CISA Issues Alert Regarding Cisco Firewall Zero-Days

Posted in Commentary with tags on September 29, 2025 by itnerd

Late last week, the Cybersecurity and Infrastructure Security Agency issued an emergency directive in response to a widespread campaign that involves exploiting zero-day vulnerabilities in Cisco firewall devices – giving threat actors access to the devices and enabling them to execute malicious code and malware.

Here is some commentary on the significance of these vulnerabilities and insights for security leaders from cybercrime expert and VP of Cyber Risk for HITRUST, Tom Kellermann.

“The exploitation of Cisco firewalls underscores the dangerous nature of island hopping through security vendors’ vulnerabilities. This systemic attack to U.S. government agencies represents a clear and present danger to national security. Cybersecurity vendors must ramp up their own security postures in 2025 and the private sector must expand third party risk management to include cybersecurity vendors in order to mitigate future widespread attacks by China.”

Once again it is time to patch all the things. Because this is one of those “today problems” which seem to be multiplying like rabbits. That’s not a good place for those of us on the side of keeping users and organizations safe to be.

Leave a comment »

ESET Research’s has a deep dive into DeceptiveDevelopment, North Korean crypto theft via fake job offers

Posted in Commentary with tags on September 29, 2025 by itnerd

ESET Research has released new findings on DeceptiveDevelopment, also known as Contagious Interview – a threat group aligned with North Korea that has grown increasingly active in recent years. The group is primarily focused on cryptocurrency theft, targeting freelance developers across Windows, Linux, and macOS platforms. The newly published research paper traces the group’s evolution from early malware families to more advanced toolsets. These campaigns rely heavily on sophisticated social engineering tactics, including fake job interviews and the ClickFix technique, to deliver malware and exfiltrate cryptocurrency. ESET also analyzed open-source intelligence (OSINT) data that sheds light on the operations of North Korean IT workers involved in fraudulent employment schemes and their ties to DeceptiveDevelopment. These findings are being presented today at the annual Virus Bulletin (VB) Conference.

DeceptiveDevelopment is a North Korea-aligned group active since at least 2023, focused on financial gain. The group targets software developers on all major systems – Windows, Linux, and macOS – and especially those in cryptocurrency and Web3 projects. Initial access is achieved exclusively via various social engineering techniques like ClickFix, and fake recruiter profiles similar to Lazarus’s Operation DreamJob to deliver trojanized codebases during staged job interviews. Its most typical payloads are the BeaverTail, OtterCookie, and WeaselStore infostealers, and the InvisibleFerret modular RAT.

The attackers opted for various methods to compromise users, relying on clever social engineering tricks. Via both fake and hijacked profiles, they pose as recruiters on platforms like LinkedIn, Upwork, Freelancer.com, and Crypto Jobs List. They offer fake lucrative job opportunities in order to attract their target’s interest. Victims are requested to participate in a coding challenge or pre-interview task.

In addition to fake recruiter accounts, the attackers have customized and improved the social engineering method called ClickFix. Victims are lured to a fake job interview site and asked to fill out a detailed application form, investing significant time and effort. At the final step, they’re prompted to record a video answer, but the site displays a camera error and offers a “How to fix” link. This link instructs users to open a terminal and copy a command that should solve the camera or microphone issue, which instead of fixing the issue, downloads and executes malware.

While research into DeceptiveDevelopment is primarily based on data from ESET telemetry and reverse-engineering the group’s toolset, it is interesting to point out its connections to fraud operations by North Korean IT workers. According to the FBI’s “Most Wanted” poster, the IT worker campaign has been ongoing since at least April 2017 and has become increasingly prominent in recent years. In a joint advisory released in May 2022, the IT worker campaign is described as a coordinated effort by North Korea-aligned workers to gain employment at overseas companies, whose salaries are then used as funding for the regime. They have also been known to steal internal company data and use it for extortion, as stated in an announcement by the FBI in January 2025.

As ESET Research discovered from available OSINT data, fake CVs, and other related materials, the IT workers mainly focus on employment and contract work in the West, specifically prioritizing the United States. However, our findings based on the acquired materials have shown a shift toward Europe, with targets in countries such as France, Poland, Ukraine, and Albania. The workers utilize AI to perform their job tasks and rely heavily on AI for manipulating photos in their profile pictures and CVs, and even perform face swaps in real-time video interviews to look like the persona they are currently using. They utilize remote interviewing platforms like Zoom, MiroTalk, FreeConference, or Microsoft Teams for various social engineering techniques. Proxy interviewing poses a severe risk to employers, since hiring of an illegitimate employee from a sanctioned country may not only be irresponsible or underperforming, but could also evolve into a dangerous insider threat.

