Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Privacy. Show all posts
Sandboxing
Cookies data security Google Google Chrome Google Chrome browser Google Chrome security Privacy Privacy Sandbox Sandboxing

Google Ends Privacy Sandbox, Keeps Third-Party Cookies in Chrome

 

Google has officially halted its years-long effort to eliminate third-party cookies from Chrome, marking the end of its once-ambitious Privacy Sandbox project. In a recent announcement, Anthony Chavez, VP of Privacy Sandbox, confirmed that the browser will continue offering users the choice to allow or block third-party cookies—abandoning its previous commitment to remove them entirely. 

Launched in 2020, Privacy Sandbox aimed to overhaul the way user data is collected and used for digital advertising. Instead of tracking individuals through cookies, Google proposed tools like the Topics API, which categorized users based on web behavior while promising stronger privacy protections. Despite this, critics claimed the project would ultimately serve Google’s interests more than users’ privacy or industry fairness. Privacy groups like the Electronic Frontier Foundation (EFF) warned users that the Sandbox still enabled behavioral tracking, and urged them to opt out. Meanwhile, regulators on both sides of the Atlantic scrutinized the initiative. 

In the UK, the Competition and Markets Authority (CMA) investigated the plan over concerns it would restrict competition by limiting how advertisers access user data. In the US, a federal judge recently ruled that Google engaged in deliberate anticompetitive conduct in the ad tech space—adding further pressure on the company. Originally intended to bring Chrome in line with browsers like Safari and Firefox, which block third-party cookies by default, the Sandbox effort repeatedly missed deadlines. In 2023, Google shifted its approach, saying users would be given the option to opt in rather than being automatically transitioned to the new system. Now, it appears the initiative has quietly folded. 

In his statement, Chavez acknowledged ongoing disagreements among advertisers, developers, regulators, and publishers about how to balance privacy with web functionality. As a result, Google will no longer introduce a standalone prompt to disable cookies and will instead continue with its current model of user control. The Movement for an Open Web (MOW), a vocal opponent of the Privacy Sandbox, described Google’s reversal as a victory. “This marks the end of their attempt to monopolize digital advertising by removing shared standards,” said MOW co-founder James Rosewell. “They’ve recognized the regulatory roadblocks are too great to continue.” 

With Privacy Sandbox effectively shelved, Chrome users will retain the ability to manage cookie preferences—but the web tracking status quo remains firmly in place.
Read more »
Zoom
APTs cryptocurrency CyberCrime Cyberfraud Cyberhackers Cybersecurity CyberThreat Elusive lazarus Privacy Zoom

Zoom Platform Misused by Elusive Comet Attackers in Fraud Scheme

 


Recent reports suggest that North Korean threat actors are now employing an alarming evolution in the tactics they employ to launch a sophisticated cybercrime operation known as Elusive Comet, a sophisticated cybercrime operation. This newly uncovered campaign demonstrates a way of exploiting Zoom's remote control capabilities to gain unauthorised access to cryptocurrency industry users' systems. 

It is clear from this development that a significant trend is occurring in which widely trusted communication platforms are being exploited as tools to facilitate high-level cyber intrusions. Security Alliance, one of the most reputable cybersecurity research organisations, conducted the investigation and analysis that led to the discovery. Elusive Comet exhibited some significant operational similarities to activities previously associated with North Korea's notorious Lazarus Group, a group which has been linked to North Korea for some years. 

The findings suggest that definitive attribution is yet to be made. Due to the lack of conclusive evidence, attempts to link this campaign with any known state-sponsored entity have been complicated, further demonstrating how covert cyberattacks have become increasingly common in the financial sector. This campaign, according to security experts, marks a dramatic departure from the traditional methods of gaining access to cryptocurrency targets previously used to attack them. This is because the attackers can leverage legitimate features of mainstream platforms such as Zoom, which not only makes their operations more successful but also makes detection and prevention much more difficult. 

Using such ubiquitous communication tools emphasises the need for enhanced security protocols in industries that handle digital assets to stay on top of digital threats. With the emergence of Elusive Comet, the threat landscape continues to evolve, and adversaries are increasingly adopting innovative approaches to bypass traditional defences, a reminder that the threat landscape is constantly changing and that adversaries are continuously evolving. The threat actors behind Elusive Comet have invested considerable resources into establishing a convincing online persona to maintain an appearance of legitimacy. 

To reinforce their facade of authenticity, they operate credible websites and maintain active social media profiles. As one example of the fraudulent entities that are associated with the group, Aureon Capital, a fake venture capital company posing as a legitimate company, Aureon Press, and The OnChain Podcast have all been carefully designed to trick unsuspecting individuals and businesses. 

The attackers usually contact users by sending them direct messages via X (formerly Twitter), or by contacting them via email, or by offering invitations to appear on their fabricated podcast as a guest. In the study, researchers found that after initiating contact and establishing a certain level of trust, attackers then move swiftly to set up a Zoom meeting under the pretext of learning more about the target's professional activities. 

