Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Deepfake of Finance Minister Lures Bengaluru Homemaker into ₹43.4 Lakh Trading Scam

A deceptive social media video that appeared to feature Union Finance Minister Nirmala Sitharaman has cost a Bengaluru woman her life’s savi...

All the recent news you need to know
Ransomware attack
Akira Ransomware cyber attack News Ransomware attack

Akira Ransomware Claims 23GB Data Theft in Alleged Apache OpenOffice Breach

 

The Akira ransomware group has reportedly claimed responsibility for breaching Apache OpenOffice, asserting that it stole 23 gigabytes of sensitive internal data from the open-source software foundation. 

The announcement was made on October 29 through Akira’s dark web leak site, where the group threatened to publish the stolen files if its ransom demands were not met. Known for its double-extortion tactics, Akira typically exfiltrates confidential data before encrypting victims’ systems to increase pressure for payment. 

Apache OpenOffice, a long-standing project under the Apache Software Foundation, provides free productivity tools that rival commercial platforms such as Microsoft Office. Its suite includes Writer, Calc, Impress, Draw, Base, and Math, and it supports more than 110 languages across major operating systems. The software is widely used by educational institutions, small businesses, and individuals around the world. 

Despite the severity of the claims, early reports indicate that the public download servers for OpenOffice remain unaffected, meaning users’ software installations are currently considered safe. 

Details of the Alleged Breach 

According to Akira’s post, the data set includes personal details of employees such as home addresses, phone numbers, birth dates, driver’s licenses, Social Security numbers, and credit card information. The hackers also claim to have financial documents, internal communications, and detailed technical reports related to application bugs and development work. 

In their online statement, the group said, “We will upload 23 GB of corporate documents soon,” implying the data could soon be released publicly. As of November 1, the Apache Software Foundation has not confirmed or denied the breach. Representatives have declined to comment, and independent investigators have not yet verified the authenticity of the stolen data. 

Experts caution that, if genuine, the leak could expose staff to identity theft and phishing attacks. However, the open-source nature of the software itself likely limits risks to the product’s source code. 

Akira’s Growing Threat 

Akira emerged in March 2023 and operates as a ransomware-as-a-service network, offering its tools to affiliates in exchange for a share of the profits. The group has executed hundreds of attacks across North America, Europe, and Asia, reportedly extorting tens of millions of dollars from victims. Akira’s malware variants target both Windows and Linux systems, including VMware ESXi environments. 

In some cases, the hackers have even used compromised webcams for added intimidation. The group communicates in Russian on dark web forums and is known to avoid attacking computers configured with Russian-language keyboards. 

The alleged Apache OpenOffice incident comes amid a surge in ransomware attacks on open-source projects. Security experts are urging volunteer-based organizations to adopt stronger defenses, better data hygiene, and more robust incident response protocols. 

Until the claim is verified or disproved, users and contributors to Apache OpenOffice are advised to stay alert for suspicious activity and ensure that backups are secure and isolated from their main systems.
Read more »
Mobile Security Threats
block scam calls call scams Caller Identity Calling Cyber Security mobile security measures Mobile Security Threats

TRAI Approves Caller Name Display Feature to Curb Spam and Fraud Calls

 

The Telecom Regulatory Authority of India (TRAI) has officially approved a long-awaited proposal from the Department of Telecommunications (DoT) to introduce a feature that will display the caller’s name by default on the receiver’s phone screen. Known as the Calling Name Presentation (CNAP) feature, this move is aimed at improving transparency in phone communications, curbing the growing menace of spam calls, and preventing fraudulent phone-based scams across the country. 

Until now, smartphone users in India have relied heavily on third-party applications such as Truecaller and Bharat Caller ID for identifying incoming calls. However, these apps often depend on user-generated databases and unverified information, which may not always be accurate. TRAI’s newly approved system will rely entirely on verified details gathered during the SIM registration process, ensuring that the name displayed is authentic and directly linked to the caller’s government-verified identity. 