The research paper “DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception” summarizes the evolution of the group’s two flagship toolsets, InvisibleFerret and BeaverTail. At the same time, it identifies newly discovered links between DeceptiveDevelopment’s Tropidoor backdoor and the PostNapTea RAT used by the Lazarus group. Furthermore, it provides a comprehensive analysis of TsunamiKit and WeaselStore, new toolkits used by DeceptiveDevelopment and documents the functionality of a WeaselStore C&C server and its API.

For a more detailed analysis of DeceptiveDevelopment operations and tools, check out the latest ESET Research white paper “DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception” or the brief accompanying blogpost on WeLiveSecurity.com. M

Leave a comment »

Harrods Has Been Pwned With 430K Records Swiped

Posted in Commentary with tags on September 29, 2025 by itnerd

Hackers have apparently breached British retail giant Harrods via a third-party supplier stealing 430,000 records that included sensitive e-commerce customer information.

Harrods said it would not engage with the “threat actor” and added the affected data, taken from a third-party provider, was limited to basic information and did not include passwords or payment details.

“Our focus remains on informing and supporting our customers. We have informed all relevant authorities and will continue to co-operate with them,” a spokesperson said in a statement.

The majority of Harrods customers shop in-store, so it is understood the breach has affected only a small proportion of its shoppers.

Dmitry Dontov, CEO of Spin.AI, provided the following comments:

“The Harrods breach is yet another example of the need to secure the entire supply chain. If attackers are unable to breach your core workspace, they can often access data through external partners. Even retail giants must assume that the perimeter defense is not enough. Incident resilience, real-time monitoring, as well as third-party tool visibility and security are now essential.”

Supply chain attacks are all the rage due to how effective it is for threat actors to pwn an organization via this attack vector. Thus it is in your best interests to make sure that the companies that you get services from are as secure as you are. Otherwise you might be the next headline related to a supply chain attack.

Leave a comment »

Abby Connect Scales Personalized Service and Launches AI Receptionist with Deepgram’s Real-Time Speech-to-Text

Posted in Commentary with tags on September 29, 2025 by itnerd

Deepgram today announced that Abby Connect, a premier virtual receptionist service, has successfully launched its new AI Receptionist product line built on Deepgram’s real-time speech-to-text technology. By choosing Deepgram, Abby Connect is scaling its high-touch customer experience while meeting the demanding needs of industries such as law, healthcare, and home services.

For more than 20 years, Abby Connect has built its reputation on creating a warm, human first impression for every call. But scaling that personal service 24/7 – while managing rising client demand and costs – presented a major challenge. Abby Connect turned to Deepgram to help strike the right balance between efficiency and empathy.

Why Abby Connect Chose Deepgram 

After evaluating Google Cloud Speech-to-Text, AWS Transcribe, AssemblyAI, and Whisper, Abby Connect found Deepgram’s performance to be unmatched:

  • Accuracy in the Real World – Deepgram outperformed competitors on noisy calls, including from HVAC job sites.
  • Low Latency for Natural Conversations – Sub-300ms streaming latency enabled real-time, two-way AI dialogue without delays.
  • Ease of Integration – Developer-friendly APIs and transparent pricing simplified rollout.
  • Domain Customization – Tuned for industry-specific terminology, from legal to medical.

Results Delivered

By leveraging both Deepgram’s real-time and pre-recorded transcription APIs, Abby Connect achieved measurable results:

  • New AI Receptionist Product Line – Successfully launched, automating repetitive call types like scheduling and FAQs.
  • 5x Boost in QA Productivity – Quality assurance teams now review five times more calls per day.
  • 30% Reduction in Audit Time – Faster reviews mean stronger agent coaching and more consistent service.
  • Scale to 100,000+ Calls per Month – Deepgram reliably transcribes massive call volumes to power both AI and human workflows.

Abby Connect is now exploring how to extend Deepgram-powered transcription into even more advanced conversational AI, including large language models trained on call data to detect intent, measure sentiment, and enable smarter escalations.