It is common for key meeting details to be withheld until very near the time of the scheduled meeting, a tactic employed by the organisation to create an impression of urgency and encourage compliance among participants. A common occurrence is that victims are often asked to share their screens during the call so that they can demonstrate their work, and in doing so, they unknowingly expose their sensitive systems and data to the attackers. As a result of the Elusive Comet operation, Jake Gallen, CEO of the cryptocurrency company Emblem Vault, lost over $100,000 of his digital assets, which included his company's cryptocurrency. As a result, he was targeted after agreeing to participate in a Zoom interview with someone who was posing as a media person. 

By manipulating Gallen during the session into granting remote access to his computer under the disguise of technical facilitation, the attacker succeeded in obtaining his permission to do so. The attackers were able to install a malicious payload, referred to by the attackers as "GOOPDATE," which allowed them to gain access to his cryptocurrency wallets and steal the funds that resulted from this attack. 

It is clear from this incident that cryptocurrencies are vulnerable, especially among executives and high-net-worth individuals who interact regularly with media outlets and investors, which makes them particularly susceptible to sophisticated social engineering schemes because of their high level of exposure to these media outlets. Additionally, the breach emphasises that professionals operating in high-value financial sectors should have heightened awareness of cybersecurity and adopt stricter digital hygiene policies. 

A leading cybersecurity research and advisory firm specialising in forensics and advanced persistent threats (APTS), Security Alliance, meticulously tracked and analysed the Elusive Comet campaign, a campaign that is highly likely to persist for many years to come. Security Alliance published a comprehensive report in March 2025 detailing the tactics, techniques, and procedures (TTPS) used by threat actors and presenting comprehensive insights into these tactics. In their research, the attackers were able to install malware on victims' systems based primarily on a combination of social engineering and using Zoom's remote control features to get their malicious code into the systems of their victims. 

Despite drawing parallels between the methods used to conduct this campaign and those of the notorious Lazarus Group of North Korea, Security Alliance exercised caution when attributions were made. It was noted in the research that the similarities in techniques and tools could indicate common origins or shared resources; however, the researchers stressed the difficulties associated with attribution in a cyber threat landscape where various actors tend to duplicate or repurpose the methodologies of each other. 

Taking into account the methods employed by the Elusive Comet campaign, cryptocurrency professionals are strongly advised to take a comprehensive and proactive security posture to reduce the risk of falling victim to the same types of sophisticated attacks again. First and foremost, companies and individuals should make sure that Zoom's remote control feature is disabled by default, and that it is only enabled when necessary by the organisation and the individual. This functionality can be significantly restricted by restricting the use of this feature, which reduces the chances of cybercriminals exploiting virtual engagements as well.

It is also important to exercise increased caution in responding to unsolicited meeting invitations. When invitations are sent by an unknown or unverified source, it is essential to verify the identity of the requester through independent channels. In order to increase account security in cryptocurrency-related platforms, including digital wallets and exchanges, it is imperative to implement multi-factor authentication (MFA) as a critical barrier. 

MFA serves as an additional layer of protection if credentials are compromised as well, providing an extra layer of defence. Further, it will be beneficial for organisations to deploy robust endpoint protection solutions as well as maintain all software, including communication platforms such as Zoom, consistently updated, to protect against the exploitation of known vulnerabilities. Additionally, regular cybersecurity education and training for employees, partners, and key stakeholders is also extremely important. 

An organisation can strengthen the security awareness of its teams through the development of a culture of security awareness, which will allow them to identify and resist threat actors' tactics, such as social engineering, phishing attacks, and other deceptive tactics. The Elusive Comet operation highlights a broader, more dangerous threat to the cryptocurrency industry as cybercriminals are increasingly manipulating trusted communication tools to launch highly targeted and covert attacks targeting the crypto market. 

There is a strong possibility that the attacker may have been part of the North Korean Lazarus Group, but an official attribution remains elusive, further illustrating the difficulty in identifying cyber threat actors, yet there are some clear lessons to be learned from this attack. 

As today's cybersecurity landscape becomes more volatile and more complex, it is more important than ever for organisations to maintain vigilance, implement rigorous security protocols, and continually adapt to emerging threats to survive. The adversaries are continually refining their tactics, so the only people who can successfully safeguard the assets and reputation of their organisations and businesses against evolving threats to their identity and reputation will be those who invest in resilient defence strategies.
Read more »
Privacy
Cyberhackers Cybersecurity CyberThreat Fake PDF FBI information stealer PDF Exploits Privacy

Cybersecurity Alert Says Fake PDF Converters Stealing Sensitive Information

 


Online PDF converters provide efficient conversions of documents from one file format to another, and millions of individuals and businesses use these services to do so. However, this free service also poses significant cybersecurity risks despite its convenience. According to the Federal Bureau of Investigation's (FBI) advisory issued a month ago, cybercriminals have been increasingly exploiting online file conversion platforms to spread malware to consumers and businesses. 

As a result of the threat actor's embedding of malware into seemingly legitimate file conversion processes, data, financial information, and system security are being put at serious risk as a result. As the popularity of these services grows, so does the potential for widespread cyberattacks. Thus, users must exercise heightened caution when choosing tools for managing digital assets online and adhere to best practices when protecting their digital assets when selecting online tools. 

