Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Internet. Show all posts
surveillance
AI Cloud Data Internet Privacy Stalkerware surveillance

FTC Refuses to Lift Ban on Stalkerware Company that Exposed Sensitive Data


The surveillance industry banned a stalkerware maker after a data breach leaked information of its customers and the people they were spying on. Consumer spyware company Support King can't sell the surveillance software now, the US Federal Trade Commission (FTC) said. 

The FTC has denied founder Scott Zuckerman's request to cancel the ban. It is also applicable to other subsidiaries OneClickMonitor and SpyFone.

Recently, the FTC announced the move in a press release when Zuckerman petitioned the agency to cancel the ban order in July of 2025. 

The FTC banned Zuckerman from “offering, promoting, selling, or advertising any surveillance app, service, or business,” in 2021 and stopped him from running other stalkerware business. Zuckerman had to also delete all the data stored by SpyFone and went through various audits to implement cybersecurity measures for his ventures. Then acting director of the FTC's Bureau of Consumer Protection, Samuel Levine said that the "stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company’s slipshod security."

Zuckerman in his petition said that the FTC mandate has made it difficult for him to conduct other businesses due to monetary losses, even though Support King is out of business and he now only operates a restaurant and plans other ventures.

The ban came from a 2018 incident after a researcher discovered an Amazon S3 bucket of SpyFone that left important data such as selfies, chats, texts, contacts, passwords, logins, and audio recordings exposed online in the open. The leaked data comprised 44,109 email ids.

According to Samuel, “SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information." He further said that the "stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company’s slipshod security.r

According to TechCrunch, after the 2021 order, Zuckerman started running another stalkerware firm. In 2022, TechCrunch found breached data from stalkerware application SpyTrac. 

According to the data, freelance developers ran SpyTrac who had direct links with Support King. It was an attempt to escape the FTC ban. Additionally, the breached data contained records from SpyFone, which Support King was supposed to delete. Beside this, the data also contained access keys to the cloud storage of OneClickMonitor, another stalkerware application. 

Read more »
Telecom
AI Apple Data Google Internet Location Privacy Samsung Telecom

Indian Government Proposes Compulsory Location Tracking in Smartphones, Faces Backlash


Government faces backlash over location-tracking proposal

The Indian government is pushing a telecom industry proposal that will compel smartphone companies to allow satellite location tracking that will be activated 24x7 for surveillance. 

Tech giants Samsung, Google, and Apple have opposed this move due to privacy concerns. Privacy debates have stirred in India after the government was forced to repeal an order that mandated smartphone companies to pre-install a state run cyber safety application on all devices. Activists and opposition raised concerns about possible spying. 

About the proposal 

Recently, the government had been concerned that agencies didn't get accurate locations when legal requests were sent to telecom companies during investigations. Currently, the firm only uses cellular tower data that provides estimated area location, this can be sometimes inaccurate.

The Cellular Operators Association of India (COAI) representing Bharti Airtel and Reliance Jio suggested accurate user locations be provided if the government mandates smartphone firms to turn on A-GPS technology which uses cellular data and satellite signals.

Strong opposition from tech giants 

If this is implemented, location services will be activated in smartphones with no disable option. Samsung, Google, and Apple strongly oppose this proposal. A proposal to track user location is not present anywhere else in the world, according to lobbying group India Cellular & Electronics Association (ICEA), representing Google and Apple. 

Reuters reached out to the India's IT and home ministries for clarity on the telecom industry's proposal but have received no replies. According to digital forensics expert Junade Ali, the "proposal would see phones operate as a dedicated surveillance device." 

According to technology experts, utilizing A-GPS technology, which is normally only activated when specific apps are operating or emergency calls are being made, might give authorities location data accurate enough to follow a person to within a meter.  

Telecom vs government 

Globally, governments are constantly looking for new ways to improve in tracking the movements or data of mobile users. All Russian mobile phones are mandated to have a state-sponsored communications app installed. With 735 million smartphones as of mid-2025, India is the second-largest mobile market in the world. 

According to Counterpoint Research, more than 95% of these gadgets are running Google's Android operating system, while the remaining phones are running Apple's iOS. 

Apple and Google cautioned that their user base will include members of the armed forces, judges, business executives, and journalists, and that the proposed location tracking would jeopardize their security because they store sensitive data.

