Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
LLaMA
AI Chatbots AI Models AI technology Chatbots ChatGPT Cloud Cyber Security Data Privacy data security DeepSeek Gemini AI LLaMA

Why Running AI Locally with an NPU Offers Better Privacy, Speed, and Reliability

 

Running AI applications locally offers a compelling alternative to relying on cloud-based chatbots like ChatGPT, Gemini, or Deepseek, especially for those concerned about data privacy, internet dependency, and speed. Though cloud services promise protections through subscription terms, the reality remains uncertain. In contrast, using AI locally means your data never leaves your device, which is particularly advantageous for professionals handling sensitive customer information or individuals wary of sharing personal data with third parties. 

Local AI eliminates the need for a constant, high-speed internet connection. This reliable offline capability means that even in areas with spotty coverage or during network outages, tools for voice control, image recognition, and text generation remain functional. Lower latency also translates to near-instantaneous responses, unlike cloud AI that may lag due to network round-trip times. 

A powerful hardware component is essential here: the Neural Processing Unit (NPU). Typical CPUs and GPUs can struggle with AI workloads like large language models and image processing, leading to slowdowns, heat, noise, and shortened battery life. NPUs are specifically designed for handling matrix-heavy computations—vital for AI—and they allow these models to run efficiently right on your laptop, without burdening the main processor. 

Currently, consumer devices such as Intel Core Ultra, Qualcomm Snapdragon X Elite, and Apple’s M-series chips (M1–M4) come equipped with NPUs built for this purpose. With one of these devices, you can run open-source AI models like DeepSeek‑R1, Qwen 3, or LLaMA 3.3 using tools such as Ollama, which supports Windows, macOS, and Linux. By pairing Ollama with a user-friendly interface like OpenWeb UI, you can replicate the experience of cloud chatbots entirely offline.  

Other local tools like GPT4All and Jan.ai also provide convenient interfaces for running AI models locally. However, be aware that model files can be quite large (often 20 GB or more), and without NPU support, performance may be sluggish and battery life will suffer.  

Using AI locally comes with several key advantages. You gain full control over your data, knowing it’s never sent to external servers. Offline compatibility ensures uninterrupted use, even in remote or unstable network environments. In terms of responsiveness, local AI often outperforms cloud models due to the absence of network latency. Many tools are open source, making experimentation and customization financially accessible. Lastly, NPUs offer energy-efficient performance, enabling richer AI experiences on everyday devices. 

In summary, if you’re looking for a faster, more private, and reliable AI workflow that doesn’t depend on the internet, equipping your laptop with an NPU and installing tools like Ollama, OpenWeb UI, GPT4All, or Jan.ai is a smart move. Not only will your interactions be quick and seamless, but they’ll also remain securely under your control.
Read more »
Verizon SIM protection
Cyber Security mobile account security prevent SIM hijacking protect phone number SIM swap attacks two-factor authentication Verizon SIM protection

How to Safeguard Your Phone Number From SIM Swap Attacks in 2025

 

In 2025, phone numbers have become woven into nearly every part of our digital lives. Whether you’re creating accounts on e-commerce sites, managing online banking, accessing health services, or logging in to social networks, your phone number is the gateway. It helps reset forgotten passwords and powers two-factor authentication codes that keep your accounts secure.

But if a hacker gets hold of your phone number, they can essentially impersonate you.

With control over your number, attackers can infiltrate your online accounts or manipulate automated phone systems to convince customer service representatives they’re speaking to you. In some cases, a stolen phone number can even be used to breach a company’s internal network and retrieve confidential information.

That’s why it’s more important than ever to protect your number against SIM swapping — a cyberattack where someone fraudulently transfers your number to a new SIM card. The good news? Locking down your number has never been simpler.

SIM swap attacks typically begin when a criminal contacts your mobile carrier, pretending to be you. By using publicly available personal details — like your name and birth date — the attacker convinces support staff to port your number to a SIM card they control. Once the transfer is complete, your number is live on their device. From there, they can send messages and make calls in your name.

Often, the only clue that something is wrong is if your phone abruptly loses service without explanation.

These attacks exploit gaps in the internal security processes at phone companies, where representatives can make account changes without always verifying the customer’s consent.

To fight back against these social engineering scams, the three largest U.S. mobile carriers — AT&T, T-Mobile, and Verizon — have launched security tools that help prevent unauthorized account takeovers and SIM swaps. However, these protections may not be turned on by default, so it’s worth taking a few minutes to review your account settings.

AT&T: In July, AT&T rolled out its free Wireless Account Lock, designed to block SIM swapping attempts. “The feature allows AT&T customers to add extra account protection by toggling on a setting that prevents anyone from moving a SIM card or phone number to another device or account.” You can activate this safeguard in the AT&T app or through your online account dashboard. Be sure your account is secured with a unique password and multi-factor authentication.

T-Mobile: T-Mobile gives customers the option to lock their accounts against unauthorized SIM swaps and number porting at no cost. To enable this, the primary account holder must log in to their T-Mobile account and switch on the protection settings.

Verizon: Verizon offers two layers of defense: SIM Protection and Number Lock. These features stop SIM swaps and unauthorized phone number transfers. You can enable them through the Verizon app or the account portal. Verizon notes that if you disable these protections, any account changes will be delayed by 15 minutes, giving legitimate users time to undo suspicious activity.

Take a moment to check whether these safeguards are active on your account. While they aren’t always advertised prominently, they can make all the difference in keeping your phone number — and your identity — safe
Read more »
SaaS security
Adaptive Access Technologies advanced technologies AI Advancements ai agents AI Models AI productivity AI technology Cyber Security LLMs saaS SaaS security

AI and the Rise of Service-as-a-Service: Why Products Are Becoming Invisible

 

The software world is undergoing a fundamental shift. Thanks to AI, product development has become faster, easier, and more scalable than ever before. Tools like Cursor and Lovable—along with countless “co-pilot” clones—have turned coding into prompt engineering, dramatically reducing development time and enhancing productivity. 

This boom has naturally caught the attention of venture capitalists. Funding for software companies hit $80 billion in Q1 2025, with investors eager to back niche SaaS solutions that follow the familiar playbook: identify a pain point, build a narrow tool, and scale aggressively. Y Combinator’s recent cohort was full of “Cursor for X” startups, reflecting the prevailing appetite for micro-products. 

But beneath this surge of point solutions lies a deeper transformation: the shift from product-led growth to outcome-driven service delivery. This evolution isn’t just about branding—it’s a structural redefinition of how software creates and delivers value. Historically, the SaaS revolution gave rise to subscription-based models, but the tools themselves remained hands-on. For example, when Adobe moved Creative Suite to the cloud, the billing changed—not the user experience. Users still needed to operate the software. SaaS, in that sense, was product-heavy and service-light. 

