Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data. Show all posts
Trust
AI Automation Biometrics consent Cybersecurity Data Ethics Intelligence Privacy Regulation Security surveillance Technology Transparency Trust

Public Wary of AI-Powered Data Use by National Security Agencies, Study Finds

 

A new report released alongside the Centre for Emerging Technology and Security (CETaS) 2025 event sheds light on growing public unease around automated data processing in national security. Titled UK Public Attitudes to National Security Data Processing: Assessing Human and Machine Intrusion, the research reveals limited public awareness and rising concern over how surveillance technologies—especially AI—are shaping intelligence operations.

The study, conducted by CETaS in partnership with Savanta and Hopkins Van Mil, surveyed 3,554 adults and included insights from a 33-member citizens’ panel. While findings suggest that more people support than oppose data use by national security agencies, especially when it comes to sensitive datasets like medical records, significant concerns persist.

During a panel discussion, investigatory powers commissioner Brian Leveson, who chaired the session, addressed the implications of fast-paced technological change. “We are facing new and growing challenges,” he said. “Rapid technological developments, especially in AI [artificial intelligence], are transforming our public authorities.”

Leveson warned that AI is shifting how intelligence gathering and analysis is performed. “AI could soon underpin the investigatory cycle,” he noted. But the benefits also come with risks. “AI could enable investigations to cover far more individuals than was ever previously possible, which raises concerns about privacy, proportionality and collateral intrusion.”

The report shows a divide in public opinion based on how and by whom data is used. While people largely support the police and national agencies accessing personal data for security operations, that support drops when it comes to regional law enforcement. The public is particularly uncomfortable with personal data being shared with political parties or private companies.

Marion Oswald, co-author and senior visiting fellow at CETaS, emphasized the intrusive nature of data collection—automated or not. “Data collection without consent will always be intrusive, even if the subsequent analysis is automated and no one sees the data,” she said.

She pointed out that predictive data tools, in particular, face strong opposition. “Panel members, in particular, had concerns around accuracy and fairness, and wanted to see safeguards,” Oswald said, highlighting the demand for stronger oversight and regulation of technology in this space.

Despite efforts by national security bodies to enhance public engagement, the study found that a majority of respondents (61%) still feel they understand “slightly” or “not at all” what these agencies actually do. Only 7% claimed a strong understanding.

Rosamund Powell, research associate at CETaS and co-author of the report, said: “Previous studies have suggested that the public’s conceptions of national security are really influenced by some James Bond-style fictions.”

She added that transparency significantly affects public trust. “There’s more support for agencies analysing data in the public sphere like posts on social media compared to private data like messages or medical data.”
Read more »
zero data
Backup commvault Cyber Attacks Data Microsoft zero data

Commvault Confirms Cyberattack, Says Customer Backup Data Remains Secure


Commvault, a well-known company that helps other businesses protect and manage their digital data, recently shared that it had experienced a cyberattack. However, the company clarified that none of the backup data it stores for customers was accessed or harmed during the incident.

The breach was discovered in February 2025 after Microsoft alerted Commvault about suspicious activity taking place in its Azure cloud services. After being notified, the company began investigating the issue and found that a very small group of customers had been affected. Importantly, Commvault stated that its systems remained up and running, and there was no major impact on its day-to-day operations.

Danielle Sheer, Commvault’s Chief Trust Officer, said the company is confident that hackers were not able to view or steal customer backup data. She also confirmed that Commvault is cooperating with government cybersecurity teams, including the FBI and CISA, and is receiving support from two independent cybersecurity firms.


Details About the Vulnerability

It was discovered that the attackers gained access by using a weakness in Commvault’s web server software. This flaw, now fixed, allowed hackers with limited permissions to install harmful software on affected systems. The vulnerability, known by the code CVE-2025-3928, had not been known or patched before the breach, making it what experts call a “zero-day” issue.

Because of the seriousness of this bug, CISA (Cybersecurity and Infrastructure Security Agency) added it to a list of known risks that hackers are actively exploiting. U.S. federal agencies have been instructed to update their Commvault software and fix the issue by May 19, 2025.


