Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Safety. Show all posts
monitoring
Apple Apple ID Cyber Privacy Cyber Security Data Safety data security Digital Privacy enhanced user privacy monitoring

Apple’s Digital ID Tool Sparks Privacy Debate Despite Promised Security

 

Apple’s newly introduced Digital ID feature has quickly ignited a divide among users and cybersecurity professionals, with reactions ranging from excitement to deep skepticism. Announced earlier this week, the feature gives U.S. iPhone owners a way to present their passport directly from Apple Wallet at Transportation Security Administration checkpoints across more than 250 airports nationwide. Designed to replace the need for physical identity documents at select travel touchpoints, the rollout marks a major step in Apple’s broader effort to make digital credentials mainstream. But the move has sparked conversations about how willing society should be to entrust critical identity information to smartphones. 

On one side are supporters who welcome the convenience of leaving physical IDs at home, believing Apple’s security infrastructure offers a safer and more streamlined travel experience. On the other side are privacy advocates who fear that such technology could pave the way for increased surveillance and data misuse, especially if government agencies gain new avenues to track citizens. These concerns mirror wider debates already unfolding in regions like the United Kingdom and the European Union, where national and bloc-wide digital identity programs have faced opposition from civil liberties organizations. 

Apple states that its Digital ID system relies on advanced encryption and on-device storage to protect sensitive information from unauthorized access. Unlike cloud-based sharing models, Apple notes that passport data will remain confined to the user’s iPhone, and only the minimal information necessary for verification will be transmitted during identification checks. Authentication through Face ID or Touch ID is required to access the ID, aiming to ensure that no one else can view or alter the data. Apple has emphasized that it does not gain access to passport details and claims its design prioritizes privacy at every stage. 

Despite these assurances, cybersecurity experts and digital rights advocates are unconvinced. Jason Bassler, co-founder of The Free Thought Project, argued publicly that increasing reliance on smartphone-based identity tools could normalize a culture of compromised privacy dressed up as convenience. He warned that once the public becomes comfortable with digital credentials, resistance to broader forms of monitoring may fade. Other specialists, such as Swiss security researcher Jean-Paul Donner, note that iPhone security is not impenetrable, and both hackers and law enforcement have previously circumvented device protections. 

Major organizations like the ACLU, EFF, and CDT have also called for strict safeguards, insisting that identity systems must be designed to prevent authorities from tracking when or where identification is used. They argue that without explicit structural barriers to surveillance, the technology could be exploited in ways that undermine civil liberties. 

Whether Apple can fully guarantee the safety and independence of digital identity data remains an open question. As adoption expands and security is tested in practice, the debate over convenience versus privacy is unlikely to go away anytime soon. TechRadar is continuing to consult industry experts and will provide updates as more insights emerge.
Read more »
User Privacy
Cyber Security Data Safety One Login UK Digital ID User Privacy

UK Digital ID Faces Security Crisis Ahead of Mandatory Rollout

 

The UK’s digital ID system, known as One Login, triggered major controversy in 2025 due to serious security vulnerabilities and privacy concerns, leading critics to liken it to the infamous Horizon scandal. 

One Login is a government-backed identity verification platform designed for access to public services and private sector uses such as employment verification and banking. Despite government assurances around its security and user benefits, public confidence plummeted amid allegations of cybersecurity failures and rushed implementation planned for November 18, 2025.

Critics, including MPs and cybersecurity experts, revealed that the system failed critical red-team penetration tests, with hackers gaining privileged access during simulated cyberattacks. Further concerns arose over development practices, with portions of the platform built by contractors in Romania on unsecured workstations without adequate security clearance. The government missed security deadlines, with full compliance expected only by March 2026—months after the mandatory rollout began.

This “rollout-at-all-costs” approach amidst unresolved security flaws has created a significant trust deficit, risking citizens’ personal data, which includes sensitive information like biometrics and identification documents. One Login collects comprehensive data, such as name, birth date, biometrics, and a selfie video for identity verification. This data is shared across government services and third parties, raising fears of surveillance, identity theft, and misuse.

