Connect with Friends and Family In LEGO Party! Available Today!

Posted in Commentary on September 30, 2025 by itnerd

Developer SMG Studio, the LEGO Group, and Fictions launched their wildly fun multiplayer party game, LEGO® Party!, on Steam for PC, Xbox Series X|S, Xbox One, PlayStation®5 (PS5™), PlayStation®4 (PS4™), and Nintendo Switch™. The Retail Edition is also available now at https://legoparty.iam8bit.com and participating retailers for Nintendo Switch, PlayStation 5 and Xbox Series X|S, alongside the digital release. In addition, those who pre-ordered the Retail Edition will be receiving a download code for five unique LEGO Minifigures.

Fans can now jump into a number of exciting features, including more than a gazillion (*not a real number) customization combinations of minifigures, incredible LEGO themed Challenge Zones, 60 action-packed minigames and more, all in the quest to collect the most LEGO Golden Bricks and become the ultimate LEGO Party! champion.

Bring out your competitive side and dive into the mini-game mayhem, featuring giant space aliens, power-up popping rainbow unicorns, lava-roasted rotisserie turkeys and more, all of which can be viewed in the newest LEGO Party! launch trailer here: 

LEGO Party! is an up to four-player party game that’s built different! Compete against your friends in wacky Challenge Zones and 60 hilarious minigames from across your favorite LEGO sets like LEGO Pirates, LEGO Space, LEGO NINJAGO® and more. Join your friends online or get together on the couch for a LEGO Party! game night. With multiple game modes and tons of minifigures to unlock, you’ll have all the bricks to build the ultimate party! Challenge players near or far, customize your character, and compete in a variety of awesome minigames to get as many Golden Bricks as you can by any means necessary! But beware, watch out for monsters, traps and flying roast turkeys on your way to becoming the next star of LEGO Party!

For all the latest updates on the game, follow LEGO Party! at: http://www.legoparty.com

Leave a comment »

The CISA warns of a Sudo Privilege Escalation Flaw 

Posted in Commentary with tags on September 30, 2025 by itnerd

The CISA has warned that a local privilege escalation vulnerability in Sudo (CVE-2025-32463, CVSS 9.3) is being actively exploited in the wild. The flaw, introduced in Sudo version 1.9.14 in 2023, allows any local user to execute commands with root privileges, even without being in the sudoers file. Exploitation requires tricking Sudo into loading a malicious /etc/nsswitch.conf file via the chroot feature, which has since been deprecated. The issue was patched in June with Sudo version 1.9.17p1, but proof-of-concept exploits have circulated since July, and CISA has mandated remediation within three weeks for federal agencies under BOD 22-01. 

John McShane, Principal Product Manager for AI & Data Science, Cobalt:

     “Privilege escalation flaws like this sudo chroot issue reinforce a recurring pattern in security: when high privilege software accepts untrusted input or environmental control without guardrails, the downstream impact can be massive. Remember last year’s CrowdStrike Falcon outage (CVE-2025-1146)? A malformed update triggered system crashes at scale across airlines, hospitals, and critical infrastructure. In both cases the root failure was trusted high privilege logic failing in edge scenarios, which is exactly why testing must include more than happy-path unit tests. Fuzzing that targets config and path resolution logic, focused penetration testing that simulates hostile environments, and unit and integration tests all could have caught this earlier.”

Wade Ellery, Chief Evangelist and IAM Strategy Officer, Radiant Logic:

     “Security and defense from attack needs to be a multilayered operation.  Compromising the network perimeter and in this case local access to a server and then taking over a benign local account dramatically increases the threat to the organization.  When a vulnerability then allows any compromised local account to be escalated to root privileges the threat becomes catastrophic.  In most organizations there are no further walls between the attacker and his targets.  Layering in an additional line of defense is critical to stopping such an attack.  Adding continuous observability into who is accessing what resources, and how privilege is being escalated shines the light into the dark corners of today’s vulnerabilities.  Leveraging near real-time controls and remediation can prevent the escalated account from operating outside their original limited access.  Strong identity governance combined with timely patching ensures that when privilege escalation attempts occur, they are detected, prevented, and contained before causing lasting harm.”

“This vulnerability illustrates how access and identity intersect with system-level controls. Even without being in the sudoers file, an attacker could gain full privileges, bypassing established access policies. That underlines the importance of continuous observability into who is accessing what resources, and how privilege is being escalated. Without that visibility, organizations are blind to the subtle shifts that transform a minor intrusion into a full compromise. Strong identity governance combined with timely patching ensures that when privilege escalation attempts occur, they are detected, prevented, and contained before causing lasting harm.”

This is another one of those today problems that affected organizations need to deal with. And it needs to be dealt with ASAP. So it’s once again it’s time to patch all the things.

