Recently, the Safety Detectives Cybersecurity Team stumbled upon a forum post on the clear web where a threat actor posted a link to a database allegedly belonging to American National Insurance Company’s 2023 data breach that contained 279,332 lines of sensitive data of customers and some employees’ data.
Posted in Commentary with tags Apple on January 24, 2025 by itnerd
Yesterday, Apple did something that I have rarely seen. They put out a statement to sites like MacRumors that they are still working with “several” carmakers to bring out the next generation of Apple CarPlay.
Keep in mind that this next generation of Apple CarPlay was supposed to be rolling out right now.
To be honest, this has the feel of AirPower. Remember that? Apple announced it. Apple missed their 2018 ship date. Apple stopped talking about it. Then Apple killed it. Next generation Apple CarPlay is going in that direction. And I think Apple will eventually kill it. I say that because you would think that any carmaker who really wants next generation CarPlay would have jumped on board and announced that one or more of their cars are going to have next generation Apple CarPlay by now. But you have heard absolutely nothing from any carmaker on the planet. What’s more, Apple hasn’t named a single carmaker who’s jumped on board.
That’s not good.
The fact that no carmaker has admitted to be part of next generation Apple CarPlay, nor has Apple said who is part of this, says to me that few if any carmakers have signed on. And if that continues, I cannot see how Apple can roll this out. Thus it seems highly likely to me that next generation CarPlay is going to get killed by Apple if there isn’t significant movement soon. That would be a shame for everyone. Customers, Apple, carmakers, everyone.
Apple CarPlay is great and I would love to see a major overhaul. But as things stand, I don’t see that happening. Though I am always free to be proven wrong. Let’s hope that Apple does prove me wrong.
Posted in Commentary with tags Saviynt on January 23, 2025 by itnerd
Saviynt, a leading provider of cloud-native identity governance solutions, today announced that Ajay Garg has joined its company as Chief Development Officer to lead the engineering team for its Identity Cloud platform.
Garg joins Saviynt from Palo Alto Networks, where, as Vice President of Engineering, he led a global engineering team responsible for the development of AI-driven advanced security solutions for Data Security, SaaS Security, WildFire, and Internet Security. In his executive role at Saviynt, Garg will oversee all of Engineering, Quality Engineering, Infrastructure (DevOps) and SRE (site reliability) teams driving innovation and growth within Saviynt’s identity security platform offerings.
Prior to Palo Alto Networks, Garg served as Global VP of Engineering at CyberCube Analytics, where he led the development of its industry-leading Cyber Risk Analytics platform. Previously, Garg held key engineering leadership roles at FireEye and Cisco Systems, where he drove innovation in cloud security, identity management, threat analytics, secure access, firewall security, and content security.
To learn more about Saviynt’s Identity Cloud, please visit the website.
My wife and I are doing literally everything and anything possible to keep our non connected vehicle on the road as long as possible. We both don’t trust carmakers when it comes to our data. This is a prime example of why we don’t trust them. We also are afraid of the security implications of having a car connected to the Internet 24/7. And this story is an example of why we are afraid:
On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.
Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:
Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.
Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.
Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.
Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.
After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously.
Okay. I will say that it is good that it was patched quickly when this is reported. I will also say that nobody can say with 100% certainty that this was never exploited in any way. And I will say that this implies that Subaru needs to step up their vulnerability testing as the data listed above is the holy grail of data that anyone from a car thief, a disgruntled ex-partner, to an intelligence agency would want.
And what really bothers me is the way that this post concludes:
When writing this, I had a really hard time trying to do another blog post on car hacking. Most readers of this blog already work in security, so I really don’t think the actual password reset or 2FA bypass techniques are new to anyone. The part that I felt was worth sharing was the impact of the bug itself, and how the connected car systems actually work.
The auto industry is unique in that an 18-year-old employee from Texas can query the billing information of a vehicle in California, and it won’t really set off any alarm bells. It’s part of their normal day-to-day job. The employees all have access to a ton of personal information, and the whole thing relies on trust.
It seems really hard to really secure these systems when such broad access is built into the system by default.
So I will say this to a car makers who happen to read this post. You will have to pry our current non-connected car out of the cold dead hands of my wife and I. And the only way that we will consider anything new is if all of you prove on a continuous basis that you’re able to keep this data safe and secure. Because these days, it’s not just about what creature comforts a car has, or the fuel economy that it gets. It’s also about how the data that is generated is secured. Until you do that part well, we’ll keep the car that we have as that will allow my wife and I to sleep better at night.
