The Dark Side of Christmas: How Scams Exploit the Festive Spirit

Posted in Commentary with tags on December 20, 2024 by itnerd

The SafetyDetectives team has been exploring the evolution, tactics, and impact of Christmas scams to offer our readers actionable advice to avoid falling victim to fraud this holiday season. 

Key findings at a glance: 

  • Different types of scams are present year-round, but the incidents typically increase during the holidays when people may be more susceptible to social engineering. 
  • In 2023, the AARP reported that 80% of adult consumers in the US have experienced holiday-themed fraudulent activity
  • It was found that 1 in 5 adults would provide their personal information or click questionable links for a chance to redeem a desired item at a bargain during the holidays.

Scammers’ practices have noticeably grown in complexity and sophistication over the years, for that reason people should remain vigilant during the season becomes more imperative given the potentially enormous financial and psychosocial fallout of those.

You can access their detailed report here: https://www.safetydetectives.com/blog/christmas-scams-research/

Leave a comment »

Over 1.2 TB of Data Exposed by Builder.Ai

Posted in Commentary with tags on December 19, 2024 by itnerd

A significant data exposure involving Builder.ai, a London based company offering AI software and app development solutions, was recently uncovered by cybersecurity researcher Jeremiah Fowler. 

What happened: 

A database totaling 1.2TB and containing over 3 million records was exposed. The data exposed includes secret access keys, customer PII, cost proposals, NDA agreements, invoices, tax documents, email correspondence screenshots, and more. 

Why it matters: 

This exposure presents serious risks, such as invoice fraud, phishing attempts, and potential business privacy breaches. 

To learn more, read the detailed report here: https://www.websiteplanet.com/news/builderai-breach-report/

Leave a comment »

2025 Predictions From Some Leading Cybersecurity Experts

Posted in Commentary on December 19, 2024 by itnerd

As the year draws to a close, we have gathered predictions from an array of cybersecurity experts who have given insights into trends they see in 2025.

Marina Segal, CEO, Tamnoon

Shift to Cloud-Based Risk Management

Cloud adoption doesn’t show any signs of slowing down in 2025. CISOs and security leaders will be hyper-focused on reducing cloud threat exposure. After all, no CISO wants to be in the spotlight of a high-profile data breach.

As a result, more companies will shift to cloud-based risk management. This change will largely be driven by: 

  • Geopolitical tension and threats to critical infrastructure
  • Sophisticated AI-driven attacks
  • Governments adopting stricter regulations
  • Economic pressures forcing companies to optimize cloud spend and security budgets
  • Consolidation of cloud providers

This will lead to stricter cloud security standards and compliance requirements for all industries — a trend private enterprises will be ready to capitalize on through compliance-friendly solutions. 

More importantly, this trend will highlight the need for more diversified risk management strategies.

Piotr Kupisiewicz, CTO Elisity

In 2025 some verticals will be highly relevant for new microsegmenation projects that enable least-privilege zero trust security policies.

Manufacturing, industrial, and healthcare organizations are prime candidates for microsegmentation projects due to their complex, interconnected environments and high-value assets. These sectors often have a mix of legacy systems, IoT and IoMT devices, and critical infrastructure that require granular access control. Microsegmentation enables the implementation of least-privilege zero trust policies, effectively isolating critical assets and limiting lateral movement in case of a breach. For manufacturing and industrial environments, it helps protect operational technology (OT) systems from IT-based threats. In healthcare, microsegmentation safeguards sensitive patient data and ensures compliance with strict regulatory requirements. The ability to maintain service continuity during cyber incidents is crucial for these sectors, making microsegmentation an essential security strategy.

In 2025 the top cybersecurity frameworks and security regulations and government agencies will increase their pressure for organizations to adopt microsegmentation.

Several prominent cybersecurity frameworks, regulations, and government agencies recommend microsegmentation or network segmentation as critical security measures. These include the NIST Cybersecurity Framework, ISO 27001, HIPAA, PCI DSS, CMMC 2.0, IEC 62443, HHS 405(d), and the EU’s GDPR. The NSA and CISA in the United States strongly advocate for these practices, particularly in the context of zero-trust architecture. The Purdue Model, while not a regulation, is widely used in industrial control systems for segmentation. Additionally, the Federal Zero Trust Strategy mandates network segmentation for U.S. government agencies. These frameworks and agencies recognize the importance of segmentation in limiting lateral movement during cyberattacks and enhancing overall network security posture.