Steps Recommended to Stay Safe

To help customers stay protected, Commvault suggested the following steps:

• Use conditional access controls for all cloud-based apps linked to Microsoft services.

• Check sign-in logs often to see if anyone is trying to log in from suspicious locations.

• Update secret access credentials between Commvault and Azure every three months.


The company urged users to report any strange behavior right away so its support team can act quickly to reduce any damage.

Although this was a serious incident, Commvault’s response was quick and effective. No backup data was stolen, and the affected software has been patched. This event is a reminder to all businesses to regularly check for vulnerabilities and keep their systems up to date to prevent future attacks.

Read more »
Ransomware
Akira Attack Breach Cloud Cybersecurity Data Encryption Extortion FBI Hitachi malware Ransomware

Hitachi Vantara Takes Servers Offline Following Akira Ransomware Attack

 

Hitachi Vantara, a subsidiary of Japan's Hitachi conglomerate, temporarily shut down several servers over the weekend after falling victim to a ransomware incident attributed to the Akira group.

The company, known for offering data infrastructure, cloud operations, and cyber resilience solutions, serves government agencies and major global enterprises like BMW, Telefónica, T-Mobile, and China Telecom.

In a statement to BleepingComputer, Hitachi Vantara confirmed the cyberattack and revealed it had brought in external cybersecurity specialists to assess the situation. The company is now working to restore all affected systems.

“On April 26, 2025, Hitachi Vantara experienced a ransomware incident that has resulted in a disruption to some of our systems," Hitachi Vantara told BleepingComputer.

"Upon detecting suspicious activity, we immediately launched our incident response protocols and engaged third-party subject matter experts to support our investigation and remediation process. Additionally, we proactively took our servers offline in order to contain the incident.

We are working as quickly as possible with our third-party subject matter experts to remediate this incident, continue to support our customers, and bring our systems back online in a secure manner. We thank our customers and partners for their patience and flexibility during this time."

Although the company has not officially attributed the breach to any specific threat actor, BleepingComputer reports that sources have linked the attack to the Akira ransomware operation. Insiders allege that the attackers exfiltrated sensitive data and left ransom notes on infiltrated systems.

While cloud services remained unaffected, sources noted that internal platforms at Hitachi Vantara and its manufacturing arm experienced disruption. Despite these outages, clients operating self-hosted systems are still able to access their data.

A separate source confirmed that several government-led initiatives have also been impacted by the cyberattack.

Akira ransomware first appeared in March 2023 and swiftly became notorious for targeting a wide range of sectors worldwide. Since its emergence, the group has reportedly compromised more than 300 organizations, including high-profile names like Stanford University and Nissan (in Oceania and Australia).

The FBI estimates that Akira collected over $42 million in ransom payments by April 2024 after infiltrating over 250 organizations. According to chat logs reviewed by BleepingComputer, the gang typically demands between $200,000 and several million dollars, depending on the scale and sensitivity of the targeted entity.

Keywords: ransomware, cybersecurity, Hitachi, Akira, cloud, breach, data, FBI, malware, attack, encryption, extortion, hacking, disruption, recovery, infrastructure, digital, protection
Read more »
Mandiant
Campaigns Cloud Cyber Security Data Google Mandiant

New Report Reveals Hackers Now Aim for Money, Not Chaos

New Report Reveals Hackers Now Aim for Money, Not Chaos

Recent research from Mandiant revealed that financially motivated hackers are the new trend, with more than (55%) of criminal gangs active in 2024 aiming to steal or extort money from their targets, a sharp rise compared to previous years. 

About the report

The main highlight of the M-Trends report is that hackers are using every opportunity to advance their goals, such as using infostealer malware to steal credentials. Another trend is attacking unsecured data repositories due to poor security hygiene. 

Hackers are also exploiting fractures and risks that surface when an organization takes its data to the cloud. “In 2024, Mandiant initiated 83 campaigns and five global events and continued to track activity identified in previous years. These campaigns affected every industry vertical and 73 countries across six continents,” the report said. 