According to the telecom industry, even the outdated method of location tracking is becoming troublesome because smartphone manufacturers notify users via pop-up messages that their "carrier is trying to access your location."



Read more »
zero-day
AI Cloud Data GitHub Internet Technology zero-day

700+ Self-hosted Gits Impacted in a Wild Zero-day Exploit


Hackers actively exploit zero-day bug

Threat actors are abusing a zero-day bug in Gogs- a famous self-hosted Git service. The open source project hasn't fixed it yet.

About the attack 

Over 700 incidents have been impacted in these attacks. Wiz researchers described the bug as "accidental" and said the attack happened in July when they were analyzing malware on a compromised system. During the investigation, the experts "identified that the threat actor was leveraging a previously unknown flaw to compromise instances. They “responsibly disclosed this vulnerability to the maintainers."

The team informed Gogs' maintainers about the bug, who are now working on the fix. 

The flaw is known as CVE-2025-8110. It is primarily a bypass of an earlier patched flaw (CVE-2024-55947) that lets authorized users overwrite external repository files. This leads to remote code execution (RCE). 

About Gogs

Gogs is written in Go, it lets users host Git repositories on their cloud infrastructure or servers. It doesn't use GitHub or other third parties. 

Git and Gogs allow symbolic links that work as shortcuts to another file. They can also point to objects outside the repository. The Gogs API also allows file configuration outside the regular Git protocol. 

Patch update 

The previous patch didn't address such symbolic links exploit and this lets threat actors to leverage the flaw and remotely deploy malicious codes. 

While researchers haven't linked the attacks to any particular gang or person, they believe the threat actors are based in Asia.

Other incidents 

Last year, Mandiant found Chinese state-sponsored hackers abusing a critical flaw in F5 through Supershell, and selling the access to impacted UK government agencies, US defense organizations, and others.

Researchers still don't know what threat actors are doing with access to compromised incidents. "In the environments where we have visibility, the malware was removed quickly so we did not see any post-exploitation activity. We don't have visibility into other compromised servers, beyond knowing they're compromised," researchers said.

How to stay safe?

Wiz has advised users to immediately disable open-registration (if not needed) and control internet exposure by shielding self-hosted Git services via VPN. Users should be careful of new repositories with unexpected usage of the PutContents API or random 8-character names. 

For more details, readers can see the full list of indicators published by the researchers.



Read more »
Ransomware
AI Akira Cloud Cyber Attacks Hypervisor Internet Ransomware

Researchers Find Massive Increase in Hypervisor Ransomware Incidents


Rise in hypervisor ransomware incidents 

Cybersecurity experts from Huntress have noticed a sharp rise in ransomware incidents on hypervisors and have asked users to be safe and have proper back-up. 

The Huntress case data has disclosed a surprising increase in hypervisor ransomware. It was involved in malicious encryption and rose from a mere three percent in the first half to a staggering 25 percent in 2025. 

Akira gang responsible 

Experts think that the Akira ransomware gang is the primary threat actor behind this, other players are also going after hypervisors to escape endpoint and network security controls. According to Huntress threat hunters, players are going after hypervisors as they are not secure and hacking them can allow hackers to trigger virtual machines and manage networks.

Why hypervisors?

“This shift underscores a growing and uncomfortable trend: Attackers are targeting the infrastructure that controls all hosts, and with access to the hypervisor, adversaries dramatically amplify the impact of their intrusion," experts said. The attack tactic follows classic playbook. Researchers have "seen it with attacks on VPN appliances: Threat actors realize that the host operating system is often proprietary or restricted, meaning defenders cannot install critical security controls like EDR [Endpoint Detection and Response]. This creates a significant blind spot.”

Other instances 

The experts have also found various cases where ransomware actors install ransomware payloads directly via hypervisors, escaping endpoint security. In a few cases, threat actors used built-in-tools like OpenSSL to run encryption of the virtual machine volume without having to upload custom ransomware binaries.

Attack tactic 

Huntress researchers have also found attackers disrupting a network to steal login credentials and then attack hypervisors.

“We’ve seen misuse of Hyper-V management utilities to modify VM settings and undermine security features,” they add. “This includes disabling endpoint defenses, tampering with virtual switches, and preparing VMs for ransomware deployment at scale," they said.

Mitigation strategies 

Due to the high level of attacks on hypervisors, experts have suggested admins to revisit infosec basics such as multi-factor authentication and password patch updates. Admins should also adopt hypervisor-specific safety measures like only allow-listed binaries can run on a host.