SecureWorks

Ransomware

Opportunistic ransomware and data exfiltration attacks will continue at a high tempo into 2025 as ransomware affiliates, displaced in 2024 from disrupted ransomware operations such as LockBit and ALPHV/BlackCat, continue to form new allegiances with new entrants, previously lower profile groups, or rebranded returnees. Many affiliates will continue to work with multiple groups, some continuing to experiment with operating on their own behalf using leaked ransomware builders. Being able to detect and disrupt attacks at an early stage before data can be stolen or encrypted will remain essential for organizations in all sectors.

China

China will continue to focus on its political, military and economic priorities when collecting intelligence via cyber (or any other) means. The targeting will therefore change little but can always be swayed by political developments around the world.

In terms of more tactical elements: Chinese state sponsored threats will develop zero-day exploits for network perimeter devices that are deemed to be vulnerable targets (there are several firewall and VPN devices/vendors that fall into this category). Chinese state sponsored threats will be driven toward further emphasizing stealth in its operations by the continuing strategy of the U.S. to employ sanctions and indict specific named individuals connected with cyber intrusions.

China will continue to seek to understand as much as it can about Western (particularly U.S.) technology used on the battlefield in Ukraine to prepare countermeasures for a possible future invasion of Taiwan. Its cyberespionage operations will likely be similarly geared to such preparations.

More predictions from Secureworks can be found here.

Leave a comment »

Action1 Makes Its Full-Featured Patch Management Platform Free for Everyone Including Home Users

Posted in Commentary with tags on December 19, 2024 by itnerd

Action1, a leading provider of real-time vulnerability discovery and automated patch management solutions, today announced a significant expansion of its free patch management offering. Previously available exclusively to business users, Action1 is now breaking down barriers to advanced endpoint security for everyone—including nonprofits, independent consultants, small businesses, and home users—ensuring no one is left vulnerable to cyber threats. 

With 100 endpoints free forever, Action1 makes itsrobust, cloud-native patch management solution equitable for both individuals and organizations worldwide, empowering them to combat cyberattacks and safeguard their digital environment.

 Small Targets, Big Risks

Cybercriminals are increasingly targeting the most vulnerable among us—small businesses, nonprofits, and independent professionals. According to Cybersecurity Ventures, more than 60% of ransomware attacks now focus on organizations with fewer than 100 employees. Unpatched vulnerabilities, which account for nearly 60% of all cyberattacks,according to the Ponemon Institute, are particularly harmful to small businesses and individuals with limited resources. Action1 addresses these challenges by delivering automated patching and vulnerability management across both operating systems and third-party applications, ensuring the broader community stays protected without requiring extensive IT or budget resources.

With Action1, users gain the benefits of an autonomous endpoint management solution for the first 100 endpoints at no cost, with features including:

  • Ease of Use: Start patching endpoints in under five minutes and rapidly scale to as many endpoints as needed. No dependency on legacy tools, clunky integrations, or on-premise software.
  • Unified Cross-OS and Third-Party Patching: Automate the entire patching process for remote and onsite endpoints, from identifying and deploying missing updates to real-time reporting. 
  • Vulnerability Discovery and Remediation: Prevent security breaches and ransomware attacks. Detect vulnerabilities in OS and applications in real-time and enforce remediation. 

With this initiative, Action1 now accepts both personal and business emails for new account registration at https://www.action1.com/signup.

To learn more about Action1 Patch Management, visit https://www.action1.com/free-edition/.

Leave a comment »

Legit Security Enhances Secrets Detection & Prevention with a Single, Integrated View of All Secrets Findings and Recovery Actions Across the SDLC

Posted in Commentary with tags on December 19, 2024 by itnerd

Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, today announced enhancements to its secrets scanning product. Available as either a stand-alone product or as part of a broader ASPM platform, Legit released a new secrets dashboard for an integrated view of all findings and recovery actions taken to remediate secrets. In addition, Legit released new discovery and remediation capabilities for secrets found within developers’ personal GitHub repositories.