Ransomware-related attacks accounted for 21% of all invasions in 2024 and comprised almost two-thirds of cases related to monetization tactics. This comes in addition to data theft, email hacks, cryptocurrency scams, and North Korean fake job campaigns, all attempting to get money from targets. 

Exploits were amid the most popular primary infection vector at 33%, stolen credentials at 16%, phishing at 14%, web compromises at 9%, and earlier compromises at 8%. 

Finance in danger

Finance topped in the targeted industry, with more than 17% of attacks targeting the sector, followed closely by professional services and business (11%), critical industries such as high tech (10%), governments (10%), and healthcare (9%). 

Experts have highlighted a broader target of various industries, suggesting that anyone can be targeted by state-sponsored attacks, either politically or financially motivated.  

Stuart McKenzie, Managing Director, Mandiant Consulting EMEA. said “Financially motivated attacks are still the leading category. “While ransomware, data theft, and multifaceted extortion are and will continue to be significant global cybercrime concerns, we are also tracking the rise in the adoption of infostealer malware and the developing exploitation of Web3 technologies, including cryptocurrencies.” 

He also stressed that the “increasing sophistication and automation offered by artificial intelligence are further exacerbating these threats by enabling more targeted, evasive, and widespread attacks. Organizations need to proactively gather insights to stay ahead of these trends and implement processes and tools to continuously collect and analyze threat intelligence from diverse sources.”

Read more »
Tracking
Ads Analytics AppleTV Chromecast control Cyber Security Data device FireTV personalization Roku settings smartTV streaming surveillance Tracking

Your Streaming Devices Are Watching You—Here's How to Stop It

Streaming devices like Roku, Fire TV, Apple TV, and Chromecast make binge-watching easy—but they’re also tracking your habits behind the scenes.

Most smart TVs and platforms collect data on what you watch, when, and how you use their apps. While this helps with personalised recommendations and ads, it also means your privacy is at stake.


If that makes you uncomfortable, here’s how to take back control:

1. Amazon Fire TV Stick
Amazon collects "frequency and duration of use of apps on Fire TV" to improve services but says, “We don’t collect information about what customers watch in third-party apps on Fire TV.”
To limit tracking:
  • Go to Settings > Preferences > Privacy Settings
  • Turn off Device Usage Data
  • Turn off Collect App Usage Data
  • Turn off Interest-based Ads

2. Google Chromecast with Google TV
Google collects data across its platforms including search history, YouTube views, voice commands, and third-party app activity. However, “Google Chromecast as a platform does not perform ACR.”
To limit tracking:
  • Go to Settings > Privacy
  • Turn off Usage & Diagnostics
  • Opt out of Ads Personalization
  • Visit myactivity.google.com to manage other data

3. Roku
Roku tracks “search history, audio inputs, channels you access” and shares this with advertisers.
To reduce tracking:
  • Go to Settings > Privacy > Advertising
  • Enable Limit Ad Tracking
  • Adjust Microphone and Channel Permissions under Privacy settings
4. Apple TV
Apple links activity to your Apple ID and tracks viewing history. It also shares some data with partners. However, it asks permission before allowing apps to track.
To improve privacy:

  • Go to Settings > General > Privacy
  • Enable Allow Apps to Ask to Track
  • Turn off Share Apple TV Analytics
  • Turn off Improve Siri and Dictation

While streaming devices offer unmatched convenience, they come at the cost of data privacy. Fortunately, each platform allows users to tweak their settings and regain some control over what’s being shared. A few minutes in the settings menu can go a long way in protecting your personal viewing habits from constant surveillance.
Read more »
Ransomware
Cyberattacks Data Privacy Private Information quiet ransomware Ransomware

The Growing Danger of Hidden Ransomware Attacks

 


Cyberattacks are changing. In the past, hackers would lock your files and show a big message asking for money. Now, a new type of attack is becoming more common. It’s called “quiet ransomware,” and it can steal your private information without you even knowing.

