Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
US President
Chat Leak Cyber Security Signal Signalgate US President

Trump Claims Administration Learnt to Avoid Signal After Group Chat Leak

 

President Donald Trump stated that his administration has learnt from Signalgate. "I think we learnt: Maybe don't use Signal, okay?" Trump spoke about the messaging app in an interview with The Atlantic published Monday.

"If you want to know the truth. I would frankly tell these people not to use Signal, although it's been used by a lot of people," US president added. "But, whatever it is, whoever has it, whoever owns it, I wouldn't want to use it.”

Last month, The Atlantic's editor in chief, Jeffrey Goldberg, revealed that he had been inadvertently included in a Signal group discussion by White House national security adviser Mike Waltz. Goldberg stated that the group chat was called "Houthi PC small group" and included other officials such as Defence Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard, and Secretary of State Marco Rubio. "PC" stood for "principals committee." 

"In the chat, Waltz and the other Trump officials were talking about specifics of a planned U.S. strike on Houthi rebels," Goldberg claimed. The authenticity of the group discussion was later verified by the National Security Council to Business Insider. At first, Trump denied knowing about the security failure. After the incident, he defended Waltz and Hegseth, stating that he would not fire them. 

Signal, which was first launched in 2014, is a non-profit, open-source encrypted messaging application. Last month, Signal stated in an X post that misinformation was "flying around that might drive people away from Signal and private communications.”

"One piece of misinformation we need to address is the claim that there are 'vulnerabilities' in Signal," it stated on March 25, citing an NPR report that quoted a Pentagon memo it received, alerting staff of a possible vulnerability in the messaging app. 

“The memo used the term 'vulnerability' in relation to Signal — but it had nothing to do with Signal's core tech. It was warning against phishing scams targeting Signal users,” Signal wrote in its post.
Read more »
zero Day vulnerability
Cyber intrusion Cyber Security CyberThreat DDoS FortiGate IoT IP Address Networkk Infrastructure ransomware-as-a-service (RaaS) VPN Vulnerabilities Firewalls zero Day vulnerability

Firewalls and VPNs Under Siege as Businesses Report Growing Cyber Intrusions

 


A security researcher has discovered an ongoing cyberattack that is active, exploiting a newly discovered vulnerability in Fortinet's FortiGate Firewalls to infiltrate corporate and enterprise networks and has been conducting this activity for some time. A security advisory published on Tuesday by Fortinet confirmed the existence of the critical security flaw known as CVE-2024-55591 and indicated that the vulnerability is currently being exploited in the wild. 

Nevertheless, cybersecurity experts are voicing their concerns over the possibility that malicious actors are exploiting this flaw as a zero-day vulnerability - a term that refers to a software vulnerability exploited before the vendor is made aware of or has issued a patch for it. According to a report by Fortinet, attackers may have actively targeted this vulnerability since at least December, many months before it was publicly disclosed and patched. 

In particular, organisations that heavily rely on FortiGate Firewalls for perimeter defence face a significant threat when the vulnerability is exploited by exploiting CVE-2024-55591. As a result of the vulnerability's criticality, enterprises should apply security updates as soon as possible and examine their systems for any indications of unauthorized access as soon as possible. Even though zero-day exploits remain a threat, this development highlights the fact that cybercriminals are increasingly focusing on foundational network infrastructure to gain a foothold in high-value environments. 

The use of virtual private networks (VPNs) as a critical defence mechanism against a variety of cyber threats has long been regarded as a crucial aspect of protecting digital communications from a wide range of threats. VPNs are effective in neutralising the risks associated with man-in-the-middle attacks, which involve unauthorised parties trying to intercept or manipulate data while it is in transit by encrypting the data transmissions. Through this layer of encryption, sensitive data remains secure, even across unsecured networks. 

One of the most prominent use cases for VPNs is that they serve the purpose of protecting people using public Wi-Fi networks, which are often vulnerable to unauthorised access. It has been shown that VPNs are significantly less likely to expose or compromise data in such situations because they route traffic through secure tunnels. Additionally, VPNs hide the IP addresses of users, thereby providing greater anonymity to users and reducing the possibility of malicious actors tracking or monitoring them. 

As a result of this concealment, network resources are also protected against distributed denial-of-service (DDoS) attacks, which often use IP addresses as a method of overloading network resources. Even though VPNs have been around for decades, their use today does not suffice as a standalone solution due to the increasingly complex threat landscape that exists in today's society. To ensure comprehensive protection against increasingly sophisticated attack vectors, it is important to integrate their capabilities with more advanced, adaptive cybersecurity measures. 

It seems that conventional security frameworks, such as Firewalls and VPN,s are becoming increasingly outpaced as the cybersecurity landscape continues to evolve due to the sophistication and frequency of modern threats, which have increased significantly over the past few years. Businesses across many industries are experiencing an increasing number of breaches and vulnerabilities, and traditional methods of addressing these vulnerabilities are no longer capable of doing so. 

Due to the widespread transition from on-premises infrastructure to remote and digitally distributed work environments, legacy security architectures have become increasingly vulnerable, forcing enterprises to reassess and update their defence strategies. Firewalls and VPNs were once considered to be the cornerstones of enterprise network security; however, in today's increasingly complex threat environment, they are having trouble meeting the demands. 

In the past, these technologies have played an important role in securing organisational boundaries, but today, the limitations of those technologies are becoming increasingly apparent as organisations transition to a cloud-based environment and undergo rapid digital transformation. In the year 2025, technological advances are expected to change the way industry operations are conducted—for instance, the adoption of generative artificial intelligence, automation, and the proliferation of Iot and OT systems. 

Despite these innovations, there are also unprecedented risks associated with them. For example, malicious actors use artificial intelligence to automate spear-phishing efforts, craft highly evasive malware, and exploit vulnerabilities more quickly and accurately than they could previously. In addition, as Ransomware-as-a-Service (Raas) is on the rise, the barrier to entry for hackers is dropping, enabling a broader set of threat actors to conduct sophisticated, scalable attacks on businesses. To respond effectively to the complexities of a digitally driven world, organisations must adopt proactive, adaptive cybersecurity models that are capable of responding to the challenges of this dynamic threat environment and moving beyond legacy security tools.

There has been a significant shift in cybersecurity dynamics that has led to a worrying trend: malicious actors are increasingly exploiting Virtual Private Networks (VPNs) as a strategy to gain an advantage over their adversaries. Since VPNs were originally developed as a way to enhance privacy and protect data, they are increasingly being repurposed by cybercriminals to facilitate complex attacks while masking their identity digitally. Because VPNs are dual-purpose devices, they have become instruments of exploitation, which poses a significant challenge for cybersecurity professionals as well as digital forensics teams to deal with. 

