Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud. Show all posts
LLaMA
AI Chatbots AI Models AI technology Chatbots ChatGPT Cloud Cyber Security Data Privacy data security DeepSeek Gemini AI LLaMA

Why Running AI Locally with an NPU Offers Better Privacy, Speed, and Reliability

 

Running AI applications locally offers a compelling alternative to relying on cloud-based chatbots like ChatGPT, Gemini, or Deepseek, especially for those concerned about data privacy, internet dependency, and speed. Though cloud services promise protections through subscription terms, the reality remains uncertain. In contrast, using AI locally means your data never leaves your device, which is particularly advantageous for professionals handling sensitive customer information or individuals wary of sharing personal data with third parties. 

Local AI eliminates the need for a constant, high-speed internet connection. This reliable offline capability means that even in areas with spotty coverage or during network outages, tools for voice control, image recognition, and text generation remain functional. Lower latency also translates to near-instantaneous responses, unlike cloud AI that may lag due to network round-trip times. 

A powerful hardware component is essential here: the Neural Processing Unit (NPU). Typical CPUs and GPUs can struggle with AI workloads like large language models and image processing, leading to slowdowns, heat, noise, and shortened battery life. NPUs are specifically designed for handling matrix-heavy computations—vital for AI—and they allow these models to run efficiently right on your laptop, without burdening the main processor. 

Currently, consumer devices such as Intel Core Ultra, Qualcomm Snapdragon X Elite, and Apple’s M-series chips (M1–M4) come equipped with NPUs built for this purpose. With one of these devices, you can run open-source AI models like DeepSeek‑R1, Qwen 3, or LLaMA 3.3 using tools such as Ollama, which supports Windows, macOS, and Linux. By pairing Ollama with a user-friendly interface like OpenWeb UI, you can replicate the experience of cloud chatbots entirely offline.  

Other local tools like GPT4All and Jan.ai also provide convenient interfaces for running AI models locally. However, be aware that model files can be quite large (often 20 GB or more), and without NPU support, performance may be sluggish and battery life will suffer.  

Using AI locally comes with several key advantages. You gain full control over your data, knowing it’s never sent to external servers. Offline compatibility ensures uninterrupted use, even in remote or unstable network environments. In terms of responsiveness, local AI often outperforms cloud models due to the absence of network latency. Many tools are open source, making experimentation and customization financially accessible. Lastly, NPUs offer energy-efficient performance, enabling richer AI experiences on everyday devices. 

In summary, if you’re looking for a faster, more private, and reliable AI workflow that doesn’t depend on the internet, equipping your laptop with an NPU and installing tools like Ollama, OpenWeb UI, GPT4All, or Jan.ai is a smart move. Not only will your interactions be quick and seamless, but they’ll also remain securely under your control.
Read more »
Technology
AI Cloud Data Google Internet Security Breach Technology

Security Breach Reveals "Catwatchful" Spyware is Snooping on Users

Security Breach Reveals "Catwatchful" Spyware is Snooping on Users

A security bug in a stealthy Android spyware operation, “Catwatchful,” has exposed full user databases affecting its 62,000 customers and also its app admin. The vulnerability was found by cybersecurity expert Eric Daigle reported about the spyware app’s full database of email IDs and plaintext passwords used by Catwatchful customers to access stolen data from the devices of their victims. 

Most of the victims were based in India, Argentina, Peru, Mexico, Colombia, Bolivia, and Ecuador. A few records date back to 2018. The leaked database also revealed the identity of the Catwatchful admin called Omar Soca Char.

The Catwatchful database also revealed the identity of the spyware operation’s administrator, Omar Soca Charcov, a developer based in Uruguay.

About Catwatchful

Catwatchful is a spyware that pretends to be a child monitoring app, claiming to be “invisible and can not be detected,” while it uploads the victim’s data to a dashboard accessible to the person who planted the app. The stolen data includes real-time location data, victims’ photos, and messages.  The app can also track live ambient audio from the device’s mic and access the phone camera (both front and rear).