Now, AI is dissolving the product layer itself. The software is still there, but it’s receding into the background. The real value lies in what it does, not how it’s used. Glide co-founder Gautam Ajjarapu captures this perfectly: “The product gets us in the door, but what keeps us there is delivering results.” Take Glide’s AI for banks. It began as a tool to streamline onboarding but quickly evolved into something more transformative. Banks now rely on Glide to improve retention, automate workflows, and enhance customer outcomes. 

The interface is still a product, but the substance is service. The same trend is visible across leading AI startups. Zendesk markets “automated customer service,” where AI handles tickets end-to-end. Amplitude’s AI agents now generate product insights and implement changes. These offerings blur the line between tool and outcome—more service than software. This shift is grounded in economic logic. Services account for over 70% of U.S. GDP, and Nobel laureate Bengt Holmström’s contract theory helps explain why: businesses ultimately want results, not just tools. 

They don’t want a CRM—they want more sales. They don’t want analytics—they want better decisions. With agentic AI, it’s now possible to deliver on that promise. Instead of selling a dashboard, companies can sell growth. Instead of building an LMS, they offer complete onboarding services powered by AI agents. This evolution is especially relevant in sectors like healthcare. Corti’s CEO Andreas Cleve emphasizes that doctors don’t want more interfaces—they want more time. AI that saves time becomes invisible, and its value lies in what it enables, not how it looks. 

The implication is clear: software is becoming outcome-first. Users care less about tools and more about what those tools accomplish. Many companies—Glean, ElevenLabs, Corpora—are already moving toward this model, delivering answers, brand voices, or research synthesis rather than just access. This isn’t the death of the product—it’s its natural evolution. The best AI companies are becoming “services in a product wrapper,” where software is the delivery mechanism, but the value lies in what gets done. 

For builders, the question is no longer how to scale a product. It’s how to scale outcomes. The companies that succeed in this new era will be those that understand: users don’t want features—they want results. Call it what you want—AI-as-a-service, agentic delivery, or outcome-led software. But the trend is unmistakable. Service-as-a-Service isn’t just the next step for SaaS. It may be the future of software itself.
Read more »
User Privacy
Critical Infrastructure Cyber Security Healthcare Sector Patient Data User Privacy

Here's Why Cyber Security is Critical For Healthcare Sector

 

Healthcare organisations provide an essential service that, if disrupted by a cyber attack, could jeopardise patient safety, disrupt care delivery, and even result in death. In the case of a security incident, the implications could impact not only the victim organisation, but also their patients and national security. 

What makes medical device cybersecurity critical?

Unlike traditional computers, medical devices often lack adequate security protections, making them more vulnerable to hacking. These devices frequently rely on hard-coded and typically known passwords, and thus may not be easily patched or updated. 

Complicating matters further, the variety of manufacturers and distribution channels leads to a lack of conventional security controls like passwords, encryption, and device monitoring. The primary security risk is the possible exposure of both data and device control, resulting in a delicate balance between safety and security that necessitates stakeholder collaboration, particularly in implementation and maintenance methods. 

Given that older medical devices were not initially created with cyber security in mind and are difficult to secure properly, healthcare institutions must prioritise and invest in securing these devices. In order to minimise operational disruptions and protect patient safety and privacy, it is imperative to safeguard medical equipment, as the proliferation of newly linked devices exacerbates pre-existing vulnerabilities. 

Mitigation tips

Based on their experience working in healthcare the sector, researchers suggested  safety guidelines for healthcare organisations aiming to strengthen their cyber security:

  • Adopt a proactive strategy to cyber security, addressing people, processes, and technology. 
  • Define clear roles and responsibilities for network and information system security so that employees can take ownership of essential cybersecurity practices. 
  • Conduct regular cyber risk assessments to uncover flaws, evaluate potential threats, and prioritise remedial activities based on the risk to critical systems and patient data.
  • Conduct training programs to raise awareness and prepare for cyber threats. 
  • Establish well-defined policies and procedures as part of your security management system, together with conveniently available documentation to guide your security personnel. 
  • Use defence-in-depth technical controls to effectively guard, detect, respond to, and recover from incidents.
  • Backup and disaster recovery plans are used to ensure the availability and integrity of essential data in the case of a cyberattack, system failure, or data breach. 
  • Medical device security should be addressed explicitly throughout the product/system lifetime.

By implementing these best practices, healthcare companies can fortify their defences, mitigate cyber risks, and safeguard patient data and critical infrastructure from emerging cyber threats.
Read more »
Password Security
Common Password Complex Password Cyber Security cybercriminals data security education sector Educational Institutes Password Password Security

Weak Passwords Still Common in Education Sector, Says NordVPN Report

 

A new study by NordVPN has revealed a serious cybersecurity issue plaguing the education sector: widespread reliance on weak and easily guessable passwords. Universities, schools, and training centres continue to be highly vulnerable due to the reuse of simple passwords that offer minimal protection.  

According to NordVPN’s research, the most frequently used password across educational institutions is the infamous ‘123456’, with over 1.2 million instances recorded. This is closely followed by other equally insecure combinations like ‘123456789’ and ‘12345678’. Shockingly, commonly used words such as ‘password’ and ‘secret’ also rank in the top five, making them among the least secure options in existence. 

Karolis Arbaciauskas, head of business product at NordPass, emphasized that educational institutions often store a wealth of sensitive data, including student records and staff communications. Yet many are still using default or recycled passwords that would fail even the most basic security check. He warned that such practices make schools prime targets for cybercriminals. 

The consequences of this weak security posture are already visible. One of the most notable examples is the Power Schools breach, where personal information, including names, birthdates, and contact details of nearly 62 million students and educators, was compromised. These incidents highlight how vulnerable educational data can be when simple security measures are neglected.  

Cybercriminals are increasingly targeting schools not just for monetary gain but also to steal children’s identities. With access to personal information, they can commit fraud such as applying for loans or credit cards in the names of underage victims who are unlikely to detect such activity due to their lack of a credit history. 

To mitigate these risks, NordVPN recommends adopting stronger password practices. A secure password should be at least 12 characters long, combining uppercase and lowercase letters, numbers, and special symbols. One example is using a memorable phrase with substitutions, like turning a TV show quote into ‘Streets;Ahead6S&AM!’. Alternatively, using a trusted password manager or generator can help enforce robust security across accounts. 

As digital threats evolve, it’s critical that educational institutions update their cybersecurity hygiene, starting with stronger passwords. This simple step can help protect not only sensitive data but also the long-term digital identities of students and staff.
Read more »
Threat Intelligence
Business Security Cyber Security Email Bombing Microsoft Office 365 Threat Intelligence

Office 365's Microsoft Defender Now Thwarts Email Bombing Assaults

 

Microsoft claims that the cloud-based email security suite Defender for Office 365 can now automatically detect and prevent email bombing attacks. 

Defender for Office 365 (previously known as Office 365 Advanced Threat Protection or Office 365 ATP) guards organisations working in high-risk industries and dealing with sophisticated attackers from malicious threats delivered via email messages, links, or collaboration tools.