There is one particularly alarming technique for using VPN software to exploit vulnerabilities, which involves deliberately exploiting these vulnerabilities to bypass perimeter defences, infiltrate secure systems, and deploy malware without being it. When attackers identify and target these vulnerabilities, they can easily bypass perimeter defences, infiltrate secure systems, and deploy malware without being detected. 

Frequently, such breaches act as entry points into larger campaigns, such as coordinated phishing campaigns that attempt to trick individuals into revealing confidential information. Further, VPNs are known for the ability to mask the actual IP addresses of threat actors, a technique known as IP address masquerading, which enables them to evade geographical restrictions, mislead investigators, and remain anonymous when they launch cyberattacks.

In addition to enabling adversaries to circumvent Firewalls, VPNs also offer the option of encrypting and tunnelling, thus enabling them to penetrate networks that would otherwise be resistant to unauthorised access with greater ease. As a matter of fact, VPNs are often used as a means of spreading malicious software across unreliable networks. By using an encrypted VPN traffic, malware can be able to bypass traditional detection methods, thereby circumventing traditional detection methods. The shield of anonymity provided by VPNs can also be used by threat actors to impersonate legitimate organisations and initiate phishing campaigns, compromising the privacy and integrity of users. 

VPNs can also facilitate the spreading of Distributed Denial-of-Service (DDoS) attacks, which is equally troubling. As these networks are anonymised, it makes it difficult to trace the origin of such attacks, which hinders the development of appropriate response strategies and mitigation strategies. This paradox underscores the complexity of modern cybersecurity, since one security tool can serve both as a tool for cybercrime and a tool for security. 

Even though VPNs remain an important tool to keep users safe and anonymous, their misuse requires a proactive and multifaceted response. To combat this misuse, people need robust technological defences combined with ongoing awareness and education initiatives, which will help us address this misuse effectively. Only through such comprehensive measures can organisations ensure the integrity of VPN technology and ensure trust in the digital privacy infrastructure as long as the technology remains intact. 

Check Point has issued a formal warning regarding the active targeting of its VPN devices as part of an ongoing increase in cyber threats against enterprise infrastructure. As a result of this disclosure, people have been reminded again that there is a sustained campaign aimed at compromising remote access technologies and critical network defences. It is the second time in recent months that a major cybersecurity vendor has released such an alert in the past couple of months. 

According to Cisco, in April 2024, organisations are being warned about a widespread wave of brute-force attacks against VPNs and Secure Shell (SSH) services that are likely to impact several devices from Cisco, Check Point, SonicWall, Fortinet, and Ubiquiti, among others. In the first observed attack around March 18, attackers used anonymised tools, such as TOR exit nodes, proxy networks, and other techniques to obfuscate and avoid detection and block lists, to launch the attacks. 

In March of this year, Cisco had also noticed that passwords were being sprayed at their Secure Firewall appliances that were running Remote Access VPN (RAVPN) services. According to analysts, this is a reconnaissance phase, likely intended to lay the groundwork for more advanced intrusions to follow. Following a subsequent analysis by cybersecurity researcher Aaron Martin, these incidents were linked to a malware botnet dubbed "Brutus", which was previously undocumented. 

Over 20,000 IP addresses were found to be associated with this botnet that was deployed from both residential and cloud-hosted environments, which greatly complicated the process of attribution and mitigation. The threat landscape has only been compounded by Cisco's announcement that a state-sponsored hacker group, also known as UAT4356, has been utilising zero-day vulnerabilities found within its Firepower Threat Defence (FTD) and Adaptive Security Appliances to exploit zero-day vulnerabilities. 

Known by the codename ArcaneDoor, the cyber-espionage campaign has been ongoing since November 2023, targeting critical infrastructure networks as well as governments around the world as part of a broader cyber-espionage campaign. As the frequency and complexity of cyber attacks continue to increase, it is apparent that legacy perimeter defences are no longer adequate in terms of security. 

A layered, intelligence-driven approach to security includes detecting threats in real time, hardening systems continuously, and responding to incidents in a proactive manner. As well as strengthening cybersecurity resilience, fostering collaboration between public and private sectors, sharing threat intelligence, and providing ongoing training to employees can make sure that they remain ahead of their adversaries. There is no doubt that the future of secure enterprise operations is going to be determined by the ability to anticipate, adapt, and remain vigilant in this rapidly evolving digital age.
Read more »
User Privacy
Biosecurity Cyber Security DNA Sequencing Health Security User Privacy

Scientists Warn of Cybersecurity Threats in Next-Gen DNA Sequencing

 

Next-generation DNA sequencing (NGS) is under increasing criticism for its cyber risks. While NGS has transformed disciplines ranging from cancer diagnosis to infectious disease tracking, a recent study warns that the platforms that enable these advancements could also be used as a gateway by hackers and bad actors.

The study, published in IEEE Access and headed by Dr. Nasreen Anjum of the University of Portsmouth's School of Computing, is the first to systematically map cyber-biosecurity vulnerabilities throughout the NGS workflow. 

NGS technology, which enables rapid and cost-effective DNA and RNA sequencing, supports not only cancer research and medicine development, but also agricultural innovation and forensic science. Its ability to process millions to billions of DNA fragments at once has significantly reduced the cost and enhanced the speed of genome analysis, making it a standard in labs around the world. 

However, the study focuses on a less-discussed aspect of this technological advancement: the increasing number of vulnerabilities at each stage of the NGS pipeline. From sample preparation to sequencing and data processing, each stage requires specialised instruments, complicated software, and networked systems. 

According to Dr. Anjum, these interrelated processes generate several points where security might be compromised. As large genetic databases are being stored and shared online, cybercriminals are more likely to access and misuse this sensitive information. The report cautions that such breaches might lead to not only privacy violations or identity tracing, but potentially more serious possibilities like data manipulation or the fabrication of synthetic DNA-encoded malware. 

Experts from Anglia Ruskin University, the University of Gloucestershire, Najran University, and Shaheed Benazir Bhutto Women's University contributed to the research. The researchers discovered multiple emerging threats including AI-powered genomic data manipulation and improved re-identification techniques that could jeopardise individual privacy. These concerns, they suggest, transcend beyond the person and endanger scientific integrity and possibly national security. 

