Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Online Security. Show all posts
Threat Landscape
Cyber Warfare Online Security Russia-Ukraine War Technology Threat Landscape

The Rise of Cyber Warfare and Its Global Implications

 

In Western society, the likelihood of cyberattacks is arguably higher now than it has ever been. The National Cyber Security Centre (NCSC) advised UK organisations to strengthen their cyber security when Russia launched its attack on Ukraine in early 2022. In a similar vein, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued warnings about increased risks to US companies. 

There is no doubt that during times of global transition and turmoil, cyber security becomes a battlefield in its own right, with both state and non-state actors increasingly turning to cyber-attacks to gain an advantage in combat. Furthermore, as technology advances and an increasing number of devices connect to the internet, the scope and sophistication of cyber-attacks has grown significantly. 

Cyber warfare can take numerous forms, such as breaking into enemy state computer systems, spreading malware, and executing denial-of-service assaults. If a cyber threat infiltrates the right systems, entire towns and cities may be shut off from information, services, and infrastructure that have become fundamental to our way of life, such as electricity, online banking systems, and the internet. 

The European Union Agency for Network and Information Security (ENISA) believes that cyber warfare poses a substantial and growing threat to vital infrastructure. Its research on the "Threat Landscape for Foreign Information Manipulation Interference (FIMI)" states that key infrastructure, such as electricity and healthcare, is especially vulnerable to cyber-attacks during times of conflict or political tension.

In addition, cyber-attacks can disrupt banking systems, inflicting immediate economic loss and affecting individuals. According to the report, residents were a secondary target in more than half of the incidents analysed. Cyber-attacks are especially effective at manipulating public perceptions through, at the most basic level, inconvenience, to the most serious level, which could result in the loss of life. 

Risk to businesses 

War and military conflicts can foster a business environment susceptible to cyber-attacks, since enemies may seek to target firms or sectors deemed critical to a country's economy or infrastructure. They may also choose symbolic targets, like media outlets or high-profile businesses connected with a country. 

Furthermore, the use of cyber-attacks in war can produce a broad sense of instability and uncertainty, which can be exploited to exploit vulnerabilities in firms' cyber defences.

Cyber-attacks on a company's computer systems, networks, and servers can cause delays and shutdowns, resulting in direct loss of productivity and money. However, they can also harm reputation, prompt regulatory action (including the imposition of fines), and result in consumer loss. 

Prevention tips

To mitigate these risks, firms can take proactive actions to increase their cyber defences, such as self-critical auditing and third-party testing. Employees should also be trained to identify and respond to cyber risks. Furthermore, firms should conduct frequent security assessments to detect vulnerabilities and adopt mitigation techniques.
Read more »
Threat Intelligence
Online Security Quantum Computers Security Breach Technology Threat Intelligence

Quantum Computers Threaten to Breach Online Security in Minutes

 

A perfect quantum computer could decrypt RSA-2048, our current strongest encryption, in 10 seconds. Quantum computing employs the principle of quantum physics to process information using quantum bits (qubits) rather than standard computer bits. Qubits can represent both states at the same time, unlike traditional computers, which employ bits that are either 0 or 1. This capacity makes quantum computers extremely effective in solving complicated problems, particularly in cryptography, artificial intelligence, and materials research. 

While this computational leap opens up incredible opportunities across businesses, it also raises serious security concerns. When quantum computers achieve their full capacity, they will be able to break through standard encryption methods used to safeguard our most sensitive data. While the timescale for commercial availability of fully working quantum computers is still uncertain, projections vary widely.

The Boston Consulting Group predicts a significant quantum advantage between 2030 and 2040, although Gartner believes that developments in quantum computing could begin to undermine present encryption approaches as early as 2029, with complete vulnerability by 2034. Regardless of the precise timetable, the conclusion is unanimous: the era of quantum computing is quickly approaching. 

Building quantum resilience 

To address this impending threat, organisations must: 

  • Adopt new cryptographic algorithms that are resistant against impending quantum attacks, such as post-quantum cryptography (PQC). The National Institute of Standards and Technology (NIST) recently published its first set of PQC algorithm standards (FIPS 203, FIPS 204, and FIPS 205) to assist organisations in safeguarding their data from quantum attacks. 
  • Upgrades will be required across the infrastructure. Develop crypto agility to adapt to new cryptographic methods without requiring massive system overhauls as threats continue to evolve. 

This requires four essential steps: 

Discover and assess: Map out where your organisation utilises cryptography and evaluate the quantum threats to its assets. Identify the crown jewels and potential business consequences. 

Strategise: Determine the current cryptography inventory, asset lives against quantum threat timelines, quantum risk levels for essential business assets, and create an extensive PQC migration path. 

Modernise: Implement quantum-resilient algorithms while remaining consistent with overall company strategy.

Enhance: Maintain crypto agility by providing regular updates, asset assessments, modular procedures, continual education, and compliance monitoring. 

The urgency to act 

In the past, cryptographic migrations often took more than ten years to finish. Quantum-resistant encryption early adopters have noticed wide-ranging effects, such as interoperability issues, infrastructure rewrites, and other upgrading challenges, which have resulted in multi-year modernisation program delays. 

The lengthy implementation period makes getting started immediately crucial, even though the shift to PQC may be a practical challenge given its extensive and dispersed distribution throughout the digital infrastructure. Prioritising crypto agility will help organisations safeguard critical details before quantum threats materialise.
Read more »
Payment Scams
AI Scams Cyber Fraud deepfake scams Financial Fraud Identity Theft Online Safety Online Security Payment Scams

Protect Yourself from AI Scams and Deepfake Fraud

 

In today’s tech-driven world, scams have become increasingly sophisticated, fueled by advancements in artificial intelligence (AI) and deepfake technology. Falling victim to these scams can result in severe financial, social, and emotional consequences. Over the past year alone, cybercrime victims have reported average losses of $30,700 per incident. 

As the holiday season approaches, millennials and Gen Z shoppers are particularly vulnerable to scams, including deepfake celebrity endorsements. Research shows that one in five Americans has unknowingly purchased a product promoted through deepfake content, with the number rising to one in three among individuals aged 18-34. 

Sharif Abuadbba, a deepfake expert at CSIRO’s Data61 team, explains how scammers leverage AI to create realistic imitations of influencers. “Deepfakes can manipulate voices, expressions, and even gestures, making it incredibly convincing. Social media platforms amplify the impact as viewers share fake content widely,” Abuadbba states. 

Cybercriminals often target individuals as entry points to larger networks, exploiting relationships with family, friends, or employers. Identity theft can also harm professional reputations and financial credibility. To counter these threats, experts suggest practical steps to protect yourself and your loved ones. Scammers are increasingly impersonating loved ones through texts, calls, or video to request money. 