Among the many concerns regarding cyber threats that have recently erupted in the form of a report by a cybersecurity firm, a sophisticated malware campaign has been discovered that takes advantage of counterfeit PDF-to-DOCX conversion platforms to compromise users and expose their data. 

Using highly capable malware, this campaign can steal a wide variety of sensitive data, such as passwords, cryptocurrency wallets, and other confidential personal data from websites. This threat emerged in a matter of time following a public advisory issued by the Denver division of the FBI, warning the public of the increase in malicious file conversion services being used to spread malware. As a result of the findings of cybersecurity firm, cybercriminals have meticulously developed deceptive websites like candyxpdf[.]com and candyconverterpdf[.]com, which imitate the appearance and functionality of the legitimate file conversion service pdfcandy.com, to exploit the public. 

PDFcandy.com's original platform, well-known for its comprehensive PDF management tools, is reportedly attracting approximately 2.8 million visitors per month, making it a prime target for threat actors seeking to exploit its user base as a means of gaining a competitive advantage. A significant aspect of the platform is the significant number of users based in India, where 19.07% of its total traffic comes from, equivalent to approximately 533,960 users per month. As a result of this concentration, cybercriminals operating fraudulent websites have an ample pool of potential victims to exploit. 

According to data collected in March of 2025, the impersonating sites fetched approximately 2,300 and 4,100 visitors from unsuspecting users, indicating an early but concerning growth among those unaware of the impersonating sites. A growing number of sophisticated threats are being employed by threat actors, as indicated by these developments. They emphasize the need for heightened user vigilance and strong cybersecurity measures at all levels. 

An FBI report has highlighted the growing threat posed by fraudulent online document conversion tools, which have been issued by the Federal Bureau of Investigation (FBI). This is in response to an alert recently issued by the FBI Denver Field Office, which warns of the increasing use of these seemingly benign services not just by cybercriminals to steal sensitive user information, but also to install ransomware on compromised devices, in more severe cases. As a result of an alarming rise in reports concerning these malicious platforms, the agency issued a statement in response. 

There has been an increase in the number of deceptive websites offering free document conversion, file merging, and download services by attackers, as indicated in the FBI's advisory. It is important to note that although these tools often perform the file conversions promised, such as converting a .DOC file into a. A PDF file or merging multiple .JPG files into one.PD, the FBI warns that the final downloaded files may contain malicious code. It can be used by cybercriminals to gain unauthorised access to the victim’s device, thereby putting the victim in an extremely dangerous position in terms of cybersecurity. 

The agency also warns that documents that are uploaded to these platforms may contain sensitive information such as names, Social Security numbers, cryptocurrency wallet seeds and addresses, passphrases, email credentials, passwords, and banking information, among others. In addition to identity theft, financial fraud, and subsequent cyberattacks, such information can be exploited to steal identities, commit financial fraud, or commit further cyberattacks. 

The FBI Denver Field Office confirmed in a report that complaints were on the rise, with even the public sector reporting incidents recently in the metro Denver area. During her remarks, Vicki Migoya, FBI Denver Public Affairs Officer, pointed out that malicious actors often use subtle methods to deceive users. For instance, malicious actors alter a single character in a website URL or substitute suffixes such as “INC” for “CO” to create a domain name that is very similar to legitimate ones. Additionally, as search engine algorithms continue to prioritise paid advertisements, some of which may lead to malicious sites, users searching for “free online file converters” should be aware of this warning, as they may be particularly vulnerable to threats. 

Despite the FBI's decision to withhold specific technical details so as not to alert threat actors, the agency confirmed that such fraudulent tools remain a preferred method for spreading malware and infecting unsuspecting computer users. Upon investigating the malware campaign further, the FBI discovered that the deceptive methods employed by the fraudulent websites to compromise users were deceptively deceptive. 

When a user visits such websites, he or she is required to upload a PDF document to convert it into Word format. It is then shown that the website has a loading sequence that simulates a typical conversion process, to give the impression that the website is legitimate. Additionally, the site presents users with a CAPTCHA verification prompt as well, a method of fostering trust and demonstrating that the website complies with common security practices seen on reputable websites. Nevertheless, as soon as the user completes the CAPTCHA, they are deceptively instructed to execute a PowerShell command on their system, which is crucial to begin the malware delivery process. 

After the user clicks on Adobe. A zip file is then installed on the user's device and contains a malware infection called ArechClient, a family of information-stealing malware which is associated with the Sectopratt malware family. Known to be active since 2019, this particular strain of malware is specifically designed to gather a wide range of sensitive data, including saved usernames and passwords, as well as cryptocurrency wallet information and other important digital assets. 

Some of these malicious websites have been taken offline by authorities in recent weeks, but a recent report by a known cybersecurity firm states that over 6,000 people have visited these websites during the past month alone. Clearly, cybercriminals are actively exploiting this vulnerability at scale and with a high degree of frequency. Users must verify the legitimacy of any online conversion service they use due to the increasing sophistication of such attacks. 

During the time of a web-based search, it is essential to make sure that the website is legitimate, not a phoney copy that is being manipulated by hackers. If an unknowing compromise has taken place on a device, action must be taken immediately, such as isolating it and resetting all the associated passwords, to minimise any damage done. For sensitive file conversions, cybersecurity experts recommend using trustworthy offline tools whenever possible to reduce their exposure to online attacks.