For decades, the Infosec community has known hypervisors to be an easy target. In a worst-case scenario of a successful VM evasion where an attack on a guest virtual machine allows hijacking of the host and its hypervisor, things can go further south. If this were to happen, the impact could be massive as the entire hyperscale clouds depend on hypervisors to isolate tenants' virtual systems.

Read more »
Technology
AI Data Google Internet Microsoft Teams Technology

End to End-to-end Encryption? Google Update Allows Firms to Read Employee Texts


Your organization can now read your texts

Microsoft stirred controversy when it revealed a Teams update that could tell your organization when you're not at work. Google did the same. Say goodbye to end-to-end encryption. With this new RCS and SMS Android update, your RCS and SMS texts are no longer private. 

According to Android Authority, "Google is rolling out Android RCS Archival on Pixel (and other Android) phones, allowing employers to intercept and archive RCS chats on work-managed devices. In simpler terms, your employer will now be able to read your RCS chats in Google Messages despite end-to-end encryption.”

Only for organizational devices 

This is only applicable to work-managed devices and doesn't impact personal devices. In regulated industries, it will only add RCS archiving to existing SMS archiving. In an organization, however, texting is different than emailing. In the former, employees sometimes share about their non-work life. End-to-end encryptions keep these conversations safe, but this will no longer be the case.

The end-to-end question 

There is alot of misunderstanding around end-to-end encryption. It protects messages when they are being sent, but once they are on your device, they are decrypted and no longer safe. 

According to Google, this is "a dependable, Android-supported solution for message archival, which is also backwards compatible with SMS and MMS messages as well. Employees will see a clear notification on their device whenever the archival feature is active.”

What will change?

With this update, getting a phone at work is no longer as good as it seems. Employees have always been insecure about the risks in over-sharing on email, as it is easy to spy. But not texts. 

The update will make things different. According to Google, “this new capability, available on Google Pixel and other compatible Android Enterprise devices gives your employees all the benefits of RCS — like typing indicators, read receipts, and end-to-end encryption between Android devices — while ensuring your organization meets its regulatory requirements.”

Promoting organizational surveillance 

Because of organizational surveillance, employees at times turn to shadow IT systems such as Whatsapp and Signal to communicate with colleagues. The new Google update will only make things worse. 

“Earlier,” Google said, ““employers had to block the use of RCS entirely to meet these compliance requirements; this update simply allows organizations to support modern messaging — giving employees messaging benefits like high-quality media sharing and typing indicators — while maintaining the same compliance standards that already apply to SMS messaging."

Read more »
Ransomware
AI Asahi Cloud Cyber Attacks Data Internet Ransomware

Beer Firm Asahi Not Entertaining Threat Actors After Cyberattack


Asahi denies ransom payment 

Japanese beer giant Asahi said that it didn't receive any particular ransom demand from threat actors responsible for an advanced and sophisticated cyberattack that could have exposed the data of more than two million people. 

About the attack

CEO Atsushi Katsuki in a press conference said that the company had not been in touch with the threat actors. But Asahi has delayed the release of financial results. Even if the company received a ransom demand, it would not have paid, Katsuki said. Asahi Super Dry is one of Japan's most popular beers. Asahi suffered a cyberattack on 29th September. However, the company clarified on October 3 that it was hit by a ransomware attack.

Attack tactic 

In such incidents, threat actors typically use malicious software to encrypt the target's systems and then ask ransom for providing encryption keys to run the systems again.

Asahi said threat actors could have hacked or stolen identity data like phone numbers and names of around two million people- employees, customers and families.

Qilin gang believed to be responsible 

The firm didn't disclose details of the attacker at the conference. Later, it told AFP via mail that experts hinted towards a high chance of attack by hacking group Qilin. The gang issued a statement that the Japanese media understood as a claim of responsibility. Commenting on the situation, 

Katsuki said the firm thought it had taken needed measures to prevent such an incident. "But this attack was beyond our imagination. It was a sophisticated and cunning attack," Katsuki said. 

Impact on Asahi business 

Interestingly, Asahi delayed the release of third-quarter earnings and recently said that the annual financial results had also been delayed. "These and further information on the impact of the hack on overall corporate performance will be disclosed as soon as possible once the systems have been restored and the relevant data confirmed," the firm said.

