guess passwords that might relate to the company or business.

First-Day Password & Promptly Deactivate Departing Employee Accounts

When a new employee joins, having a “First Day Password” security capability will enable the user to securely set their initial password, eliminating the need for IT to share temporary credentials and reducing onboarding security risks. Moreover, when an employee leaves the company, immediately disabling accounts will prevent unauthorized access. Updating shared passwords will also minimize security risks.

Implement Multi-Factor Authentication (MFA)
Strengthen security by requiring multiple verification steps, ensuring access is not solely dependent on passwords.

With Safer Internet Day 2025, we can’t let another year pass and not take the required action. It’s imperative to reflect on these findings and take proactive steps to safeguard our digital lives. By working together, we can create a more secure and trustworthy internet for all. Furthermore, by adopting these strategies, your organization can significantly improve its password security posture and reduce the likelihood of breaches related to compromised credentials.

Leave a comment »

AppSOC Tests DeepSeek And Finds A Wide Range Of Flaws

Posted in Commentary with tags on February 11, 2025 by itnerd

AppSOC, specialists in AI governance and application security, today published “Testing the DeepSeek-R1 Model: A Pandora’s Box of Security Risks detailing in-depth model testing that reveals a wide range of flaws with high failure rates. 

Through a combination of automated static analysis, dynamic tests, and red-teaming techniques, the DeepSeek-R1 model was put through scenarios that mimic real-world attacks and security stress tests using AppSOC’s AI Security Platform and risk scoring.

Among alarming results: 

  • Jailbreaking: Failure rate of 91%. DeepSeek-R1 consistently bypassed safety mechanisms meant to prevent the generation of harmful or restricted content.
  • Prompt Injection Attacks: Failure rate of 86%. The model was highly susceptible to adversarial prompts, resulting in incorrect outputs, policy violations, and system compromise.
  • Malware Generation: Failure rate of 93%. Tests showed DeepSeek-R1 capable of generating malicious scripts and code snippets at critical levels.
  • Supply Chain Risks: Failure rate of 72%. The lack of clarity around the model’s dataset origins and external dependencies heightened its vulnerability.
  • Toxicity: Failure rate of 68%. When prompted, the model generated responses with toxic or harmful language, indicating poor safeguards.
  • Hallucinations: Failure rate of 81%. DeepSeek-R1 produced factually incorrect or fabricated information at a high frequency.

You can read the research here.

Leave a comment »

Aptum Welcomes Jaime Konzelman as Chief Revenue Officer

Posted in Commentary with tags on February 11, 2025 by itnerd

Aptum, a hybrid cloud, infrastructure, networking and managed services provider, today announced the appointment of Jaime Konzelman as Chief Revenue Officer. In this role, she will lead Aptum’s go-to-market strategy, overseeing sales, partnerships, and marketing to help customers make the most of their cloud investment. 

Konzelman brings more than two decades of experience with Fortune 500 and 1000 companies across industries including entertainment, hospitality, and IT managed services. Her expertise in selling complex IT services, leading high-performing teams, and empowering people aligns with Aptum’s mission to simplify IT complexities and unlock tech freedom for its customers. 

Konzelman was most recently Vice President and General Manager, Americas Sales at Rackspace Technologies. She began her career with the Walt Disney Corporation and has held leadership roles at Unisys, Atos, Xerox, Acxiom and MGM Resorts. As a dealmaker at Atos, she secured more than US$3 billion in IT services contracts, earning multiple accolades, including ISG’s Sales Leader of the Year and Atos’ President’s Club recognition.

A bestselling author, Harvard-trained leadership facilitator, motivational speaker, and executive coach, Konzelman has developed proprietary training programs to help teams and individuals achieve outstanding results. She holds a B.S. in Business Management from the University of Massachusetts and an A.A.S. in Business Administration from the Borough of Manhattan Community College. A passionate triathlete, she also serves on the board of Rockin Runners in Las Vegas. 