The controversy draws a parallel to the Horizon IT scandal, where faulty software led to wrongful prosecutions of hundreds of subpostmasters. Opponents warn that flawed digital ID systems could cause similar large-scale harms, including wrongful exclusions and damaged reputations, undermining public trust in government IT projects.

Public opposition has grown, with petitions and polls showing more people opposing digital ID than supporting it. Civil liberties groups caution against intrusive government tracking and call for stronger safeguards, transparency, and privacy protections. The Prime Minister defends the program as a tool to simplify life and reduce identity fraud, but critics label it expensive, intrusive, and potentially dangerous.

In conclusion, the UK’s digital ID initiative stands at a critical crossroads, facing a crisis of confidence and comparisons to past government technology scandals. Robust security, oversight, and public trust are imperative to avoid a repeat of such failures and ensure the system serves citizens without compromising their privacy or rights.
Read more »
supply chain security
Access control Adversarial attacks agentic AI AI Algorithmic security Data Safety identity management Privacy supply chain security

AI Agents and the Rise of the One-Person Unicorn

 


Building a unicorn has been synonymous for decades with the use of a large team of highly skilled professionals, years of trial and error, and significant investments in venture capital. That is the path to building a unicorn, which has a value of over a billion dollars. Today, however, there is a fundamental shift in the established model in which people live. As AI agentic systems develop rapidly, shaped in part by OpenAI's vision of autonomous digital agents, one founder will now be able to accomplish what once required an entire team of workers.

It is evident in today's emerging landscape that the concept of "one-person unicorn" is no longer just an abstract concept, but rather a real possibility, as artificial intelligence agents expand their role beyond mere assistants, becoming transformative partners that push the boundaries of individual entrepreneurship. In spite of the fact that artificial intelligence has long been part of enterprise strategies for a long time, Agentic Artificial Intelligence marks the beginning of a significant shift. 

Aside from conventional systems, which primarily analyse data and provide recommendations, these autonomous agents can act independently to make strategic decisions and directly affect the outcome of their business decisions without needing any human intervention at all. This shift is not merely theoretical—it is already reshaping organisational practices on a large scale.

It has been revealed that the extent to which generative AI is being adopted is based on a recent survey conducted among 1,000 IT decision makers in the United States, the United Kingdom, Germany, and Australia. Ninety per cent of the survey respondents indicated that their companies have incorporated generative AI into their IT strategies, and half have already implemented AI agents. 

A further 32 per cent are preparing to follow suit shortly, according to the survey. In this new era of artificial intelligence, defining itself no longer by passive analytics or predictive modelling, but by autonomous agents capable of grasping objectives, evaluating choices, and executing tasks without the need for human intervention, people are seeing a new phase of AI emerge. 

With the advent of artificial intelligence, agents are no longer limited to providing assistance; they are now capable of orchestrating complex workflows across fragmented systems, adapting constantly to changing environments, and maximising outcomes on a real-time basis. With this development, there is more to it than just automation. It represents a shift from static digitisation to dynamic, context-aware execution, effectively transforming judgment into a digital function. 

Leading companies are increasingly comparing the impact of this transformation with the Internet's, but there is a possibility that the reach of this transformation may be even greater. Whereas the internet revolutionised external information flows, artificial intelligence is transforming internal operations and decision-making ecosystems. 

As a result of such advances, healthcare diagnostics are guided and predictive interventions are enabled; manufacturing is creating self-optimized production systems; and legal and compliance are simulating scenarios in order to reduce risk and accelerate decisions in order to reduce risk. This advancement is more than just boosting productivity – it has the potential to lay the foundations of new business models that are based on embedded, distributed intelligence. 

According to Google CEO Sundar Pichai, artificial intelligence is poised to affect “every sector, every industry, every aspect of our lives,” making the case that the technology is a defining force of our era, a reminder of the technological advances of this era. Agentic AI is characterised by its ability to detect subtle patterns of behaviour and interactions between services that are often difficult for humans to observe. This capability has already been demonstrated in platforms such as Salesforce's Interaction Explorer, which allows AI agents to detect repeated customer frustrations or ineffective policy responses and propose corrective actions, resulting in the creation of these platforms. 