The product supply hasn't been affected. Shipments will resume in stages while systems recover. "We apologise for the continued inconvenience and appreciate your understanding," Asahi said.
Read more »
Technology
ChatGPT Cloud Content GenAI Internet Misinformation Technology

The New Content Provenance Report Will Address GenAI Misinformation


The GenAI problem 

Today's information environment includes a wide range of communication. Social media platforms have enabled reposting, and comments. The platform is useful for both content consumers and creators, but it has its own challenges.

The rapid adoption of Generative AI has led to a significant increase in misleading content online. These chatbots have a tendency of generating false information which has no factual backing. 

What is AI slop?

The internet is filled with AI slop- content that is made with minimal human input and is like junk. There is currently no mechanism to limit such massive production of harmful or misleading content that can impact human cognition and critical thinking. This calls for a robust mechanism that can address the new challenges that the current system is failing to tackle. 

The content provenance report 

For restoring the integrity of digital information, Canada's Centre for Cyber Security (CCCS) and the UK's National Cyber Security Centre (NCSC) have launched a new report on public content provenance. Provenance means "place of origin." For building stronger trust with external audiences, businesses and organisations must improve the way they manage the source of their information.

NSSC chief technology officer said that the "new publication examines the emerging field of content provenance technologies and offers clear insights using a range of cyber security perspectives on how these risks may be managed.” 

What is next for Content Integrity?

The industry is implementing few measures to address content provenance challenges like Coalition for Content Provenance and Authenticity (C2PA). It will benefit from the help of Generative AI and tech giants like Meta, Google, OpenAI, and Microsoft. 

Currently, there is a pressing need for interoperable standards across various media types such as image, video, and text documents. Although there are content provenance technologies, this area is still in nascent stage. 

What is needed?

The main tech includes genuine timestamps and cryptographically-proof meta to prove that the content isn't tampered. But there are still obstacles in development of these secure technologies, like how and when they are executed.

The present technology places the pressure on the end user to understand the provenance data. 

A provenance system must allow a user to see who or what made the content, the time and the edits/changes that were made. Threat actors have started using GenAI media to make scams believable, it has become difficult to differentiate between what is fake and real. Which is why a mechanism that can track the origin and edit history of digital media is needed. The NCSC and CCCS report will help others to navigate this gray area with more clarity.


Read more »
telecoms
Cyber Attacks Data Leak Freedom Mobile Internet telecoms

Telecom Company Freedom Mobile Suffers Data Breach Resulting in Data Leak


About the incident 

Freedom Mobile has revealed a data breach that leaked personal information belonging to a limited number of customers. This happened after illegal access to its internal systems in late October. 

As per the notice sent to customers, the breach was found in late October, when the security team found illicit activity on its customer account management platform.  "Our investigation revealed that a third party used the account of a subcontractor to gain access to the personal information of a limited number of our customers," the statement read.

Attack tactic

According to the investigation, a third-party got access via the account of a subcontractor. It means that a threat actor used genuine login credentials that belonged to an external partner, instead of directly breaking through technical defenses. After gaining access, the threat actors could view particular customer records. The exposed data consists home addresses, first and last names, contact numbers and Freedom Mobile account numbers. 

Details such as account passwords, banking details, credit card were not hacked. The incident impacted only personal profile data, nof authentication secrets or financial data. 

Once the intrusion was found, Freedom Mobile blocked malicious accounts and linked IP addresses, and deployed additional security measures on the platform. 

These steps generally involve strict access permissions, which adds extra monitoring and reviewing login rules for subcontractor ms like implementation of strong passwords and two-factor authentication. No exposed information has been misused, the company has said. 

Risks of stolen data

But the stolen data can be important for important social engineering and phishing attempts. 

Threat actors may use these details to send scam messages on behalf of Freedom Mobile. 

Freedom Mobile has requested customers to stay cautious of emails or texts that ask for personal information, or that redirect them to log in through links. 

Freedom Mobile has emphasized that it never asks for credit card numbers, PINs by email, SMS, passwords, or other banking information. "We quickly identified the incident and implemented corrective measures and security enhancements, including blocking the suspicious accounts and corresponding IP addresses," the company said.

Customers have also been suggested to check their device for any suspicious activity to avoid downloading unexpected attachments or suspicious links. Meanwhile, the investigation is still continuing.


Read more »
Subscribe to: Comments (Atom)