Despite these risks, Dr Anjum observes that cyber-biosecurity remains a neglected field, with fragmented safeguards and little collaboration between computer science, bioinformatics, biotechnology, and security. To address these challenges, the research suggests a number of feasible options, including secure sequencing procedures, secured data storage, and AI-powered anomaly detection systems. The authors recommend governments, regulatory agencies, and academic institutions to prioritise research, education, and policy development in order to close biosecurity gaps.
Read more »
Sensitive data
Chinese Hackers CISA Cyber Security Ghost MFA Sensitive data

Chinese Ghost Hackers Focus on Profits, Attack Key Sectors in the US and UK


 

In the world of cybercrime, criminals usually fall into two groups. Some target individuals, tricking them for money. Others go after important organizations like hospitals and companies, hoping for bigger payouts. Although attacks on healthcare are less common, they cause major harm when they happen. Incidents like the New York Blood Center hack, where hackers stole a million patient records, show how serious the risk is. Now, a new report warns about Chinese cybercriminals, known as Ghost, who are attacking government offices, power companies, banks, factories, and hospitals. Most of their attacks have affected North America and the United Kingdom.


Ghost Hackers Active in Over 70 Countries

According to research shared by Rebecca Harpur from Blackfog, the Ghost hacking group is based in China and acts on its own without links to the government. Their main goal is to make money, not to steal secrets. Over time, this group has changed its identity multiple times, previously using names like Cring, Crypt3r, Hello, and Phantom. By rebranding, they make it harder for law enforcement agencies to track them as one single group.

Despite their tricks, agencies like the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have raised alarms about the damage Ghost can cause. The Blackfog report explains that victims usually receive a message demanding money, threatening to either destroy stolen information or release it publicly if they refuse to pay.


How Ghost Carries Out Its Attacks

The way Ghost hackers break into systems usually follows the same pattern:

• They first find and exploit weaknesses in systems that are open to the internet, such as VPN devices, websites, and email servers.

• After getting inside, they install secret programs like Cobalt Strike and web shells to stay hidden. They often create fake accounts and disable security software once they have high-level access.

• With these privileges, they move across the network quietly and transfer sensitive data to their own servers.

• Once enough data is stolen, they release ransomware programs (often named Ghost.exe or Cring.exe) across the network. This encrypts files, destroys backup copies, and leaves a ransom note demanding payment.


Tips to Stay Protected

Although the FBI has provided detailed steps to defend against these attacks, Blackfog suggests a few important actions:

1. Keep backups of all important data and store them separately from your main network.

2. Always install the latest updates for your operating systems, applications, and firmware.

3. Use multi-factor authentication to add an extra layer of security to user accounts.

4. Divide your network into smaller parts to make it harder for hackers to move around freely if they break in.


The Ghost hacking group is not interested in spying — their focus is on making money. Organizations need to stay alert, strengthen their defenses, and act fast to prevent serious damage from these ongoing threats.






Read more »
Ransomware
Credentialstealing Cyber Security Cybersecurity IdentityTheft infostealers phishing Ransomware

Cybercriminals Shift Tactics Towards Stealth and Identity Theft: IBM X-Force 2025 Report

 

iThe IBM X-Force 2025 Threat Intelligence Index highlights a growing trend of cybercriminals adopting more covert attack strategies. Drawing from analysis of over 150 billion security events daily across 130+ countries, the report notes an 84% spike in email-delivered infostealers in 2024 compared to the previous year. This surge signals a marked pivot towards credential theft, even as enterprise-targeted ransomware attacks show a notable decline.

“Cybercriminals are most often breaking in without breaking anything – capitalising on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points,” said IBM cybersecurity services global managing partner Mark Hughes. “Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernising authentication management, plugging multi-factor authentication holes and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data.”

The report found that critical infrastructure organisations bore the brunt of attacks, accounting for 70% of incidents handled by IBM X-Force last year. More than a quarter of these breaches exploited system vulnerabilities. Data theft (18%) overtook encryption-based attacks (11%) as the preferred method, reflecting improvements in detection tools and increased law enforcement pressure, which have forced threat actors to rethink their strategies.

Asia and North America emerged as the primary targets, together representing almost 60% of all global attacks. Asia faced 34% of the incidents, while North America encountered 24%. For the fourth consecutive year, the manufacturing industry remained the most impacted sector, attributed to its sensitivity to operational disruptions and susceptibility to ransomware.

Emerging AI-related threats also garnered attention. Although no major AI-focused attacks surfaced in 2024, security teams are racing to find and patch vulnerabilities before they are exploited. A critical remote code execution flaw within an AI development framework is expected to gain traction in 2025 as adoption grows. Experts warn that attackers may soon develop dedicated toolkits aimed specifically at AI systems, underlining the urgent need to secure AI infrastructure.Persistent challenges in critical infrastructure security largely stem from outdated technologies and delayed patch management. IBM X-Force revealed that vulnerabilities accounted for over 25% of exploited incidents. Analyzing discussions on dark web forums showed that four of the ten most talked-about CVEs were associated with advanced threat groups, including state-sponsored actors, escalating the risks of disruption and extortion.

Research in collaboration with Red Hat Insights found that over 50% of Red Hat Enterprise Linux users had not patched at least one critical vulnerability, with 18% leaving five or more critical CVEs unaddressed. Moreover, ransomware variants like Akira, Lockbit, Clop, and RansomHub have expanded their capabilities to affect both Windows and Linux systems.

A sharp rise in phishing campaigns distributing infostealers was another key finding, with a 180% jump compared to 2023. The use of credential phishing and infostealers enables hackers to swiftly exfiltrate sensitive information while maintaining a low profile.

While ransomware still accounted for 28% of malware attacks in 2024, its overall prevalence declined compared to previous years. Cybercriminals are increasingly shifting towards identity-based attacks, adapting to countermeasures that have made traditional ransomware operations more difficult.
Read more »
War Plans
Cyber Security Data Leak Pentagon Head Signal Threat Intelligence War Plans

Pentagon Director Hegseth Revealed Key Yemen War Plans in Second Signal Chat, Source Claims

 

In a chat group that included his wife, brother, and personal attorney, U.S. Defence Secretary Pete Hegseth provided specifics of a strike on Yemen's Iran-aligned Houthis in March, a person familiar with the situation told Reuters earlier this week. 

Hegseth's use of an unclassified messaging system to share extremely sensitive security details is called into question by the disclosure of a second Signal chat. This comes at a particularly sensitive time for him, as senior officials were removed from the Pentagon last week as part of an internal leak investigation. 

In the second chat, Hegseth shared details of the attack, which were similar to those revealed last month by The Atlantic magazine after its editor-in-chief, Jeffrey Goldberg, was accidentally included in a separate chat on the Signal app, in an embarrassing incident involving all of President Donald Trump's most senior national security officials.

The individual familiar with the situation, who spoke on the condition of anonymity, stated that the second chat, which comprised around a dozen people, was set up during his confirmation process to discuss administrative concerns rather than real military planning. According to the insider, the chat included details about the air attack schedule. 