Therefore, these systems become strategic advisors, which are capable of identifying risks, flagging opportunities, and making real-time recommendations to improve operations, rather than simply being back-office tools. Combined with the ability to coordinate between agents, the technology can go even further, allowing for automatic cross-functional enhanced functionality that speeds up business processes and efficiency. 

As part of this movement, leading companies like Salesforce, Google, and Accenture are combining complementary strengths to provide a variety of artificial intelligence-driven solutions ranging from multilingual customer support to predictive issue resolution to intelligent automation, integrating Salesforce's CRM ecosystem with Google Cloud's Gemini models and Accenture's sector-specific expertise. 

Moreover, with the availability of such tools, innovation is no longer confined to engineers alone; subject matter experts across a wide range of industries can now drive adoption and shape the next wave of enterprise transformation, since they have the means to do so. In order to be competitive, an organisation must not simply rely on pre-built templates. 

Instead, it must be able to customise its Agentic AI system according to its unique identity and needs. As a result of the use of natural language prompts, requirement documents, and workflow diagrams, businesses can tailor agent behaviours without having to rely on long development cycles, large budgets, or a lot of technical expertise. 

In the age of no-code and natural language interfaces, the ability to customise agents is shifting from developers to business users, ensuring that agents reflect the company's distinctive values, brand voice, and philosophy, moving the power of customisation from developers to business users. Moreover, advances in multimodality are allowing AI to be used in new ways beyond text, including voice, images, videos, and sensors. Through this evolution, agents will be able to interpret customer intent more deeply, providing them with more personalised and contextually relevant assistance based on customer intent. 

In addition, customers are now able to upload photos of defective products rather than type lengthy descriptions, or receive support via short videos rather than pages of text if they have a problem with a product. A crucial aspect of these agents is that they retain memories across their interactions, so they can constantly adapt to individual behaviours, making digital engagement less transactional and more like an ongoing, human-centred conversation, rather than a transaction. 

There are many implications beyond operational efficiency and cost reduction that are being brought about by Agentic AI. As a result of this transformation, a radical redefining of work, value creation, and even entrepreneurship itself is becoming apparent. With the capability of these systems enabling companies as well as individuals to utilise distributed intelligence, they are redefining the boundaries between human and machine collaboration, and they are not just reshaping workflows—they are redefining the boundaries of human and machine collaboration. 

A future in which scale and impact are no longer determined by headcount, but rather by the sophisticated capabilities of digital agents working alongside a single visionary, is what people are seeing in the one-person unicorn. While this transformation is bringing about societal changes, it also raises a number of concerns. The increasing delegating of decision-making tasks to autonomous agents raises questions about accountability, ethics, job displacement, and systemic risks. 

In this time and age, regulators, policymakers, and industry leaders must establish guardrails that ensure that the benefits of artificial intelligence do not further deepen inequalities or erode trust by balancing innovation with responsibility. The challenge for companies lies in deploying these tools not only in a fast and efficient manner, but also by their values, branding, and social responsibilities. It is not just the technical advance of autonomous agents that makes this moment historic, but also the cultural and economic pivot they signal that makes it so. 

Likewise to the internet, which democratized access to information in the past, artificial intelligence agents are poised to democratize access to judgment, strategy, and execution, which were traditionally restricted to larger organisations. Using it, enterprises can achieve new levels of agility and competitiveness, while individuals can achieve a greater amount of what they can accomplish. Agentic intelligence is not just an incremental upgrade to existing systems, but an entire shift that determines how the digital economy will function in the future, a shift which will define the next chapter in the history of our society.
Read more »
ways to protect USB
Cyber Security Data Safety Data Safety Security Public USB Stations ways to protect USB

Lock Down Your USB Drive: 5 Powerful Ways to Keep Your Data Safe

 

In a world where we lock our phones, PCs, and even smart fridges, it’s surprising how many people still overlook the security of something as portable and vulnerable as a USB drive. A lost thumbstick can quickly turn into a digital nightmare, exposing sensitive files, personal photos, or critical documents to whoever finds it. The solution? Encryption. Securing your USB device has never been easier. 