As cyber threats to online file conversion services have become increasingly sophisticated, users must be increasingly vigilant and security-conscious when conducting digital activities. For all individuals and organisations to feel comfortable uploading or downloading any files to a website, they are strongly encouraged to check for its authenticity before doing so. Among the things that users should do is carefully examine URLS for subtle anomalies, verify a secure connection (HTTPS), and favour trusted, well-established platforms over those that are less-known or unfamiliar. 

In addition, users should avoid executing any unsolicited commands or downloading unexpected files, even when the website seems to be a genuine one. It is crucial to prioritise the use of offline, standalone conversion tools whenever possible, especially when dealing with sensitive or confidential documents. If it is suspected that a compromised device or computer has been compromised, immediate steps should be taken to isolate the affected device, reset all relevant passwords, and contact cybersecurity professionals to prevent a potential breach from taking place. 

In the age of cybercriminals who are constantly enhancing their tactics, fostering a culture of proactive cyber awareness and resilience is no longer optional, but rather a necessity. To combat these evolving threats, it will be imperative for organisations to consistently train staff, update security protocols, and effectively use best practices. Users need to exercise greater caution and make informed decisions to prevent themselves as well as their organisations from the far-reaching consequences of cyberattacks in the future.
Read more »
Tracking
Cyber Security Healthcare legislation Location Privacy surveillance Tracking

Why Location Data Privacy Laws Are Urgently Needed

 

Your location data is more than a simple point on a map—it’s a revealing digital fingerprint. It can show where you live, where you work, where you worship, and even where you access healthcare. In today’s hyper-connected environment, these movements are silently collected, packaged, and sold to the highest bidder. For those seeking reproductive or gender-affirming care, attending protests, or visiting immigration clinics, this data can become a dangerous weapon.

Last year, privacy advocates raised urgent concerns, calling on lawmakers to address the risks posed by unchecked location tracking technologies. These tools are now increasingly used to surveil and criminalize individuals for accessing fundamental services like reproductive healthcare.

There is hope. States such as California, Massachusetts, and Illinois are now moving forward with legislation designed to limit the misuse of this data and protect individuals from digital surveillance. These bills aim to preserve the right to privacy and ensure safe access to healthcare and other essential rights.

Imagine a woman in Alabama—where abortion is entirely banned—dropping her children at daycare and driving to Florida for a clinic visit. She uses a GPS app to navigate and a free radio app along the way. Without her knowledge, the apps track her entire route, which is then sold by a data broker. Privacy researchers demonstrated how this could happen using Locate X, a tool developed by Babel Street, which mapped a user’s journey from Alabama to Florida.

Despite its marketing as a law enforcement tool, Locate X was accessed by private investigators who falsely claimed affiliation with authorities. This loophole highlights the deeply flawed nature of current data protections and how they can be exploited by anyone posing as law enforcement.

The data broker ecosystem remains largely unregulated, enabling a range of actors—from law enforcement to ideological groups—to access and weaponize this information. Near Intelligence, a broker, reportedly sold location data from visitors to Planned Parenthood to an anti-abortion organization. Meanwhile, in Idaho, cell phone location data was used to charge a mother and her son with aiding an abortion, proving how this data can be misused not only against patients but also those supporting them.

The Massachusetts bill proposes a protected zone of 1,850 feet around sensitive locations, while California takes a broader stance with a five-mile radius. These efforts are gaining support from privacy advocates, including the Electronic Frontier Foundation.

“A ‘permissible purpose’ (which is key to the minimization rule) should be narrowly defined to include only: (1) delivering a product or service that the data subject asked for, (2) fulfilling an order, (3) complying with federal or state law, or (4) responding to an imminent threat to life.”

Time and again, we’ve seen location data weaponized to monitor immigrants, LGBTQ+ individuals, and those seeking reproductive care. In response, state legislatures are advancing bills focused on curbing this misuse. These proposals are grounded in long-standing privacy principles such as informed consent and data minimization—ensuring that only necessary data is collected and stored securely.

These laws don’t just protect residents. They also give peace of mind to travelers from other states, allowing them to exercise their rights without fear of being tracked, surveilled, or retaliated against.

To help guide new legislation, this post outlines essential recommendations for protecting communities through smart policy design. These include:
  • Strong definitions,
  • Clear rules,
  • Affirmation that all location data is sensitive,
  • Empowerment of consumers through a strong private right of action,
  • Prohibition of “pay-for-privacy” schemes, and
  • Transparency through clear privacy policies.
These protections are not just legal reforms—they’re necessary steps toward reclaiming control over our digital movements and ensuring no one is punished for seeking care, support, or safety.
Read more »
WhatsApp
AI tools Gmail Google Privacy WhatsApp

Gmail Users Face a New Dilemma Between AI Features and Data Privacy

 



Google’s Gmail is now offering two new upgrades, but here’s the catch— they don’t work well together. This means Gmail’s billions of users are being asked to pick a side: better privacy or smarter features. And this decision could affect how their emails are handled in the future.