"We're introducing a new detection capability in Microsoft Defender for Office 365 to help protect your organization from a growing threat known as email bombing," Redmond notes in a Microsoft 365 message center update. "This form of abuse floods mailboxes with high volumes of email to obscure important messages or overwhelm systems. The new 'Mail Bombing' detection will automatically identify and block these attacks, helping security teams maintain visibility into real threats.”

In late June 2025, the new 'Mail Bombing' feature began to roll out, and by late July, it should be available to all organisations. All messages detected as being a part of a mail bombing operation will be automatically routed to the Junk folder, require no manual configuration, and be toggled on by default. 

Security operations analysts and administrators can now employ Mail Bombing as a new detection type in Threat Explorer, the Email entity page, the Email summary panel, and Advanced Hunting, the company announced over the weekend.

By leveraging specialised cybercrime services that can send a high number of emails or by subscribing to several newsletters, attackers can use mail bombing operations to bombard their targets' email inboxes with thousands or tens of thousands of messages in a matter of minutes.

In the majority of cases, the perpetrators' ultimate goal is to overwhelm email security systems as part of social engineering schemes, creating the way for malware or ransomware operations that can aid in the exfiltration of sensitive data from victims' compromised devices. 

Email bombing has been used in attacks by cybercrime and ransomware outfits for more than a year. It all started with the BlackBasta gang, who employed this approach to flood their victims' mailboxes with emails just minutes before beginning their attacks.

In order to deceive overwhelmed staff members into allowing remote access to their devices via AnyDesk or the integrated Windows Quick Assist application, they would follow up with voice phishing cold calls, pretending to be their IT support teams. Before unleashing ransomware payloads, the attackers would proceed laterally through corporate networks after penetrating their systems and deploying a variety of malicious tools and malware implants.
Read more »
quantum cryptography
Blockchain Blockchain Security Chinese Tech Cyber Security Post-Quantum post-quantum cryptography Quantum Quantum Computers Quantum computing quantum cryptography

Chinese Scientists Develop Quantum-Resistant Blockchain Storage Technology

 

A team of Chinese researchers has unveiled a new blockchain storage solution designed to withstand the growing threat posed by quantum computers. Blockchain, widely regarded as a breakthrough for secure, decentralized record-keeping in areas like finance and logistics, could face major vulnerabilities as quantum computing advances. 

Typically, blockchains use complex encryption based on mathematical problems such as large-number factorization. However, quantum computers can solve these problems at unprecedented speeds, potentially allowing attackers to forge signatures, insert fraudulent data, or disrupt the integrity of entire ledgers. 

“Even the most advanced methods struggle against quantum attacks,” said Wu Tong, associate professor at the University of Science and Technology Beijing. Wu collaborated with researchers from the Beijing Institute of Technology and Guilin University of Electronic Technology to address this challenge. 

Their solution is called EQAS, or Efficient Quantum-Resistant Authentication Storage. It was detailed in early June in the Journal of Software. Unlike traditional encryption that relies on vulnerable math-based signatures, EQAS uses SPHINCS – a post-quantum cryptographic signature tool introduced in 2015. SPHINCS uses hash functions instead of complex equations, enhancing both security and ease of key management across blockchain networks. 

EQAS also separates the processes of data storage and verification. The system uses a “dynamic tree” to generate proofs and a “supertree” structure to validate them. This design improves network scalability and performance while reducing the computational burden on servers. 

The research team tested EQAS’s performance and found that it significantly reduced the time needed for authentication and storage. In simulations, EQAS completed these tasks in approximately 40 seconds—far faster than Ethereum’s average confirmation time of 180 seconds. 

Although quantum attacks on blockchains are still uncommon, experts say it’s only a matter of time. “It’s like a wooden gate being vulnerable to fire. But if you replace the gate with stone, the fire becomes useless,” said Wang Chao, a quantum cryptography professor at Shanghai University, who was not involved in the research. “We need to prepare, but there is no need to panic.” 

As quantum computing continues to evolve, developments like EQAS represent an important step toward future-proofing blockchain systems against next-generation cyber threats.
Read more »
Ransomware
AI Cyber Security Dark Web Extortion Internet Ransomware

Investigation Reveals Employee Secretly Helped in Extortion Payments

Investigation Reveals Employee Secretly Helped in Extortion Payments

Employee helped in ransomware operations

Federal agents are investigating allegations that a former employee of a Chicago-based firm, DigitalMint, which specializes in cryptocurrency payments and ransomware negotiations, may have profited by collaborating with hackers in extortion cases. Founded in 2014, DigitalMint operates under the name Red Leaf Chicago and is recognized for securing cryptocurrency payments for companies that face ransomware threats. 

About DigitalMint

DigitalMint has taken over 2,000 ransomware cases since 2017, offering services like direct negotiations with hackers and incident response. The clients range from small firms to Fortune 500 companies. 

DigitalMint President Marc Jason told partner firms that the US Department of Justice (DoJ) is investigating the allegations. The employee (identity unknown) was sacked soon after the scam was found. According to Bloomberg, Grens said, “As soon as we were able, we began communicating the facts to affected stakeholders.” 

About the investigation

DigitalMint is currently working with the DoJ, and it clarified that the company is not the target of investigation. Grens did not provide more details as the investigation is ongoing. The DoJ declined to offer any comments. 

The incident has led a few firms to warn clients against dealing with DigitalMint, concerned about the dangers involved in ransomware deals. Ransomware attacks can compromise systems, leak sensitive information, and encrypt data. The ransom demands sometimes go upto millions of dollars, worldwide, the extortion attacks cost billions of dollars every year.

Is ransomware negotiation worth it?

The controversy has also raised questions about conflicts of interest in the ransomware negotiation industry. According to James Talientoo, chief executive of the cyber intelligence services company AFTRDRK, “A negotiator is not incentivized to drive the price down or to inform the victim of all the facts if the company they work for is profiting off the size of the demand paid. Plain and simple.”

Security experts cautioned that paying ransom is a dangerous effort, even when done by expert ransom negotiation firms. A payment helps in furthering the operations of ransomware gangs, and sometimes it can also lead to further attacks.

Read more »
Web Servers
BPH Cyber Security CyberCrime Cyberhackers CyberThreat OFAC Web Hosting Web Servers

United States Imposes Ban on Russian Bulletproof Hosting Provider

 


There has been a considerable escalation in efforts by the United States towards combating cyber-enabled threats. As a result of the increase in efforts, the United States has officially blacklisted Aeza Group, a Russian supplier of bulletproof hosting services (BPH), two affiliated entities, and four individuals. 

There is mounting evidence that Aeza has played a crucial role in enabling cybercriminal operations by providing infrastructure specifically designed to conceal malicious activity from law enforcement scrutiny, as evidenced by the U.S. Department of the Treasury's announcement. As a result of U.S. officials' reports, Aeza Group has knowingly provided hosting services to a number of some of the biggest cybercrime syndicates, including those responsible for Medusa ransomware, Lumma information theft, and other disruptive malware. 