With AI voice cloning making such impersonations more believable, a pre-agreed safe word can serve as a verification tool. Jamie Rossato, CSIRO’s Chief Information Security Officer, advises, “Never transfer funds unless the person uses your special safe word.” If you receive suspicious calls, particularly from someone claiming to be a bank or official institution, verify their identity. 

Lauren Ferro, a cybersecurity expert, recommends calling the organization directly using its official number. “It’s better to be cautious upfront than to deal with stolen money or reputational damage later,” Ferro adds. Identity theft is the most reported cybercrime, making MFA essential. This adds an extra layer of protection by requiring both a password and a one-time verification code. Experts suggest using app-based authenticators like Microsoft Authenticator for enhanced security. 

Real-time alerts from your banking app can help detect unauthorized transactions. While banks monitor unusual activities, personal notifications allow you to respond immediately to potential scams. The personal information and media you share online can be exploited to create deepfakes. Liming Zhu, a research director at CSIRO, emphasizes the need for caution, particularly with content involving children. 

Awareness remains the most effective defense against scams. Staying informed about emerging threats and adopting proactive security measures can significantly reduce your risk of falling victim to cybercrime. As technology continues to evolve, safeguarding your digital presence is more important than ever. By adopting these expert tips, you can navigate the online world with greater confidence and security.
Read more »
VPN providers
Cyber Security encrypted VPN server free VPNs internet privacy Online Security paid VPNs privacy protection VPN providers

Understanding the Limitations of VPNs and Privacy Protection

 

VPNs, or Virtual Private Networks, are now a ubiquitous part of our digital lives. From being featured in editorials and advertisements to appearing in TV commercials, on billboards, and even within influencer marketing campaigns, VPNs are everywhere. They promise to protect your privacy by hiding your browsing activity and keeping your internet traffic anonymous. 

The claim that VPNs ensure your online privacy by masking your browsing history is an alluring promise, but the truth is more complicated. Many people use VPNs hoping to shield themselves from internet service providers selling their browsing data, government surveillance, or tech companies collecting information about them. However, while VPNs aim to solve these privacy concerns, they can also expose users to new risks.

Originally, VPNs were designed to allow employees to connect to their corporate networks remotely. However, in recent years, VPNs have gained popularity for more personal uses, such as hiding your online activity and tricking streaming services into thinking you're accessing content from a different country. VPNs have also been used by activists and dissidents to circumvent censorship in restrictive environments.

The way VPNs work is fairly simple: They route your internet traffic through a secure tunnel to a remote server, making it more difficult for anyone to monitor which websites you visit or what apps you're using. This setup helps protect your browsing activity from your internet service provider, which is why many people believe VPNs offer true anonymity.

But there’s a catch: VPNs don’t inherently protect your privacy. While they may divert your traffic away from your internet provider, they direct it to the VPN provider instead. That means the VPN provider has the same access to your data as your ISP. This raises a critical question: Why trust a VPN to protect your privacy when they have access to your data, potentially even more than your ISP does?

The Dark Side of Free VPNs

One of the biggest privacy risks with VPNs comes from free VPN services. These providers often claim to offer privacy protection at no cost, but in reality, their business model involves monetizing your data. Free VPN providers typically sell your browsing information to advertisers and third parties, who then use it to target you with ads. This completely undermines the concept of privacy.

Even paid VPN services aren’t immune to these issues. While they may not sell your data for ads, they still route all your traffic through their own servers, which means your data could be exposed to potential risks. Moreover, some of the biggest tech companies offering VPN services profit from advertising, which could create a conflict of interest when it comes to protecting your data.

Many VPN providers claim that they don’t keep logs or track your online activity. This sounds reassuring, but it's hard to verify. Even if a VPN provider promises not to store your data, there’s no way to be certain without independent verification. Some VPN services have been caught lying about their logging practices, and there have been incidents where large amounts of user data were exposed through data breaches. In some cases, VPN providers were forced to hand over user information to law enforcement, proving that their “no logs” policies were not reliable. 

While not all VPN providers are unscrupulous, the real issue lies in the fact that you have no way of knowing what’s happening with your data once it’s out of your hands. If you want to truly safeguard your privacy, the best option is to set up your own encrypted VPN server. This way, you retain full control over your data and can ensure that it stays protected.

Setting up your own VPN server is easier than you might think. You can use open-source software that has been audited by security researchers, and host it on a cloud service like Amazon Web Services, DigitalOcean, Google Cloud, or Microsoft Azure. With this setup, your internet traffic is encrypted using a private key that only you have access to. This means that even if the cloud provider hosting your VPN server is compromised, your data remains protected.

This DIY approach ensures that no one – not even your cloud service provider – can access your private data. In fact, if authorities were to seize your server, the data would still be encrypted and inaccessible without your private key. Only you can unlock the data, providing the highest level of security and privacy.

While VPNs can be useful for specific tasks, like accessing region-locked content or enhancing security on public Wi-Fi networks, they should not be relied upon to protect your privacy or anonymity. If you’re serious about safeguarding your online activity, a self-managed encrypted VPN server is the most secure option.

In conclusion, VPNs can be beneficial in some contexts, but they come with inherent risks and limitations. Don't count on VPN providers to keep your data private. Take control of your privacy by setting up your own encrypted server, ensuring that your online activities stay protected from prying eyes.
Read more »
Online Security
CAPTCHA Lumma Stealer Malicious Campaign malware Online Security

Malware Campaign Expands Its Use of Fraudulent CAPTCHAs

 

Attackers are increasingly spreading malware using a unique method: a fake CAPTCHA as the initial infection vector. Researchers from multiple companies reported on this campaign in August and September. The attackers, who mainly targeted gamers, first transmitted the Lumma stealer to victims via websites hosting cracked games.

The recent adware research shows that this malicious CAPTCHA is spreading through a wide range of online resources unrelated to gaming, including adult sites, file-sharing services, betting platforms, anime resources, and web apps that monetise traffic. This shows that the distribution network is being expanded to reach a larger pool of victims. Furthermore, we discovered that the CAPTCHA distributes both Lumma and the Amadey Trojan. 

Malicious CAPTCHA

It's critical to comprehend how the attackers and their distribution network function in order to prevent falling for their tricks. Legitimate, non-malicious offers are also included in the ad network that pushes pages with the malicious CAPTCHA. 

It works as follows: the user is redirected to additional resources when they click anywhere on a page that uses the ad module. As is common with adware, the majority of redirects take users to websites that advertise security software, ad blockers, and similar products. Sometimes, though, the victim is directed to a page that contains the malicious CAPTCHA. 

Unlike genuine CAPTCHAs, which are intended to safeguard websites from bots, this copycat promotes illicit resources. As with the previous stage, the victim does not always come across malware. For example, the CAPTCHA on one of the sites invites the visitor to scan a QR code, which leads to a betting site. 