Last year, a small bakery in the United States noticed that their billing machine was charging customers a penny less. It seemed like a tiny error. But weeks later, they got a strange message. Hackers claimed they had copied the bakery’s private recipes, financial documents, and even camera footage. The criminals demanded a large payment or they would share everything online. The bakery was shocked— they had no idea their systems had been hacked.


What Is Quiet Ransomware?

This kind of attack is sneaky. Instead of locking your data, the hackers quietly watch your system. They take important information and wait. Then, they ask for money and threaten to release the stolen data if you don’t pay.


How These Attacks Happen

1. The hackers find a weak point, usually in an internet-connected device like a smart camera or printer.

2. They get inside your system and look through your files— emails, client details, company plans, etc.

3. They make secret copies of this information.

4. Later, they contact you, demanding money to keep the data private.


Why Criminals Use This Method

1. It’s harder to detect, since your system keeps working normally.

2. Many companies prefer to quietly pay, instead of risking their reputation.

3. Devices like smart TVs, security cameras, or smartwatches are rarely updated or checked, making them easy to break into.


Real Incidents

One hospital had its smart air conditioning system hacked. Through it, criminals stole ten years of patient records. The hospital paid a huge amount to avoid legal trouble.

In another case, a smart fitness watch used by a company leader was hacked. This gave the attackers access to emails that contained sensitive information about the business.


How You Can Stay Safe

1. Keep smart devices on a different network than your main systems.

2. Turn off features like remote access or cloud backups if they are not needed.

3. Use security tools that limit what each device can do or connect to.

Today, hackers don’t always make noise. Sometimes they hide, watch, and strike later. Anyone using smart devices should be careful. A simple gadget like a smart light or thermostat could be the reason your private data gets stolen. Staying alert and securing all devices is more important than ever.


Read more »
Windows
Cyber Security Data Phishing email PowerShell Windows

New KoiLoader Malware Variant Uses LNK Files and PowerShell to Steal Data

 



Cybersecurity experts have uncovered a new version of KoiLoader, a malicious software used to deploy harmful programs and steal sensitive data. The latest version, identified by eSentire’s Threat Response Unit (TRU), is designed to bypass security measures and infect systems without detection.


How the Attack Begins

The infection starts with a phishing email carrying a ZIP file named `chase_statement_march.zip`. Inside the ZIP folder, there is a shortcut file (.lnk) that appears to be a harmless document. However, when opened, it secretly executes a command that downloads more harmful files onto the system. This trick exploits a known weakness in Windows, allowing the command to remain hidden when viewed in file properties.


The Role of PowerShell and Scripts

Once the user opens the fake document, it triggers a hidden PowerShell command, which downloads two JScript files named `g1siy9wuiiyxnk.js` and `i7z1x5npc.js`. These scripts work in the background to:

- Set up scheduled tasks to run automatically.

- Make the malware seem like a system-trusted process.

- Download additional harmful files from hacked websites.

The second script, `i7z1x5npc.js`, plays a crucial role in keeping the malware active on the system. It collects system information, creates a unique file path for persistence, and downloads PowerShell scripts from compromised websites. These scripts disable security features and load KoiLoader into memory without leaving traces.


How KoiLoader Avoids Detection

KoiLoader uses various techniques to stay hidden and avoid security tools. It first checks the system’s language settings and stops running if it detects Russian, Belarusian, or Kazakh. It also searches for signs that it is being analyzed, such as virtual machines, sandbox environments, or security research tools. If it detects these, it halts execution to avoid exposure.

To remain on the system, KoiLoader:

• Exploits a Windows feature to bypass security checks.

• Creates scheduled tasks that keep it running.

• Uses a unique identifier based on the computer’s hardware to prevent multiple infections on the same device.


Once KoiLoader is fully installed, it downloads and executes another script that installs KoiStealer. This malware is designed to steal:

1. Saved passwords

2. System credentials

3. Browser session cookies

4. Other sensitive data stored in applications


Command and Control Communication

KoiLoader connects to a remote server to receive instructions. It sends encrypted system information and waits for commands. The attacker can:

• Run remote commands on the infected system.