“As with modern times, most and many things are tracked. It’s important to point out that in most cases, the tracking is anonymous in nature — without correlations with other types of data, tracking is just one data point. I think most practitioners and customers would want the select ability and opt-in/opt-out authority for their privacy. Where things get even more scary to security practitioners is if the backend systems like AI for example, become connected to cars and execute movement or control over a vehicle. Both the car manufacturer and the liability of the driver could be questioned in such a potential eventuality. Those become blatant safety issues. It’s important that manufacturers get the data they need, but at the same time, customers have more control so that the data isn’t misused. The movie Leave the World Behind portrays future Tesla cars being compromised and running them down the road, colliding with each other. That’s much scarier.”
Posted in Products with tags Asus on January 23, 2025 by itnerd
What if I told you that I have come across a WiFi 7 router that is both fast and fully customizable? By fast I mean that it is capable of above gigabit speeds over WiFi. And by fully customizable I mean that you can tweak it to match your use case. You’d likely say that I am crazy. But I am not. Meet the ASUS RT-BE86U WiFi 7 Router:
Compared to some routers that ASUS makes, this router is pretty understated. There’s no RGB and only a handful of LEDs which you can turn off if you need to, and the styling isn’t over the top. That means that the wife approval factor will be high if you put this in your house. In fact, my wife saw it and said that “it doesn’t look nearly as gamerish as their other routers.” I should note that the antennas are removable and have a standard connector. Which is handy if you need to replace them.
ASUS has cleverly added the words “WiFi 7” to the venting on the back. Which by the way, there’s a lot of venting on this router. In terms of connections, you get three 2.5 Gbps ports, a 2.5 Gbps and 10 Gbps which depending on the situation can be used for WAN access. A tip of the hat to ASUS for providing such fast ports as that’s a form of future proofing this router. A USB 3.0 port and a USB 2.0 are present for things with external hard drives and printers on the right, on the left is the reset button, power connector, and on/off switch.
On the left is a WPS button.
On the right is the button that turns the front LEDs on and off.
In terms of bands, here’s what you get:
2.4GHz: up to 1032 Mbps
5GHz: up to 5764 Mbps
Now some of you are likely saying “where’s the 6 GHz band?” The fact is, you don’t need that band to do WiFi 7 as the WiFi 7 standard can take multiple bands and put them together to get crazy speeds. That functionality is called MLO and you can read about it here. Also, omitting that band likely helps to keep the costs down. Another thing to point out is that a router with Wi-Fi 7 generally improves speeds across all bands. Finally, there’s only a handful of WiFi 7 devices out there at the moment. So for most people, having no 6 GHz band is a non issue.
Setup is easy. You can use the ASUS app to set things up. Or if you’re like me, you can use the web interface which gives you way more options to play with. Most people should go the app route as that’s the easiest path to getting this working for most people. If you own another ASUS router, you can also back up the configuration from that router, and load it into this one and be up and running in minutes. For my testing, I set it up as a new router with the default settings.
In terms of speed, well let’s say I was impressed. Let’s start with its ability to deal with a PPPoE connection. Which is what ISPs like Bell or Distributel offer its customers. This is important to yours truly as most consumer routers have huge problems dealing with PPPoE traffic, resulting in speed being left on the table because the router can’t handle it. That’s not the case here. My connection is apparently 1 Gbps downstream/750 Mbps upstream via a fibre link and this is what I get over my Asus ZenWiFi XT8:
Now this is what I get with the ASUS RT-BE86U:
In short, ASUS has clearly built a router that is built to handle the most demanding connections. And a PPPoE connection would qualify as demanding because of the overhead that PPPoE has.
But the speed doesn’t stop there. I did a speed test from my iPhone 14 Pro standing about 10 meters away. Yes, this is a WiFi 6 device. But it will illustrate something that I said earlier, which is WiFi 7 improves speed on all bands. In this case the 5 GHz band. Once again I will start with a speed test from the ASUS ZenWiFi XT8:
Now let’s look at the speed test from the ASUS RT-BE86U:
What this means that even if you don’t have a single WiFi 7 device in your home, you will get better performance on WiFi. I’ll go one step further. I have a Mac mini with the M2 Pro processor. And that Mac has WiFi 6E. Let’s see what speed you get from the XT8 for starters:
And now from the RT-BE86U
The Mac mini on WiFi 6E came close to maxing out my connection. Thus I believe you can call this router fast on all fronts. And if I had a faster Internet connection, I would see faster numbers from all my tests.