The Trojans are distributed using CAPTCHAs that provide instructions. By clicking the "I'm not a robot" button, you can copy the powershell line.exe -eC bQBzAGgAdABhA <...>MAIgA= to the clipboard and displays the following "verification steps": 

  • To open the Run dialogue box, use Win + R. 
  • Subsequently, paste the clipboard line into the text field using CTRL + V. 
  • Finally, press Enter to execute the code. 

Payload: Amadey trojan

Researchers have discovered that the same effort is also propagating the Amadey Trojan. Since 2018, Amadey has been the subject of multiple security reports. In short, the Trojan downloads multiple modules that steal credentials from major browsers and Virtual Network Computing (VNC) systems. 

It also detects cryptocurrency wallet addresses in the clipboard and replaces them with those owned by the attackers. One of the modules can also capture screenshots. In some cases, Amadey downloads the Remcos remote access tool to the victim's device, allowing the attackers complete control over it. 

From September 22 to October 14, 2024, over 140,000 users encountered ad scripts. According to Kaspersky's telemetry data, more than 20,000 of these 140,000 users were routed to infected sites, where some encountered a phoney update notification or a fake CAPTCHA. Users from Brazil, Spain, Italy, and Russia were the most commonly affected.
Read more »
Sextortion Scam
Cyber Attacks Cyber Awareness Email Fraud Email Phishing Email Spoofing Online Security Personal Data Phishing Scams Sextortion Scam

How to Protect Yourself Against Phishing Extortion Scams Involving Personal Data

 

Imagine receiving an email with a photo of your house, address, and a threatening message that seems ripped from a horror movie. Unfortunately, this is the reality of modern phishing scams, where attackers use personal information to intimidate victims into paying money, often in cryptocurrency like Bitcoin. One victim, Jamie Beckland, chief product officer at APIContext, received a message claiming to have embarrassing video footage of him, demanding payment to keep it private. 

While such emails appear terrifying, there are ways to verify and protect yourself. Many images in these scams, such as photos of homes, are copied from Google Maps or other online sources, so confirming this can quickly expose the scam. To check if an image is pulled from the internet, compare it to Google Maps street views. Additionally, always scrutinize email addresses for legitimacy. Cybersecurity expert Al Iverson from Valimail advises checking for any small variations in the sender’s email domain and examining SPF, DKIM, and DMARC authentication results to determine if the email domain is real. 

Be cautious if a message appears to come from your own email address, as it’s often just a spoofed sender. Links in phishing emails can lead to dangerous sites. Founder of Loop8, Zarik Megerdichian, recommends extreme caution and encourages reporting such scams to the Federal Trade Commission (FTC). Monitoring your financial accounts, disputing unauthorized charges, and updating or canceling compromised payment methods are other essential steps. To reduce vulnerability, it’s wise to change your passwords, set up a VPN, and isolate your network. Yashin Manraj, CEO of Pvotal Technologies, suggests transferring critical accounts to a new email, informing your family about the scam, and reporting it to law enforcement, such as the FBI, if necessary. 

One of the best defenses against these types of scams is to control your data proactively. Only share essential information with businesses, and avoid giving excessive details to online services. Megerdichian emphasizes the importance of asking whether every piece of data is truly necessary, as oversharing can open the door to future scams. 

With these strategies, individuals can better protect themselves from extortion phishing scams. It’s crucial to stay vigilant and avoid interacting with suspicious emails, as this will help shield you from falling victim to increasingly sophisticated cyber threats.
Read more »
ProPublica
Cyber Attacks Facebook Ads Facebook Hackers fake ads Hackers Internet scammers Meta Online Security ProPublica

Meta Struggles to Curb Misleading Ads on Hacked Facebook Pages

 

Meta, the parent company of Facebook, has come under fire for its failure to adequately prevent misleading political ads from being run on hacked Facebook pages. A recent investigation by ProPublica and the Tow Center for Digital Journalism uncovered that these ads, which exploited deepfake audio of prominent figures like Donald Trump and Joe Biden, falsely promised financial rewards. Users who clicked on these ads were redirected to forms requesting personal information, which was subsequently sold to telemarketers or used in fraudulent schemes. 

One of the key networks involved, operating under the name Patriot Democracy, hijacked more than 340 Facebook pages, including verified accounts like that of Fox News meteorologist Adam Klotz. The network used these pages to push over 160,000 deceptive ads related to elections and social issues, with a combined reach of nearly 900 million views across Facebook and Instagram. The investigation highlighted significant loopholes in Meta’s ad review and enforcement processes. While Meta did remove some of the ads, it failed to catch thousands of others, many with identical or similar content. Even after taking down problematic ads, the platform allowed the associated pages to remain active, enabling the perpetrators to continue their operations by spawning new pages and running more ads. 

Meta’s policies require ads related to elections or social issues to carry “paid for by” disclaimers, identifying the entities behind them. However, the investigation revealed that many of these disclaimers were misleading, listing nonexistent entities. This loophole allowed deceptive networks to continue exploiting users with minimal oversight. The company defended its actions, stating that it invests heavily in trust and safety, utilizing both human and automated systems to review and enforce policies. A Meta spokesperson acknowledged the investigation’s findings and emphasized ongoing efforts to combat scams, impersonation, and spam on the platform. 

However, critics argue that these measures are insufficient and inconsistent, allowing scammers to exploit systemic vulnerabilities repeatedly. The investigation also revealed that some users were duped into fraudulent schemes, such as signing up for unauthorized monthly credit card charges or being manipulated into changing their health insurance plans under false pretences. These scams not only caused financial losses but also left victims vulnerable to further exploitation. Experts have called for more stringent oversight and enforcement from Meta, urging the company to take a proactive stance in combating misinformation and fraud. 

The incident underscores the broader challenges social media platforms face in balancing open access with the need for rigorous content moderation, particularly in the context of politically sensitive content. In conclusion, Meta’s struggle to prevent deceptive ads highlights the complexities of managing a vast digital ecosystem where bad actors continually adapt their tactics. While Meta has made some strides, the persistence of such scams raises serious questions about the platform’s ability to protect its users effectively and maintain the integrity of its advertising systems.
Read more »
Online Security
cookie theft Cookies Cyber Security cybercriminals FBI Hacking https MFA Bypass Online Security

FBI Warns of Cybercriminals Stealing Cookies to Bypass Security

 

Cybercriminals are now targeting cookies, specifically the “remember-me” type, to gain unauthorized access to email accounts. These small files store login information for ease of access, helping users bypass multi-factor authentication (MFA). However, when a hacker obtains these cookies, they can use them to circumvent security layers and take control of accounts. The FBI has alerted the public, noting that hackers often obtain these cookies through phishing links or malicious websites that embed harmful software on devices. Cookies allow websites to retain login details, avoiding repeated authentication. 