Leave a comment »

EnGenius Technologies Announces Zoom Certification for Extreme-Range Phone System

Posted in Commentary with tags on February 11, 2025 by itnerd

EnGenius Technologies has successfully obtained certification for their extreme-range phone system, DuraFon ROAM, from Zoom Communications, Inc., a renowned innovator in seamless collaboration technologies. Together, these solutions are enhancing connectivity by aligning EnGenius’s powerful DuraFon Roam system with Zoom’s robust communication platform. This will unlock new possibilities for customers to maintain crystal-clear communication across vast and challenging operational spaces.

Revolutionizing Long-Range Connectivity

EnGenius’s DuraFon ROAM is a breakthrough product delivering unparalleled coverage for voice communications. Offering up to 200,000 sq. ft. in resorts and assisted living facilities, 1,000,000 sq. ft. in warehouses and fulfillment centers, and an impressive 4.7 square miles in expansive outdoor venues and agricultural sites, DuraFon ROAM ensures robust and reliable connectivity. This long-range solution now works seamlessly with Zoom Workplace, enabling users to leverage Zoom’s capabilities even in the most remote and challenging environments.

Expanding the Reach of Collaboration

This solution benefits a wide range of industries by combining EnGenius’s industry-leading hardware with Zoom’s dynamic communication platform. Key advantages include:

  • Enhanced Collaboration: Enable seamless voice communication through Zoom in vast or complex areas where traditional systems might not reach.
  • Industry Versatility: Tailored for resorts, assisted living, warehouses, fulfillment centers, outdoor venues, and agricultural facilities, this solution extends the utility of Zoom to new operational domains.
  • Unparalleled Range: Leverage DuraFon Roam’s extended coverage to expand the communication footprint without sacrificing reliability.

Future-Proofing Communication Solutions

EnGenius demonstrates its dedication to innovation and adaptability by meeting industry demands for flexible and scalable communication solutions. By combining the capabilities of DuraFon Roam with Zoom, businesses can overcome connectivity challenges and ensure seamless communication across all areas of their operations.

Availability

The solution is now available to customers worldwide, offering a reliable and comprehensive system for organizations aiming to expand their reach and improve their communication capabilities. Customers are encouraged to contact EnGenius Technologies for more information.

Leave a comment »

Cisco Has Apparently Had A Data Breach

Posted in Commentary with tags on February 11, 2025 by itnerd

Cybersecurity News is reporting that Cisco has suffered a data breach linked to the Kraken ransomware group with sensitive credentials from its internal network and domain infrastructure leaked online. Additional details here:

https://cyberpress.org/cisco-data-breach-2/

Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:

“I had an opportunity to speak to other CISOs about this incident last week. The prevailing viewpoint is that this is a highly sophisticated ransomware-as-a-service attack that took many months of diligent work by the threat actor using sophisticated tools. One of the tools used, Mimikatz, is designed to extract credentials from Microsoft Active Directory and is only accessible by privileged users or threat actors using credentials from those with privilege . Mimikatz is both an exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit. It was created by French programmer Benjamin Delpy and is French slang for “cute cats”. Wikipedia  

“The most effective set of controls to manage this risk is within privilege user monitoring (PAM) with an added component for continuous validation. The continuous validation, in this case, is measuring the deviation in established on-line patterns for privileged users (while using the privilege) and revoking the privilege automatically in milliseconds when the deviation score of the patterns triggers it. This approach (continuous validation) on top of PAM is not widely used today and there are only a few commercial products developing this capability.” 

This incident shows that even the big guys can get pwned if they don’t have proper controls in place. Which illustrates why you need to do everything possible, no matter how difficult to keep yourself from getting pwned.