Modern encryption tools make it simple to password-protect your data and render it unreadable to unauthorised users. While it might take a few seconds longer to access your encrypted files, the tradeoff is peace of mind. 

Here are five effective ways to safeguard the contents of your USB drive. 

3
Major USB brands like SanDisk, Lexar, and Western Digital often ship their drives with proprietary encryption software. Tools like SanDisk PrivateAccess, Lexar DataShield, and WD Security are tailored for easy integration with their devices. Just install the software (sometimes preloaded on the drive), set your password, and you're good to go. However, these tools aren't without flaws. Some older versions have known vulnerabilities, and losing your password could mean losing access to your files entirely. Also, these utilities often require the same software to be installed on any device you use to access the drive. 

2. BitLocker for Windows Users 

BitLocker, a built-in encryption tool in Windows 10 and 11 Pro, is ideal for those who stick with the Microsoft ecosystem. Right-click the drive in File Explorer, select BitLocker, and follow the prompts. You’ll be able to encrypt the entire device and create a recovery key—just in case you forget your password. The benefits are solid: full-drive encryption, built-in support, and no need for third-party software. But there’s a catch—BitLocker isn’t available on all Windows machines, especially those running the Home edition, and it doesn’t work with macOS or Linux without extra tools. 

3. macOS Disk Utility for Apple Fans 

If you're in the Apple camp, Disk Utility on macOS provides a clean, straightforward way to encrypt external drives. Just reformat the drive with an encrypted APFS file system and assign a password. It’s fully integrated into macOS, so no need for extra software. The downside? APFS isn't natively compatible with Windows or Linux. To access your encrypted drive on non-Apple systems, you'd need third-party software—which often isn’t free. 

4. VeraCrypt: Open Source Fort Knox 

For those who want the highest level of control and security, VeraCrypt is a no-nonsense, open-source solution. It supports advanced encryption algorithms, offers full disk and volume encryption, and even lets you create hidden volumes for plausible deniability. While it's powerful, VeraCrypt is best suited for desktop users. It doesn’t support mobile platforms and has a steeper learning curve. But for security-conscious users, it’s one of the most trusted tools available. 

5. Cryptomator: Cross-Platform Flexibility 

If you need a user-friendly solution that works across Windows, macOS, Linux, iOS, and Android, Cryptomator is hard to beat. It encrypts individual vaults rather than full drives, so you can easily move or copy the vault between devices. All you need is the app to access your data. Designed originally for cloud storage, Cryptomator is equally effective for removable media. It offers strong AES 256-bit encryption, open-source transparency, and the flexibility to use the rest of your USB drive for unencrypted storage without any risk of interference.
Read more »
edge computing
Cloud Computing CloudFlare Cloudflare outage Computing Critical Infrastructure Cyber Security Data Safety data security Disruption edge computing

Cloudflare Explains Major Service Outage: Not a Security Breach, No Data Lost

 

Cloudflare has clarified that a widespread outage affecting its global services was not the result of a cyberattack or data breach. The company confirmed that no customer data was compromised during the disruption, which significantly impacted numerous platforms, including major edge computing services and some Google Cloud infrastructure. 

The issue began at approximately 17:52 UTC and was primarily caused by a complete failure of Workers KV, Cloudflare’s globally distributed key-value storage system. As a backbone for its serverless computing platform, Workers KV plays a crucial role in supporting configuration, identity management, and content delivery across many of Cloudflare’s offerings. When it went offline, critical functions across the ecosystem were immediately affected. 

In a post-incident analysis, Cloudflare revealed that the root cause was a malfunction in the storage infrastructure that underpins Workers KV. This backend is partially hosted by a third-party cloud service, which experienced its own outage—directly leading to the failure of the KV system. The ripple effects were far-reaching, disrupting Cloudflare services for nearly two and a half hours. 