Let’s break it down. One upgrade focuses on stronger protection of your emails, which works like advanced encryption. This keeps your emails private, even Google won’t be able to read them. The second upgrade brings in artificial intelligence tools to improve how you search and use Gmail, promising quicker, more helpful results.

But there’s a problem. If your emails are fully protected, Gmail’s AI tools can’t read them to include in its search results. So, if you choose privacy, you might lose out on the benefits of smarter searches. On the other hand, if you want AI help, you’ll need to let Google access more of your email content.

This challenge isn’t unique to Gmail. Many tech companies are trying to combine stronger security with AI-powered features, but the two don’t always work together. Apple tried solving this with a system that processes data securely on your device. However, delays in rolling out their new AI tools have made their solution uncertain for now.

Some reports explain the choice like this: if you turn on AI features, Google will use your data to power smart tools. If you turn it off, you’ll have better privacy, but lose some useful options. The real issue is that opting out isn’t always easy. Some settings may remain active unless you manually turn them off, and fully securing your emails still isn’t simple.

Even when extra security is enabled, email systems have limitations. For example, Apple’s iCloud Mail doesn’t use full end-to-end encryption because it must work with global email networks. So even private emails may not be completely safe.

This issue goes beyond Gmail. Other platforms are facing similar challenges. WhatsApp, for example, added a privacy mode that blocks saving chats and media, but also limits AI-related features. OpenAI’s ChatGPT can now remember what you told it in past conversations, which may feel helpful but also raises questions about how your personal data is being stored.

In the end, users need to think carefully. AI tools can make email more useful, but they come with trade-offs. Email has never been a perfectly secure space, and with smarter AI, new threats like scams and data misuse may grow. That’s why it’s important to weigh both sides before making a choice.



Read more »
Privacy
CyberCrime Cyberhackers CyberThreat Cybesecurity GNSS GPS GPS Spoofing Privacy

GPS Spoofing Emerges as a Serious Risk for Civil and Military Applications

 


The growing reliance on satellite-based navigation systems by modern aviation has raised serious concerns among global aviation authorities about the threat to the integrity of these systems that are emerging. As one such threat, GPS spoofing, is rapidly gaining attention for its potential to undermine the safety and reliability of aircraft operations, it is quickly gaining attention.

Global Navigation Satellite System (GNSS) spoofing, which is the act of transmitting counterfeit signals to confuse receivers of GNSS signals, has become an increasingly serious concern for aviation safety worldwide, including in India. As a result of this interference, the accuracy of aircraft navigation systems is compromised, as it compromises critical data related to location, navigation, and time. As a result, the risk of operational and security failures is significant. 

Several recent media articles have brought a renewed focus on the threat of GPS spoofing, which has become increasingly prevalent in recent years, along with its potential catastrophic impact on a variety of critical systems and infrastructure, most notably the aviation industry. There is a growing concern in this area because the incidence of spoofing incidents is on the rise in areas close to national borders, a region where the threat is particularly high.

An area of concern that has been raised in public discourse as well as parliamentary debate is the vicinity of the Amritsar border, which has drawn a significant amount of attention from the public. With an increasing prevalence of spoofing activities occurring in this strategically sensitive zone, there have been significant concerns raised about aircraft operating in the region's vulnerability, as well as the broader implications for national security and cross-border aviation safety that result from this activity. 

There is an ongoing disruption of GNSS signals in this area that is threatening not only the integrity of navigation systems, but it requires immediate policy attention, interagency coordination, and robust mitigation measures to be implemented. There is a report issued by OPS Group in September 2024 that illustrates the extent of the problem in South Asia. 

The report states that northwest New Delhi area and Lahore, Pakistan are experiencing an increased amount of spoofing activity, as evidenced by the report. The region was ranked ninth globally for the number of spoofing incidents between July 15 and August 15, 2024, with 316 aircraft being affected within the period. According to the findings of this study, enhanced monitoring, reporting mechanisms, and countermeasures are necessary to mitigate the risks that can arise from manipulating GPS signals within high-traffic air corridors. 

In GPS spoofing, also called GPS simulation or GPS spoofing, counterfeit signals are sent to satellite-based navigation systems to fool GPS receivers. This can cause GPS receivers to become deceived. By using this technique, the receiver can calculate an inaccurate location, which compromises the reliability of the data it provides. 

As a foundational component of a range of critical applications - including aviation navigation, maritime operations, autonomous systems, logistics, and time synchronisation across financial and communication networks - GPS technology serves as the basis for these applications. As a result, such interference would have profound implications for the community. It used to be considered a theoretical vulnerability for GPS spoofing, but today it has become a more practical and increasingly accessible threat that is becoming increasingly prevalent.

The advancement in technology, along with the availability of open-source software and hardware that can generate fake GPS signals at a very low cost, has significantly lowered the barrier to potential attackers being able to exploit the technology. There has been a considerable evolution in the world of cyber security, and this has created an environment in which not just governments, military institutions, but also commercial industries and individuals face serious operational and safety risks as a result of this.

Due to this, GPS spoofing has now become a broader cybersecurity concern that demands coordinated global attention and response rather than simply being an isolated incident. GPS spoofing refers to the practice of transmitting counterfeit satellite signals to mislead navigation systems into miscalculating their true position, velocity, and timing. A GPS jam is an interference in satellite communication that completely overpowers signals. 