By exploiting them, hackers effectively skip the need for usernames, passwords, or MFA, thus streamlining the process for unauthorized entry. This is particularly concerning as MFA typically acts as a crucial security measure against unwanted access. But when hackers use the “remember-me” cookies, this layer becomes ineffective, making it an appealing route for cybercriminals. A primary concern is that many users unknowingly share these cookies by clicking phishing links or accessing unsecured sites. Cybercriminals then capitalize on these actions, capturing cookies from compromised devices to access email accounts and other sensitive areas. 

This type of attack is less detectable because it bypasses traditional security notifications or alerts for suspicious login attempts, providing hackers with direct, uninterrupted access to accounts. To combat this, the FBI recommends practical steps, including regularly clearing browser cookies, which removes saved login data and can interrupt unauthorized access. Another strong precaution is to avoid questionable links and sites, as they often disguise harmful software. Additionally, users should confirm that the websites they visit are secure, checking for HTTPS in the URL, which signals a more protected connection. 

Monitoring login histories on email and other sensitive accounts is another defensive action. Keeping an eye on recent activity can help users identify unusual login patterns or locations, alerting them to possible breaches. If unexpected entries appear, changing passwords and re-enabling MFA is advisable. Taking these actions collectively strengthens an account’s defenses, reducing the chance of cookie-based intrusions. While “remember-me” cookies bring convenience, their risks in today’s cyber landscape are notable. 

The FBI’s warning underlines the importance of digital hygiene—frequently clearing cookies, avoiding dubious sites, and practicing careful online behavior are essential habits to safeguard personal information.
Read more »
WiFi
Cyber Threats Encryption Online Security Privacy WiFi

How Ignoring These Wi-Fi Settings Can Leave You Vulnerable to Hackers

 

In today's plugged-in world, most of us rely on the Internet for nearly everything from shopping and banking to communicating with family members. Whereas increasing reliance on the internet has exposed opportunities for doing just about anything remotely, it also increases the chances that cyber thieves will target your home Wi-Fi network looking for a weak point to pry into. Thus, securing your home network is critical to your own privacy.

The Importance of Router Settings

But for privacy lawyer Alysa Hutnik, the most common mistake isn't what people do but rather what they don't: namely, change the default settings on their Wi-Fi routers. The default settings on every router are public knowledge, and that's how hackers get in. "You wouldn't leave your front door open," she points out-a failure to alter these default settings is a little different from that.

The very first thing in securing your Wi-Fi network is changing the default password to something strong and unique. This would reduce the chances of unauthorised access significantly. You may also want to take a look at all the other configurations you can make on your router to optimise security features.

Encryption: Protecting Your Data

Another thing you should do to secure your home network is to enable encryption. Most of the current routers do offer some form of encryption options, like WPA (Wi-Fi Protected Access). This encrypts information in such a way that while travelling over your network, it makes hacking even more inconvenient to intercept. If you have not enabled the encryption on your router then it's pretty much the same as leaving personal information lying around open for everyone to grab. A check on your settings and enabling the WPA encryption adds the much-needed layer of defence.

Check Security Settings on All Devices

Securing your home network doesn't stop at the router. Any device that connects to your Wi-Fi should have its privacy and security settings properly enabled as well. Hutnik says that whenever you bring home a new device, a new phone, smart speaker, or laptop, it takes a few minutes to read through the options for privacy and security settings. Many devices have configurations not optimised for security by default. Usually, those configurations can be customised in a minute or two.

Quick Easy-to-Follow Steps to Mitigate Risk

Beyond the configuration of your network and devices, Hutnik calls you to take a few extra precautionary actions regarding your privacy. One such action is sticking tape on your webcam when you are not using it. There is always the prospect of hackers taking control of your camera through malware, so spying on you. As simple as placing a sticker or a Post-it note on your webcam might give you relief over it.

Sure enough, these measures won't protect you from cyber-attacks right and left, but they certainly reduce the risk. The more of our lives we put online, the more important it becomes that we take time to harden our home networks and equipment.

Stay Vigilant and Stay Protected

This will help protect you more from hackers and other online threats: understanding home network vulnerabilities and taking preventive actions about routers, using encryption, and checking your devices' settings. It involves the little things like covering your webcam and thereby trying to ensure that these little habits make you a safer human being on the internet.


Take small steps in securing your home network to avoid many future headaches and ensure that your personal info does not end up in cyber-criminals' pockets.


Read more »
User Privacy
ACR Online Security Smart TV Technology User Privacy

Here's How to Stop Smart TV From Harvesting Your Personal Data

 

Watching television seems to be a benign pastime, but as all TVs become "smart" and link to the internet via your network, they will be able to track you as well. When you turn on a smart TV from LG, Samsung, or Sony, data is collected from the TV itself, as well as the operating system and apps. Then there are the gadgets you connect to your television, like Google's Chromecast, Apple TV, and Amazon's Fire Stick. 

A TV is now more than just a screen for entertainment; it's a two-way mirror that lets a network of data brokers and advertisers watch you in real time, stated Rowenna Fielding, director of data protection consultancy Miss IG Geek. “The purpose of this is to gather as much information as possible about your behaviour, interests, preferences and demographics so it can be monetised, mainly through targeted advertising.”

Your smart TV's data collection relies on the manufacturer, brand, and version. In theory, most smart TVs can gather audio, video, and TV usage data, according to Toby Lewis, global head of threat analysis at cybersecurity firm Darktrace. 

Voice activation is a function that has the ability to collect significant volumes of data. Microphones and software listen for instructions and can record conversations and other noises within range. These recordings can be sent to third parties for analysis. 

What does your TV do with the data?

There is no clear answer. According to Lewis, what is done with the data is complex and "highly opaque". When looking at what a smart TV does on the network, it is often unclear why certain data is being harvested and where it is being sent.

There isn't much distinction between television brands. Manufacturers claim to utilise your information for "personalisation" and content quality, although it is usual to sell anonymous or semi-anonymized data to third parties, advertising companies, or streaming services. 

“After the data has been sold, it is out of the manufacturer’s control,” Lewis explains. "It is often unclear what data exactly is being sent back, depending on the T&Cs and privacy settings, and it can be very difficult to change default settings once you have agreed to them.”

What is Automatic Content Recognition (ACR)? 

Automated content recognition (ACR) is one alarming feature to keep an eye out for. This feature, which is frequently enabled by default, uses analytical techniques to detect video and audio on the TV and compares it to a large database to determine what is playing. It's fairly disturbing stuff; ACR works on anything played on television, including DVDs, Blu-rays, CDs, and games.

Jake Moore, global cybersecurity adviser at security company ESET, explains that viewing data and habits are shared with manufacturers and eventually sold to advertisers in order to target you with adverts. When your TV is connected to your home router, data will include your IP address and position.