Key services impacted included authentication platforms like Access and Gateway, which saw major breakdowns in login systems, session handling, and policy enforcement. Cloudflare’s WARP service was unable to register new devices, while Gateway experienced failures in DNS-over-HTTPS queries. CAPTCHA and login tools such as Turnstile and Challenges also malfunctioned, with a temporary kill switch introducing token reuse risks.  
Media services like Stream and Images were hit particularly hard, with all live streaming and media uploads failing during the incident. Other offerings such as Workers AI, Pages, and the AutoRAG AI system were rendered entirely unavailable. Even backend systems like Durable Objects, D1 databases, and Queues registered elevated error rates or became completely unresponsive.  

Cloudflare’s response plan now includes a significant architectural shift. The company will begin migrating Workers KV from its current third-party dependency to its in-house R2 object storage solution. This move is designed to reduce reliance on external providers and improve the overall resilience of Cloudflare’s services. 

In addition, Cloudflare will implement a series of safeguards to mitigate cascading failures in future outages. This includes new cross-service protections and controlled service restoration tools that will help stabilize systems more gradually and prevent sudden traffic overloads. 

While the outage was severe, Cloudflare’s transparency and swift action to redesign its infrastructure aim to minimize similar disruptions in the future and reinforce trust in its platform.
Read more »
Polymorphic Attack
Chrome Extension Cyber Attacks Data Safety Malicious Campaign Polymorphic Attack

Malicious Chrome Extensions Spoof Password Managers in Novel Polymorphic Attack

 

Cybersecurity experts have uncovered a novel technique for a malicious web browser extension to spoof any installed add-on.

"The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to the real extension," SquareX noted in a report published earlier this month. 

The attack targets all Chromium-based web browsers, including Google Chrome, Microsoft Edge, Brave, Opera, and others. The strategy relies on the fact that users frequently pin extensions to the browser's toolbar. In a hypothetical attack scenario, threat actors could publish a polymorphic extension to the Chrome Web Store (or any extension marketplace) and pass it off as a utility. 

The attackers could then use the harvested credentials to take over online accounts and steal sensitive financial and personal data without authorisation. While the add-on provides the claimed functionality without raising any suspicions, it activates the malicious features in the background by actively scanning for the presence of online resources associated with particular target extensions using a technique known as web resource hitting. 

Once a suitable target extension has been located, the attack proceeds to the next stage, when it morphs into a duplicate of the legitimate extension. This is performed by modifying the rogue extension's icon to match that of the target and temporarily disabling the actual add-on using the "chrome.management" API, resulting in its removal from the toolbar. 

"The polymorphic extension attack is extremely powerful as it exploits the human tendency to rely on visual cues as a confirmation," SquareX added. "In this case, the extension icons on a pinned bar are used to inform users of the tools they are interacting with.” 

The findings follow a month after the company revealed Browser Syncjacking, another attack technique that allows a seemingly harmless browser extension to take over a victim's device.
Read more »
Safety
Cyber Security Data Data Safety data security Google Safety

Google Report Warns Cybercrime Poses a National Security Threat

 

When discussing national security threats in the digital landscape, attention often shifts to suspected state-backed hackers, such as those affiliated with China targeting the U.S. Treasury or Russian ransomware groups claiming to hold sensitive FBI data. However, a recent report from the Google Threat Intelligence Group highlights that financially motivated cybercrime, even when unlinked to state actors, can pose equally severe risks to national security.

“A single incident can be impactful enough on its own to have a severe consequence on the victim and disrupt citizens' access to critical goods and services,” Google warns, emphasizing the need to categorize cybercrime as a national security priority requiring global cooperation.

Despite cybercriminal activity comprising the vast majority of malicious online behavior, national security experts predominantly focus on state-sponsored hacking groups, according to the February 12 Google Threat Intelligence Group report. While state-backed attacks undoubtedly pose a critical threat, Google argues that cybercrime and state-sponsored cyber warfare cannot be evaluated in isolation.