According to the telecom regulator, the CNAP feature will be automatically activated for all subscribers across India, though users will retain the option to opt out by contacting their telecom service provider. TRAI explained that the feature will function as a supplementary service integrated with basic telecom offerings rather than as a standalone service. Every telecom operator will be required to maintain a Calling Name (CNAM) database, which will map subscribers’ verified names to their registered mobile numbers. 

When a call is placed, the receiving network will search this CNAM database through the Local Number Portability Database (LNPD) and retrieve the verified caller’s name in real-time. This name will then appear on the recipient’s screen, allowing users to make informed decisions about whether to answer the call. The mechanism aims to replicate the caller ID functionality offered by third-party apps, but with government-mandated accuracy and accountability. 

Before final approval, the DoT conducted pilot tests of the CNAP system across select cities using 4G and 5G networks. The trials revealed several implementation challenges, including software compatibility issues and the need for network system upgrades. As a result, the initial testing was primarily focused on packet-switched networks, which are more commonly used for mobile data transmission than circuit-switched voice networks.  

Industry analysts believe the introduction of CNAP could significantly enhance consumer trust and reshape how users interact with phone calls. By reducing reliance on unregulated third-party applications, the feature could also help improve data privacy and limit exposure to malicious data harvesting. Additionally, verified caller identification is expected to reduce incidents of spam calls, phishing attempts, and impersonation scams that have increasingly plagued Indian users in recent years.  

While TRAI has not announced an official rollout date, telecom operators have reportedly begun upgrading their systems and databases to accommodate the CNAP infrastructure. The rollout is expected to be gradual, starting with major telecom circles before expanding nationwide in the coming months. Once implemented, CNAP could become a major step forward in digital trust and consumer protection within India’s rapidly growing telecommunications ecosystem. 

By linking phone communication with verified identities, TRAI’s caller name display feature represents a significant shift toward a safer and more transparent mobile experience. It underscores the regulator’s ongoing efforts to safeguard users against fraudulent activities while promoting accountability within India’s telecom sector.
Read more »
Vulnerabilities and Exploits
CISA Linux Kernel Ransomware Campaign Vulnerabilities and Exploits

CISA Warns: Linux Kernel Flaw Actively Exploited in Ransomware Attacks

 

A critical Linux kernel vulnerability (CVE-2024-1086) is now actively exploited in ransomware attacks, according to a recent update from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). First publicly disclosed on January 31, 2024, this flaw stems from a decade-old code commit to the netfilter: nf_tables kernel component and was patched early in 2024. 

However, the exploit—which allows attackers with local access to escalate privileges and gain root control over affected systems—remains a severe threat for systems running kernel versions from 3.15 to 6.8-rc1, affecting prominent distributions like Debian, Ubuntu, Fedora, and Red Hat.

CISA’s latest advisory confirms the vulnerability is leveraged in live ransomware campaigns but doesn’t provide detailed incident counts or victim breakdowns. The agency added CVE-2024-1086 to its Known Exploited Vulnerabilities (KEV) catalog in May 2024, mandating federal agencies patch by June 20, 2024 or implement mitigations. These mitigations include blocklisting ‘nf_tables’ if not in use, restricting user namespace access to shrink the attack surface, and optionally deploying the Linux Kernel Runtime Guard (LKRG)—though the latter may introduce instability.

Security experts and community commentators highlight both the significance and scope of the risk. The flaw enables threat actors to achieve root-level system takeover—compromising defenses, altering files, moving laterally within networks, and exfiltrating sensitive data. 

Its effects are especially critical in server and enterprise contexts (where vulnerable kernel versions are widely deployed) rather than typical desktop Linux environments. For context, a security researcher known as 'Notselwyn' published a proof-of-concept exploit in March 2024 that clearly demonstrates effective privilege escalation on kernel versions 5.14 through 6.6, broadening attack feasibility for cybercriminals.

Immutability in Linux distributions (such as ChromeOS, Fedora Kinoite) is noted as a partial defense, limiting exploit persistence but not fully mitigating in-memory or user-data targeting attacks. CISA stresses following vendor-specific instructions for mitigation and, where remedies are unavailable, discontinuing product use for guaranteed safety. 