Aeza's platforms have reportedly been used by these threat actors to carry out large-scale attacks on key sectors like the U.S. defence industry, major technology companies, and other critical infrastructure sectors. In light of the sanctions, it has become increasingly apparent that bulletproof hosting providers play a crucial role in shielding cybercriminals and facilitating their ability to use malware, exfiltrate sensitive data, and compromise national security. 

As the U.S. government continues to seek to disrupt the digital infrastructure underpinning transnational cybercrime, this latest designation is a stronger indication that it is willing to hold service providers accountable for their involvement in criminal activity through the enforcement of laws. Among the sanctions announced by the United States Department of the Treasury's Office of Foreign Assets Control (OFAC) in response to an intensified crackdown on transnational cybercrime networks, the Aeza Group, a company based in Russia that offers bulletproof hosting (BPH) services. 

According to the company's allegations, it provides digital infrastructure that allows cybercriminals to conduct ransomware attacks anonymously, spread malware, and steal data from U.S. companies and critical sectors. Aeza Group has been implicated in supporting illicit online activity, according to OFAC. Aeza Group rents IP addresses, servers, and domains to cybercriminals at a nominal price, thereby allowing them to conduct illicit online activity with minimal compliance or monitoring. These are services that are highly sought after in the cybercrime underground. 

The bulletproof platforms on which these websites run are deliberately designed to resist efforts by law enforcement to take them down. Thus, they serve as a shield for cyber actors that engage in widespread fraud, ransomware deployment, and the operation of darknet markets. As a result of this move, the United States has emphasised a strategy to dismantle the infrastructure that supports global cyber threats by not only focusing on perpetrators but also on the enablers behind the scenes as well. 

According to U.S. authorities, in addition to earlier enforcement actions targeting cyber infrastructure, the Aeza Group—an online bulletproof hosting provider in Russia—along with two affiliated companies and four of its top executives, has been sanctioned by the agency. A major effort is being made to dismantle the backend services that enable cybercriminals to operate across borders, evading detection, as well as dismantle the backend services that allow them to do so. 

According to the U.S. Department of the Treasury U.S. has determined that the Aeza Group has deliberately contributed to the facilitation of a range of malicious activities by providing resilient hosting infrastructure — such as IP addresses, server space, and domain registration — that has made it possible for bad actors to conduct themselves with impunity. 

It has been reported that users of the platform include hackers involved in the malware and ransomware Medusa, which has been targeting critical sectors such as the defence industry and major technology companies. Having shielded its customers from accountability, Aeza has established itself as an important player within the cybercrime ecosystem. 

Aeza's designation is part of a broader strategic approach by the United States and international partners to disrupt the digital safe havens that support everything from ransomware attacks to darknet market operations, signalling that the providers of services will face severe consequences if they are complicit in the perpetration of such crimes. 

As part of its ongoing efforts to fight cybercrime, the Office of Foreign Assets Control at the U.S Department of the Treasury confirmed that Aeza Group has provided hosting infrastructure and technical support to several high-profile cybercriminals. This announcement further expands the scope of our efforts to combat cybercrime. 

Several individuals are involved in the operations, including those behind the Meduza, RedLine, and Lumma infostealers, as well as the BianLian ransomware group and BlackSprut, a highly influential Russian darknet marketplace specialising in illicit drug distribution. It has been reported that Lumma had infected approximately 10 million systems worldwide before it was taken down in May by a coordinated international response team. 

In addition to the sanctions against Aeza Group, there has been a broad global crackdown on cybercrime that has led to the arrest of prolific cybercriminals and the dismantling of key services throughout the world. Law enforcement agencies have conducted synchronised operations in recent months that have resulted in a series of arrests and the dismantling of key services across the world. There are several types of cybercriminal activity involving the use of information stealers, malware loaders, counter-virus and encryption services, ransomware networks, cybercrime marketplaces, and distributed denial-of-service (DDoS) platforms. 

As a result, the entire digital infrastructure that underpins transnational cybercriminal activities has been significantly disrupted. There is a growing concern about Aeza Group, a British technology company that has directly supported cyberattacks against U.S. defence contractors and major technology companies, as the company has been accused of facilitating hostile cyber operations. 

In a statement issued by the acting undersecretary of the United States Treasury for Terrorism and Financial Intelligence, Bradley T Smith pointed out that bulletproof hosting providers, such as Aeza, continue to play a crucial role in helping to facilitate ransomware deployment, intellectual property theft, and the sale of illicit drugs online by offering services that are designed in a way so as not to be interfered with by law enforcement. 

The OFAC has sanctioned Aeza Group, as well as designated four individuals to serve in leadership roles at the company. They include part-owners such as Arsenii Aleksandrovich Penzev, Yurii Meruzhanovich Bozoyan, who were both previously detained for alleged involvement with the BlackSprut darknet platform, and others who were also sanctioned for their senior roles within the company. Igor Anatolyevich Knyazev and Vladimir Vyacheslavovich Gast were also sanctioned for their senior positions within the company. 

Aeza International, a UK-based company headquartered in London and its Russian subsidiaries, Aeza Logistic and Cloud Solution, have also been seized as part of the crackdown, as the United States is trying to dismantle the company's financial and operational infrastructure completely. Chainalysis, a blockchain analysis company that specialises in cryptocurrency transactions, has uncovered financial activity which is linked to Aeza Group, including cryptocurrency transactions in excess of $350,000, adding yet another layer of evidence against the bulletproof hosting provider. 

Aeza Group's TRON wallet address was found to have received a substantial amount of crypto payments through a corresponding wallet address, which then channelled the funds through a variety of deposit addresses on multiple cryptocurrency exchanges. 

There were also several illicit entities associated with these same addresses, including a darknet vendor that distributed stealer malware, the Russian cryptocurrency exchange Garantex, and a service used for escrowing items on an online gaming platform that is well-known. It was determined from Chainalysis that the designated wallet functioned as the administrative hub for Aeza's financial operations. 

Aeza's services were received directly, funds were processed from third-party payment systems, and profits were routed to crypto exchanges for withdrawal to be made. These functions were performed by the designated wallet, which served multiple functions. In addition, this financial pattern further strengthens the allegations that Aeza Group provided cybercriminals with technological infrastructure as well as actively managed and laundered proceeds from illicit transactions and that it maintained an active role in both these activities. 

As the United States sanctioned another bulletproof hosting provider based in Russia, Zservers, earlier this year, it was accused of supporting ransomware groups such as LockBit that were infected with malicious software. A comprehensive set of sanctions by U.S. authorities aimed at exposing and dismantling the financial and operational networks at the heart of cybercrime infrastructure is evident in their consistent approach. 