Leave a comment »

Unrelenting IT issues cost millions of hours in lost productivity

Posted in Commentary with tags on September 30, 2025 by itnerd

Nexthink has released ‘Cracking the DEX Equation: The Annual Workplace Productivity Report’ showing that poor DEX directly costs global businesses an average of 470,000 hours per year, equivalent to around 226 full-time employees. This indicates that digital friction is a vital and underreported element of the global productivity crisis.

Nexthink’s analysis – the first of its kind – is based on proprietary data from more than 20m endpoints across 474 global businesses. The report finds that the average employee suffers 14 negative digital experiences a week. These include device crashes, application glitches, or slow load times, and can reduce productivity and collaboration while also increasing employee frustration and stress. Crucially, the research also indicates a strong inverse correlation between an organization’s DEX score and productivity loss. For every 10-point increase to the overall DEX score, employees would recoup an average of 22 productive minutes each week. 

The research also suggests that these consistent disruptions are not just a threat to enterprise productivity, but also to the quality of work employees produce. The average negative event lasts a little under 3 minutes (167 seconds), yet research from the American Psychological Association suggests that even delays of less than 5 seconds are enough to triple people’s error rate. Moreover, research from the University of California has shown that when employees are taken out of their flow state it takes around 23 minutes for them to return, further increasing the amount of lost time.

Averaging lost time by industry shows significant variation with retailers, healthcare providers, and financial service companies suffering 1.7x the time loss of the tech industry. The number of disruptive events per week was almost identical, regardless of industry however, suggesting that the variance in time loss is down to the severity of events rather than the volume.

The figures in this report are derived from aggregated, anonymized telemetry from organizations largely in the early stages of DEX management.

For more information on the impact of DEX on workplace productivity, please read the full ‘Workplace Productivity’ report 

Leave a comment »

Meta AI fooled into teaching weapon creation…. Yikes!

Posted in Commentary with tags on September 30, 2025 by itnerd

Cybernews researchers discovered that Meta’s personal assistant, which is integrated into Messenger, WhatsApp, Instagram, and other apps, is easy to manipulate into revealing harmful information. The Llama 4-based chatbot was easily tricked into providing instructions on making a Molotov cocktail.

The assistant was easily tricked by utilizing the so-called “narrative jailbreaking” practice. The technique masks the harmful request by asking the bot to tell a “story” to bypass safety filters. To execute the jailbreak, the team simply asked the chatbot to tell a story about the Winter War between Finland and the Soviet Union, requesting details about how the incendiary devices were made back then. 

While it’s unlikely that people will flock to Meta for advice on Molotov cocktail-making, the issue highlights the possibility of abusing the chatbot for purposes that appear to be beyond the scope of what an AI assistant ought to be capable of.

The team disclosed the issue to Meta immediately after discovering it. After the publication went live, the company told Cybernews it had resolved the problem.

Also, Cybernews researchers recently discovered that Lenovo’s customer service assistant, Lena, had an XSS vulnerability that allowed the running of remote scripts on corporate machines if you asked nicely.

Meanwhile, another chatbot, used by the travel agency Expedia, allowed users to ask for a recipe for making a Molotov cocktail. The company eventually fixed the issue, and the chatbot stopped advising on making incendiary devices.

To read the full research report, please click here.

Leave a comment »

2025 Paywall Index: A Data-Driven Study Across Industries

Posted in Commentary with tags on September 30, 2025 by itnerd

Website Planet has published a study which explores how paywalls have evolved beyond news media to become the internet’s default business model, shaping digital content, SaaS, streaming, and even academic publishing.

Among our key findings:

  • Paywalls surged in the 2010s (120 new launches) but appear to have stagnated in the 2020s.
  • Hard paywalls dominate, with 50% of services relying on this model.
  • Nearly half (46.03%) of freemium models are in the software/SaaS sector.
  • Pay-per-view is rare overall, but 65% of academic journals with paywalls use it.

You can check their full research here: https://www.websiteplanet.com/blog/2025-paywall-index-a-data-driven-study-across-industries/

Leave a comment »

Cybersecurity Awareness Month Is Tomorrow

Posted in Commentary with tags on September 30, 2025 by itnerd

With Cybersecurity Awareness Month kicking off tomorrow, I have a comment from Chris Mierzwa, Sr. Director, Global Resilience Programs at Commvault.

For background, Chris Mierzwa is a seasoned technology executive with over 30 years of experience in the IT solutions space. As a former CTO and SVP at Sirus Computer Solutions (now CDW), he led strategic initiatives across infrastructure, cloud, and partner ecosystems, overseeing billion-dollar revenue targets and complex M&A Integrations.