To learn more, please read the Abby Connect case study found here: https://deepgram.com/customers/abby-connect 

Leave a comment »

Dedicated IP is now available on Surfshark’s extension

Posted in Commentary with tags on September 29, 2025 by itnerd

Surfshark has launched a dedicated IP feature for its browser extension, available on Google Chrome, Mozilla Firefox, and Microsoft Edge. This addition allows users to route only browser traffic through a dedicated IP.

According to Justas Pukys, Senior Product Manager at Surfshark, the company constantly looks for opportunities to improve the user experience and provide innovative solutions across the industry.

A dedicated IP is well known for reducing human verification requests (CAPTCHA). When multiple users share the same IP address, websites often send verification requests, such as “Select images with traffic lights.” Dedicated IP minimizes this issue by assigning a static address, making traffic appear more consistent to websites. Also, as only one user generates traffic through the IP, it may lead to more stable connections.

Additionally, dedicated IP simplifies access to remote networks by eliminating the unpredictability of changing addresses associated with shared VPN servers. This provides unrestricted service access, allowing users to access apps and websites that block shared IPs or don’t work when IP changes frequently.

Currently Surfshark offers 20 dedicated IP locations: Australia – Sydney; Brazil – Sao Paulo; Canada – Toronto; France – Paris; Germany – Frankfurt am Main; Hong Kong – Hong Kong; Italy – Milan; Japan – Tokyo; the Netherlands – Amsterdam; Poland – Warsaw; Singapore – Singapore; South Africa – Johannesburg; Turkey – Istanbul; United Kingdom – London; United States – Dallas, Denver, Las Vegas, Los Angeles, New York, and San Jose.

The dedicated IP feature is available on Android, Windows, iOS, and macOS and supports all major protocols, including WireGuard®, for maximum speed. Since it has now been included in the extension, all users can access it on Google Chrome, Mozilla Firefox, and Microsoft Edge browsers.

Leave a comment »

Keepit upsizes and refinances credit facilities to $60 million USD

Posted in Commentary with tags on September 29, 2025 by itnerd

Keepit, the world’s only vendor-neutral and truly immutable cloud dedicated to SaaS data protection, today announced a strategic financial update to upsize and refinance its credit facilities amounting to $60 million USD from the Export and Investment Fund of Denmark (EIFO) and HSBC Innovation Banking. This move is designed to leverage the recent $50 million USD funding round from December 2024 .

Financing overview and strategic rationale

The refinancing plan consists of upsizing by $20 million USD and refinancing $40 million USD of existing HSBC Innovation Banking/EIFO facilities. The total facility will increase from $40 million pre-financing to $60 million post-financing with only a portion of the previous amount drawn today. The company aims to build upon the momentum from the funding round in December 2024, reflecting strong growth.

Company position and future outlook

Keepit is positioned strongly with cash reserves projected to remain robust for years ahead. The company has experienced significant growth since the previous year. Keepit is expanding its market focus towards larger clients, having demonstrated relevance and value to this segment. The additional funds raised will be directed toward future-proofing the organization, supporting ongoing product development, innovation, and efforts to deepen market penetration.

Keepit provides a next-level SaaS data protection platform purpose-built for the cloud. Securing data in a vendor-independent cloud safeguards essential business applications, boosts cyber resilience, and future-proofs data protection. Unique, separate, and immutable data storage with no sub-processors ensures compliance with local regulations and mitigates the impact of ransomware while guaranteeing continuous data access, business continuity, and fast and effective disaster recovery. Headquartered in Copenhagen with offices and data centers worldwide, more than 18,000 companies trust Keepit for its ease of use and effortless backup and recovery of cloud data.  

For more information visit www.keepit.com.

Leave a comment »

Maximor get $9m for AI that takes on finance grunt work while keeping it BAU

Posted in Commentary with tags on September 29, 2025 by itnerd

Finance leaders know they should be spending more time guiding business decisions, yet their teams spend most of their time shuffling data between systems and fixing spreadsheets. Maximor wants to change that. The company today announced a $9 million seed round to expand its finance automation platform — AI agents that plug into ERPs, payroll, billing, and bank systems to take on the repetitive accounting work and produce audit-ready outputs by default.

The round was led by Foundation Capital, with participation from Gaia Ventures (founded by SAP’s former Chief Strategy Officer) and Boldcap. Notable angels include Aravind Srinivas (CEO of Perplexity), Tien Tzuo (CEO of Zuora), and CFOs/finance leaders from Ramp, Gusto, Opendoor, MongoDB, and the Big Four.