International enforcement bodies are sending a clear message by tracing digital payment flows and targeting the entities behind them by implementing direct and sustained pressure on the infrastructure and financial channels enabling cybercrime. International regulators and cybersecurity agencies have come to a deep consensus on how to combat cybercrime. 

At the moment, there is a growing consensus that combatting cybercrime requires us not only to pursue the threats but also to dismantle the enabling infrastructure that enables them. There is no doubt that cybercrime is becoming more decentralised, sophisticated, and financially self-sustaining, and that cyber defence must take action to target unrestricted service providers who operate with impunity to be effective. 

There are many companies, including web hosting companies and domain registrars, that may unknowingly or negligently contribute to the monetisation and concealment of illegal activity, as highlighted by the Aeza case. This case encourages vigilance throughout the digital supply chain, including third-party vendors and crypto platforms that may improperly monetise or conceal illegal activity. 

Considering the future, public and private stakeholders must prioritise collaboration, proactive threat detection, and strong compliance frameworks in order to reduce the systemic risks that can be posed by bulletproof hosting services, as well as other illicit enablers. Governments must continue aligning cross-border enforcement actions and sanctions to close jurisdictional gaps, while technology providers must invest in the tools and expertise required to detect abuse within their platforms so that the platform becomes more secure. 

As far as the Aeza takedown is concerned, it is not an isolated incident but rather one that clearly illustrates the world's cybercrime economy thrives in environments that lack oversight and accountability. In order to disrupt this ecosystem effectively, we must take a unified and sustained approach—one that considers infrastructure providers not only neutral intermediaries, but also potential co-conspirators when they profit from criminal acts.
Read more »
Qantas Airways
Cyber Security Cybersecurity cybersecurity news FBI cyber alert Qantas Airways

Qantas Hit by Cyberattack Days After FBI Warning on Airline 2FA Bypass Threat

 

Just days after the FBI warned airlines about a surge in 2FA bypass attacks by the hacker group Scattered Spider, Australian airline Qantas has confirmed a major cybersecurity incident. The breach, which targeted a third-party platform used for customer service, has potentially exposed personal data—including names, emails, birth dates, and frequent flyer details—of up to six million customers. 

The attack exploited social engineering tactics, a signature method of Scattered Spider, where attackers impersonate staff to deceive IT help desks into granting unauthorized access. Brett Winterford of Okta described the group as a loosely organized, profit-driven collective that thrives on peer recognition and repeated attacks across successful sectors. In a July 4 statement, Qantas Group CEO Vanessa Hudson assured that no credit card, passport, or financial data was compromised, and Qantas’ core systems remain secure. 

The airline said it contained the breach on July 1 and is working with cybersecurity experts to complete a forensic investigation. Affected customers began receiving email notifications from July 3, with further updates promised on the exact data exposed. Hudson emphasized the company’s commitment to transparency and robust response efforts, saying, “We are treating this incredibly seriously and have implemented additional security measures.” 

Cybersecurity professionals, including ex-FBI agent Adam Marrè and OPSWAT's James Neilson, stressed the need for heightened vigilance in the aviation sector, especially during peak travel periods. Marrè urged organizations to strengthen supply chain defenses and advised consumers to verify all communications from airlines. 

Graylog’s Ross Brewer, a Qantas customer himself, noted that clear and precise communication from the airline is critical to avoiding unnecessary panic and maintaining public trust. With airlines holding vast stores of sensitive data, experts warn the industry is an increasingly attractive target for cybercriminals. The Qantas breach reinforces the FBI’s call for all sectors to evaluate their cybersecurity hygiene and response strategies without delay.
Read more »
User Privacy
Cyber Security Mass Surveillance Palantir Trump Administration User Privacy

US Government Secretly Builds Enormous Database Tracking Citizens

 

An explosive story regarding the Trump administration's collaboration with Palantir, which could result in the creation of a master database containing data on every American, was released by the New York Times last month. If such a "master list" was created, the Times claims, it would grant the president "untold surveillance power." 

President Donald Trump signed an executive order earlier this year allowing the federal government to exchange data on Americans among multiple organisations. However, we now have a better idea of how the administration plans to accomplish this. Trump has hired Palantir, a software startup co-founded by Trump and Republican megadonor Peter Thiel, to carry out these initiatives. 

According to the New York Times, Palantir's technology would allow for the compilation of sensitive information from agencies such as the Department of Homeland Security, Immigration and Customs Enforcement, and the Internal Revenue Service. Various government databases already have information on Americans' bank account numbers, medical claims, disabilities, student loan levels, and other details, though not in one location. 

In order to boost government efficiency and save hard-earned public cash, the Trump administration has stated that it wants to "eliminate information silos and streamline data collection across all agencies." The threat of a central database, however, is a nightmare for privacy advocates and has even prompted security and privacy worries from former Palantir staff members. 

Palantir controversial role

Despite its reputation for being extremely covert about its data mining and spying activities, Palantir positions itself as a data and analytics firm. Additionally, Palantir has been under fire for offering information services to support the Israeli military during the Israel-Hamas conflict in 2023. The IDF receives intelligence services from Palantir, as CEO Karp has previously revealed.

Palantir has responded by defending its collaboration with Israel and refuting claims that it is supporting war crimes, as its most vocal detractors claim. As part of the Trump Administration's contentious policing and deportation initiatives, Palantir has also been called upon to assist U.S. Immigration and Customs Enforcement (ICE) in tracking immigrants in the United States. 

Why would the Trump Administration use Palantir to acquire data?

Palantir has already been contracted by the federal government for several years. For example, Palantir previously collaborated with Health and Human Services to track the COVID-19 pandemic. However, Palantir's stock and revenue have soared since Trump's inauguration earlier this year. To date, the federal government has given Palantir around $113 million in 2025.

Furthermore, last week, Palantir was given a $795 million contract by the Department of Defence. In 2024, Palantir earned $1.2 billion from the U.S. government, according to the company's last quarterly report. Furthermore, Thiel, a co-founder of Palantir, is a key Republican fundraiser. In addition to giving $1.25 million to Trump's 2016 campaign, he has contributed tens of millions of dollars to Republican congressional campaigns over the years.
Read more »
Ransomware
Artificial Intelligence Cyber Security Digital Landscape insurance Internet Ransomware

How Ransomware Has Impacted Cyber Insurance Assessment Approach

How Ransomware Has Impacted Cyber Insurance Assessment Approach

Cyber insurance and ransomware

The surge in ransomware campaigns has compelled cyber insurers to rethink their security measures. Ransomware attacks have been a threat for many years, but it was only recently that threat actors realized the significant financial benefits they could reap from such attacks. The rise of ransomware-as-a-service (RaaS) and double extortion tactics has changed the threat landscape, as organizations continue to fall victim and suffer data leaks that are accessible to everyone. 

According to a 2024 threat report by Cisco, "Ransomware remains a prevalent threat as it directly monetizes attacks by holding data or systems hostage for ransom. Its high profitability, coupled with the increasing availability of ransomware-as-a-service platforms, allows even less skilled attackers to launch campaigns."