Jennifer, Hegseth's wife and a former Fox News producer, has attended classified meetings with foreign military counterparts, according to photographs released by the Pentagon. During a meeting with his British colleague at the Pentagon in March, Hegseth's wife was found sitting behind him. Hegseth's brother serves as a Department of Homeland Security liaison to the Pentagon.

The Trump administration has aggressively pursued leaks, which Hegseth has warmly supported in the Pentagon. Pentagon spokesperson Sean Parnell said, without evidence, that the media was "enthusiastically taking the grievances of disgruntled former employees as the sole sources for their article.” 

Hegeseth'S tumultuous moment 

Democratic lawmakers stated Hegseth could no longer continue in his position. "We keep learning how Pete Hegseth put lives at risk," Senate Minority Leader Chuck Schumer said in a post to X. "But Trump is still too weak to fire him. Pete Hegseth must be fired.”

Senator Tammy Duckworth, an Iraq War veteran who was severely injured in combat in 2004, stated that Hegseth "must resign in disgrace.” 

The latest disclosure comes just days after Dan Caldwell, one of Hegseth's top aides, was taken from the Pentagon after being identified during an investigation into leaks at the Department of Defence. Although Caldwell is not as well-known as other senior Pentagon officials, he has played an important role for Hegseth and was chosen the Pentagon's point of contact by the Secretary during the first Signal chat.
Read more »
phones
Computer Cyber Security Data Storage digital data phones

How Clearing Digital Mess Can Help You Save Money and Feel Better


 

Many people today are struggling with digital clutter. This means having too many files, photos, apps, and emails saved on phones or computers. A new survey shows that more than three out of four people have more digital data than they need.

The research, done in early 2025 by Compass Datacenters, asked 1,000 people about their digital habits. It found that digital overload is becoming a serious problem, and most people don’t know how to deal with it.


Why It Feels Overwhelming

Sorting through digital files can feel stressful. Around 33% of people said the thought of organizing their digital space made them feel uneasy or anxious. Only a small number—about 10% felt sure of how to clean up their digital mess.

People understand that too many saved files can slow down devices and make it hard to find what’s important. Yet, most don’t take the time to delete old data. This is often because they don’t know where to start or feel it will take too long.


The High Price of Keeping Everything

Holding on to unnecessary data isn’t just bad for your device— it can also hurt your wallet. Cloud storage services charge monthly fees, and these costs add up. The survey shared an example: If someone starts paying $20 per month for storage at age 25 and continues until they’re 85, they could spend about $40,000 in total.

Many younger people are choosing to buy more storage space instead of clearing files they no longer use.


Easy Ways to Start Cleaning

Cleaning your digital space doesn’t have to be difficult. Begin by checking your photo gallery. Delete pictures that are blurry, repeated, or no longer needed. Doing this once a month makes it easier.

Then, look at your apps. Are there any you haven’t opened in a long time? If yes, remove them. You can always download them again later.

Your downloads folder and email inbox can also hold a lot of junk. Old receipts, random files, and unread emails can take up space. Try removing emails with attachments first—they usually take up more storage.

Instead of paying every month for cloud storage, you can buy a hard drive once and store your files there. These drives offer lots of space at a one-time cost that can save you money over the years.


Make Digital Clean-Up a Routine

Just like cleaning your home, organizing your digital life works best when done regularly. Pick a day every few months to sort through your phone or computer. It may seem boring at first, but it feels great once done.

By cleaning your digital space often, you can keep your devices faster, reduce stress, and stop spending extra money on storage you might not need.


Read more »
Software
CISA Cyber Security Oracle Cloud Software

CISA Raises Alarm Over Oracle Cloud Security Leak

 



The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations about growing digital threats after a security incident involving Oracle’s old cloud systems. The alert points to the danger of leaked login details falling into the wrong hands, even though the full damage is still being investigated.

What Caused the Concern

Earlier this year, Oracle found out that hackers had broken into two outdated servers that were no longer in use. These systems were part of older technology, not tied to the company's current cloud services. While Oracle says its newer systems are unaffected, attackers still managed to steal information like emails, usernames, passwords, and digital keys used for logging in.

Some of this stolen information was shared online, with parts of it appearing to be more recent than expected. Cybersecurity news sources also received samples from the attacker, which some Oracle clients confirmed were real.


Why This Is a Big Deal

CISA explained that when login details are hidden inside software or automated tools, they’re hard to find and fix. If stolen, these hidden credentials could let hackers into systems without being noticed for a long time. Even worse, people often use the same passwords for different tools, which can help attackers reach more places using just one stolen set of details.


What Organizations Should Do Now

To reduce the chance of harm, CISA advised companies to act quickly. Their suggestions include:

1. Change all possibly affected passwords right away  

2. Stop storing login details inside programs or scripts  

3. Use multi-factor authentication to add an extra layer of security  

4. Check recent login activity for anything unusual  


More Breaches Reported

Reports also say that hackers placed harmful software on other older Oracle servers in early 2025. These systems, called Oracle Cloud Classic, may have been targeted since January. During this time, the attackers reportedly accessed Oracle’s Identity Manager system, which stores user login data.

In a separate incident, Oracle Health — a company that handles medical records — was also affected. In January, patient data from several U.S. hospitals was reportedly exposed due to another breach.

Even though Oracle says its main services weren’t touched, these events show how risky old systems can be if they aren’t retired properly. Businesses are being reminded to strengthen their security, replace weak or hidden credentials, and keep an eye on their systems for any suspicious behavior.



Read more »
Threat Landscape
AI Business Security Cyber Security Ransomware attack Threat Landscape

Explaining AI's Impact on Ransomware Attacks and Businesses Security

 

Ransomware has always been an evolving menace, as criminal outfits experiment with new techniques to terrorise their victims and gain maximum leverage while making extortion demands. Weaponized AI is the most recent addition to the armoury, allowing high-level groups to launch more sophisticated attacks but also opening the door for rookie hackers. The NCSC has cautioned that AI is fuelling the global threat posed by ransomware, and there has been a significant rise in AI-powered phishing attacks. 

Organisations are increasingly facing increasing threats from sophisticated assaults, such as polymorphic malware, which can mutate in real time to avoid detection, allowing organisations to strike with more precision and frequency. As AI continues to rewrite the rules of ransomware attacks, businesses that still rely on traditional defences are more vulnerable to the next generation of cyber attack. 

Ransomware accessible via AI 

Online criminals, like legal businesses, are discovering new methods to use AI tools, which makes ransomware attacks more accessible and scalable. By automating crucial attack procedures, fraudsters may launch faster, more sophisticated operations with less human intervention. 

Established and experienced criminal gangs gain from the ability to expand their operations. At the same time, because AI is lowering entrance barriers, folks with less technical expertise can now utilise ransomware as a service (RaaS) to undertake advanced attacks that would ordinarily be outside their pay grade. 