• Inject malicious programs into trusted processes.

• Shut down or restart the system.

• Load additional malware.


This latest KoiLoader variant showcases sophisticated attack techniques, combining phishing, hidden scripts, and advanced evasion methods. Users should be cautious of unexpected email attachments and keep their security software updated to prevent infection.



Read more »
Tax
Android Apple ID Cybercrime Cyberattacks CyberThreat Data iOS Lucid Mobile Security Phishing URL phishing-as-a-service SMS Tax

Lucid Faces Increasing Risks from Phishing-as-a-Service

 


Phishing-as-a-service (PaaS) platforms like Lucid have emerged as significant cyber threats because they are highly sophisticated, have been used in large-scale phishing campaigns in 88 countries, and have been compromised by 169 entities. As part of this platform, sophisticated social engineering tactics are employed to deliver misleading messages to recipients, utilising iMessage (iOS) and RCS (Android) so that they are duped into divulging sensitive data. 

In general, telecom providers can minimize SMS-based phishing, or smishing, by scanning and blocking suspicious messages before they reach their intended recipients. However, with the development of internet-based messaging services such as iMessage (iOS) and RCS (Android), phishing prevention has become increasingly challenging. There is an end-to-end encryption process used on these platforms, unlike traditional cellular networks, that prevents service providers from being able to detect or filter malicious content. 

Using this encryption, the Lucid PhaaS platform has been delivering phishing links directly to victims, evading detection and allowing for a significant increase in attack effectiveness. To trick victims into clicking fraudulent links, Lucid orchestrates phishing campaigns designed to mimic urgent messages from trusted organizations such as postal services, tax agencies, and financial institutions. As a result, the victims are tricked into clicking fraudulent links, which redirect them to carefully crafted fake websites impersonating genuine platforms, causing them to be deceived. 

Through Lucid, phishing links are distributed throughout the world that direct victims to a fraudulent landing page that mimics official government agencies and well-known private companies. A deceptive site impersonating several entities, for example, USPS, DHL, Royal Mail, FedEx, Revolut, Amazon, American Express, HSBC, E-ZPass, SunPass, and Transport for London, creates a false appearance of legitimacy as a result. 

It is the primary objective of phishing websites to obtain sensitive personal and financial information, such as full names, email addresses, residential addresses, and credit card information, by using phishing websites. This scam is made more effective by the fact that Lucid’s platform offers a built-in tool for validating credit cards, which allows cybercriminals to test stolen credit card information in real-time, thereby enhancing the effectiveness of the scam. 

By offering an automated and highly sophisticated phishing infrastructure that has been designed to reduce the barrier to entry for cybercriminals, Lucid drastically lowers the barrier to entry for cybercriminals. Valid payment information can either be sold on underground markets or used directly to make fraudulent transactions. Through the use of its streamlined services, attackers have access to scalable and reliable platforms for conducting large-scale phishing campaigns, which makes fraudulent activities easier and more efficient. 

With the combination of highly convincing templates, resilient infrastructure, and automated tools, malicious actors have a higher chance of succeeding. It is therefore recommended that users take precautionary measures when receiving messages asking them to click on embedded links or provide personal information to mitigate risks. 

Rather than engaging with unsolicited requests, individuals are advised to check the official website of their service provider and verify if they have any pending alerts, invoices, or account notifications through legitimate channels to avoid engaging with such unsolicited requests. Cybercriminals have become more adept at sending hundreds of thousands of phishing messages in the past year by utilizing iPhone device farms and emulating iPhone devices on Windows systems. These factors have contributed to the scale and efficiency of these operations. 

As Lucid's operators take advantage of these adaptive techniques to bypass security filters relating to authentication, they are able to originate targeted phone numbers from data breaches and cybercrime forums, thus further increasing the reach of these scams. 