Catwatchful and similar apps are banned on app stores, and depend on being downloaded and deployed by someone having physical access to a victim’s phone. These apps are famous as “stalkerware” or “spouseware” as they are capable of unauthorized and illegal non-consensual surveillance of romantic partners and spouses. 

Rise of spyware apps

The Catwatchful incident is the fifth and latest in this year’s growing list of stalkerware scams that have been breached, hacked, or had their data exposed. 

How was the spyware found?

Daigle has previously discovered stalkerware exploits. Catwatchful uses a custom-made API, which the planted app uses to communicate to send data back to Catwatchful servers. The stalkerware also uses Google Firebase to host and store stolen data. 

According to Techradar, the “data was stored on Google Firebase, sent via a custom API that was unauthenticated, resulting in open access to user and victim data. The report also confirms that, although hosting had initially been suspended by HostGator, it had been restored via another temporary domain."

Read more »
North Korea
AI Artificial Intelligence Cloud Cyber Crime Data Deepfakes Extortion Internet lazarus North Korea

Amid Federal Crackdown, Microsoft Warns Against Rising North Korean Jobs Scams

Amid Federal Crackdown, Microsoft Warns Against Rising North Korean Jobs Scams

North Korean hackers are infiltrating high-profile US-based tech firms through scams. Recently, they have even advanced their tactics, according to the experts. In a recent investigation by Microsoft, the company has requested its peers to enforce stronger pre-employment verification measures and make policies to stop unauthorized IT management tools. 

Further investigation by the US government revealed that these actors were working to steal money for the North Korean government and use the funds to run its government operations and its weapons program.  

US imposes sanctions against North Korea

The US has imposed strict sanctions on North Korea, which restrict US companies from hiring North Korean nationals. It has led to threat actors making fake identities and using all kinds of tricks (such as VPNs) to obscure their real identities and locations. This is being done to avoid getting caught and get easily hired. 

Recently, the threat actors have started using spoof tactics such as voice-changing tools and AI-generated documents to appear credible. In one incident, the scammers somehow used an individual residing in New Jersey, who set up shell companies to fool victims into believing they were paying a legitimate local business. The same individual also helped overseas partners to get recruited. 

DoJ arrests accused

The clever campaign has now come to an end, as the US Department of Justice (DoJ) arrested and charged a US national called Zhenxing “Danny” Wanf with operating a “year-long” scam. The scheme earned over $5 million. The agency also arrested eight more people - six Chinese and two Taiwanese nationals. The arrested individuals are charged with money laundering, identity theft, hacking, sanctions violations, and conspiring to commit wire fraud.

In addition to getting paid in these jobs, which Microsoft says is a hefty payment, these individuals also get access to private organization data. They exploit this access by stealing sensitive information and blackmailing the company.

Lazarus group behind such scams

One of the largest and most infamous hacking gangs worldwide is the North Korean state-sponsored group, Lazarus. According to experts, the gang extorted billions of dollars from the Korean government through similar scams. The entire campaign is popular as “Operation DreamJob”. 

"To disrupt this activity and protect our customers, we’ve suspended 3,000 known Microsoft consumer accounts (Outlook/Hotmail) created by North Korean IT workers," said Microsoft.

Read more »
Russia links
Cloud Cyber Security Data Safety User Data data security FSB IP Address Messaging Apps Russia Russia links

Telegram’s Alleged Ties to Russian Intelligence Raise Global Surveillance Fears

 

A new investigation by Russian media outlet Important Stories, in collaboration with the Organized Crime and Corruption Reporting Project (OCCRP), has sparked fresh scrutiny over Telegram’s connections to Russia’s intelligence services. The popular messaging platform, long regarded for its privacy features, may have indirect links to the Russian Federal Security Service (FSB), raising significant concerns for users worldwide.