OpenAI, the company behind ChatGPT, stated that it has detected and blocked more than 20 fraudulent operations with its famous generative AI tool. This ranged from creating copy for targeted phishing operations to physically coding and debugging malware. 

FunkSec, a RaaS supplier, is a current example of how these tools are enhancing criminal groups' capabilities. The gang is reported to have only a few members, and its human-created code is rather simple, with a very low level of English. However, since its inception in late 2024, FunkSec has recorded over 80 victims in a single month, thanks to a variety of AI techniques that allow them to punch much beyond their weight. 

Investigations have revealed evidence of AI-generated code in the gang's ransomware, as well as web and ransom text that was obviously created by a Large Language Model (LLM). The team also developed a chatbot to assist with their operations using Miniapps, a generative AI platform. 

Mitigation tips against AI-driven ransomware 

With AI fuelling ransomware groups, organisations must evolve their defences to stay safe. Traditional security measures are no longer sufficient, and organisations must match their fast-moving attackers with their own adaptive, AI-driven methods to stay competitive. 

One critical step is to investigate how to combat AI with AI. Advanced AI-driven detection and response systems may analyse behavioural patterns in real time, identifying anomalies that traditional signature-based techniques may overlook. This is critical for fighting strategies like polymorphism, which have been expressly designed to circumvent standard detection technologies. Continuous network monitoring provides an additional layer of defence, detecting suspicious activity before ransomware can activate and propagate. 

Beyond detection, AI-powered solutions are critical for avoiding data exfiltration, as modern ransomware gangs almost always use data theft to squeeze their victims. According to our research, 94% of reported ransomware attacks in 2024 involved exfiltration, highlighting the importance of Anti Data Exfiltration (ADX) solutions as part of a layered security approach. Organisations can prevent extortion efforts by restricting unauthorised data transfers, leaving attackers with no choice but to move on.
Read more »
SBI
AI Scams AI technology Cyber Security Deepfake deepfake scams deepfake videos Investment Scam SBI

SBI Issues Urgent Warning Against Deepfake Scam Videos Promoting Fake Investment Schemes

 

The State Bank of India (SBI) has issued an urgent public advisory warning customers and the general public about the rising threat of deepfake scam videos. These videos, circulating widely on social media, falsely claim that SBI has launched an AI-powered investment scheme in collaboration with the Government of India and multinational corporations—offering unusually high returns. 

SBI categorically denied any association with such platforms and urged individuals to verify investment-related information through its official website, social media handles, or local branches. The bank emphasized that it does not endorse or support any investment services that promise guaranteed or unrealistic returns. 

In a statement published on its official X (formerly Twitter) account, SBI stated: “State Bank of India cautions all its customers and the general public about many deepfake videos being circulated on social media, falsely claiming the launch of an AI-based platform showcasing lucrative investment schemes supported by SBI in association with the Government of India and some multinational companies. These videos misuse technology to create false narratives and deceive people into making financial commitments in fraudulent schemes. We clarify that SBI does not endorse any such schemes that promise unrealistic or unusually high returns.” 

Deepfake technology, which uses AI to fabricate convincing videos by manipulating facial expressions and voices, has increasingly been used to impersonate public figures and create fake endorsements. These videos often feature what appear to be real speeches or statements by senior officials or celebrities, misleading viewers into believing in illegitimate financial products. This isn’t an isolated incident. Earlier this year, a deepfake video showing India’s Union Finance Minister allegedly promoting an investment platform was debunked by the government’s PIB Fact Check. 

The video, which falsely claimed that viewers could earn a steady daily income through the platform, was confirmed to be digitally altered. SBI’s warning is part of a broader effort to combat the misuse of emerging technologies for financial fraud. The bank is urging everyone to remain cautious and to avoid falling prey to such digital deceptions. Scammers are increasingly using advanced AI tools to exploit public trust and create a false sense of legitimacy. 

To protect themselves, customers are advised to verify any financial information or offers through official SBI channels. Any suspicious activity or misleading promotional material should be reported immediately. SBI’s proactive communication reinforces its commitment to safeguarding customers in an era where financial scams are becoming more sophisticated. The bank’s message is clear: do not trust any claims about investment opportunities unless they come directly from verified, official sources.
Read more »
Website
4Chan Ad Tech AI vulnerabilities Cyber Breach Cyber Security Cyberhackers CyberThreat MySQL Website

Unexpected 4Chan Downtime Leads to Cybersecurity Speculation

 


There has been a significant breach of security at 4chan recently, which has been widely reported. According to several online sources, a hacker may have managed to penetrate the platform's internal systems after successfully infiltrating the platform's anonymous and unmoderated discussions. This may represent the beginning of what appears to be a significant cybersecurity incident. 

Early reports indicate that the breach occurred when a section of the website that was inactive suddenly became active, displaying prominent messages such as "U GOT HACKED", a clear indication that the site had been hacked. This unexpected reactivation was the first indication that unauthorised access had been achieved. There was also growing speculation as a result of several online posts claiming the perpetrator behind the breach was leaking sensitive information, including personal information about the site moderators and their identities. 

The nature of the claims has sparked widespread concern about the possibility of data exposure and wider cybersecurity vulnerabilities for the platform, even though the platform has not yet released an official statement verifying the extent of the compromise. In this instance, it underscores the growing threat landscape facing digital platforms, particularly those that operate with minimal moderation and host large volumes of user-generated content, as the story unfolds. 

As cybersecurity experts and digital rights advocates continue to follow the story closely for confirmation and implications of the alleged breach, cybersecurity experts are closely monitoring developments. According to reports on social media platforms, 4chan was experiencing prolonged periods of downtime, which was widely reported by users across social media platforms, indicating the alleged breach of the website.

As of this writing, the website remains largely inaccessible. It appears that the disruption has been caused by a targeted and prolonged cyber intrusion, as suggested by independent observations, including those cited by TechCrunch. One user of a competing message board seemed to be revelling in the incident, with another claiming that the attacker had been able to use 4chan's systems for more than a year after gaining covert access through a user-created account. It is believed that numerous screenshots, purported to depict the administrative interface of the site, were circulated online as evidence of these claims. 

The images depicted what appeared to be internal tools and infrastructure, including moderation templates, user banning policies, and the source code of the platform, all of which would normally belong to the moderation team of the site. The most disturbing aspect of the leak has to do with a document that allegedly gives the identities of some 4chan moderators, as well as "janitors," who are users with limited administrative rights. 