Lewis adds that ACR may theoretically be utilised for even more ominous profiling. "Data from facial recognition, sentiment analysis, speech-to-text, and content analysis could be gathered to build an in-depth picture of an individual user with the analytical technologies available." 

Lewis suggests that rather than comparing material to a catalogue of well-known films, ACR may theoretically be examined for factors like political stance, ethnicity, social status, and other characteristics that could be misused. 

Safety tips 

Smart TVs will gather data as long as they are connected to the internet, and it is impossible to prevent this from happening. In many cases, doing so is not in your best interests because it will interfere with your viewing experience; for example, Netflix's useful suggestions tool. 

However, there are several simple steps you may take to protect yourself from smart TV snooping. Turn off ACR in the settings, disable customisation, opt out of all advertising features, and hide or disable cameras and microphones. 

It's also vital to secure your router by changing the password and creating a guest network. You may increase security by opting out of online tracking when it's provided and installing software updates as soon as possible.
Read more »
Online Security
Cyber Security Cyber terrorism Data Theft Dubai Authorities Online Security

Biometric Data Theft and Cyberterrorism Are The Major Future Threats

 

Cyberterrorism, biometric data poisoning, and metaverse crimes are the most serious digital threats that humans are expected to face in the future, a senior Dubai official said. 

Major Tarek Belhoul, head of Dubai Police's virtual assets crime branch, stated, we see a significant increase in crime in the metaverse and digital space as our economies transition to digital economies in the years to come. Data poisoning is highly concerning. 

"A lot of people talk about ChatGPT, which stands on existing data available on the internet. We all know that data on the internet is not 100 percent solid. So the big question is how will AI be able to identify what is good and bad data. If state actors and criminals want to operate in that space, just spoil the data as much as they can. We see that it is used a lot in today’s propaganda warfare from a tool aspect,” Belhoul stated.

He elaborated on the use of technologies to commit crime, stating that biometric data (fingerprints, iris scans, voice, and facial recognition) is being used to impersonate victims and gain unauthorised access; malware and ransomware have been repeatedly used to commit crimes and extort money; and criminals are exploiting IoT device vulnerabilities. Belhoul also stated that cyberterrorism is expected to be the most significant challenge as the role of technology advances.

Major Tarek Belhoul also recommended UAE parents to spend an hour per day with their children learning about their internet activities and the online pals with whom they play games. 

“I cannot emphasise more than ever before that those who have kids under the age of 10 years should spend an hour with them and understand what they are doing with their phones. Don’t take away their phones, but having a conversation with them is very important,” he added.

He also stated that due to the volume of activity in the gaming industry, Dubai Police established a separate unit dedicated solely to specific digital crimes involving children. The two-day National Summit on Financial Crime Compliance kicked off in Abu Dhabi on Wednesday. Leading officials from the UAE Central Bank, Ministry of Economy, the United States, Europe, and the Gulf Cooperation Council discussed the world's ongoing financial and cybercrime concerns.
Read more »
trending news
Google News Online Security Technology trending news

Google Begins Testing Verified Checkmarks for Websites in Search Results

 

Google has started testing a new feature in its search results that adds a blue checkmark next to certain websites, aiming to enhance user security while browsing. As of now, this experiment is limited to a small number of users and websites, with the checkmarks appearing next to well-known companies such as Microsoft, Meta, and Apple. The blue checkmark serves as an indicator that the website is verified by Google. 

When users hover over the checkmark, a message explains, “This icon is being shown because Google’s signals suggest that this business is the business that it says it is.” However, Google clarifies that this verification does not guarantee the full reliability of the website, meaning users should still exercise caution. 

This feature resembles Google’s previous initiative, the BIMI (Brand Indicators for Message Identification) system, introduced in Gmail in 2023. BIMI uses blue markers to verify the authenticity of email senders, ensuring that businesses sending emails are legitimate and own the domains and logos they use. 

The goal of BIMI was to combat phishing and other malicious activities by allowing users to quickly identify verified businesses. While the checkmark feature is currently only being tested with a select group of users and websites, it has the potential to be expanded in the future. 

If widely implemented, it could help users easily identify trusted websites directly from search results, offering an extra level of safety when browsing the internet. Although it is unclear when or if Google plans to roll out the feature to all users, a company spokesperson confirmed that the test is underway. 

This new experiment could be a step towards making the internet a safer space, particularly as users grow more concerned about online threats such as phishing and scams. For now, Google is monitoring the test to assess its effectiveness before deciding on a broader launch.
Read more »
Ransomware
Cyber Attacks MoneyGram Online Security Payment Platform Ransomware

MoneyGram: No Proof Ransomware Was Behind The Recent Cyber Attack

 

MoneyGram, a payment provider, claims there is no proof that ransomware was behind a recent incident that caused a five-day outage in September. 

MoneyGram is an American payment and money transfer platform that allows customers to send and receive money through a vast network of 350,000 physical locations in 200 countries, as well as through its mobile app and website. 

The payment platform acknowledged a cyberattack and took systems offline to limit the incident on September 20, three days after customers began reporting concerns. 

Customers were unable to access and transfer money, as well as engage in other online activities, due to the disruption of IT services. While many suspected a ransomware assault, MoneyGram provided no additional information, and no ransomware group claimed responsibility.

MoneyGram stated in an email to stakeholders on September 25 with new information regarding the cyberattack, which BleepingComputer obtained, that customers can now transfer payments again. However, the payment platform acknowledged that corporate systems had been compromised, law enforcement, other cybersecurity experts, and CrowdStrike's investigation revealed no proof that ransomware was the cause of the attack. 

"After working with leading external cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational, and we have resumed money transfer services," the payment platform stated.

"We recognize the importance of system security as we take these actions. We restored our systems only after taking extensive precautionary measures. At this time, we have no evidence that this issue involves ransomware nor do we have any reason to believe that this has impacted our agents' systems.”

While MoneyGram has not officially identified a specific threat actor, the techniques are similar to those used by Scattered Spider, a loosely organised hacker organisation.

In September 2023, Scattered Spider was responsible for a cyberattack against MGM Resorts, which they breached by impersonating an MGM employee and calling the IT help desk to change the password. Following their successful network intrusion, the threat actors encrypted hundreds of VMware ESXi systems using the BlackCat ransomware.
Read more »
zero-day exploit
Online Security User Security Vulnerabilities and Exploits Zero-Day Attack zero-day exploit

What is a Zero-Day Attack And How You Can Safeguard Against It?

 

The cyberthreats that are still unknown to us are the most severe. The majority of cyberdefenses rely on having prior knowledge of the attack's nature. We just don't know what zero days are, which is why they are so lethal. 