Changing insurance landscape due to ransomware

Cyber insurance is helping businesses to address such threats by offering services such as ransom negotiation, ransom reimbursement, and incident response. Such support, however, comes with a price. The years 2020 and 2021 witnessed a surge in insurance premiums. The Black Hat USA conference, scheduled in Las Vegas, will discuss how ransomware has changed businesses’ partnerships with insurers. Ransomware impacts an organization’s business model.

At the start of the 21st century, insurance firms required companies to buy a security audit to get a 25% policy discount. Insurance back then used to be a hands-on approach. The 2000s were followed by the data breach era; however, breaches were less common and frequent, targeting the hospitality and retail sectors. 

This caused insurers to stop checking for in-depth security audits, and they began using questionnaires to measure risk. In 2019, the ransomware wave happened, and insurers started paying out more claims than they were accepting. It was a sign that the business model was inadequate.

Questionnaires tend to be tricky for businesses to fill out. For instance, multifactor authentication (MFA) can be a complicated question to answer. Besides questionnaires, insurers have started using scans. 

Incentives to promote security measures

Threats have risen, but so have assessments, coverage incentives like vanishing retention mean that if policy users follow security instructions, retention disappears. Safety awareness training and patching vulnerabilities are other measures that can help in cost reductions. Scanning assessment can help in premium pricing, as it is lower currently. 

Read more »
social engineering scams
aviation cyber attacks Cyber Security cybersecurity threats FBI Scattered Spider ransomware social engineering scams

FBI Warns Airlines and Insurers as Scattered Spider Ransomware Attacks Surge

 

When the Federal Bureau of Investigation (FBI) sounds the alarm on cybersecurity, organizations should take immediate notice. The latest urgent warning involves the notorious Scattered Spider group, which has already made headlines for attacking major retailers such as Marks & Spencer in the U.K.—a breach estimated to have cost the company upwards of $600 million.

According to the FBI, this cybercriminal organization is now turning its focus to the airline sector, targeting companies both directly and by infiltrating their supply chains. A recent June 26 report by Halcyon ransomware analysts indicated Scattered Spider had expanded operations into the Food, Manufacturing, and Transportation sectors, especially Aviation. The FBI confirmed this, stating via email:

“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.”

The agency also posted this statement on X, formerly Twitter, highlighting that the attackers use consistent tactics—namely social engineering. Scattered Spider often impersonates employees or contractors to manipulate IT help desks into granting unauthorized access. Their ultimate goal is to sidestep multi-factor authentication (MFA) by convincing support staff to register fraudulent MFA devices to compromised accounts.

This threat group has been on law enforcement radar for years. In 2023, the FBI and the Cybersecurity and Infrastructure Security Agency issued a joint advisory after Scattered Spider activity against commercial facilities escalated. Authorities are now working closely with aviation companies to counter this surge in attacks and assist any impacted organizations. The FBI urges anyone who suspects their business has been targeted to contact their local office without delay.

Meanwhile, the Reliaquest Threat Research Team has published a detailed profile of Scattered Spider, emphasizing that 81% of the group’s domains impersonate technology vendors. Their preferred victims are executives and system administrators with high-level credentials. Reliaquest reports that the attackers leverage sophisticated phishing frameworks such as Evilginx and even conduct video calls to deceive targets in industries like finance, technology, and retail.


Recent analysis has uncovered Scattered Spider’s connection to The Community, a loosely organized hacking collective. According to cybersecurity firm Reliaquest:

“Through strategic alliances with major ransomware operators ALPHV, RansomHub, and DragonForce…”

Scattered Spider has gained access to sophisticated tools and techniques, many of which originate from Russia-aligned and English-speaking threat actors. This collaboration has enabled the group to launch highly convincing impersonation campaigns targeting Western organizations.

Social Engineering with a Scripted Edge

To execute these campaigns more effectively, Scattered Spider actively recruits skilled social engineers. Their criteria are precise: candidates must speak native or regionally neutral English and be available during Western business hours. These operators are then equipped with:

Detailed call scripts tailored to the organization being targeted.

Real-time coaching, where a “curator” provides live guidance to handle unexpected situations during calls.

Reliaquest also noted that the group deliberately avoids targeting entities in Russia and the Commonwealth of Independent States, suggesting both geopolitical awareness and operational discipline.

Future Threat: AI-Enhanced Social Engineering


Looking ahead, Reliaquest warns that Scattered Spider is likely to adopt AI tools to further automate and scale their trust-based attacks.

While the FBI’s recent alert focused on threats to the transportation and aviation sectors, other industries are already feeling the impact. John Hultquist, Chief Analyst at Google Threat Intelligence Group, confirmed:

“We are aware of multiple intrusions in the U.S. that bear all the hallmarks of Scattered Spider activity.”

The insurance sector has emerged as a prominent new target. Jon Abbott, CEO of ThreatAware, emphasized:

“The rising tide of attacks on U.S. insurers is a serious threat that should not be underestimated.”

However, he also cautioned that this trend is not limited to insurers; organizations across all industries should take it as a warning.

Supply Chain Weakness: The Common Denominator


Many of these incidents share a dangerous pattern: attackers first compromise a smaller vendor or partner, then use that access to pivot into larger, more valuable targets.

Richard Orange, Vice President at Abnormal AI, echoed the FBI’s concerns:

“This group relies on social engineering rather than technical exploits.”

By posing as trusted contacts, attackers manipulate employees into granting access—allowing them to move laterally across networks, harvest credentials, and breach other departments or third-party systems.

Security First: Verify Every Request


Organisations are strongly advised to:

  1. Scrutinise all requests for changes to multi-factor authentication (MFA) settings.
  2. Enforce strict identity verification procedures, regardless of how convincing the caller may seem.
  3. In this evolving threat landscape, vigilance remains the strongest defense.

Read more »
FBI
cyber attack Cyber Security cyberattacks news cyberattacks on airline cyberattacks on transportation FBI

FBI Warns of Scattered Spider Cyberattacks on Airline and Transport Sectors

 

The FBI, along with top cybersecurity firms, has issued a fresh warning that the notorious hacking group Scattered Spider is expanding its targets to include the airline and broader transportation industries. In a statement released Friday and shared with TechCrunch, the FBI said it had “recently observed” cyber activity in the airline sector bearing the hallmarks of Scattered Spider’s tactics. 

Experts from Google’s Mandiant and Palo Alto Networks’ Unit 42 also confirmed they have identified attacks on aviation-related systems linked to the same group. Scattered Spider is widely known in cybersecurity circles as a loosely organized yet highly active group of hackers, believed to be comprised mainly of young, English-speaking individuals. Motivated largely by financial gain, the group is infamous for using sophisticated social engineering techniques, phishing campaigns, and even threats directed at corporate help desks to infiltrate systems. In some cases, their intrusions have led to the deployment of ransomware. 