“As we approach another Cybersecurity Awareness Month, it serves as a stark reminder that enterprises must get ‘back to basics’ and focus on creating stronger security foundations. Among the many different threat vectors, I implore business leaders to pay close attention to social engineering – the increasingly dangerous Achilles’ heel of every organization.  

Enterprises are underestimating threat actors’ ability to understand the more formidable adult psyche. With the help of AI, cybercriminals can now alter their voices, accents, and launch social engineering attacks in multiple languages with real-time translation, leaving employees with no cues to suspect malicious intent. On top of that, threat actors recognize that employees only receive minimal cybersecurity training, meaning they don’t have the knowledge or skillset to recognize the newest and most sophisticated threats.” 

Leave a comment »

New Spearphishing Attacks Uses DarkCloud Infostealer to Steal Credentials

Posted in Commentary with tags on September 30, 2025 by itnerd

Researchers have uncovered new spearphishing campaign that leverages the DarkCloud Infostealer to steal FTP credentials, keystrokes and other information. You can find out more details about this campaign here: https://www.esentire.com/blog/eye-of-the-storm-analyzing-darkclouds-latest-capabilities

Henrique Teixeira, SVP of Strategy at Saviynt, commented:

“Infostealers are a type of malware often specifically designed to steal user credential data. 46% of the time, infostealers are running in employee devices not managed by their employers (https://www.verizon.com/business/resources/infographics/2025-dbir-infographic.pdf). While it’s important to stay aware of new versions and campaigns utilizing these vectors, it’s even more critical for cybersecurity and identity leaders to understand the full attack chain of these modern campaigns.

“Data stolen by infostealers is typically sold later to other criminals via Initial Access Brokers (IABs) on the dark web. However, this isn’t the only method used to gain access to organizations. As we’ve seen recently, these groups often employ a multi-pronged approach that can include extortion, social engineering, and compromising third-party access. AI has also risen in the methods of cyber attacks. Therefore, a more complete strategy to protect and defend against modern attacks requires understanding their anatomy and recognizing that credential abuse is the #1 vector of attack, and a low hanging fruit for attackers (and defenders).

“This attack highlights the importance of being able to measure and understand the current state of identity controls, and how resilient and prepared organizations are. This includes implementing least privilege principles for all accounts, discovering and removing long-standing privileges, and avoiding static and long-lived tokens. Identity security also needs to be applied to machine identities, or non-human identities (NHIs). Research shows that, in fact, 80% of the most recent identity-based attacks compromise non-human accounts instead of human ones ([https://nhimg.org/the-ultimate-guide-to-non-human-identities](https://nhimg.org/the-ultimate-guide-to-non-human-identities)).”

Since spearpishing is a highly targeted attack, it illustrates how careful that you have to be in order to not become a victim of such an attack. Thus consider yourself warned and act accordingly. This article will help you with that: https://www.fortinet.com/resources/cyberglossary/spear-phishing

Leave a comment »

CISA Issues Alert Regarding Cisco Firewall Zero-Days

Posted in Commentary with tags on September 29, 2025 by itnerd

Late last week, the Cybersecurity and Infrastructure Security Agency issued an emergency directive in response to a widespread campaign that involves exploiting zero-day vulnerabilities in Cisco firewall devices – giving threat actors access to the devices and enabling them to execute malicious code and malware.

Here is some commentary on the significance of these vulnerabilities and insights for security leaders from cybercrime expert and VP of Cyber Risk for HITRUST, Tom Kellermann.

“The exploitation of Cisco firewalls underscores the dangerous nature of island hopping through security vendors’ vulnerabilities. This systemic attack to U.S. government agencies represents a clear and present danger to national security. Cybersecurity vendors must ramp up their own security postures in 2025 and the private sector must expand third party risk management to include cybersecurity vendors in order to mitigate future widespread attacks by China.”

Once again it is time to patch all the things. Because this is one of those “today problems” which seem to be multiplying like rabbits. That’s not a good place for those of us on the side of keeping users and organizations safe to be.

Leave a comment »

ESET Research’s has a deep dive into DeceptiveDevelopment, North Korean crypto theft via fake job offers

Posted in Commentary with tags on September 29, 2025 by itnerd

ESET Research has released new findings on DeceptiveDevelopment, also known as Contagious Interview – a threat group aligned with North Korea that has grown increasingly active in recent years. The group is primarily focused on cryptocurrency theft, targeting freelance developers across Windows, Linux, and macOS platforms. The newly published research paper traces the group’s evolution from early malware families to more advanced toolsets. These campaigns rely heavily on sophisticated social engineering tactics, including fake job interviews and the ClickFix technique, to deliver malware and exfiltrate cryptocurrency. ESET also analyzed open-source intelligence (OSINT) data that sheds light on the operations of North Korean IT workers involved in fraudulent employment schemes and their ties to DeceptiveDevelopment. These findings are being presented today at the annual Virus Bulletin (VB) Conference.