At the center of the probe is a company called Global Network Management (GNM), which plays a critical role in routing Telegram’s messages. Although GNM is officially incorporated in the Caribbean nation of Antigua and Barbuda, it operates primarily from Russia. Its owner, Vladimir Vedeneev, is a Russian engineer with long-standing ties to Telegram founder Pavel Durov. Legal filings show that Vedeneev is the only individual authorized to manage certain Telegram servers, including those based in the U.S. 

Vedeneev also runs other firms—such as Globalnet and Electrontelecom—that reportedly supply telecommunications infrastructure to various Russian state entities, including the FSB. These companies have been linked to classified government projects involving surveillance and defense. 

The IP addresses used by Telegram used to be owned by Russian firms with FSB affiliations. These IPs still appear to be registered in Russia, and might be responsible for allowing user activity to be traced back through Russian-controlled networks. Telegram users typically rely on regular cloud chats, which—unlike its secret chats—are not end-to-end encrypted and are stored on Telegram’s servers. Security analysts warn that if Vedeneev’s companies manage routing systems and network infrastructure, they could potentially access user metadata, including IP addresses, device IDs, and location data. 

Though message content may remain encrypted, this metadata could still be exploited for surveillance. Moreover, Telegram transmits unique device identifiers in an unencrypted format, creating additional vulnerability. Experts caution that Russian intelligence could leverage this data to monitor users, particularly dissidents, journalists, or foreign nationals viewed as threats. Telegram has refuted the claims, stating that it has no employees or servers in Russia and that its infrastructure remains fully under the control of its internal teams. 

The company maintains that no third party, including vendors, can access confidential user data or systems. However, Telegram has yet to directly address the investigation’s core claims regarding GNM, Vedeneev, or the related infrastructure providers. The platform also hasn’t explained how it protects users if server operators have potential intelligence ties or why certain data is still sent without encryption. 

The issue is especially relevant in Ukraine, where Telegram has over 10 million users and is a major source of news and official communication. While President Volodymyr Zelensky’s administration uses the app for public updates, growing concerns around disinformation and espionage have prompted discussions about its continued use. 

As the investigation raises critical questions about the app’s security, the broader implications for global digital privacy and national security remain in sharp focus.
Read more »
Technology
AI Cloud Data Privacy Meta Technology

WhatsApp Reveals "Private Processing" Feature for Cloud Based AI Features

WhatsApp Reveals "Private Processing" Feature for Cloud Based AI Features

WhatsApp claims even it can not process private data

WhatsApp has introduced ‘Private Processing,’ a new tech that allows users to use advanced AI features by offloading tasks to privacy-preserving cloud servers, without exposing their chat to Meta. Meta claims even it cannot see the messages while processing them. The system employs encrypted cloud infrastructure and hardware-based isolation without making it visible to anyone, even Meta, or processing data. 

About private processing

For those who decide to use Private Processing, the system works in an obscure verification via the user’s WhatsApp client to confirm the user’s validity. 

Meta claims this system keeps WhatsApp’s end-to-end encryption intact while offering AI features in chats. However, the feature currently applies only to select use cases and excludes Meta’s broader AI deployments, including those used in India’s public service systems.

Private processing employs Trusted Execution Environments (TEEs) — safe virtual machines that use cloud infrastructure to keep AI requests hidden. 

About the system

  • Performs encryption of user requests from the system to the TEE utilizing end-to-end encryption
  • Encrypts user requests from the device to the TEE using end-to-end encryption
  • Restricts storage or logging of messages post-processing
  • Reports logs and binary images for external verification and audits

WhatsApp builds AI through wider privacy concerns

According to Meta, the Private processing is a response to privacy questions around AI and messaging. WhatsApp has now joined other companies like Apple that have introduced confidential AI computing models in the previous year. “To validate our implementation of these and other security principles, independent security researchers will be able to continuously verify our privacy and security architecture and its integrity,” Meta said.