The FBI’s alert highlighted the group’s pattern of targeting both major corporations and their third-party IT service providers. This broad approach means that anyone within the airline ecosystem from airline staff to external contractors could be a potential target. The warning follows a series of cyber incidents involving airlines. 

Hawaiian Airlines confirmed on Thursday that it was responding to a cyberattack affecting its systems. Meanwhile, Canadian carrier WestJet reported a breach on June 13 that is still ongoing. Media reports suggest that Scattered Spider may be responsible for the WestJet intrusion. 

This latest activity comes after a string of attacks by the group on other industries, including retail chains in the U.K. and several insurance companies. In the past, Scattered Spider has also been linked to breaches involving casinos, hotel groups, and large tech firms. Cybersecurity professionals warn that the group’s evolving methods and willingness to exploit human vulnerabilities make them a significant threat across sectors, especially industries reliant on large-scale digital infrastructure and third-party vendors.
Read more »
News
CloudFlare Cyber Security Cybersecurity DDOS Attack News

Cloudflare Thwarts Record-Breaking DDoS Attack as Global Threat Escalates

 

Cloudflare has successfully blocked the largest distributed denial-of-service (DDoS) attack ever recorded, marking a significant moment in the escalating battle against cyber threats. The attack peaked at an unprecedented 7.3 terabits per second (Tbps), targeting an unnamed hosting provider and unleashing 37.4 terabytes of data in just 45 seconds. Cloudflare’s Magic Transit service absorbed the blow, which was composed almost entirely—99.996%—of User Datagram Protocol (UDP) flood attacks. 

While UDP is commonly used for real-time applications like streaming and gaming due to its speed, that same characteristic makes it vulnerable to exploitation in high-volume cyberattacks. The remaining 0.004% of the traffic—about 1.3 GBps—included various amplification and reflection attack methods such as NTP reflection, Echo reflection, Mirai UDP flood, and RIPv1 amplification. This sliver alone would be enough to cripple most unprotected systems. 

What set this attack apart wasn’t just volume but velocity—it carpet-bombed an average of 21,925 destination ports per second, with peaks reaching 34,517 ports on a single IP address. The attack originated from over 122,000 unique IP addresses spanning 161 countries, with the most significant traffic coming from Brazil, Vietnam, Taiwan, China, Indonesia, and Ukraine. This historic attack is part of a growing wave of DDoS incidents. In the first quarter of 2025 alone, Cloudflare mitigated 20.5 million DDoS attacks—a staggering 358% increase from the same period last year. Nearly 700 of these were hyper-volumetric attacks, averaging eight per day and overwhelmingly leveraging network-layer vulnerabilities via UDP floods. 

Earlier this year, Cloudflare had also defended against a 6.5 Tbps strike linked to the Eleven11bot botnet, composed of tens of thousands of compromised webcams and IoT devices. The rise in DDoS activity is not just a technical issue—it’s being fueled by geopolitical tensions as well. According to Radware’s director of threat intelligence, Pascal Geenens, hacktivist DDoS attacks against U.S. targets surged by 800% in just two days in June, following U.S. involvement in the Israel-Iran conflict. Radware’s 2025 Global Threat Analysis Report highlights a 550% global increase in web-based DDoS attacks and a near 400% year-over-year growth in overall DDoS traffic volume. Experts warn that these attacks are only going to become more frequent and intense. To counter this threat, experts recommend a multi-layered defense strategy. 

Partnering with specialized DDoS mitigation providers such as Cloudflare, Akamai, Imperva, or Radware is essential for organizations that lack the infrastructure to defend against large-scale attacks. Blocking traffic from known malicious Autonomous System Numbers (ASNs) and using geoblocking can filter out harmful sources, although attackers often bypass these measures with spoofed IPs or botnets. Distributing network infrastructure can prevent single points of failure, while configuring routers and firewalls to block unsafe protocols like ICMP and FTP adds an additional line of defense. Businesses are also advised to work closely with their internet service providers to filter unnecessary traffic upstream. 

Deploying Web Application Firewalls (WAFs) is critical for defending against application-layer threats, and using multiple DNS providers with DNSSEC can ensure site availability even during attacks. Specialized tools like Wordfence for WordPress add another layer of protection for widely used platforms. Importantly, no single solution is sufficient. Organizations must adopt layered defenses and routinely test their systems through red team exercises using tools like HULK, hping3, or GoldenEye to identify vulnerabilities before attackers exploit them. Even small websites are no longer safe from DDoS campaigns. As cybersecurity journalist Steven Vaughan-Nichols noted, his personal site faces about a dozen DDoS attacks every week. In today's threat landscape, robust DDoS defense isn't a luxury—it’s a necessity.
Read more »
Generative AI
ai agents AI Assistant AI cybersecurity Ai Data AI DIgital Assistant AI technology Cyber Security Data Privacy Generative AI

Personal AI Agents Could Become Digital Advocates in an AI-Dominated World

 

As generative AI agents proliferate, a new concept is gaining traction: AI entities that act as loyal digital advocates, protecting individuals from overwhelming technological complexity, misinformation, and data exploitation. Experts suggest these personal AI companions could function similarly to service animals—trained not just to assist, but to guard user interests in an AI-saturated world. From scam detection to helping navigate automated marketing and opaque algorithms, these agents would act as user-first shields. 

At a recent Imagination in Action panel, Consumer Reports’ Ginny Fahs explained, “As companies embed AI deeper into commerce, it becomes harder for consumers to identify fair offers or make informed decisions. An AI that prioritizes users’ interests can build trust and help transition toward a more transparent digital economy.” The idea is rooted in giving users agency and control in a system where most AI is built to serve businesses. Panelists—including experts like Dazza Greenwood, Amir Sarhangi, and Tobin South—discussed how loyal, trustworthy AI advocates could reshape personal data rights, online trust, and legal accountability. 

Greenwood drew parallels to early internet-era reforms such as e-signatures and automated contracts, suggesting a similar legal evolution is needed now to govern AI agents. South added that AI agents must be “loyal by design,” ensuring they act within legal frameworks and always prioritize the user. Sarhangi introduced the concept of “Know Your Agent” (KYA), which promotes transparency by tracking the digital footprint of an AI. 

With unique agent wallets and activity histories, bad actors could be identified and held accountable. Fahs described a tool called “Permission Slip,” which automates user requests like data deletion. This form of AI advocacy predates current generative models but shows how user-authorized agents could manage privacy at scale. Agents could also learn from collective behavior. For instance, an AI noting a negative review of a product could share that experience with other agents, building an automated form of word-of-mouth. 

This concept, said panel moderator Sandy Pentland, mirrors how Consumer Reports aggregates user feedback to identify reliable products. South emphasized that cryptographic tools could ensure safe data-sharing without blindly trusting tech giants. He also referenced NANDA, a decentralized protocol from MIT that aims to enable trustworthy AI infrastructure. Still, implementing AI agents raises usability questions. “We want agents to understand nuanced permissions without constantly asking users to approve every action,” Fahs said. 