Now ASUS could have stopped there. But there’s a number of things that I would like to point out that add even more value to this router beyond speed:
You can use the 10Gbps as the WAN port, or switch the WAN port to the 2.5Gbps port. Whatever port that is the non-WAN port will function as a LAN port.
You can use the router in a dual-WAN setup so that you have access to more than one Internet connection. Either to combine the links or have a backup Internet connection on standby.
You can use the USB port as a third WAN source to host a tethered smartphone or cellular modem for emergency situations.
It supports AI Mesh which allows you to create a mesh network with one or more supported ASUS routers.
It has built-in Parental Controls and online protection as part of their AiProtection suite that is supplied by Trend Micro. This suite is free forever which is a significant difference between this router (or any ASUS router for that matter) and other brands of router which make you pay extra for this functionality as part of a subscription of some sort.
For a limited time you can get a complementary twelve month or six month NordVPN subscription when you buy an ASUS router. More info here.
Though it’s not advertised as a gaming router, it does have a broad amount of gaming specific features that will make gamers happy.
There’s one other thing that I’d like to point out. ASUS routers are very customizable. If I need to tweak a setting, I have the ability to do so. That’s something a lot of consumer routers do not let you do because they hide so much of what you can do. This level of customization is great for advanced users like me as there have been times I have had to use a really obscure setting to fix an issue with a unique WiFi device. Or using a router like this with Distributel fibre internet service which requires the router to be set up to use VLAN 40 to connect to the Internet. All of that means that you can use this, or any other ASUS router in more unique use cases where other brands of routers would fail in.
MSRP is $409.99 CAD. Now that I will admit is more expensive than its competition. But here’s my argument on that. If you combine the performance that this router has, the extra value that I outlined in the bullet points above that doesn’t cost you anything extra, and the fact that you can customize it six ways from Sunday for whatever unique use case that you have, this router is a winner. Take a good look at it if you want to dip your toe into the world of WiFi 7.
Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, today announced its latest research report, The 2025 State of Application Risk: An ASPM View of the Security of Software Factories. The report found significant risk in both applications and the factories that produce them, with many organizations challenged by inefficient AppSec testing, plus a lack of visibility into secrets exposure, AI risks, SDLC misconfigurations, and software supply chain security.
The 2025 State of Application Risk report, based on data from the Legit platform, reveals that, as software development has evolved, vulnerabilities in code are now only the tip of the iceberg, with risks in development pipelines, build servers, libraries, tools, and processes lurking beneath. The research also highlights that all application risk is not created equal, and with the right context, teams can better identify the highest risk areas that deserve their focus, such as toxic combinations that compound security issues.
Leveraging its powerful ASPM and visibility capabilities, Legit Security delivers data in this report that highlights the previous year’s risk findings and uncovers where application security risk lives in the modern development environment.
The report’s key findings include:
There is significant risk throughout the application development infrastructure and processes, with 100% of organizations found to have high or critical risks in their development environments.
Application security scanning is inefficient, with 78% of organizations having duplicate SCA scanners and 39% with duplicate SAST scanners that can result in the same vulnerability findings and equivalent or contradictory remediation advice.
Secrets exposure is pervasive, with 100% of organizations having high or critical secrets exposed in their code, and 36% of secrets found outside of source code.
GenAI is an emerging threat, with 46% of organizations using AI models in source code in a risky way, such as low-reputation LLMs, which could contain malicious code or payloads or exfiltrate data sent to them.
Misconfigurations are rampant, with 89% of organizations having pipeline misconfiguration issues that could lead to breaches like the one CodeCov suffered.
Developer permissions sprawl is a significant issue, with 85% of organizations showing least-privilege violations that could lead to an attack like the one LastPass recently experienced.
Toxic combinations of risk – such as developers using GenAI without human code review enforced through branch protection, or secrets in repositories with external collaborators – are prevalent, and highlight where security teams should focus their energy.
From GenAI code to overly permissioned developers to secrets exposed in Jira tickets, organizations must protect their development environments from end-to-end. Legit Security’s report provides organizations with the insights they need to understand the risks embedded and enmeshed across the software factory, well beyond vulnerabilities in code, and steps they can take to reduce this risk.