It is similar to Apple’s private cloud computing in terms of public transparency and stateless processing. Currently, however, WhatsApp is using them only for select features. Apple, on the other hand, has declared plans to implement this model throughout all its AI tools, whereas WhatsApp has not made such claims, yet. 

WhatsApp says, “Private Processing uses anonymous credentials to authenticate users over OHTTP. This way, Private Processing can authenticate users to the Private Processing system but remains unable to identify them.”

Read more »
Risk Management
Cloud Cyber Security cybersecurity best practices cybersecurity posture Enterprise enterprise cybersecurity Google Cloud Platform Infrastructure Risk Management

Posture Management Emerges as Strategic Cybersecurity Priority Amid Cloud and Data Fragmentation

 

Posture management is rapidly evolving into a cornerstone of enterprise cybersecurity as organizations grapple with increasing digital complexity. With infrastructures now sprawling across cloud platforms, identity services, and data environments, the traditional model of siloed risk monitoring is no longer sustainable. As a result, cybersecurity leaders are embracing posture management not only to gauge exposure but also to orchestrate defenses in real time. 

This shift reflects a broader industry movement toward unifying visibility and control. “From a business perspective, large organizations have M&A — they have rollups; they have multiple divisions. They’re not centralized; they’re across globes,” said Erik Bradley, chief strategist and director of research at Enterprise Technology Research. “There’s no way that we’re ever going to see a consolidation on one platform.” 

Bradley shared these insights during a conversation with theCUBE’s Jon Oltsik and Dave Vellante at the RSAC 2025 Conference, hosted by SiliconANGLE Media. The discussion focused on how posture management is becoming integral to modern security operations by improving visibility, minimizing tool sprawl, and enabling strategic risk reduction across complex IT environments. Security teams are increasingly recognizing the limitations of point solutions. 

Instead, they’re exploring how posture management can serve as a foundational layer across enterprise-wide platforms. “We’re carving up terminology and confusing the market,” said Oltsik. “IT is moving so quickly and it’s so specialized that you need specialized posture management tools for cloud, identity, and data.” Leading cybersecurity vendors like CrowdStrike and Palo Alto Networks are embedding posture management into broader security suites, aligning it with automation, identity access controls, and even password management. 

These integrations aim to reduce operational overhead while enabling faster, more accurate threat detection. According to Bradley, these vendors view posture management as both a preventive control in peacetime and a readiness tool in active cyber warfare scenarios. However, challenges persist—particularly around data fragmentation. Although many vendors tout strong telemetry capabilities, few offer complete visibility across all domains. 

This leaves enterprises vulnerable to gaps in their defenses, especially as they try to consolidate vendors and reduce redundancy. “No CSO is going to go all-in with one provider,” Bradley emphasized. “They’re focused on consolidating redundant vendors and streamlining operations without sacrificing visibility or security.” 

As cybersecurity evolves, posture management is no longer a niche function—it’s becoming the backbone of a resilient, scalable defense strategy.
Read more »
Windows
Cloud Microsoft Password Technology Threat Intelligence Windows

Microsoft Alerts Users About Password-spraying Attack

Microsoft Alerts Users About Password-spraying Attack

Microsoft alerts users about password-spraying attacks

Microsoft has warned users about a new password-spraying attack by a hacking group Storm-1977 that targets cloud users. The Microsoft Threat Intelligence team reported a new warning after discovering threat actors are abusing unsecured workload identities to access restricted resources. 

According to Microsoft, “Container technology has become essential for modern application development and deployment. It's a critical component for over 90% of cloud-native organizations, facilitating swift, reliable, and flexible processes that drive digital transformation.” 

Hackers use adoption-as-a-service

Research says 51% of such workload identities have been inactive for one year, which is why attackers are exploiting this attack surface. The report highlights the “adoption of containers-as-a-service among organizations rises.” According to Microsoft, it continues to look out for unique security dangers that affect “containerized environments.” 