A method of establishing two-way communication with an attacker via iMessage can be accomplished using temporary Apple IDs with falsified display names in combination with a method called "please reply with Y". In doing so, attackers circumvent Apple's link-clicking constraints by creating fake Apple IDs.

It has been found that the attackers are exploiting inconsistencies in carrier sender verification and rotating sending domains and phone numbers to evade detection by the carrier. 

Furthermore, Lucid's platform provides automated tools for creating customized phishing sites that are designed with advanced evasion mechanisms, such as IP blocking, user-agent filtering, and single-use cookie-limited URLs, in addition to facilitating large-scale phishing attacks. 

It also provides real-time monitoring of victim interaction via a dedicated panel that is constructed on a PHP framework called Webman, which allows attackers to track user activity and extract information that is submitted, including credit card numbers, that are then verified further before the attacker can exploit them. 

There are several sophisticated tactics Lucid’s operators utilize to enhance the success of these attacks, including highly customizable phishing templates that mimic the branding and design of the companies they are targeting. They also have geotargeting capabilities, so attacks can be tailored based on where the recipient is located for increased credibility. The links used in phishing attempts can not be analyzed by cybersecurity experts if they expire after an attack because they expire. 

Using automated mobile farms that can execute large-scale phishing campaigns with minimal human intervention, Lucid can bypass conventional security measures without any human intervention, which makes Lucid an ever-present threat to individuals and organizations worldwide. As phishing techniques evolve, Lucid's capabilities demonstrate how sophisticated cybercrime is becoming, presenting a significant challenge to cybersecurity professionals worldwide. 

It has been since mid-2023 that Lucid was controlled by the Xin Xin Group, a Chinese cybercriminal organization that operates it through subscription-based models. Using the model, threat actors can subscribe to an extensive collection of phishing tools that includes over 1,000 phishing domains, customized phishing websites that are dynamically generated, as well as spamming utilities of professional quality.

This platform is not only able to automate many aspects of cyberattacks, but it is also a powerful tool in the hands of malicious actors, since it greatly increases both the efficiency and scalability of their attacks. 

To spread fraudulent messages to unsuspecting recipients, the Xin Xin Group utilizes various smishing services to disseminate them as genuine messages. In many cases, these messages refer to unpaid tolls, shipping charges, or tax declarations, creating an urgent sense of urgency for users to respond. In light of this, the sheer volume of messages that are sent makes these campaigns very effective, since they help to significantly increase the odds that the victims will be taken in by the scam, due to the sheer volume of messages sent out. 

The Lucid strategy, in contrast to targeted phishing operations that focus on a particular individual, aims to gather large amounts of data, so that large databases of phone numbers can be created and then exploited in large numbers at a later date. By using this approach, it is evident that Chinese-speaking cybercriminals have become an increasingly significant force within the global underground economy, reinforcing their influence within the phishing ecosystem as a whole. 

As a result of the research conducted by Prodaft, the PhaaS platform Lucid has been linked to Darcula v3, suggesting a complex network of cybercriminal activities that are linked to Lucid. The fact that these two platforms are possibly affiliated indicates that there is a very high degree of coordination and resource sharing within the underground cybercrime ecosystem, thereby intensifying the threat to the public. 

There is no question, that the rapid development of these platforms has been accompanied by wide-ranging threats exploiting security vulnerabilities, bypassing traditional defences, and deceiving even the most circumspect users, underscoring the urgent need for proactive cybersecurity strategies and enhanced threat intelligence strategies on a global scale to mitigate these risks. Despite Lucid and similar Phishing-as-a-Service platforms continuing to evolve, they demonstrate how sophisticated cyber threats have become. 

To combat cybercrime, one must be vigilant, take proactive measures, and work together as a global community to combat this rapid proliferation of illicit networks. Having strong detection capabilities within organizations is necessary, while individuals must remain cautious of unsolicited emails as well as verify information from official sources directly as they see fit. To prevent falling victim to these increasingly deceptive attacks that are evolving rapidly, one must stay informed, cautious, and security-conscious.
Read more »
Subscribe to: Posts (Atom)