Leave a comment »

Taking Major Business Momentum in 2025, Datadobi Reimagines How Enterprises Can Transform Unstructured Data into a Valuable Asset

Posted in Commentary with tags on February 11, 2025 by itnerd

Datadobi, a global leader in unstructured data management, has today set out its vision to capture its place in the Unstructured Data Management market, propelled by 12 months of outstanding performance, technology innovation, and industry recognition. As organizations look to release the value of unstructured data across their hybrid cloud environments, Datadobi is ideally positioned to address their needs and transform it into a valuable asset that drives innovation and success.

As Gartner® quoted in its Modernizing File Storage Data Services with Hybrid Cloud report* at the end of 2024, “ New hybrid cloud storage capabilities are now considered ‘must have’ to address the growing challenges of exponential data growth, digitalization and globalization of data, generative AI, resilience, cloud integration and migration.”                                                                  

To deliver on these growing challenges, technology leaders worldwide are focusing on their storage infrastructure to prepare for generative AI and other strategic IT priorities. This includes investment in effective hybrid-cloud strategies, which is now a key requirement for addressing ubiquitous data growth. With limited mature HCDS solutions on the market, Datadobi has built customer trust in the value of effective data management, building a software platform that reimagines how organizations can navigate data complexities, optimize business intelligence, and find a competitive edge.

Datadobi’s leadership position in the Unstructured Data Management market has been established following a range of significant business achievements over the last 12 months, which include:

StorageMAP 7.0 – a game-changer for the Unstructured Data Management market

StorageMAP 7.0 is a game-changer for the Unstructured Data Management market, with previously unheard-of features and functionality to provide the deepest insights possible into heterogeneous unstructured data environments. The solution enables customers to make the most intelligent data-driven decisions that drive innovation and competitive advantage with StorageMAP 7.0 while also managing their unstructured data’s inherent risk and escalating costs as never before.

Award-winning achievements and analyst recognition

A series of industry award wins underlined Datadobi’s exceptional performance in 2024. These included the Cloud Computing Magazine Excellence and ChannelVision Visionary Spotlight awards. The company also made CRN’s Big Data 100 and Storage 100 lists. In addition, Denise Natali, Datadobi’s Vice President of Americas Sales, was included on CRN’s “100 People You Don’t Know But Should” list.

The company was also featured in several key industry analyst reports, including Gartner’s “Modernize File Storage Data Services With Hybrid Cloud.” Additionally, Omdia recognized Datadobi’s StorageMAP platform for offering “comprehensive unstructured data management” capabilities and noted, that “Datadobi’s ability to handle unstructured data (documents, emails, social media posts, images, videos, audio files, sensor data, etc.) puts it above most other solutions.”

A growing international team

In 2024, Datadobi also strategically expanded its team, adding key sales leadership personnel, including Denise Natali as Vice President of Americas Sales, Michelle Butler as California Sales Executive, and other new personnel across the USA and EMEA. These strategic hires across multiple regions are central to the company’s commitment to growth and have significantly enhanced its capabilities in key target markets.

Leave a comment »

Lee Enterprises Has Apparently Been Pwned

Posted in Commentary with tags on February 10, 2025 by itnerd

It is being reported that newspapers across the country owned by the news media company Lee Enterprises, parent company of more than 70 daily newspapers and nearly 350 weekly and specialty publications in 25 states, were impacted by a cyberattack which made them unable to print newspapers and created problems with their websites.

Erich Kron, security awareness advocate at KnowBe4, commented:

“Although it isn’t officially announced, the symptoms of this attack have all of the signs of a significant ransomware event. Ransomware groups love to target organizations that are time sensitive, and media outlets absolutely fit that description, especially ones that produce a physical product.

Unfortunately, during these attacks cybercriminals very often steal any data they can find that may be useful to sell, or to use as leverage when paying a ransom. This is often going to include employee or customer information, and in the case of media outlets could include sensitive information such as confidential informants and other people who may want to remain anonymous.