A zero-day attack occurs when cybercriminals abuse a software or hardware flaw that is totally unknown to developers and the larger cybersecurity community. Because no one is aware of the issue, no defences have been designed against it, making systems vulnerable. This implies that even if you're using top-tier cybersecurity software, such as the finest VPN or antivirus, you may still be vulnerable to zero-day assaults.

The term "zero-day" refers to the fact that security firms had zero days to repair or patch a vulnerability. Zero-day attacks are particularly dangerous because they are frequently leveraged by sophisticated hackers or nation-state groups to access highly guarded networks. These attacks can go undetected over an extended length of time, making them incredibly tough to defend against. 

In this article, I will explain what zero-day attacks are, how they work, and how you can safeguard yourself or your business from these hidden threats.

What are zero-day attacks? 

A zero-day attack is when a hacker exploits a previously unknown flaw. These vulnerabilities are defects or weaknesses in programming that allow for unintended actions, such as unauthorised network access. Once a hacker has identified a vulnerability, they can use it to access a network, install malware, steal data, or do other types of damage.

Zero-day exploits

This leads us nicely into the concept of zero-day exploits. Zero-day exploits are coded by hackers to cause a system to perform something it would not normally do by exploiting a vulnerability. This is the hacker's hidden weapon, allowing them to breach systems while remaining undetected. A hacker group may keep a large number of zero-day exploits on hand, ready to be used when the need arises.

These exploits are used to launch a zero-day assault. In most cases, a zero-day assault occurs when the public becomes aware of a vulnerability. Once the attack is identified, the race is on to remedy the vulnerability and avoid further abuse. 

Prevention tips

Install updates: It should go without saying that updating your software is essential. Upon the identification of a flaw and the release of a patch, it is imperative to promptly implement the update. Even while a zero-day attack may start with a very small number of targets, hackers can quickly create their own exploits once the larger security community is made aware of a vulnerability. 

Stay updated: Threat intelligence services also help you stay up to date on the latest emerging threats. These feeds provide real-time information on new vulnerabilities, exploits, and attack methodologies, allowing you to mitigate the risk by modifying your defences to resist them. 

Bolster the overall security of the network: Remember that a zero-day is not a skeleton key. It's a particular specific issue that enables a hacker to bypass a specific defence in your system. The more safeguards you put in place, such as two-factor authentication, antivirus, and antimalware, the better your chances of stopping a hacker in their tracks.
Read more »
Social Media attacks
Cyber Frauds Cyber Security CyberCriminal Online Security Phishing and Spam Social Media Social Media attacks

Protecting Your Business from Cybercriminals on Social Media

 

Social media has transformed into a breeding ground for cybercriminal activities, posing a significant threat to businesses of all sizes. According to recent reports, more than half of all companies suffer over 30% revenue loss annually due to fraudulent activities, with social media accounting for about 37% of these scams. This is alarming because even established tech giants like Yahoo, Facebook, and Google have fallen victim to these attacks. For smaller businesses, the threat is even greater as they often lack the robust security measures needed to fend off cyber threats effectively. 

Phishing scams are among the most prevalent attacks on social media. Cybercriminals often create fake profiles that mimic company employees or business partners, tricking unsuspecting users into clicking on malicious links. These links can lead to malware installations or trick individuals into revealing sensitive information like passwords or banking details. In some instances, fraudsters might also impersonate high-level executives to manipulate employees into transferring money or sharing confidential data. Another common method is social engineering, where cybercriminals manipulate individuals into taking actions they otherwise wouldn’t. 

For example, they might pretend to be company executives or representatives, convincing lower-level employees to share sensitive information, such as financial records or login credentials. This tactic is especially dangerous since it often appears as legitimate internal communication, making it harder for employees to recognize the threat. Credential stuffing is another significant concern. In this form of attack, cybercriminals use stolen credentials from data breaches to gain unauthorized access to social media accounts. This can lead to spam, data theft, or the spread of malware through the company’s official accounts, jeopardizing both the business’s reputation and its customers’ trust. Negative campaigns pose a different yet equally damaging threat. 

Attackers may post false reviews, complaints, or misinformation to tarnish a company’s image, resulting in lost sales, reduced customer loyalty, and even potential legal costs if the business decides to pursue legal action. Such campaigns can have long-lasting effects, making it difficult for companies to rebuild their reputations. Targeted advertising is another avenue for cybercriminals to exploit. They create deceptive ads that mislead customers or redirect them to malicious sites, damaging the company’s credibility and resulting in financial losses. To safeguard against these threats, businesses must take proactive steps. Using strong, unique passwords for social media accounts is essential to prevent unauthorized access. 

Responding quickly to any incidents can limit damage, and regular employee training on recognizing phishing attempts and social engineering tactics can reduce vulnerability. Managing access to social media accounts by limiting permissions to a select few employees can minimize risk. Additionally, regularly updating systems and applications ensures that security patches protect against known vulnerabilities. 

By implementing these preventive measures, businesses can better defend themselves against the growing threats posed by cybercriminals on social media, maintaining their reputation, customer trust, and financial stability.
Read more »
Privacy
Apple iCloud iOS18 Login Security Online Security Passwords Privacy

Say Goodbye to Login Struggles with Apple’s New ‘Passwords App’

 


With its much-awaited iOS 18, Apple is now launching an app called Passwords, created to help improve one of the oldest but least-tampered-with needs when it comes to digital security: password management. Now, the 'Passwords' app is downloadable on iPhones, iPads, and Macs. In an effort to make the habits of how users store and protect their digital credentials seem less mysterious, Apple is hoping to bring about better password security to millions of people with this long-standing feature being moved into a dedicated application.


All New Standalone Password Manager

Years ago, Apple's Keychain system stealthily protected its users' passwords, so they never had to remember complex login information for every app and website. But with iOS 18, Keychain is revamped and placed into an app that is not only visible but friendly to users: the new passwords app gathers all login credentials and passkeys in one place, thus making them easier to control. And this finally speaks to the increasing focus of Apple on usability as well as security- the app promises to be easier to use than ever before for consumers who are hardly familiar with password managers.

Apple's new app was warmly welcomed by Talal Haj Bakry and Tommy Mysk from the security firm Mysk because it represented a far easier approach toward password management. According to them, it will also make users realise that password management is quite essential by giving users a secure default tool preinstalled on every Apple device. Interestingly, Passwords makes use of end-to-end encryption, meaning no one, including Apple, knows what is saved in your credentials.


Password Manager Features and Design

In terms of design, the Passwords app presents a minimal interface with six main sections: All, Passkeys, Codes, Wi-Fi, Security, and Deleted. All these can be used to securely store several types of information. It's particularly noteworthy in the Security section, as this would identify weak or compromised passwords so that one can work out improved login credentials.