In contrast to janitors, who are capable of removing threads and posts, moderators possess a more powerful set of capabilities, including the ability to view the IP address of users. This disclosure could have serious security and privacy implications if verified, especially given 4chan's history of hosting political, sometimes extreme content that is frequently unethical, oriented and extremist. 

Among other things, cybersecurity analysts warn that such a leak could compromise not only individual safety but could also give us a clearer picture of how one of the most polarising online communities functions. There have been reports of widespread service disruptions at 4chan, which were first reported early Tuesday, when thousands of users documented their experiences on Downdetector, a platform for monitoring website outages, reporting that 4chan's service has been disrupted. 

Since then, 4chan’s site has been intermittently accessible, with no official acknowledgement or explanations from its administrators, leaving a void that has quickly been filled by speculation. The narrative that has circulated, albeit unverified, points to a significant security breach. Multiple sources suggest that a hacker may have infiltrated the back-end infrastructure of 4chan and may be able to gain access to sensitive data, including moderator email addresses, internal communications and internal communications, among others. 

According to some users, the alleged vulnerability may be the result of outdated server software, which has been reported not to have been patched for more than a year. An even more detailed analysis was provided on the imageboard soyjack Party, a rival imageboard, where one user claimed the intruder had been able to access 4chan's administrative systems secretly for over a year. 

By these posts, the hacker eventually published portions of the platform's source code, as well as internal staff documentation, which led to a 4chan administrator taking it offline to prevent further exposure, as a result of the leak. As well as these allegations, many users on Reddit have shared screenshots of moderator login interfaces, private chat logs, as well as fragments of leaked code, as well as other claims that users echo. 

It is important to note that, while none of these allegations have been independently verified, cybersecurity professionals warn that if the breach is authentic, it can have serious repercussions for the site's operational security as well as the privacy of its users and employees. There has long been a reputation for 4chan as a place where controversial content is posted and politically sensitive discourse is conducted, and any breach of personal data, especially that of moderators, raises concerns about the possibility of identity theft, doxxing, and targeted harassment, as well as broader cyber exploitation. 

A definitive identification of the person responsible for the alleged 4chan breach has not been made yet, as conflicting reports and a lack of verifiable evidence continue to obscure the exact origins of the alleged attack. However, some emerging theories suggest that individuals connected with the Soyjak.party community, which is formally called the “Sharty” group, may have been involved in the incident. 

According to the allegations of these attackers, they are suspected to have exploited longstanding vulnerabilities in the backend architecture of 4chan, specifically outdated PHP code and deprecated MySQL functions, and gained access to a previously banned discussion board known as /QA/, as well as exposed some email addresses of the moderators of the platform. It remains unclear about the motives of the group. 

In recent weeks, certain users on X (formerly Twitter) have suggested that it might have been a retaliatory act resulting from the controversial removal of the /QA/ board in 2021. Although these assertions have been widely circulated, they have not been verified by credible sources. A comparison has also been made to previous breaches, including one which was revealed by 4chan's founder Christopher Poole in 2014, in which an attacker allegedly compromised moderator accounts due to his grievances. 

The incident at that time ended without any clarity as to who was responsible for the incident. It is clear that securing anonymous platforms, especially those that have a complex legacy and a volatile user base, continues to present several challenges, especially when layered with historical precedent and fresh suspicions. There will likely remain questions regarding accountability and intent until a formal investigation produces conclusive findings. 

It is likely, however, that if the breach is authenticated, it will significantly damage both 4chan's credibility and the privacy of its users. In addition to the possibility of exposing moderator emails and internal communications, leaked materials are allegedly showing evidence of deep system access, as well. According to these materials, user metrics, deleted posts and related IP addresses are exhibited alongside internal administrative documentation as well as portions of the platform's underlying source code assets. 

These materials, if genuine, may pose considerable security threats to users in the future. Even though WIRED is not able to independently verify the leaked content, there has been some controversy surrounding the situation since at least a few elements of the breach have been acknowledged as authentic by a moderator on the forum. Several concerns have been raised regarding 4chan's infrastructure since this incident, particularly allegations that the outdated and unpatched legacy software could have led to vulnerabilities ripe for exploitation. 

It is clear that these concerns have been around for nearly a decade; in 2014, following a previous security incident, the site's founder, Christopher Poole (also known as "moot"), made public a call for proactive measures in cybersecurity. In retrospect, it seems as though those early warnings went mostly unanswered. 

As a professor at the University of California Riverside who has a keen interest in digital discourse, online subcultures, and digital discourse, Emiliano De Cristofaro commented on the wider implications of the data breach, stating, “It seems that 4chan hasn’t been properly maintained in years,” he noted, noting that a failure to modernize and secure its infrastructure could now have exposed the site to irreversible consequences.
Read more »
Viral Tend
Barbie Doll Trend Cyber Security Generative AI Threat Intelligence User Privacy Viral Tend

Security Analysts Express Concerns Over AI-Generated Doll Trend

 

If you've been scrolling through social media recently, you've probably seen a lot of... dolls. There are dolls all over X and on Facebook feeds. Instagram? Dolls. TikTok?

You guessed it: dolls, as well as doll-making techniques. There are even dolls on LinkedIn, undoubtedly the most serious and least entertaining member of the club. You can refer to it as the Barbie AI treatment or the Barbie box trend. If Barbie isn't your thing, you can try AI action figures, action figure starter packs, or the ChatGPT action figure fad. However, regardless of the hashtag, dolls appear to be everywhere. 

And, while they share some similarities (boxes and packaging resembling Mattel's Barbie, personality-driven accessories, a plastic-looking smile), they're all as unique as the people who post them, with the exception of one key common feature: they're not real. 

In the emerging trend, users are using generative AI tools like ChatGPT to envision themselves as dolls or action figures, complete with accessories. It has proven quite popular, and not just among influencers.

Politicians, celebrities, and major brands have all joined in. Journalists covering the trend have created images of themselves with cameras and microphones (albeit this journalist won't put you through that). Users have created renditions of almost every well-known figure, including billionaire Elon Musk and actress and singer Ariana Grande. 

The Verge, a tech media outlet, claims that it started on LinkedIn, a professional social networking site that was well-liked by marketers seeking interaction. Because of this, a lot of the dolls you see try to advertise a company or business. (Think, "social media marketer doll," or even "SEO manager doll." ) 

Privacy concerns

From a social perspective, the popularity of the doll-generating trend isn't surprising at all, according to Matthew Guzdial, an assistant professor of computing science at the University of Alberta.

"This is the kind of internet trend we've had since we've had social media. Maybe it used to be things like a forwarded email or a quiz where you'd share the results," Guzdial noted. 

But as with any AI trend, there are some concerns over its data use. Generative AI in general poses substantial data privacy challenges. As the Stanford University Institute for Human-Centered Artificial Intelligence (Stanford HAI) points out, data privacy concerns and the internet are nothing new, but AI is so "data-hungry" that it magnifies the risk. 