“A hospital disrupted by a state-backed group using a wiper and a hospital disrupted by a financially motivated group using ransomware have the same impact on patient care,” Google analysts assert. “Likewise, sensitive data stolen from an organization and posted on a data leak site can be exploited by an adversary in the same way data exfiltrated in an espionage operation can be.”

The escalation of cyberattacks on healthcare providers underscores the severity of this threat. Millions of patient records have been stolen, and even blood donor supply chains have been affected. “Healthcare's share of posts on data leak sites has doubled over the past three years,” Google notes, “even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year.”

The report highlights how Russia has integrated cybercriminal capabilities into warfare, citing the military intelligence-linked Sandworm unit (APT44), which leverages cybercrime-sourced malware for espionage and disruption in Ukraine. Iran-based threat actors similarly deploy ransomware to generate revenue while conducting espionage. Chinese spy groups supplement their operations with cybercrime, and North Korean state-backed hackers engage in cyber theft to fund the regime. “North Korea has heavily targeted cryptocurrencies, compromising exchanges and individual victims’ crypto wallets,” Google states.

These findings illustrate how nation-states increasingly procure cyber capabilities through criminal networks, leveraging cybercrime to facilitate espionage, data theft, and financial gain. Addressing this challenge requires acknowledging cybercrime as a fundamental national security issue.

“Cybercrime involves collaboration between disparate groups often across borders and without respect to sovereignty,” Google explains. Therefore, any solution must involve international cooperation between law enforcement and intelligence agencies to track, arrest, and prosecute cybercriminals effectively.
Read more »
whoAMI
Amazon cloud AWS Credentials Cyber Security Data Safety whoAMI

whoAMI Name Assaults Can Compromise AWS Accounts to Malicious Code Execution

 

Datadog Security Labs researchers developed a new name confusion attack technique known as whoAMI, which allows threat actors to execute arbitrary code within an Amazon Web Services (AWS) account by uploading an Amazon Machine Image (AMI) with a specified name. 

The researchers warn that, at scale, this assault can impact thousands of AWS accounts, with approximately 1% of organisations believed to be vulnerable. An Amazon Machine Image (AMI) is a virtual machine image used to start Elastic Compute Cloud (EC2) instances. Users can use the AWS API to search for the latest version of an AMI or provide it by ID. 

Datadog Security Labs stated that anyone can publish an AMI to the Community AMI catalogue; in order to verify whether a user searching the catalogue for an AMI ID will receive an official AMI rather than one published by a malicious actor, he can specify the owner attribute. 

When searching for AMIs, using the owner attribute may ensure that results are from verified sources such as Amazon or trustworthy providers. If the owners property is not included in an AMI search, an attacker can publish a malicious AMI with a recent date, making it the first result in automated queries. The attack happens when a victim uses the name filter without specifying the owner, owner-alias, or owner-id criteria, and retrieves the most recently generated image. 

“To exploit this configuration, an attacker can create a malicious AMI with a name that matches the above pattern and that is newer than any other AMIs that also match the pattern. The attacker can then either make the AMI public or privately share it with the targeted AWS account.” reads the advisory published by the company. 

The researchers published a video proof-of-concept of the assault and developed an AMI with a C2 backdoor preinstalled (attacker AWS Account ID: 864899841852, victim AWS Account ID: 438465165216). 

“This research demonstrated the existence and potential impact of a name confusion attack targeting AWS’s community AMI catalog. Though the vulnerable components fall on the customer side of the shared responsibility model, there are now controls in place to help you prevent and/or detect this vulnerability in your environments and code,” the report concluded. “Since we initially shared our findings with AWS, they have released Allowed AMIs, an excellent new guardrail that can be used by all AWS customers to prevent the whoAMI attack from succeeding, and we strongly encourage adoption of this control. This is really great work by the EC2 team!” 

As of November last year, HashiCorp rectified the flaw in terraform-aws-provider 5.77, which now warns when "most_recent=true" is used without an owner filter. This will become an error in version 6.0.
Read more »
Subscribe to: Comments (Atom)