Ransomware attacks are often very costly and don’t end with simply paying the ransom. The cybercriminals will often leave back doors in the network that need to be found and removed to ensure the attackers don’t simply reinfect the network, demanding yet another ransom payment. Hiring cybersecurity experts to find and remove back doors can be extremely costly, plus there is the cost of sales and advertising that would be halted while the systems are still down.

Because ransomware is most often spread by targeting employees with social engineering attacks, such as phishing, smishing, or even vishing, it’s critical that organizations not only have technical controls in place, but also have a robust human risk management program as well.”

I was hoping that things would be better in 2025, but given the number of attacks that I am reporting on, it honestly feels worse than 2024. Which means that this is going to be a very long year.

2 Comments »

A Massive Brute Force Attack Is Underway

Posted in Commentary with tags on February 10, 2025 by itnerd

A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall.

I have commentary on this from a variety of experts. Starting with Erich Kron, Security Awareness Advocate at KnowBe4

“VPNs are a great target for bad actors because in a corporate world, they can lead to direct access to the network behind the protection of firewalls and other edge security devices. If these bad actors are able to guess or brute force the VPN password, cybercriminals could attempt anything from data theft to ransomware, or more. In many cases, cybercriminals could simply sell this network access to other bad actors as well, pocketing the cash and letting the buyer do whatever nefarious deeds they would like.”

“These types of attacks trying to break into networks though VPNs are often driven by processes such as ‘password spraying,’ which is using a predefined list of simple or common passwords, and a list of known email addresses or usernames, or through ‘credential stuffing,’ which is using a list of usernames and passwords stolen in other data breaches or by tricking employees to give up credentials through fake login portals. The use of MFA, or some other sort of secondary authentication technology, can help stop the ability of bad actors to log in, however, it is not foolproof.”

“By using so many IP addresses that are scattered throughout the globe to carry out these attacks, the cybercriminals can make it extremely difficult for defenders to stop the brute force attacks attempting to pierce the protections put in place by targeted organizations. These source IP addresses are often from individual computers infected with malware, IoT devices that have been compromised, or out of date consumer routers or internet facing devices that attackers have already taken over.”

“These sorts of attacks stress the importance of educating employees about good password hygiene, including not reusing passwords that may have been stolen in other breaches, and the need for a second factor of authentication for any important accounts, especially those that can access the organization from the internet.”

Next up is Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“Brute force password attacks have long been and will continue to be, a popular method of attacking systems, websites, VPN appliances, and other password-protected devices. While there are more sophisticated ways to perform attacks, hackers depend on the fact that their targets haven’t been kept updated to the latest software, firmware, or operating system versions, or that the device’s logins aren’t protected with two-factor or multi-factor authentication methods.”

Finally we have Brian Higgins, Security Specialist at Comparitech:

“This uptick in high-volume activity is symptomatic of the monetary allure that access dangles in front of cyber-criminal enterprises. Although such a massive brute-force endeavor smacks a little of the old ‘spray and pray’ methodology, the sheer volume and potential value of online targets these days makes the whole thing worthwhile. If anyone still hasn’t switched to Two or Multi Factor authentication or is adamantly clicking ‘ask me later’ when they see an update prompt, then this should be their final warning. There is research that says we will hit 75 billion connected devices in 2025 so Bot-Nets will only get bigger and from a criminal’s point of view, there’s no point letting them sit idle.”

Solutions such as MFA/2FA as well as totally passwordless solutions are no longer optional based on an attack like this one. Because when attacks like this one succeed, they have grave consequences for the organization at the receiving end.

UPDATE: Darren James, Senior Product Manager at Specops Software, commented:

“Brute Force attacks aren’t usually very sophisticated, but this example does certainly seem to demonstrate a well-planned and determined attack against its potential victims using such a large number of compromised devices based all over the globe.

The benefit of a brute force attack of this nature is that it’s in no hurry to crack the security of a specific individual, but instead targets hundreds, thousands maybe even millions of individual user accounts, trying to connect using a list of already known breached passwords, once it finds a match it might then proceed to deliver a payload or it may just keep that user/password pair to one side to be used later or sold on to the highest bidder.