Apple saves all the login details synchronised through iCloud, hence a user can always access his or her account in whichever device he may be using. However, users who want to maintain their privacy are given the option of turning off the syncing feature for certain devices. With Face ID protection, the app is secured from unauthorised access by others.

All the information previously saved will automatically migrate from Keychain to Passwords, including sign-in details from the Sign In feature from Apple.


Why Improve Your Password Habits?

Part of that effort is Apple's Passwords, introducing passwords with the goal of streamlining and encouraging better password practices among users. According to cybersecurity expert Siamak Shahandashti, making the Passwords app more notable is encouraging users to start embracing stronger passwords and be more meticulous in the digital sphere in general. To Shahandashti, existing authentication systems are too complex for everyday folks, and that's what he sees the Apple app doing- filing in the gap.

The other feature is that the app supports passkeys, which are considered to be the next-generation replacement for passwords. Passkeys provide better security without having you remember such long, convoluted passwords. To promote the passwordless security feature, Apple automatically activated an option available in the security setting that enables existing accounts to be updated to utilise passkeys when possible.


Impact on the Password Management Industry

With its entry into the password management space, Apple holds high potential to seriously disrupt long-standing players in this area, namely third-party apps. As the new Passwords app on Apple is integrated throughout its ecosystem and synced through iCloud, it can easily attract many users searching for an easy included solution instead of seeking third-party apps. Critics instead point out that Apple locks users into the system when it constrains ease of exporting data to other platforms.

Ultimately, with so many options in the market for password management, this new application from Apple can turn out to be the "one stop shop" for millions of users. It simplifies password management and strengthens security, and hence forms a great option for those who haven't adopted a password manager yet or are looking for an integrated solution.

All in all, Apple's Passwords app is a meaningful step forward in digital security, letting people manage their passwords and passkeys in a streamlined and secure way. For many, it may be the perfect solution toward solving log-in issues while also amplifying online security.


Read more »
Reddit
Cyber Attacks Digital Infrastructure Hacker attack Hacking Tools North Korea Online Security Reddit

Hacker Who Took Down North Korea’s Internet Reveals Key Insight

 

Alejandro Caceres, known online as P4x, recently revealed himself as the hacker who managed to take down North Korea’s internet for over a week. This feat, conducted entirely from his home in Florida, has drawn significant attention, and Caceres recently took to Reddit to allow people to “ask him anything” about his experience hacking into one of the world’s most secretive and isolated nations. 

Caceres, a 38-year-old Colombian-American cybersecurity entrepreneur, was unmasked as the hacker behind this attack by Wired magazine. He explained that his actions were in retaliation after he was targeted by North Korean spies attempting to steal his hacking tools. In response, he decided to hit back by attacking North Korea’s internet infrastructure, a move that kept the country’s limited public websites offline for over a week. He told Wired, “It felt like the right thing to do here. If they don’t see we have teeth, it’s just going to keep coming.” In his Reddit thread, Caceres discussed the simplicity of his attack, saying, “Honestly, I’ve been asked this a lot. And I can’t really tell haha. I used to say nah it wasn’t that hard.” 

He later clarified, “People told me it wasn’t hard only because I’m trained in this.” Caceres took advantage of North Korea’s outdated and minimal internet infrastructure, which he described as “little sticks and glue.” He noted that North Korea has only two routers for internet ingress and egress, making it easier for a skilled hacker to disrupt the system. When asked about the possible consequences of his actions, Caceres admitted he had faced little to no backlash. “Everyone seems to sort of like it but cannot say that officially. Honestly, I expected a LOT more negativity just because that’s the natural order of things,” he remarked. 

The only attention he has received so far has been from intelligence agencies interested in learning how he managed the hack. He recounted how these meetings sometimes took place in basements, joking, “It was super X-Files type s**t but also like any normal meeting. Weird dissonance…” Reddit users also asked about the possible risks and repercussions of his actions. Caceres expressed surprise at not having faced any direct threats or legal actions. “I have not yet been murdered or arrested, so that’s pretty good,” he joked. 

As of now, Caceres has not faced any significant consequences beyond curiosity from intelligence agencies wanting to understand his methods. Caceres’s hack on North Korea serves as a reminder of how vulnerable even the most secretive and controlled nations can be to cyberattacks, especially when dealing with experienced hackers. While his actions have garnered admiration and a certain level of respect in online communities, they also raise questions about the potential consequences for international relations and cybersecurity norms. 

As the world increasingly relies on digital infrastructure, incidents like this highlight both the possibilities and the dangers of hacking in a hyperconnected world. Caceres, for his part, remains unrepentant and open about his motivations, positioning his actions as a form of digital self-defense and a warning against further provocations from hostile entities.
Read more »
STYX
Browser Security CyberCrime Data Breach Data Theft Malware Attack Malware Strains Online Security STYX

New Styx Stealer Malware Targets Browsers and Instant Messaging for Data Theft

 

A new malware strain known as Styx Stealer has recently emerged, posing a significant threat to online security. Discovered in April 2024, Styx Stealer primarily targets popular browsers based on the Chromium and Gecko engines, such as Chrome and Firefox. The malware is designed to pilfer a wide range of sensitive information from these browsers, including saved passwords, cookies, auto-fill data (which may include credit card details), cryptocurrency wallet information, system data like hardware specifics, external IP addresses, and even screenshots. 

The implications of such a broad data theft capability are alarming, as the stolen information could be used for identity theft, financial fraud, or even more targeted cyberattacks. Styx Stealer doesn’t stop at browsers. It also targets widely used instant messaging applications like Telegram and Discord. By compromising these platforms, the malware can gain access to users’ chats, potentially exposing sensitive conversations. This further exacerbates the threat, as the attackers could exploit this data to compromise the victim’s online identity or carry out social engineering attacks. The origins of Styx Stealer trace back to a Turkish cybercriminal who operates under the alias “Sty1x.” The malware is sold through Telegram or a dedicated website, with prices ranging from $75 per month to $350 for unlimited access. 

Interestingly, the malware’s discovery was aided by a critical mistake made by its developer. During the debugging process, the developer failed to implement proper operational security (OpSec) measures, inadvertently leaking sensitive data from their own computer to security researchers. This blunder not only exposed details about Styx Stealer’s capabilities and targets but also revealed the developer’s earnings and their connection to another notorious malware strain, Agent Tesla. Further forensic analysis uncovered a link between Sty1x and a Nigerian threat actor known by aliases such as Fucosreal and Mack_Sant. This individual had previously been involved in a campaign using Agent Tesla malware to target Chinese firms in various sectors. 