Secrets – from API keys and tokens to credentials and PII – play a vital role in application development. However, the high value of secrets makes them a prime target for attackers and creates risk across the organization, from security operations to cloud and platform engineering. Legit’s new capabilities greatly improve the ability to mitigate risk and reduce the attack surface associated with secrets.

The explosive growth in non-human identities (NHIs), which need credentials to manage authentication and authorization, has increased the prevalence of secrets. While security teams typically focus on secrets in source code, they are increasingly emerging in ticket systems, artifact registries, and other systems, such as Confluence, Jira, and Slack. Organizations are challenged with protecting secrets from exposure while enabling developers to build services that rely on them. This challenge is further exacerbated by compliance requirements, such as HIPPA, PCI DSS and GDPR, that direct organizations to secure secrets.

Legits’ enhancements are the latest in the company’s track record of delivering innovative capabilities to secure the modern software factory. With the earlier release of its AI-powered capabilities to detect and protect secrets across the software development pipeline, Legit was the first to apply AI/ML to significantly reduce noise associated with secrets scanning.

Legit’s new secrets dashboard gives teams: 

  • Centralized visualization: Provides the most complete view of all secrets detection and prevention activities across the enterprise to prioritize remediation and ensure guardrails are in place. 
  • Secrets analytics: Prioritizes secrets remediation based on factors such as severity, source, repo/product, and user.
  • Secrets prevention: Provides insights into potential new secrets that have been prevented based on an organization’s policies and established guardrails, and identifies developers actively using preventative measures. 
  • Secrets growth and remediation trends: Insights into new secrets, issues resolution, and backlog trends, so that organizations can measure the effectiveness of AppSec programs in preventing and remediating secrets. 

Legit’s new ability to discover secrets in personal GitHub repositories gives teams:

  • Secrets discovery: Identifies and monitors secrets within a developer’s personal GitHub and the organization’s account, ensuring that developers do not expose secrets.
  • Personal repository discovery: Identifies and builds an inventory of all personal repositories owned by an organization’s developers for a comprehensive list of assets used by developers.
  • Consolidated triage and remediation: Integrates findings from business and personal accounts into the Legit platform to provide a single view of the risk associated with secrets, regardless of where they reside.

With Legit’s new and enhanced capabilities, organizations gain critical insights into the enterprise’s secrets posture to understand risk and remediation trends over time. They are also provided with the broadest coverage to strengthen their security posture and protect their development environment from end to end.

Legit offers a free trial of its secrets detection and prevention solution. To register, visit https://info.legitsecurity.com/secrets-detection-and-prevention-free-trial.

Leave a comment »

US Supreme Court To Hear Last Ditch Attempt By TikTok To Stay Alive In The US

Posted in Commentary with tags on December 18, 2024 by itnerd

To be honest, I’m not surprised that the US Supreme Court is going to hear an appeal from TikTok to stop it from being banned in the US:

The country’s highest court set oral arguments in the case for Friday, January 10, just nine days ahead of the looming deadline on January 19. 

It comes after Congress passed a law earlier this year banning TikTok unless its Chinese parent company ByteDance sells its stakes by the deadline. 

Lawmakers were responding to warnings that the wildly popular social media app is a national security concern with the collection of Americans’ data. 

But some 170 million Americans use the video app. 

Now the Supreme Court will decide whether the Protecting Americans from Foreign Adversary Controlled Applications Act, which would ban TikTok, violates the First Amendment. 

Both TikTok and the Justice Department were directed to file briefs before 5pm ET on Friday, December 27. 

Will it succeed? Well, I am not a lawyer so I don’t know. But YouTube channel Legal Eagle who is an actual lawyer suggests that Congress has the right to ban TikTok for national security reasons and the courts have tended to steer clear of national security issues in the past. Which is likely why TikTok is going with the First Amendment option as they will argue that a ban violates the free speech of Americans. And there’s the Donald Trump factor. In the past he’s been anti TikTok. But he’s said that he may stop a ban of the social media platform. So who knows where this will go. All I know is that we’re in the endgame now.