Getting this right will be crucial to user adoption. Pentland noted that current AI models struggle to align with individual preferences. “An effective agent must represent you—not a demographic group, but your unique values,” he said. Greenwood believes that’s now possible: “We finally have the tools to build AI agents with fiduciary responsibilities.” In closing, South stressed that the real bottleneck isn’t AI capability but structuring and contextualizing information properly. “If you want AI to truly act on your behalf, we must design systems that help it understand you.” 

As AI becomes deeply embedded in daily life, building personalized, privacy-conscious agents may be the key to ensuring technology serves people—not the other way around.
Read more »
User Privacy
Business Security Cyber Security Document-Borne Malware Malicious Campaign User Privacy

Here's Why Businesses Need to be Wary of Document-Borne Malware

 

The cybersecurity experts are constantly on the lookout for novel tactics for attack as criminal groups adapt to better defences against ransomware and phishing. However, in addition to the latest developments, some traditional strategies seem to be resurfacing—or rather, they never really went extinct. 

Document-borne malware is one such strategy. Once believed to be a relic of early cyber warfare, this tactic remains a significant threat, especially for organisations that handle huge volumes of sensitive data, such as those in critical infrastructure.

The lure for perpetrators is evident. Routine files, including Word documents, PDFs, and Excel spreadsheets, are intrinsically trusted and freely exchanged between enterprises, often via cloud-based systems. With modern security measures focussing on endpoints, networks, and email filtering, seemingly innocuous files can serve as the ideal Trojan horse. 

Reasons behind malicious actors using document-borne malware 

Attacks utilising malicious documents seems to be a relic. It's a decades-old strategy, but that doesn't make it any less detrimental for organisations. Still, while the concept is not novel, threat groups are modernising it to keep it fresh and bypass conventional safety procedures. This indicates that the seemingly outdated method remains a threat even in the most security-conscious sectors.

As with other email-based techniques, attackers often prefer to hide in plain sight. The majority of attacks use standard file types like PDFs, Word documents, and Excel spreadsheets to carry malware. Malware is typically concealed in macros, encoded in scripts like JavaScript within PDFs, or hidden behind obfuscated file formats and layers of encryption and archiving. 

These unassuming files are used with common social engineering approaches, such as a supplier invoice or user submission form. Spoofed addresses or hacked accounts are examples of email attack strategies that help mask malicious content. 

Organisations' challenges in defending against these threats 

Security analysts claim that document security is frequently disregarded in favour of other domains, such as endpoint protection and network perimeter. Although document-borne attacks are sufficiently commonplace to be overlooked, they are sophisticated enough to evade the majority of common security measures.

There is an overreliance on signature-based antivirus solutions, which frequently fail to detect new document-borne threats. While security teams are often aware of harmful macros, formats such as ActiveX controls, OLE objects, and embedded JavaScript may be overlooked. 

Attackers have also discovered that there is a considerable mental blind spot when it comes to documents that appear to have been supplied via conventional cloud-based routes. Even when staff have received phishing awareness training, there is a propensity to instinctively believe a document that arrives from an expected source, such as Google or Office 365.

Mitigation tips 

As with other evolving cyberattack strategies, a multi-layered strategy is essential to defending against document-borne threats. One critical step is to use a multi-engine strategy to malware scanning. While threat actors may be able to deceive one detection engine, using numerous technologies increases the likelihood of detecting concealed malware and minimises false negatives. 

Content Disarm and Reconstruction (CDR) tools are also critical. These sanitise and remove malicious macros, scripts, and active material while keeping the page intact. Suspect files can then be run through enhanced standboxes to detect previously unknown threats' malicious behaviour while in a controlled environment. 

The network should also be configured with strict file rules, such as limiting high-risk file categories and requiring user authentication before document uploads. Setting file size restrictions can also help detect malicious documents that have grown in size due to hidden coding. Efficiency and dependability are also important here. Organisations must be able to detect fraudulent documents in their regular incoming traffic while maintaining a rapid and consistent workflow for customers.
Read more »
LLM security
AI Models AI technology AI tools CISO Cyber Security Cybersecurity Researchers GenAI Generative AI generative AI tools LLM LLM Model LLM security

Security Teams Struggle to Keep Up With Generative AI Threats, Cobalt Warns

 

A growing number of cybersecurity professionals are expressing concern that generative AI is evolving too rapidly for their teams to manage. 

According to new research by penetration testing company Cobalt, over one-third of security leaders and practitioners admit that the pace of genAI development has outstripped their ability to respond. Nearly half of those surveyed (48%) said they wish they could pause and reassess their defense strategies in light of these emerging threats—though they acknowledge that such a break isn’t realistic. 

In fact, 72% of respondents listed generative AI-related attacks as their top IT security risk. Despite this, one in three organizations still isn’t conducting regular security evaluations of their large language model (LLM) deployments, including basic penetration testing. 

Cobalt CTO Gunter Ollmann warned that the security landscape is shifting, and the foundational controls many organizations rely on are quickly becoming outdated. “Our research shows that while generative AI is transforming how businesses operate, it’s also exposing them to risks they’re not prepared for,” said Ollmann. 
“Security frameworks must evolve or risk falling behind.” The study revealed a divide between leadership and practitioners. Executives such as CISOs and VPs are more concerned about long-term threats like adversarial AI attacks, with 76% listing them as a top issue. Meanwhile, 45% of practitioners are more focused on immediate operational challenges such as model inaccuracies, compared to 36% of executives. 

A majority of leaders—52%—are open to rethinking their cybersecurity strategies to address genAI threats. Among practitioners, only 43% shared this view. The top genAI-related concerns identified by the survey included the risk of sensitive information disclosure (46%), model poisoning or theft (42%), data inaccuracies (40%), and leakage of training data (37%). Around half of respondents also expressed a desire for more transparency from software vendors about how vulnerabilities are identified and patched, highlighting a widening trust gap in the AI supply chain. 

Cobalt’s internal pentest data shows a worrying trend: while 69% of high-risk vulnerabilities are typically fixed across all test types, only 21% of critical flaws found in LLM tests are resolved. This is especially alarming considering that nearly one-third of LLM vulnerabilities are classified as serious. Interestingly, the average time to resolve these LLM-specific vulnerabilities is just 19 days—the fastest across all categories. 

However, researchers noted this may be because organizations prioritize easier, low-effort fixes rather than tackling more complex threats embedded in foundational AI models. Ollmann compared the current scenario to the early days of cloud adoption, where innovation outpaced security readiness. He emphasized that traditional controls aren’t enough in the age of LLMs. “Security teams can’t afford to be reactive anymore,” he concluded. “They must move toward continuous, programmatic AI testing if they want to keep up.”
Read more »
Subscribe to: Posts (Atom)