Finance leaders today face a paradox: they’re expected to steer strategy while their teams are buried in reconciliations, close checklists, and fragmented systems. The talent pipeline of accountants is also at a breaking point—three-quarters of accountants are expected to retire by 2030, while fewer graduates enter the field. That leaves companies stretched thin, raising the odds of costly errors and slowing down audits.

Across its customer base, Maximor has delivered three strategic outcomes: ~40% more team capacity, freeing finance staff to focus on strategy, not mechanics, Cleaner audits and streamlined closes, reducing compliance and valuation risk; and Unified, cross-silo visibility across existing finance & operational systems – so finance leaders can make faster, better-informed decisions with AI’s reasoning capabilities

Proptech business Rently, with global operations across three countries, cut its month-end close from 8 days to 4 within the first month of using Maximor, while avoiding two incremental accounting hires for repetitive work.  While, multi-billion-dollar AUM registered investment advisor business Invst was able to automate reconciliations, allocations, and reporting, unlocking advisor-level profitability insights that were previously impractical.

Maximor is not another point solution. It is a financial command center that connects both financial and operational systems—ERPs like NetSuite and Intacct, banks, payroll, CRMs, and SaaS data—into a single reconciled source of truth. 

On this unified data foundation, Maximor deploys specialized finance agents across revenue, cash, close, and reporting. Powered by its proprietary Audit-Ready Agent™ architecture, these agents generate workpapers, reviewer notes, and audit trails by default. The result: automation that is natively explainable, compliant, secure and enterprise-grade—tailored to the exacting needs of the CFO’s office.

Co-founders Ramnandan Krishnamurthy and Ajay Krishna Amudan saw the problem firsthand while leading Microsoft’s digital transformation group and working with global corporate finance teams: despite millions poured into ERPs and accounting tools, technical limitations forced critical workflows back into spreadsheets—creating endless manual work, slow closes, and costly errors.

Maximor’s design philosophy, “Design for Progress” reflects its commitment to helping finance leaders build financially progressive companies: outcome-assured automation adapted to each organization’s finance ops style, not a one-size-fits-all template.

Over the last two decades, financial software has over-promised and under-delivered, fragmenting workflows across point tools with no intelligence baked in. Unlike point tools that automate fragments, Maximor is the only platform built to automate finance processes end-to-end—”cradle to grave”—with enterprise-grade control. It uniquely combines a unified finance context layer with a specialized system of agents, powered by its  Audit-Ready Agent™ architecture – delivering CFOs automation with evidence, not just speed.

Maximor is expanding in three directions: Deeper automation across the breadth of repetitive accounting flows, Vertical modules tailored for specific sectors with high urgency to adopt; and Strategic finance insights that move teams from reactive reporting to proactive scenario planning and decision support. The vision: an always-on, audit-ready AI-powered finance team for every mid-market and enterprise company.

Leave a comment »

New Phishing Campaign Uses LLMs To Craft SVG Payloads To Pwn You

Posted in Commentary with tags on September 29, 2025 by itnerd

Microsoft has flagged a new phishing campaign that appears to leverage large language models (LLMs) to craft obfuscated SVG payloads, making them appear like legitimate business analytics dashboards. The attack chain uses compromised business email accounts, self-addressed emails, and SVG files containing business-related terminology and modular, over-engineered code that mimics legitimate content. This enables phishing lures to evade static analysis and detection tools. While the campaign was limited in scope and blocked, Microsoft warns that AI-assisted obfuscation and synthetic phishing techniques are growing trends, with attackers increasingly adopting LLMs to automate and enhance their tactics.

You can read more via this Microsoft blog post: https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/

Anders Askasen, VP of Product Marketing, Radiant Logic had this comment:

“AI-driven phishing shows us that the frontline isn’t the payload, it’s the person behind the login. Attackers aren’t just tricking defensive filters anymore, they are using LLMs to mimic the texture of legitimate business data. That’s why identity observability is critical. If you can unify identity data into one source of truth, you can see when an account behaves out of character, when credentials are being replayed, or when entitlements don’t match expected patterns. The only way to counter AI-scaled deception is with unified identity intelligence that lets defenders observe, correlate, and act in real time.”