In contrast, GPS spoofing works more subtly. In addition to subtly inserting false data that is often indistinguishable from genuine signals, this method also raises operational risk and makes detection more difficult. As a result of this deceptive nature, aviation systems, which rely heavily on satellite-based navigational data as a major component, are at serious risk. Since the GNSS signals originate from satellites positioned more than 20,000 kilometres above the Earth's surface, they are particularly susceptible to spoofing. 

The inherent weakness of these signals makes them particularly susceptible to spoofing. As a result of spoofed signals that are often transmitted from ground sources at higher intensity, onboard systems like the Flight Management System (FMS), Automatic Dependent Surveillance Systems (ADS-B/ADS-C), and Ground Proximity Warning Systems can override legitimate signals that are received by the Flight Management System. 

It is possible for aircraft to deviate from intended flight paths due to such manipulation, to misrepresent their location to air traffic controllers, or to encounter terrain hazards that were unforeseen—all of which compromise flight safety. There has been a significant advance in the use of spoofing beyond theoretical scenarios, and it is now recognized as an effective tool for both electronic warfare as well as asymmetric warfare. As a result, both state and non-state actors around the world have tapped into this technological resource to gain tactical advantages. 

According to reports during the Russian-Ukraine conflict, Russian forces employed advanced systems, such as the Krasukha-4 and Tirada-2, to spoof GNSS signals, effectively disorienting enemy drones, aircraft and missiles. An earlier example of this could be Iran's use of spoofing techniques in 2011 to take down an RQ-170 Sentinel drone controlled by the United States. The same thing happened during the Nagorno-Karabakh conflict between Azerbaijan and Armenia. 

The Azerbaijan government used extensive electronic warfare measures, such as GNSS spoofing, to disable the radar and air defense infrastructures of Armenia, which allowed Turkey and Israeli drones to operate almost with impunity during the conflict. As a result of these cases, I believe the strategic utility of spoofing in modern conflict scenarios has been reinforced, demonstrating its status as a credible and sophisticated threat to national and international security systems worldwide. 

To deal with GPS spoofing, a proactive and multi-pronged approach must be taken that includes technological safeguards, robust policy frameworks, as well as an increase in awareness initiatives. As the use of satellite-based navigation continues to increase, it is becoming increasingly important that stakeholders, such as governments, aviation authorities, and technology companies, invest in developing and implementing advanced anti-spoofing mechanisms to prevent this from happening.

There are several ways in which counterfeit signals can be detected and rejected in real time, including signal authentication protocols, anomaly detection algorithms, and secure hardware configurations, based on these protocols. Furthermore, user awareness has a significant impact on the success of counterfeit signals. Operators and organisations should develop a comprehensive knowledge of their GPS infrastructure and be aware of any unusual behaviours that could indicate spoofing attempts by tracking their GPS infrastructure. 

By regularly training employees, conducting system audits, and adhering to best practices in cybersecurity, businesses are significantly more likely to resist such attacks. Legal and ethical considerations are also critical to addressing GPS spoofing in many jurisdictions. The transmission of false navigation signals has the potential to carry severe penalties in many jurisdictions. To avoid unintended disruptions, GPS signal simulations must comply with regulatory standards and ethical norms, regardless of whether they are used for research, testing, or training purposes. 

Furthermore, keeping up with emerging technologies as well as rapidly evolving threat landscapes is essential. A reliable cybersecurity solution can serve as a critical line of defence when it is integrated with comprehensive security platforms, such as advanced threat detection software. GPS spoofing continues to grow in prominence, so it will be essential to coordinate an effort focused on vigilance, innovation, and accountability to safeguard the integrity of global navigation systems, as well as the many sectors that depend on them, in the future.
Read more »
secure VPN
customer privacy Cyber Security and Privacy Data Privacy encrypted European Union Messaging Apps Privacy secure VPN

ProtectEU and VPN Privacy: What the EU Encryption Plan Means for Online Security

 

Texting through SMS is pretty much a thing of the past. Most people today rely on apps like WhatsApp and Signal to share messages, make encrypted calls, or send photos—all under the assumption that our conversations are private. But that privacy could soon be at risk in the EU.

On April 1, 2025, the European Commission introduced a new plan called ProtectEU. Its goal is to create a roadmap for “lawful and effective access to data for law enforcement,” particularly targeting encrypted platforms. While messaging apps are the immediate focus, VPN services might be next. VPNs rely on end-to-end encryption and strict no-log policies to keep users anonymous. However, if ProtectEU leads to mandatory encryption backdoors or expanded data retention rules, that could force VPN providers to change how they operate—or leave the EU altogether. 

Proton VPN’s Head of Public Policy, Jurgita Miseviciute, warns that weakening encryption won’t solve security issues. Instead, she believes it would put users at greater risk, allowing bad actors to exploit the same access points created for law enforcement. Proton is monitoring the plan closely, hoping the EU will consider solutions that protect encryption. Surfshark takes a more optimistic view. Legal Head Gytis Malinauskas says the strategy still lacks concrete policy direction and sees the emphasis on cybersecurity as a potential boost for privacy tools like VPNs. Mullvad VPN isn’t convinced. 