Leave a comment »

2025 Predictions From The CEO Of Peer Software

Posted in Commentary with tags on December 18, 2024 by itnerd

Today we have 2025 Technology Predictions from the CEO of Peer Software, Jimmy Tam, on trends data storage industry.

Rise of Data Orchestration for AI and ML

As more organizations turn to AI for everything from better-informed decision-making and operational efficiency, it’s becoming clear that data needs to be managed more effectively. With data creation becoming ubiquitous, automated data orchestration will gain prominence to aggregate and streamline disparate data sources into AI engines. This will be essential for customizing large language models (LLMs) using methods like Retrieval-Augmented Generation (RAG), tailoring these tools for specific industries or companies.

Transition to Active-Active Data Systems
Traditional backup methods, such as snapshots, are becoming less effective with growing data volumes. Organizations are finding it increasingly challenging to meet recovery time objectives and maintain high availability with these approaches. Active-active systems, which allow simultaneous use and synchronization of data across locations, will emerge as critical not only for reducing recovery times, but also ensuring seamless operations and managing massive datasets.

Focus on Reducing Data Sprawl at the Edge
As distributed workforces and applications continue to grow, companies will increasingly prioritize controlling edge data sprawl. Intelligent systems will relocate unused data from edge locations to centralized or cloud storage, optimizing resource use and minimizing costs.

Continued Adoption of Hybrid Cloud Strategies
Businesses, including major players like Netflix, will increasingly embrace hybrid cloud models. The shift is driven by cost savings, workload optimization, and the need to balance on-premise and cloud environments for better performance and financial efficiency.

Reducing Storage and Power Usage to Meet Environmental Goals

Efforts to minimize storage footprints and power consumption will align with sustainability objectives. Managing data growth, particularly at the edge, will evolve into both a cost-saving strategy and an environmental imperative.

Leave a comment »

Bureau raises $30M Series B as global fraud losses hit $486B

Posted in Commentary with tags on December 18, 2024 by itnerd

AI isn’t just making fraud smarter – it’s making it nearly impossible to catch. With global losses hitting $486B annually, Bureau today announced $30M in Series B to level the playing field. A leading risk intelligence platform, which has seen its revenue grow 3x since it’s last fundraise, is arming businesses with AI to combat the exponential rise in sophisticated fraud attacks worldwide. 

The round was led by Sorenson Capital with participation from PayPal Ventures and continued support from Commerce Ventures, GMO Venture Partners, Village Global, Quona Capital, and XYZ Ventures. The funding will accelerate Bureau’s product expansion into new use-cases, and geographical expansion to several new markets worldwide to meet a significant surge in global demand. 

Traditionally, compliance, fraud, security, and credit risks have been siloed in companies and served by multiple point solutions in each domain. Bureau’s platform brings together device intelligence, behavioral AI, identity data, and predictive modeling to deliver contextual fraud prevention that goes beyond traditional rule-based systems. The company’s proprietary identity knowledge graph now contains over half a billion identities and behavioral patterns, providing real-time risk intelligence across the entire customer lifecycle.

What typically would require several vendor integrations, multiple data API outputs, and complex rule engines can now be accomplished through one platform. Bureau’s comprehensive capabilities span money mule detection, account takeover prevention, fraud ring detection, onboarding compliance, and decisioning workflows. Unlike other solutions that act as data brokers, Bureau shares decisions rather than consumer data, with tokenized identities built into its privacy architecture.

The platform has proven particularly valuable for banking, fintech, gaming, and e-commerce companies facing sophisticated cyber threats and increasing regulatory pressures. Results demonstrate its impact across use cases – from detecting collusion in gaming platforms through behavioral AI, to preventing synthetic identity fraud in neobanks, to enabling secure lending to new-to-credit customers through improved risk profiling. As a result, Bureau has earned recognition as a top global leader in preventing fraud by Liminal. 

The funding will support two key expansion initiatives: enhanced data and AI capabilities to improve decision efficiency and coverage, and geographical expansion to serve more markets globally. Bureau’s current focus has been on Asia, and this round will fuel its expansion to additional regions, enabling more businesses worldwide to access its comprehensive fraud prevention capabilities.