DeceptiveDevelopment is a North Korea-aligned group active since at least 2023, focused on financial gain. The group targets software developers on all major systems – Windows, Linux, and macOS – and especially those in cryptocurrency and Web3 projects. Initial access is achieved exclusively via various social engineering techniques like ClickFix, and fake recruiter profiles similar to Lazarus’s Operation DreamJob to deliver trojanized codebases during staged job interviews. Its most typical payloads are the BeaverTail, OtterCookie, and WeaselStore infostealers, and the InvisibleFerret modular RAT.

The attackers opted for various methods to compromise users, relying on clever social engineering tricks. Via both fake and hijacked profiles, they pose as recruiters on platforms like LinkedIn, Upwork, Freelancer.com, and Crypto Jobs List. They offer fake lucrative job opportunities in order to attract their target’s interest. Victims are requested to participate in a coding challenge or pre-interview task.

In addition to fake recruiter accounts, the attackers have customized and improved the social engineering method called ClickFix. Victims are lured to a fake job interview site and asked to fill out a detailed application form, investing significant time and effort. At the final step, they’re prompted to record a video answer, but the site displays a camera error and offers a “How to fix” link. This link instructs users to open a terminal and copy a command that should solve the camera or microphone issue, which instead of fixing the issue, downloads and executes malware.

While research into DeceptiveDevelopment is primarily based on data from ESET telemetry and reverse-engineering the group’s toolset, it is interesting to point out its connections to fraud operations by North Korean IT workers. According to the FBI’s “Most Wanted” poster, the IT worker campaign has been ongoing since at least April 2017 and has become increasingly prominent in recent years. In a joint advisory released in May 2022, the IT worker campaign is described as a coordinated effort by North Korea-aligned workers to gain employment at overseas companies, whose salaries are then used as funding for the regime. They have also been known to steal internal company data and use it for extortion, as stated in an announcement by the FBI in January 2025.

As ESET Research discovered from available OSINT data, fake CVs, and other related materials, the IT workers mainly focus on employment and contract work in the West, specifically prioritizing the United States. However, our findings based on the acquired materials have shown a shift toward Europe, with targets in countries such as France, Poland, Ukraine, and Albania. The workers utilize AI to perform their job tasks and rely heavily on AI for manipulating photos in their profile pictures and CVs, and even perform face swaps in real-time video interviews to look like the persona they are currently using. They utilize remote interviewing platforms like Zoom, MiroTalk, FreeConference, or Microsoft Teams for various social engineering techniques. Proxy interviewing poses a severe risk to employers, since hiring of an illegitimate employee from a sanctioned country may not only be irresponsible or underperforming, but could also evolve into a dangerous insider threat.

The research paper “DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception” summarizes the evolution of the group’s two flagship toolsets, InvisibleFerret and BeaverTail. At the same time, it identifies newly discovered links between DeceptiveDevelopment’s Tropidoor backdoor and the PostNapTea RAT used by the Lazarus group. Furthermore, it provides a comprehensive analysis of TsunamiKit and WeaselStore, new toolkits used by DeceptiveDevelopment and documents the functionality of a WeaselStore C&C server and its API.

For a more detailed analysis of DeceptiveDevelopment operations and tools, check out the latest ESET Research white paper “DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception” or the brief accompanying blogpost on WeLiveSecurity.com. M

Leave a comment »

Harrods Has Been Pwned With 430K Records Swiped

Posted in Commentary with tags on September 29, 2025 by itnerd

Hackers have apparently breached British retail giant Harrods via a third-party supplier stealing 430,000 records that included sensitive e-commerce customer information.

Harrods said it would not engage with the “threat actor” and added the affected data, taken from a third-party provider, was limited to basic information and did not include passwords or payment details.

“Our focus remains on informing and supporting our customers. We have informed all relevant authorities and will continue to co-operate with them,” a spokesperson said in a statement.

The majority of Harrods customers shop in-store, so it is understood the breach has affected only a small proportion of its shoppers.

Dmitry Dontov, CEO of Spin.AI, provided the following comments:

“The Harrods breach is yet another example of the need to secure the entire supply chain. If attackers are unable to breach your core workspace, they can often access data through external partners. Even retail giants must assume that the perimeter defense is not enough. Incident resilience, real-time monitoring, as well as third-party tool visibility and security are now essential.”

Supply chain attacks are all the rage due to how effective it is for threat actors to pwn an organization via this attack vector. Thus it is in your best interests to make sure that the companies that you get services from are as secure as you are. Otherwise you might be the next headline related to a supply chain attack.

Leave a comment »

« Older Entries
Newer Entries »