A security researcher named Daniel has discovered a flaw in Cloudflare’s CDN potentially exposing someone’s location by sending them an image on platforms like Signal and Discord. Daniel says he is publishing his research as a warning, especially for journalists, activists, and hackers, as hundreds of apps are vulnerable to this undetectable attack, including Signal, Discord and Twitter/X https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
Roger Grimes, data-driven defense evangelist at KnowBe4, commented:
“At first glance, the flaw seems really innocuous and barely relevant, but there are scenarios, like those involving tracked dissents, where it could be a problem. For example, if the agency that’s tracking you knows you’ve got safe houses in one of two countries but isn’t sure which you’re in, this sort of flaw might be interesting to them. Or I’m a woman trying to escape an ex-boyfriend and he’s not sure which relative or friend’s house I’m hiding out at. And the attack is just generic enough that I think it can be applied to more CDNs…I doubt Cloudflare is the only CDN with this sort of vulnerability. Also, kudos to the 15-year old kid that found and released this attack.”
The report by Daniel should be read in detail because it not only shows how bad this flaw is, but the fact that it is still out there waiting to be exploited. Hopefully those who are mentioned in this report such as Cloudflare along with any other products that might be vulnerable to this attack do something to fix this. And for everyone else, I would take the steps that Daniel outlines to protect yourselves.
Posted in Commentary with tags Appdome on January 22, 2025 by itnerd
Appdome, the leader in protecting mobile businesses, today announced that a new AI-Native threat-management module called Threat Dynamics™ will be offered inside Appdome’s ThreatScope™ Mobile XDR. Threat Dynamics uses AI deep learning to continuously evaluate the likelihood of a successful exploit from more than 400+ attack vectors and calculate a Mobile Risk Index™ for each business and mobile application. This allows businesses to see how threats move across the production environment, empowering them to quickly prioritize and focus on the attack vectors with the highest potential impact and preempt these threats before they escalate. This also allows businesses to continuously benchmark and manage their business- and application-level risk against the baseline of Appdome’s growing monthly data stream of tens of billions of mobile fraud, scam, bot, and cyber threat events globally. These new capabilities add to ThreatScope Mobile XDR’s existing real-time threat intelligence, inspection, and rapid response capabilities.
As mobile becomes the business, the landscape of fraud and cyber-attacks in the mobile economy has grown significantly. It now includes a wide range of adversaries, such as active hacker communities, criminal organizations, and AI-powered attacks. In this economy, attack vectors such as account takeover (ATO), on-device fraud (ODF), scams, identity theft, bot attacks, and more are proliferating quickly. Mobile businesses switched to Appdome to accelerate their defense time to market, eliminate work, gain automation through machine learning, and build any combination of Appdome’s 10,000+ dynamic defense plugins into mobile apps fast. With Appdome Threat Dynamics, mobile businesses can now leverage the biggest and most diverse data stream of mobile fraudand threat events in the digital economy to take a holistic and continuous approach to threat management. With Threat Dynamics, businesses leverage the power of AI to analyze and benchmark their active attack surface against the active attack surface in billions of Appdome-defended mobile apps. By analyzing this data from multiple perspectives, mobile businesses can see how cyber-attacks, fraud, and threats move across the mobile business and use Appdome’s Threat Dynamics to identify fraud and cyber-attack patterns early on, rank the potential impact of each attack prospectively, and preempt cyber-attacks, fraud, and threats before the attacks proliferate.
Data Siloes and Basic High-Med-Low Severities Are Not Enough.
Mobile businesses need usable and relevant data about the attacks and threats impacting their Android & iOS applications, users, identities, and transactions. However, point products aimed at mobile app security, mobile fraud prevention, KYC checks, and mobile identity only provide one slice of data. These slices are often available in siloed implementations that isolate data to one app, customer, and attack vector only. The same products either can’t or don’t aggregate, analyze, or expose data from all installations, leverage adaptive learning models or apply AI to benchmark trends, virality, or future potential impact of attacks. The output from these systems is often limited to human-defined “true / false” or “high,” “medium,” and “low” severity designations, which fatigue users and lead to false positives and missed attacks.
Appdome’s Threat Dynamics leverages AI and Appdome’s big-data footprint to continuously analyze and rank mobile threats, including fraud, malware, and bot trends in its global data set. Using this data, Threat Dynamics continuously calculates a Mobile Risk Index™ for each mobile business and app, providing a holistic, living, and dynamic context to the threat data sent to their ThreatScope instance. Threat Dynamics also shows how fraud, cyber-attacks, and other threats move across mobile apps, releases, installations, devices, users, and networks. With Threat Dynamics, mobile businesses can see which attacks are moving fastest, which mobile applications suffer the most, and which attacks are likely to have the biggest impact on the business. Trends such as Infection Rate, Attack Frequency, Attack Velocity, Cohort Placement, Variance, Projected Impact, and more are provided for each attack, application, release, device, OS, geographic source, and other dimensions.