Safety tips 

As we have seen, one of the major risks of participating in viral AI trends is the potential for your conversation history to be compromised by unauthorised or malicious parties. To stay safe, researchers recommend taking the following steps: 

Protect your account: This includes enabling 2FA, creating secure and unique passwords for each service, and avoiding logging in to shared computers.

Minimise the real data you give to the AI model: Fornés suggests using nicknames or other data instead. You should also consider utilising a different ID solely for interactions with AI models.

Use the tool cautiously and properly: When feasible, use the AI model in incognito mode and without activating the history or conversational memory functions.
Read more »
Tracking
Cyber Security Healthcare legislation Location Privacy surveillance Tracking

Why Location Data Privacy Laws Are Urgently Needed

 

Your location data is more than a simple point on a map—it’s a revealing digital fingerprint. It can show where you live, where you work, where you worship, and even where you access healthcare. In today’s hyper-connected environment, these movements are silently collected, packaged, and sold to the highest bidder. For those seeking reproductive or gender-affirming care, attending protests, or visiting immigration clinics, this data can become a dangerous weapon.

Last year, privacy advocates raised urgent concerns, calling on lawmakers to address the risks posed by unchecked location tracking technologies. These tools are now increasingly used to surveil and criminalize individuals for accessing fundamental services like reproductive healthcare.

There is hope. States such as California, Massachusetts, and Illinois are now moving forward with legislation designed to limit the misuse of this data and protect individuals from digital surveillance. These bills aim to preserve the right to privacy and ensure safe access to healthcare and other essential rights.

Imagine a woman in Alabama—where abortion is entirely banned—dropping her children at daycare and driving to Florida for a clinic visit. She uses a GPS app to navigate and a free radio app along the way. Without her knowledge, the apps track her entire route, which is then sold by a data broker. Privacy researchers demonstrated how this could happen using Locate X, a tool developed by Babel Street, which mapped a user’s journey from Alabama to Florida.

Despite its marketing as a law enforcement tool, Locate X was accessed by private investigators who falsely claimed affiliation with authorities. This loophole highlights the deeply flawed nature of current data protections and how they can be exploited by anyone posing as law enforcement.

The data broker ecosystem remains largely unregulated, enabling a range of actors—from law enforcement to ideological groups—to access and weaponize this information. Near Intelligence, a broker, reportedly sold location data from visitors to Planned Parenthood to an anti-abortion organization. Meanwhile, in Idaho, cell phone location data was used to charge a mother and her son with aiding an abortion, proving how this data can be misused not only against patients but also those supporting them.

The Massachusetts bill proposes a protected zone of 1,850 feet around sensitive locations, while California takes a broader stance with a five-mile radius. These efforts are gaining support from privacy advocates, including the Electronic Frontier Foundation.

“A ‘permissible purpose’ (which is key to the minimization rule) should be narrowly defined to include only: (1) delivering a product or service that the data subject asked for, (2) fulfilling an order, (3) complying with federal or state law, or (4) responding to an imminent threat to life.”

Time and again, we’ve seen location data weaponized to monitor immigrants, LGBTQ+ individuals, and those seeking reproductive care. In response, state legislatures are advancing bills focused on curbing this misuse. These proposals are grounded in long-standing privacy principles such as informed consent and data minimization—ensuring that only necessary data is collected and stored securely.

These laws don’t just protect residents. They also give peace of mind to travelers from other states, allowing them to exercise their rights without fear of being tracked, surveilled, or retaliated against.

To help guide new legislation, this post outlines essential recommendations for protecting communities through smart policy design. These include:
  • Strong definitions,
  • Clear rules,
  • Affirmation that all location data is sensitive,
  • Empowerment of consumers through a strong private right of action,
  • Prohibition of “pay-for-privacy” schemes, and
  • Transparency through clear privacy policies.
These protections are not just legal reforms—they’re necessary steps toward reclaiming control over our digital movements and ensuring no one is punished for seeking care, support, or safety.
Read more »
Threat Intelligence
Black Basta Cyber Security Data Leak Ransomware Outfit Threat Intelligence

Black Basta: Exposing the Ransomware Outfit Through Leaked Chat Logs

 

The cybersecurity sector experienced an extraordinary breach in February 2025 that revealed the inner workings of the well-known ransomware gang Black Basta. 

Trustwave SpiderLabs researchers have now taken an in-depth look at the disclosed contents, which explain how the gang thinks and operates, including discussions about tactics and the effectiveness of various attack tools. Even going so far as to debate the ethical and legal implications of targeting Ascension Health. 

The messages were initially posted to MEGA before being reuploaded straight to Telegram on February 11 by the online identity ExploitWhispers. The JSON-based dataset contained over 190,000 messages allegedly sent by group members between September 18, 2023 and September 28, 2024. 

This data dump provides rare insight into the group's infrastructure, tactics, and internal decision-making procedures, providing obvious links to the infamous Conti leaks of 2022. The leak does not provide every information about the group's inner workings, but it does provide a rare glimpse inside one of the most financially successful ransomware organisations in recent years. 

The dataset reveals Black Basta's internal workflows, decision-making processes, and team dynamics, providing an unfiltered view of how one of the most active ransomware gangs functions behind the scenes, with parallels to the infamous Conti leaks. Black Basta has been operating since 2022. 

The outfit normally keeps a low profile while carrying out its operations, which target organisations in a variety of sectors and demand millions in ransom payments. The messages demonstrate members' remarkable autonomy and ingenuity in adjusting fast to changing security situations. The leak revealed Black Basta's reliance on social engineering tactics. While traditional phishing efforts are still common, they can take a more personable approach in some cases. 

The chat logs provide greater insight into Black Basta's strategic approach to vulnerability exploitation. The group actively seeks common and unique vulnerabilities, acquiring zero-day exploits to gain a competitive advantage. 

Its weaponization policy reveals a deliberate effort to increase the impact of its attacks, with Cobalt Strike frequently deployed for command and control operations. Notably, Black Basta created a custom proxy architecture dubbed "Coba PROXY" to manage massive amounts of C2 traffic, which improved both stealth and resilience. Beyond its technological expertise, the leak provides insight into Black Basta's negotiation strategies. 

The gang uses aggressive l and psychologically manipulative tactics to coerce victims into paying ransoms. Strategic delays and coercive rhetoric are standard tactics used to extract the maximum financial return. Even more alarming is its growth into previously off-limits targets, such as CIS-based financial institutions.