Community debate also reflects persistent frustration at slow patch adoption and challenges in keeping kernels up to date across varied deployment environments. The ongoing exploitation—as confirmed by CISA—underscores the critical need for timely patching, rigorous access controls, and awareness of Linux privilege escalation risks in the face of escalating ransomware threats.
Read more »
Voice AI Innovation
AI In Healthcare Clinical Speech Recognition Healthcare Technology HIPAA Secure ASR Medical Transcription AI Privacy Real-Time Documentation Shunyalabs Zero STT Med Voice AI Innovation

Zero STT Med Sets New Benchmark in Clinical Speech Recognition Efficiency

 


Shunyalabs.ai has taken a decisive step into transforming medical transcription and clinical documentation by introducing Zero STT Med, a powerful automatic speech recognition (ASR) system developed especially for the medical and clinical fields. Shunyalabs.ai is a pioneer in enterprise-grade Voice AI infrastructure. 

A new integrated healthcare system, designed for seamless integration into hospitals as well as platforms for telemedicine, ambient scribe systems, and other healthcare environments with regulated regulations, represents a major leap forward in the evolution of healthcare technology. 

Shunyalabs' Zero STT Med is a highly accurate, real-time, and flexible solution that is proven to provide exceptional accuracy, real-time responsiveness, and deployment flexibility across a broad spectrum of cloud and on-premises environments through a combination of domain-optimised speech models with Shunyalabs' proprietary training technology. 

With its effective reduction of training overheads typically required for ASR solutions, the platform enables healthcare professionals to spend more time on patient care and less on documenting it, which makes it a new benchmark for clinical speech recognition as it improves precision and efficiency. 

The Zero STT Med solution is the result of Shunyalabs' proprietary training framework that stands out for its exceptional precision, responsiveness, and adaptability -- qualities which make it an ideal fit for applications in hospitals, telemedicine, ambient scribe systems, and other healthcare settings regulated by regulatory bodies. 

In addition to its outstanding performance metrics, Zero STT Med has set a new benchmark for speech-to-text accuracy, with a Word Error Rate of 11.1% and a Character Error Rate of 5.1%, which puts it well in front of existing medical ASR technologies. 

A further distinguishing feature of Zero STT Med is the remarkable efficiency with which it trains itself; the model is fully converged within three days on dual A100 GPUs, and only a limited quantity of real clinical audio is needed. In addition to drastically reducing the amount of data collection and computing demands, this efficiency also enables more frequent updates, which will reflect the most recent medical advancements, terminologies and drug names. 

Zero STT Med has been specifically designed to support the real-world medical workflows, providing seamless documentation during consultations, charting, and dictation processes. Its privacy-sensitive architecture allows it to be installed even on CPU-only on-premises servers, ensuring strict compliance with data protection regulations, such as HIPAA and GDPR, while allowing institutions to have complete control over their data. 

Clinical speech recognition is a challenging field that often overwhelms conventional ASR systems because of rapid dialogues, overlapping speakers, specialised terminology, and critical accuracy demands. But this new technology offers healthcare professionals a reliable, secure, high-fidelity transcription tool that enables them to transcribe easily, effortlessly, and in an accurate manner. 

Among Shunyalabs.ai’s many defining strengths, Shunyalabs.ai prides itself on its Unparalleled Accuracy, along with its Efficiency and Flexible Deployment, two of the most important features that set Zero STT Med apart from the increasingly competitive field of medical speech recognition that is rapidly advancing. 

A high-performance ASR system for healthcare can be fully trained in just three days by using an inexpensive setup consisting of two A100 GPUs, which is a substantial improvement over the traditional barriers of data collection, computation, and cost that have hindered the development of high-performance ASR systems in the past. 

Using this accelerated training capability, they are not only able to cater to the most specific of learners but also ensure the model remains up-to-date with the ever-evolving language of medicine, such as new drug names, emerging procedures, and evolving clinical terms.