Posted in Commentary with tags Hacked on January 22, 2025 by itnerd
Conduent, a government contractor that “supports 100 million U.S. residents across various government health programs”, confirmed recent outages experienced by multiple states last week were due to a cyberattack that compromised the company’s operating systems.
A Conduent spokesperson told Recorded Future News that the company’s operating systems experienced an operational disruption due to a third-party compromise” and the “recovery caused several days of disruption to many of our operations.”
Conduent has numerous contracts with state governments providing technology solutions for health programs including, but not limited to Medicaid, Child support, Food assistance.
Evidence of the outage emerged last week when the Wisconsin Department of Children and Families reported to residents that Conduent was experiencing a system outage.
“This outage is impacting payees who receive their payments via electronic transfer or an EBT card from receiving their scheduled support payment. Payors support payments, including via income withholding, are still being received and will be processed once the system is operational,” Wisconsin officials said.
Wisconsin officials also said four unnamed states were impacted by the outages. The systems were restored on Sunday.
In June 2020, Conduent confirmed a ransomware attack after several days of service interruption.
“Organizations must focus on robust threat intelligence management, which enables the timely sharing of actionable insights across networks and between partners. Through effective intel sharing, businesses and government entities can strengthen collective defense, ensuring faster response times and minimizing the impact of such disruptions. It’s a reminder that cybersecurity is no longer just about protecting internal systems—it’s about securing the broader ecosystem and fostering collaboration to safeguard public services and infrastructure. The ability to detect, respond, and recover from cyber incidents quickly is essential in maintaining trust and continuity.”
The fact that this organization has been pwned twice suggests that they didn’t learn the lessons of their first go round of being pwned. I hope they are paying attention to this incident as having this happen a third time would be completely unacceptable.
Posted in Commentary with tags KnowBe4 on January 22, 2025 by itnerd
KnowBe4 today announced the release of an in-depth research paper titled “Cyber Insurance and Security: Meeting the Rising Threat.” This research delves into the increasingly crucial intersection of cybersecurity and insurance, examining the ever-evolving threat landscape that organizations face globally.
As digital infrastructure becomes crucial to business operations, failing to protect these systems can lead to catastrophic consequences. The research paper highlights that the average cost of a data breach has surged to $4.88 million in 2024, with significant variations across regions. Notably, the United States, the Middle East, and Europe are observing alarming increases in cyber claim severity and frequency, indicative of a global issue that demands immediate attention and action.
The research explores the relationship between cybersecurity practices and cyber insurance, noting that insurers are increasingly looking for strong security measures when determining coverage and premiums. It emphasizes the effectiveness of ongoing security awareness training in reducing an organization’s vulnerability to attacks.
Key findings from the paper include:
● Escalating Costs of Cyberattacks: Cyberattack expenses are escalating rapidly, extending beyond immediate disruptions to include legal fees, fines, and reputational harm. IBM reports a significant increase in breach costs, highlighting the urgent need for robust risk management.
● Complex Threat Landscape: Cyber threats now rank as the top global concern, with social engineering and phishing leading the way. This trend underscores the need for strengthened human defenses against these targeted attacks.
● Challenges for SMEs: Small and medium enterprises face disproportionate impacts from cyber incidents. While their average costs are lower, the financial consequences can be devastating, requiring tailored security strategies.
● Increasing Legal Complexities: Expanding data privacy laws are driving a surge in class action lawsuits, especially in the U.S., with potential growth in Europe, urging organizations worldwide to prioritize compliance.
● Human Factors: Human factors remain the most vulnerable aspect of cybersecurity, accounting for 75% of data breaches.
To successfully confront these mounting challenges, the research underscores the need for a multi-faceted approach that combines cutting-edge cybersecurity measures with comprehensive insurance coverage. A focus on prevention, security culture and education is critical, coupled with strategic partnerships between businesses, insurers and cybersecurity experts.
The full report, “Cyber Insurance and Security: Meeting the Rising Threat”, is available for download here.
Sensitive Data From ANICO Leaked Online
Posted in Commentary with tags Safety Detectives on January 24, 2025 by itnerdRecently, the Safety Detectives Cybersecurity Team stumbled upon a forum post on the clear web where a threat actor posted a link to a database allegedly belonging to American National Insurance Company’s 2023 data breach that contained 279,332 lines of sensitive data of customers and some employees’ data.
You can see their full report here: https://www.safetydetectives.com/news/anico-leak-report/
Leave a comment »