Andrew Obadiaru, CISO, Cobalt follows with this comment:

“Phishing has always been about social engineering, but AI is fundamentally changing the game by making attacks harder to detect both technically and psychologically. The use of LLMs to generate verbose, business-like code isn’t just obfuscation—it’s camouflage that blends seamlessly into enterprise workflows. Security teams can’t rely on static filters or signature-based defenses to catch this. The focus must shift to behavioral detection, red-teaming against AI-assisted tactics, and shortening remediation cycles before attackers can exploit the gap.”

This highlights the fact that we all need to work harder than ever to stay ahead of the bad guys. Because they continue to evolve their tactics to allow them to succeed in making your life as miserable as possible.

Leave a comment »

Wallarm Leads Development of New A2AS Standard for Agentic AI Security

Posted in Commentary with tags on September 29, 2025 by itnerd

Wallarm today announced its role in the publication of “A2AS: Agentic AI Runtime Security and Self-Defense,” a groundbreaking research project led by Eugene Neelou (OWASP, Wallarm) together with researchers from AWS, Bytedance, Cisco, Elastic, Google, JPMorganChase, Meta, and Salesforce.

The A2AS framework introduces a new security layer for AI agents, LLM-powered applications, and AI protocols, similar to how HTTPS secures HTTP.

The A2AS framework is built on three breakthrough capabilities that fundamentally address agentic AI security risks such as prompt injection, tool misuse, and agent compromise:

  • Behavior Certificates: The industry’s first mechanism for declaring and enforcing AI agent actions and permissions. Like HTTPS certificates secured the web, behavior certificates can secure agentic AI interactions with users, tools, and other agents.
  • Model Self-Defense Reasoning:  Embeds security awareness directly into the AI model’s context window, guiding it to recognize and reject malicious or untrusted instructions in real time without any external components or guardrails.
  • Prompt-Level Security Controls: Provides authenticated prompts, security boundaries, and policy-as-code so that every request and interaction is verified, sandboxed, and aligned with enterprise security policies.

As enterprises rapidly deploy agentic AI into workflows across finance, healthcare, and infrastructure, the security risks scale from individual task failures to enterprise-wide compromise. Traditional guardrails and post-processing methods have proven to be too slow, too complex, and too costly. A2AS offers a practical, lightweight, and scalable approach that protects AI agents at runtime without adding latency or operational complexity.

Eugene Neelou, an industry pioneer and Head of AI Security at Wallarm, serves as the lead for the A2AS project. Neelou previously coined the term MLSecOps, co-founded the world’s first AI red teaming startup, and co-authored the OWASP Top 10 for LLM Security. He is joined by Ivan Novikov, Founder and CEO of Wallarm, who contributed his expertise in API and AI security.

The A2AS paper is the first in a series of publications aimed at establishing A2AS as the industry standard for AI runtime security. Researchers, engineers, and enterprises interested in design partnerships or early adoption are invited to read the paper, learn more, and get involved at https://a2as.org. Contact the project team to explore collaboration opportunities and shape the future of secure AI.

Leave a comment »

NEW FROM FORCEPOINT X-LABS: XWorm RAT Delivered via Shellcode

Posted in Commentary with tags on September 26, 2025 by itnerd

This morning, the researchers from Forcepoint X-Labs have released a new blog post detailing a new way attackers are using shellcode as an enabling technology for modern remote access trojan campaigns — and an old technique with a new infection. The example in the post injects the XWorm RAT.

Campaign Highlights:

The campaign is delivered by phishing email, using a fake invoice as a lure. Sequence:

  • The email has an Office file (.xlam) attachment, which, on downloading and opening, shows a blank or corrupted Office file. 
  • This malicious document has an embedded oleObject1.bin file, which hides embedded shellcode. 
  • The shellcode, when executed, initiates connection to retrieve and deploy secondary payload.
  • The second payload, which was an executable, was found to be a .NET binary that reflectively loaded into the memory.
  • The second stage .DLL file from memory uses heavily obfuscated packing and encryption techniques.
  • The next and final step performs a process injection in its own main executable file, maintaining persistence and exfiltrating data to its Command & Control servers. 
  • The C2s where data was exfiltrated was found to be related to XWorm family.

Authored by Prashant Kumar, senior research at Forcepoint, the full post with detailed illustrated example with images can be found at: https://www.forcepoint.com/blog/x-labs/xworm-rat-shellcode-multi-stage-analysis

Leave a comment »

« Older Entries
Newer Entries »