It is an innovative application that is designed to ensure data privacy and compliance, and Zero STT Med is fully integrated with CPU-only servers that allow full on-premises deployments without any cloud dependency. This ensures complete control over patient information, according to global standards such as HIPAA and GDPR, and eliminates the need for cloud dependency. 

During the presentation, Ritu Mehrotra, the Founder and CEO of Shunyalabs.ai, stated that medical transcription is a process that requires perfect accuracy since each word plays an important role in clinical care. It is noted that Zero STT Med bridges this gap by providing healthcare organisations with an effective, cost-effective, and time-efficient solution that allows them to utilise their resources effectively. 

There is no doubt that the significance of this technological development goes far beyond the technical realm — it addresses the biggest problem in modern medicine, which is physician burnout as a result of excessive documentation. Artificial intelligence (AI) assisted transcription has consistently been demonstrated to reduce documentation time by up to 70%, leading to better clinical performance, less cognitive strain, and more time for practitioners to devote to their patients.

This innovative new product, Zero STT Med, combines real-time processing capabilities with an intuitive user interface so that it seamlessly supports the recording of live clinical consultations, dictations, and archival recordings. Moreover, features such as speaker diarisation allow clinicians to differentiate between multiple speakers within a conversation in real-time. 

Additionally, Sourav Banerjee, the Chief Technology Officer of Shunyalabs.ai, stated that the new system is more than just a marginal upgrade — he called it a "redefining of medical speech recognition", which includes fewer corrections, lower latency, and secure data. As a result of these advancements, Zero STT Med is positioned to become an indispensable part of healthcare documentation, bridging the gap between the technological advancements of AI and the precision required by clinical care.

Zero STT Med has been designed with the highest level of privacy and regulatory compliance, and is specifically intended for sensitive healthcare environments where data protection is of utmost importance. The system can run on CPU-only servers on premises, ensuring that healthcare providers maintain complete control over their data while adhering to HIPAA and GDPR regulations. 

The model was designed to fulfil the clinical workflows relevant to real-world clinical practices. It can be used for live dictations and transcriptions (especially for live consultations), as well as batch processing of historical recordings, providing flexibility across issues such as immediate or retrospective recording requirements. 

The software offers many unique features, including medical terminology optimisation, speaker diarisation that differentiates clinicians from patients with precision, and accent recognition that has been improved through extensive training on a variety of speech datasets in order to achieve the highest level of accuracy. This allows the system to deliver exceptional accuracy, no matter what linguistic or acoustic conditions may be encountered in a clinical setting. 

Furthermore, Shunyalabs.ai has developed a rapid retraining capability that allows it to be able to continually update the model with emerging drug names, evolving surgical procedures, and the most recent medical terminology without having to spend excessive amounts of time and resources retraining.

It is worth noting that the system is more than an incremental upgrade to medical speech recognition; it redefines it in a way that requires fewer corrections, lower latency, and complete data privacy. That is the description of the impact Zero STT Med brings to the healthcare and healthtech industries. As a strategic step towards broader adoption, the company has begun extending early access to select healthcare and healthtech organisations for pilot integration and evaluation. 

While the model is currently available in English, Shunyalabs plans to extend its linguistic reach in the near future by adding support for Indian and other international languages, illustrating the company's vision of providing high-fidelity, privacy-centred voice AI to the global healthcare community within the next few years.

During the course of the healthcare sector's digital transformation, innovations like Zero STT Med underscore a pivotal shift toward intelligent, privacy-conscious, and domain-specific computer-assisted systems that enhance both accuracy and accessibility through improved accuracy rates and faster response times. 

A technology like this not only streamlines documentation but also redefines the clinician's experience by bridging the gap between human expertise and machine accuracy, reducing fatigue, elevating decision-making, and helping patients become more engaged with treatment.

In the future, Zero STT Med has the potential to establish new global standards for clinical speech recognition that are trustworthy, adaptive, and efficient, thereby paving the way for excellence in healthcare based on technology.
Read more »
TP-Link
AI China Cloud Data Internet Technology TP-Link

TP-Link Routers May Get Banned in US Due to Alleged Links With China


TP-Link routers may soon shut down in the US. There's a chance of potential ban as various federal agencies have backed the proposal. 