Having fought against earlier EU proposals to scan private chats, Mullvad criticized ProtectEU as a rebranded version of old policies, expressing doubt it will gain wide support. One key concern is data retention. If the EU decides to require VPNs to log user activity, it could fundamentally conflict with their privacy-first design. Denis Vyazovoy of AdGuard VPN notes that such laws could make no-log VPNs unfeasible, prompting providers to exit the EU market—much like what happened in India in 2022. NordVPN adds that the more data retained, the more risk users face from breaches or misuse. 

Even though VPNs aren’t explicitly targeted yet, an EU report has listed them as a challenge to investigations—raising concerns about future regulations. Still, Surfshark sees the current debate as a chance to highlight the legitimate role VPNs play in protecting everyday users. While the future remains uncertain, one thing is clear: the tension between privacy and security is only heating up.
Read more »
Privacy
creditmonitoring Cybersecurity Databreach Dataleak Healthcare IdentityTheft labtesting medicalrecords PlannedParenthood Privacy

Over 1.6 Million Affected in Planned Parenthood Lab Partner Data Breach

 

A cybersecurity breach has exposed the confidential health data of more than 1.6 million individuals—including minors—who received care at Planned Parenthood centers across over 30 U.S. states. The breach stems from Laboratory Services Cooperative (LSC), a company providing lab testing for reproductive health clinics nationwide.

In a notice filed with the Maine Attorney General’s office, LSC confirmed that its systems were infiltrated on October 27, 2024, and the breach was detected the same day. Hackers reportedly gained unauthorized access to sensitive personal, medical, insurance, and financial records.

"The information compromised varies from patient to patient but may include the following:
  • Personal information: Name, address, email, phone number
  • Medical information: Date(s) of service, diagnoses, treatment, medical record and patient numbers, lab results, provider name, treatment location
  • Insurance information: Plan name and type, insurance company, member/group ID numbers
  • Billing information: Claim numbers, bank account details, billing codes, payment card details, balance details
  • Identifiers: Social Security number, driver's license or ID number, passport number, date of birth, demographic data, student ID number"

In addition to patient data, employee information—including details about dependents and beneficiaries—may also have been compromised.

Patients concerned about whether their data is affected can check if their Planned Parenthood location partners with LSC via the FAQ section on LSC’s website or by calling their support line at 855-549-2662.

While it's impossible to reverse the damage of a breach, experts recommend immediate protective actions:

Monitor your credit reports (available weekly for free from all three major credit bureaus)

Place fraud alerts, freeze credit, and secure your Social Security number

Stay vigilant for unusual account activity and report potential identity theft promptly

LSC is offering 12–24 months of credit monitoring through CyEx Medical Shield Complete to impacted individuals. Those affected must call the customer service line between 9 a.m. and 9 p.m. ET, Monday to Friday, to get an activation code for enrollment.

For minors or individuals without an SSN or credit history, a tailored service named Minor Defense is available with a similar registration process. The enrollment deadline is July 14, 2025.
Read more »
social media platforms
CyberCrime Cyberhackers Cyberthreats Digital Service Privacy social media platforms

Why Personal Identity Should Remain Independent of Social Platforms

 


Digital services are now as important as other public utilities such as electricity and water in today's interconnected world. It is very important for society to expect a similar level of consistency and quality when it comes to these essential services, including the internet and the systems that protect personal information. In modern times, digital footprints are used to identify individuals as extensions of their identities, capturing their relationships, preferences, ideas, and everyday experiences. 

In Utah, the Digital Choice Act has been introduced to ensure that individuals have control over sensitive, personal, and personal information rather than being dominated by large technology corporations. Utah has taken a major step in this direction by enacting the act. As a result of this pioneering legislation, users have been given meaningful control over how their data is handled on social media platforms, which creates a new precedent for digital rights in modernity. 

Upon the enactment of Utah's Digital Choice Act, on July 1, 2026, it is anticipated that the act will make a significant contribution to restoring control over personal information to individuals, rather than allowing it to remain within the authority of large corporations who control it. As a result of the Act, users are able to use open-source protocols so that they can transfer their digital content and social connections from one platform to another using open-source protocols. 

As a result of this legislation, individuals can retain continuity in their digital lives – preserving relationships, media, and conversations – even when they choose to leave a platform. Furthermore, the legislation affirms the principle of data ownership, which provides users with the ability to permanently delete their data upon departure. Moreover, the Act provides a fundamentally new relationship between users and platforms. 

Traditional social media companies are well known for monetizing user attention, earning profits through targeted advertising and offering their services to the general public without charge. This model of economics involves the creation of a product from the user data. As a result of the Digital Choice Act, users' data ownership is placed back in their hands instead of corporations, so that they are the ones who determine how their personal information will be used, stored, and shared. As a central aspect of this legislation, there is a vision of a digital environment that is more open, competitive, and ethical. 

Essentially, the Act mandates interoperability and data portability to empower users and reduce entry barriers for emerging platforms, which leads to the creation of a thriving social media industry that fosters innovation and competition. As in the past, similar successes have been witnessed in other industries as well. In the US, the 1996 Telecommunications Act led to a massive growth in mobile communications, while in the UK, open banking initiatives were credited with a wave of fintech innovation. 