While the immediate impact of the breach is unknown, the disclosure of Black Basta's inner workings provides a unique chance for cybersecurity specialists to adapt and respond. Understanding its methodology promotes the creation of more effective defensive strategies, hence increasing resilience to future ransomware assaults.
Read more »
Silicon Valley
AI generated Deepfake AI Security AI technology AI Tool Breach attack Cyber Security Hacker attack Silicon Valley

Silicon Valley Crosswalk Buttons Hacked With AI Voices Mimicking Tech Billionaires

 

A strange tech prank unfolded across Silicon Valley this past weekend after crosswalk buttons in several cities began playing AI-generated voice messages impersonating Elon Musk and Mark Zuckerberg.  

Pedestrians reported hearing bizarre and oddly personal phrases coming from audio-enabled crosswalk systems in Menlo Park, Palo Alto, and Redwood City. The altered voices were crafted to sound like the two tech moguls, with messages that ranged from humorous to unsettling. One button, using a voice resembling Zuckerberg, declared: “We’re putting AI into every corner of your life, and you can’t stop it.” Another, mimicking Musk, joked about loneliness and buying a Cybertruck to fill the void.  

The origins of the incident remain unknown, but online speculation points to possible hacktivism—potentially aimed at critiquing Silicon Valley’s AI dominance or simply poking fun at tech culture. Videos of the voice spoof spread quickly on TikTok and X, with users commenting on the surreal experience and sarcastically suggesting the crosswalks had been “venture funded.” This situation prompts serious concern. 

Local officials confirmed they’re investigating the breach and working to restore normal functionality. According to early reports, the tampering may have taken place on Friday. These crosswalk buttons aren’t new—they’re part of accessibility technology designed to help visually impaired pedestrians cross streets safely by playing audio cues. But this incident highlights how vulnerable public infrastructure can be to digital interference. Security researchers have warned in the past that these systems, often managed with default settings and unsecured firmware, can be compromised if not properly protected. 

One expert, physical penetration specialist Deviant Ollam, has previously demonstrated how such buttons can be manipulated using unchanged passwords or open ports. Polara, a leading manufacturer of these audio-enabled buttons, did not respond to requests for comment. The silence leaves open questions about how widespread the vulnerability might be and what cybersecurity measures, if any, are in place. This AI voice hack not only exposed weaknesses in public technology but also raised broader questions about the blending of artificial intelligence, infrastructure, and data privacy. 

What began as a strange and comedic moment at the crosswalk is now fueling a much larger conversation about the cybersecurity risks of increasingly connected cities. With AI becoming more embedded in daily life, events like this might be just the beginning of new kinds of public tech disruptions.
Read more »
Tracking
Ads Analytics AppleTV Chromecast control Cyber Security Data device FireTV personalization Roku settings smartTV streaming surveillance Tracking

Your Streaming Devices Are Watching You—Here's How to Stop It

Streaming devices like Roku, Fire TV, Apple TV, and Chromecast make binge-watching easy—but they’re also tracking your habits behind the scenes.

Most smart TVs and platforms collect data on what you watch, when, and how you use their apps. While this helps with personalised recommendations and ads, it also means your privacy is at stake.


If that makes you uncomfortable, here’s how to take back control:

1. Amazon Fire TV Stick
Amazon collects "frequency and duration of use of apps on Fire TV" to improve services but says, “We don’t collect information about what customers watch in third-party apps on Fire TV.”
To limit tracking:
  • Go to Settings > Preferences > Privacy Settings
  • Turn off Device Usage Data
  • Turn off Collect App Usage Data
  • Turn off Interest-based Ads

2. Google Chromecast with Google TV
Google collects data across its platforms including search history, YouTube views, voice commands, and third-party app activity. However, “Google Chromecast as a platform does not perform ACR.”
To limit tracking:
  • Go to Settings > Privacy
  • Turn off Usage & Diagnostics
  • Opt out of Ads Personalization
  • Visit myactivity.google.com to manage other data

3. Roku
Roku tracks “search history, audio inputs, channels you access” and shares this with advertisers.
To reduce tracking:
  • Go to Settings > Privacy > Advertising
  • Enable Limit Ad Tracking
  • Adjust Microphone and Channel Permissions under Privacy settings
4. Apple TV
Apple links activity to your Apple ID and tracks viewing history. It also shares some data with partners. However, it asks permission before allowing apps to track.
To improve privacy:

  • Go to Settings > General > Privacy
  • Enable Allow Apps to Ask to Track
  • Turn off Share Apple TV Analytics
  • Turn off Improve Siri and Dictation

While streaming devices offer unmatched convenience, they come at the cost of data privacy. Fortunately, each platform allows users to tweak their settings and regain some control over what’s being shared. A few minutes in the settings menu can go a long way in protecting your personal viewing habits from constant surveillance.
Read more »
Salt Typhoon
Android Cyber Security Google messages RCS Salt Typhoon

Google Plans Big Messaging Update for Android Users

 



Google is preparing a major upgrade to its Messages app that will make texting between Android and iPhone users much smoother and more secure. For a long time, Android and Apple phones haven’t worked well together when it comes to messaging. But this upcoming change is expected to improve the experience and add strong privacy protections.


New Messaging Technology Called RCS

The improvement is based on a system called RCS, short for Rich Communication Services. It’s a modern replacement for traditional SMS texting. This system adds features like read receipts, typing indicators, and high-quality image sharing—all without needing third-party apps. Most importantly, RCS supports encryption, which means messages can be protected and private.

Recently, the organization that decides how mobile networks work— the GSMA announced support for RCS as the new standard. Both Google and Apple have agreed to upgrade their messaging apps to match this system, allowing Android and iPhone users to send safer, encrypted messages to each other for the first time.


Why Is This Important Now?

The push for stronger messaging security comes after several cyberattacks, including a major hacking campaign by Chinese groups known as "Salt Typhoon." These hackers broke into American networks and accessed sensitive data. Events like this have raised concerns about weak security in regular text messaging. Even the FBI advised people not to use SMS for sharing personal or financial details.


What’s Changing in Google Messages?

As part of this shift, Google is updating its Messages app to make it easier for users to see which contacts are using RCS. In a test version of the app, spotted by Android Authority, Google is adding new features that label contacts based on whether they support RCS. The contact list may also show different colors to make RCS users stand out.

At the moment, there’s no clear way to know whether a chat will use secure RCS or fallback SMS. This update will fix that. It will even help users identify if someone using an iPhone has enabled RCS messaging.


A More Secure Future for Messaging

Once this update is live, Android users will have a messaging app that better matches Apple’s iMessage in both features and security. It also means people can communicate across platforms without needing apps like WhatsApp or Signal. With both Google and Apple on board, RCS could soon become the standard way we all send safe and reliable text messages.


Read more »
Subscribe to: Posts (Atom)