Alleged links with China

The news first came in December last year. According to the WSJ, officials at the Departments of Justice, Commerce, and Defense had launched investigations into the company due to national security threats from China. 

Currently, the proposal has gotten interagency approval. According to the Washington Post, "Commerce officials concluded TP-Link Systems products pose a risk because the US-based company's products handle sensitive American data and because the officials believe it remains subject to jurisdiction or influence by the Chinese government." 

But TP-Link's connections to the Chinese government are not confirmed. The company has denied of any ties with being a Chinese company. 

About TP-Link routers 

The company was founded in China in 1996. After the October 2024 investigation, the company split into two: TP-Link Systems and TP-Link Technologies. "TP-Link's unusual degree of vulnerabilities and required compliance with [Chinese] law are in and of themselves disconcerting. When combined with the [Chinese] government's common use of [home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming" the officials wrote in October 2024. 

The company dominated the US router market since the COVID pandemic. It rose from 20% of total router sales to 65% between 2019 and 2025. 

Why the investigation?

The US DoJ is investigating if TP-Link was involved in predatory pricing by artificially lowering its prices to kill the competition. 

The potential ban is due to an interagency review and is being handled by the Department of Commerce. Experts say that the ban may be lifted in future due to Trump administration's ongoing negotiations with China. 

Read more »
Sensitive data
Cyber Security IoT devices IT Systems Palo Alto Networks Sensitive data

Nearly 50% of IoT Device Connections Pose Security Threats, Study Finds

 




A new security analysis has revealed that nearly half of all network communications between Internet of Things (IoT) devices and traditional IT systems come from devices that pose serious cybersecurity risks.

The report, published by cybersecurity company Palo Alto Networks, analyzed data from over 27 million connected devices across various organizations. The findings show that 48.2 percent of these IoT-to-IT connections came from devices classified as high risk, while an additional 4 percent were labeled critical risk.

These figures underline a growing concern that many organizations are struggling to secure the rapidly expanding number of IoT devices on their networks. Experts noted that a large portion of these devices operate with outdated software, weak default settings, or insecure communication protocols, making them easy targets for cybercriminals.


Why It’s a Growing Threat

IoT devices, ranging from smart security cameras and sensors to industrial control systems are often connected to the same network as computers and servers used for daily business operations. This creates a problem: once a vulnerable IoT device is compromised, attackers can move deeper into the network, access sensitive data, and disrupt normal operations.

The study emphasized that the main cause behind such widespread exposure is poor network segmentation. Many organizations still run flat networks, where IoT devices and IT systems share the same environment without proper separation. This allows a hacker who infiltrates one device to move easily between systems and cause greater harm.


How Organizations Can Reduce Risk

Security professionals recommend several key actions for both small businesses and large enterprises to strengthen their defenses:

1. Separate Networks:

Keep IoT devices isolated from core IT infrastructure through proper network segmentation. This prevents threats in one area from spreading to another.

2. Adopt Zero Trust Principles:

Follow a security model that does not automatically trust any device or user. Each access request should be verified, and only the minimum level of access should be allowed.

3. Improve Device Visibility:

Maintain an accurate inventory of all devices connected to the network, including personal or unmanaged ones. This helps identify and secure weak points before they can be exploited.

4. Keep Systems Updated:

Regularly patch and update device firmware and software. Unpatched systems often contain known vulnerabilities that attackers can easily exploit.

5. Use Strong Endpoint Protection:

Deploy Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR) tools across managed IT systems, and use monitoring solutions for IoT devices that cannot run these tools directly.


As organizations rely more on connected devices to improve efficiency, the attack surface grows wider. Without proper segmentation, monitoring, and consistent updates, one weak device can become an entry point for cyberattacks that threaten entire operations.

The report reinforces an important lesson: proactive network management is the foundation of cybersecurity. Ensuring visibility, limiting trust, and continuously updating systems can significantly reduce exposure to emerging IoT-based threats.




Read more »
Subscribe to: Comments (Atom)

Featured