The password-spraying attack targeted a command line interface tool “AzureChecker” to download AES-encrypted data which revealed the list of password-spray targets after it was decoded. To make things worse, the “threat actor then used the information from both files and posted the credentials to the target tenants for validation.”

The attack allowed the Storm-1977 hackers to leverage a guest account to make a compromised subscription resource group and over 200 containers that were used for crypto mining. 

Mitigating password-spraying attacks

The solution to the problem of password spraying attacks is eliminating passwords. It can be done by moving towards passkeys, a lot of people are already doing that. 

Microsoft has suggested these steps to mitigate the issue

  • Use strong authentication while putting sensitive interfaces to the internet. 
  • Use strong verification methods for the Kubernetes API to stop hackers from getting access to the cluster even when valid credentials like kubeconfig are obtained.  
  • Don’t use the read-only endpoint of Kubelet on port 10255, which doesn’t need verification. 

Modify the Kubernetes role-based access controls for every user and service account to only retain permissions that are required. 

According to Microsoft, “Recent updates to Microsoft Defender for Cloud enhance its container security capabilities from development to runtime. Defender for Cloud now offers enhanced discovery, providing agentless visibility into Kubernetes environments, tracking containers, pods, and applications.” These updates upgrade security via continuous granular scanning. 

Read more »
Ransomware
Akira Attack Breach Cloud Cybersecurity Data Encryption Extortion FBI Hitachi malware Ransomware

Hitachi Vantara Takes Servers Offline Following Akira Ransomware Attack

 

Hitachi Vantara, a subsidiary of Japan's Hitachi conglomerate, temporarily shut down several servers over the weekend after falling victim to a ransomware incident attributed to the Akira group.

The company, known for offering data infrastructure, cloud operations, and cyber resilience solutions, serves government agencies and major global enterprises like BMW, Telefónica, T-Mobile, and China Telecom.

In a statement to BleepingComputer, Hitachi Vantara confirmed the cyberattack and revealed it had brought in external cybersecurity specialists to assess the situation. The company is now working to restore all affected systems.

“On April 26, 2025, Hitachi Vantara experienced a ransomware incident that has resulted in a disruption to some of our systems," Hitachi Vantara told BleepingComputer.

"Upon detecting suspicious activity, we immediately launched our incident response protocols and engaged third-party subject matter experts to support our investigation and remediation process. Additionally, we proactively took our servers offline in order to contain the incident.

We are working as quickly as possible with our third-party subject matter experts to remediate this incident, continue to support our customers, and bring our systems back online in a secure manner. We thank our customers and partners for their patience and flexibility during this time."

Although the company has not officially attributed the breach to any specific threat actor, BleepingComputer reports that sources have linked the attack to the Akira ransomware operation. Insiders allege that the attackers exfiltrated sensitive data and left ransom notes on infiltrated systems.

While cloud services remained unaffected, sources noted that internal platforms at Hitachi Vantara and its manufacturing arm experienced disruption. Despite these outages, clients operating self-hosted systems are still able to access their data.

A separate source confirmed that several government-led initiatives have also been impacted by the cyberattack.

Akira ransomware first appeared in March 2023 and swiftly became notorious for targeting a wide range of sectors worldwide. Since its emergence, the group has reportedly compromised more than 300 organizations, including high-profile names like Stanford University and Nissan (in Oceania and Australia).

The FBI estimates that Akira collected over $42 million in ransom payments by April 2024 after infiltrating over 250 organizations. According to chat logs reviewed by BleepingComputer, the gang typically demands between $200,000 and several million dollars, depending on the scale and sensitivity of the targeted entity.

Keywords: ransomware, cybersecurity, Hitachi, Akira, cloud, breach, data, FBI, malware, attack, encryption, extortion, hacking, disruption, recovery, infrastructure, digital, protection
Read more »
Subscribe to: Posts (Atom)