The connection between these two cybercriminals suggests potential collaboration, making Styx Stealer an even more formidable threat. Styx Stealer appears to be a derivative of the Phemedrone Stealer malware, inheriting core functionalities while introducing enhancements like auto-start and crypto-clipping features. These improvements make Styx Stealer more dangerous, increasing its potential to cause significant financial harm to its victims. The discovery of Styx Stealer highlights the ongoing evolution of cyber threats. Although the leak by the developer has likely disrupted Styx Stealer’s initial operations, it’s crucial to remain vigilant as cybercriminals adapt quickly.
Read more »
Online Security
Cyber Security data security Digital Landscape internet privacy Internet Safety Online Security

India’s Digital Sovereignty: Balancing Control and Freedom in the Internet Age

 

In the dynamic landscape of the digital world, the concept of digital sovereignty has become increasingly significant for governments around the globe. India, with its rapidly expanding internet user base, is part of this dialogue, striving to assert control over its digital domain. Digital sovereignty refers to a nation’s ability to govern and regulate digital information within its borders. This concept is fundamental to India’s endeavors to manage its internet infrastructure and data. 

India’s pursuit of digital sovereignty involves a series of legal and technical measures aimed at maintaining data within the country. This initiative is seen as a way to enhance the government’s ability to oversee and protect its digital space. However, this drive has sparked debates about the balance between state control and individual freedoms, particularly concerning freedom of expression. In a country known for its democratic values, internet freedom has sometimes been compromised in favor of security and control. A notable example is the frequent and prolonged internet shutdowns in Kashmir, which have drawn significant criticism. 

The Indian government is actively working on multiple fronts to tighten its grip on internet use. Central to this strategy are data localization laws, which mandate that data generated within India must be stored on local servers. This is intended to safeguard against foreign surveillance and cyber threats by keeping data under the jurisdiction of Indian laws. Data localization has broader implications beyond national security. For international companies operating in India, these laws present logistical and financial challenges, requiring investment in local data centers. 

Despite these challenges, the Indian government continues to advocate for data localization, arguing that it not only bolsters national security but also fosters local industry growth and enhances privacy protections under stringent local regulations. Critics, however, warn that such measures could hinder technological development and disrupt the international flow of information, impacting services that rely on cross-border data exchange. Another significant aspect of India’s digital sovereignty strategy is the proposed implementation of a unique identification number for citizens. This system would enable the government to closely monitor online activities, purportedly to prevent cybercrimes and other malicious activities. 

While proponents argue that this enhances security, opponents raise concerns about potential abuses of power, increased censorship, and the erosion of privacy. India’s efforts to enhance digital autonomy must be carefully managed to ensure that citizens’ rights are not compromised. This challenge is not unique to India; governments worldwide face similar dilemmas as they navigate the complexities of internet regulation. Recent discussions in Indian media highlight the challenges and implications of India’s drive for digital self-reliance. 

As the government seeks to implement stricter internet regulations, it must strike a balance between ensuring security and preserving freedom of expression. Achieving this balance is crucial to maintaining a digital environment that supports creativity, free speech, and global connectivity while safeguarding national security. One potential solution lies in robust data protection regulations. Clear guidelines on data collection, storage, and use can help protect individual privacy while allowing for necessary government oversight. Transparency and accountability measures are also vital in building public trust and preventing abuses of power. International cooperation is another key component in addressing digital sovereignty issues. Given the global nature of the internet, no single country can effectively regulate it in isolation. 

Collaborative efforts can help establish international norms and standards for internet governance, ensuring that security measures do not infringe upon citizens’ rights. India’s push for digital self-sufficiency reflects a broader global trend of increasing governmental control over the digital realm. While these efforts are often justified by security concerns, they must be balanced with the principles of freedom and openness that underpin the internet. The future of internet regulation will depend on how well countries like India manage to balance these competing priorities. 

India’s journey towards digital sovereignty offers valuable lessons. By carefully navigating the complexities of internet regulation, India has the potential to become a model for achieving digital sovereignty without undermining the principles of an open web. However, given the current political climate, the risk of misusing this authority remains a significant concern.
Read more »
Safety
Cyber Safety Cyber Security Data Online Security Safe Safety

How to Protect Your Online Accounts from Hackers

 

Hackers are increasingly targeting individuals to steal cryptocurrency, access bank accounts, or engage in stalking. Although these attacks are relatively rare, it's crucial to know how to protect yourself if you suspect someone has accessed your email or social media accounts.

A few years ago, I wrote a guide to help people secure their accounts. Many companies provide tools to enhance account security, which you can use even before contacting their support teams.

Here, we break down steps you can take across various online services.

First, it's important to note that these methods don't guarantee complete security. If you still feel compromised, consider consulting a professional, especially if you are a journalist, dissident, activist, or someone at higher risk.

Enable multi-factor authentication (MFA) on all your accounts, or at least the most critical ones like email, banking, and social media. This directory provides instructions for enabling MFA on over 1,000 websites. You don't have to use the recommended MFA app; many alternatives are available.

Some services also offer physical security keys or passkeys stored in password managers, providing high-level protection against password-stealing malware and phishing attacks.

Securing Your Gmail Account

If you suspect your Gmail account has been compromised, scroll to the bottom of your inbox and click on "Last account activity" in the bottom right corner. Then click on "Details" to see all the locations where your Google account is active. If you notice any unfamiliar activity, such as logins from different countries, click on "Security Checkup." Here, you can see which devices your account is active on and review recent security activity.

If you spot suspicious activity, click on "See unfamiliar activity?" and change your password. Changing your password will sign you out of all devices except those used for verification and third-party apps you've granted access to. To sign out from those devices, visit Google Support and click on the link to view apps and services with third-party access.

Consider enabling Google’s Advanced Protection for enhanced security. This feature makes phishing and hacking more difficult but requires purchasing security keys. It's highly recommended for individuals at higher risk.

Remember, your email account is likely linked to other important accounts, so securing it is crucial.

Checking Microsoft Outlook Security

To check if your Microsoft Outlook account has been accessed by hackers, go to your Microsoft Account, click on "Security" in the left-hand menu, and then under "Sign-in activity," click on "View my activity." You'll see recent logins, the platform and device used, browser type, and IP address. If anything looks suspicious, click on "Learn how to make your account more secure," where you can change your password and find instructions for recovering a hacked or compromised account.

Given that your email is often linked to other critical accounts, securing it is vital.

Securing Your Yahoo Account

Yahoo also provides tools to check your account and sign-in activity for unusual signs of compromise. Go to your Yahoo My Account Overview or click on the icon with your initial next to the email icon on the top right corner, then click on "Manage your account." Next, click on "Review recent activity." You can see recent activity on your account, including password changes, phone numbers added, and connected devices with their IP addresses.

Since your email is likely linked to sensitive sites like your bank, social media, and healthcare portals, it's essential to secure it diligently.

By following these steps and using the tools provided by these services, you can enhance the security of your online accounts and protect yourself from potential threats
Read more »
Subscribe to: Posts (Atom)