This process usually takes a lot of time, but by simultaneously using 2.8 million devices they can certainly speed up this type of attack and the amount of positive “hits” they get.

From our own recent research we found that “admin” was still one of the most common base terms used in breach passwords, so it’s vitally important to make sure that the admin interfaces of these VPN and Firewall servers and devices that are being targeted are not using easily guessable passwords or default passwords set by their manufacturers.

Even if those passwords have been changed, organizations should also continuously scan to make certain that the passwords that have been set haven’t themselves become breached.

Implement MFA on these devices. This can be done using RADIUS authentication if there’s no secure built-in 2FA option, and finally consider whether you need to expose the admin interface externally, usually this is not a good idea, but could have been left over from a support session.”

This is also being reported by Bleeping Computer and has been tracked by The Shadowserver Foundation

UPDATE #2: Lawrence Pingree, VP, Dispersive adds this:

This problem is solved by separating the control plane and data plane for VPNs and transport infrastructure, as we do. A recent analysis of 2024 breaches found that over 56% of enterprises experienced an attack related to their VPNs (report link: https://blog.dispersive.io/vpns-under-siege-2024-cyber-attacks-data-breach-in-review ). I do not think most Zero Trust providers are immune to this same style of attack.

Leave a comment »

TikTok Ban: Cross-Platform Trends in Reach and Engagement 

Posted in Commentary with tags on February 10, 2025 by itnerd

Research done by the team at SafetyDetectives has been posted that  measured how the news of the TikTok ban in the US affected major accounts and analyze how different strategies led to growth or decline across platforms.Despite it being a short ban, they found that the news produced surprising effects. Some of their key findings were:

  • Of the 30 accounts included in their research, half gained followers after January 19, while the rest experienced neither loss nor gain. Of the other 14 accounts that gained followers after the temporary suspension, half are news outlets while high-profile celebrities and brands showed little to no gain.
  • Surprisingly, more accounts suffered engagement losses on Instagram than on TikTok. Accounts lost a combined total of 8.1 million in average likes (versus TikTok’s 7.7 million) and 104,000 in average comments (versus TikTok’s 159,000).
  • Only 8 of the accounts included in their study experienced growth on Facebook during this period, and Amazon was the only one to lose followers, while the rest maintained stability.
  • As on TikTok, none of the accounts included in their study lost followers on YouTube. Not surprisingly, the top 5 accounts include a professional YouTuber, a streamer, and 3 musicians.

The temporary suspension of TikTok highlighted how different platforms, while typically offering the same basic capabilities, won’t necessarily cater to the same categories of content. For creators, brands, and social media managers, this reinforces the importance of understanding your target audience and meeting them where they are.

You can access their report here: https://www.safetydetectives.com/blog/tik-tok-ban-research/

Leave a comment »

Patch or Perish: Why Vulnerability Management Can’t Wait According To ESET

Posted in Commentary with tags on February 10, 2025 by itnerd

ESET has put up a blog post titled, “Patch or perish: How organizations can master vulnerability management” that I think those who are responsible for patching all the things should read.

Cybercriminals are moving faster than ever, with vulnerability exploitation now a leading cause of ransomware attacks and data breaches. A recent report found that observed cases of vulnerability exploitation tripled in 2023 alone. Yet, with record-high CVEs and shrinking patching windows, many organizations are struggling to keep up. 

ESET’s latest blog post insights dive into: 

  • Why organizations are overwhelmed by a relentless surge in software vulnerabilities 
  • The rise of zero-day exploits and perimeter-based attacks 
  • How AI-driven threat actors are making patching even more urgent 
  • Actionable steps to automate and prioritize vulnerability management 

You can read the blog post here.

Leave a comment »

« Older Entries
Newer Entries »