Leave a comment »

You May Not Want To Buy That TP-Link Router For Christmas As It May Be Banned As A National Security Risk

Posted in Commentary with tags on December 18, 2024 by itnerd

If you want to buy a TP-Link router, or you own one, you might want to pay attention to the fact that three US Government agencies are investigating TP-Link at the moment:

U.S. authorities are considering a ban on China’s TP-Link Technology Co over potential national security concerns after its home internet routers were linked to cyberattacks, the Wall Street Journal reported on Wednesday, citing people familiar with the matter.

In August two U.S. lawmakers urged the Biden administration to probe the Chinese router-manufacturer and its affiliates over fears their Wifi routers could be used in cyber attacks against the U.S., according to a letter seen by Reuters.

The Commerce, Defense, and Justice departments have opened separate probes into the company, with authorities targetting a ban on the sale of TP-Link routers in the U.S. as early as next year, the report said.

An office of the Commerce Department has even subpoenaed the company while the Defense Department launched its investigation into Chinese-manufactured routers earlier this year, the newspaper reported, citing people familiar with the matter.

Last year, the U.S. Cybersecurity and Infrastructure Agency said TP-Link routers had a vulnerability that could be exploited to execute remote code.

Now TP-Link is highly competitive in the home router market via their aggressive pricing relative to companies like ASUS, Netgear, and others. And ISP’s have been supplying TP-Link gear to their customers for some time now. For example, when I switched from Bell to Distributel, I got a TP-Link router. I didn’t use it though which now looks like it may have been a good decision on my part. But one thing that might be driving this is the fact that TP-Link’s routers have been the target of botnets like this one for some time. And there have always been rumours in security circles that these routers have unpatched vulnerabilities that can come back to bite users of these routers at some point. Thus if you were thinking of buying a TP-Link router, you might want to hold off doing so until you see how this plays out. And if you own one, you may want to consider switching to another brand if this ban actually happens.

Finally, some advice for TP-Link, you may want to come out with a statement that is evidence backed which describes in detail why your gear isn’t a threat and what you’re going to do to improve your security posture. And then commit to throwing the metaphorical doors open so that the world can see you taking action. And you should do that ASAP. As in today.

Leave a comment »

This TELUS Email Scam Is Interesting… Let Me Tell You Why

Posted in Commentary with tags , on December 18, 2024 by itnerd

Last night I was watching an episode of Terhan on Apple TV+ which is my favourite show on that streaming platform when I got this email on my iPhone:

Now I did my usual check whether this was real or not by checking the email address. And based on this, this email appeared to be real:

I also checked the headers and that confirmed that this was real. And the links in the email went to TELUS as well as evidenced by this example:

So this email meant that someone was trying to log into my TELUS account. That was interesting as I haven’t been a customer with TELUS for almost a year as I moved my cell phone service to Freedom Mobile to cut my telco costs about this time last year. And there should be no billing information stored by TELUS as I always paid my TELUS bill using my credit card the second the bill arrived. I confirmed that by logging into my TELUS account via going directly to the web page and not clicking on any of the links in the email. I did that because even though the email appeared to be real, it could have been an extremely good fake that was fooling me. Another thing to note is that TELUS uses two factor authentication for their accounts which is a good thing as it makes it far less likely that a threat actor could break into your account. Combine that with the fact that I had a very strong password that I would have changed if I could as I could find no way to change my password either via the TELUS website or mobile app, I decided to make this a tomorrow problem.

I woke up this morning and I found this in my junk email:

This is your classic phishing email. As evidenced by the fact that TELUS didn’t send this email:

And the “Pay The Bill” which by the way is language that a major company like TELUS would never use in a customer facing email has a link that isn’t going to TELUS:

Thus I have to wonder if the events of last night are somehow connected to this phishing email? I say that because it seems coincidental that both events would happen within hours of each other. I cannot say for sure, and to add to that I wasn’t able to further investigate this phishing scam as it looks like the web page was taken down. But what is clear is that TELUS customers are being targeted by a threat actor. And it is possible that this threat actor is more sophisticated than the usual phishing email scammers that are out there. Thus you need to stay on your toes to avoid being scammed.

1 Comment »

« Older Entries
Newer Entries »