There is the promise that interoperability holds for digital platforms in the same way that it has for those sectors in terms of choice and diversity. Currently, individuals remain vulnerable to the unilateral decisions made by technology companies. There are limited options for recourse when it comes to content moderation policies, which are often opaque. As a result of the TikTok outage of January 2025, millions of users were suddenly cut off from their years-old personal content and relationships, demonstrating the fragility of this ecosystem. 

The Digital Choice Act would have allowed users to move their data and networks to a new platform with a seamless transition, eliminating any potential risks of service disruption, by providing them with the necessary protections. Additionally, many creators and everyday users are often deplatformed suddenly, leaving them with no recourse or the ability to restore their digital lives. By adopting the Act, users now can publish and migrate content across platforms in real-time, which allows them to share content widely and transition to services that are better suited to their needs.

A flexible approach to data is essential in today's digitally connected world. Beyond social media, the consequences of data captivity are becoming increasingly urgent, and the implications are becoming more pressing. 23andMe's collapse highlighted how vulnerable deeply personal information is in the hands of private companies, especially as artificial intelligence becomes more and more integrated into the digital infrastructure. This increases the threat of misuse of data exponentially. 

As the stakes of data misuse increase exponentially, robust, user-centred data protection systems are becoming increasingly necessary and imperative. There is no doubt that Utah has become a national leader in the area of digital privacy over the past few years. As a result of enacting SB 194 and HB 464 in 2024, the state focuses on the safety of minors and the responsibility for mental health harms caused by social media. As a result of this momentum, the Digital Choice Act offers a framework that other states and countries could replicate and encourage policymakers to recognize data rights as a fundamental human right, leveraging this momentum.

The establishment of a legal framework that protects data portability and user autonomy is essential to the development of a more equitable digital ecosystem. When individuals are given the power to take their information with them, the dynamics of the online world change—encouraging personal agency, responsibility and transparency. Such interoperability can already be achieved by using the tools and technologies that are already available. 

Keeping up with the digital revolution is essential. To ensure the future of digital citizenship, lawmakers, technology leaders, as well as civil society members must work together to prioritize the protection of personal identity online. There is a rapid change occurring in the digital world, which means that the responsibilities of those responsible for overseeing and designing it are also changing as well. 

There is no question that as data continues to transform the way people live, work, and connect, people need to have their rights to control their digital presence embedded at the core of digital policy. The Digital Choice Act serves as a timely blueprint for how governments can take proactive measures to address the mounting concern over data privacy, platform dominance, and a lack of user autonomy in the age of digital technology. 

Although Utah has taken a significant step towards implementing a similar law, other jurisdictions must also recognize the long-term social, economic, and ethical benefits of implementing similar legislation. As part of this strategy, open standards should be fostered, fair competition should be maintained, and mechanisms should be strengthened to allow individuals to easily move and manage their digital lives without having to worry about them. 

It is both necessary and achievable to see a future where digital identities do not belong to private corporations but are protected and respected by law instead. The adoption of user-centric principles and the establishment of regulatory safeguards that ensure transparency and accountability can be enough to ensure that technology serves the people and does not exploit them to the detriment of them. 

To ensure a healthy and prosperous society in an increasingly digital era, users must return control over their identity to a shared and urgent priority that requires bold leadership, collaborative innovation, and a greater commitment to digital rights to ensure a prosperous and prosperous society.
Read more »
Privacy
AI Policy AI vulnerabilities Artifical Intelligence CyberCrime CyberThreat Google Privacy

Ensuring AI Delivers Value to Business by Making Privacy a Priority

 


Many organizations are adopting Artificial Intelligence (AI) as a capability, but the focus is shifting from capability to responsibility. In the future, PwC anticipates that AI will be worth $15.7 trillion to the global economy, an unquestionable transformational potential. As a result of this growth, local GDPs are expected to grow by 26% in the next five years and hundreds of AI applications across all industries are expected to follow suit. 

Although these developments are promising, significant privacy concerns are emerging alongside them. AI relies heavily on large volumes of personal data, introducing heightened risks for misuse and data breaches. A prominent area of concern is the development of generative artificial intelligence (AI), which, in its misapplied state, can be used to create deceptive content, such as fake identities and manipulated images, which could pose serious threats to digital trust and privacy.

As Harsha Solanki of Infobip points out, 80% of organizations in the world are faced with cyber threats originating from poor data governance. This statistic emphasizes the scale of the issue. A growing need for businesses to prioritize data protection and adopt robust privacy frameworks has resulted in this statistic. During an era when artificial intelligence is reshaping customer experiences and operational models, safeguarding personal information is more than just a compliance requirement – it is essential to ethical innovation and sustained success in the future. 

Essentially, Artificial Intelligence (AI) is the process by which computer systems are developed to perform tasks that would normally require human intelligence. The tasks can include organizing data, detecting anomalies, conversing in natural language, performing predictive analytics, and making complex decisions based on this information. 

By simulating cognitive functions like learning, reasoning, and problem-solving, artificial intelligence can make machines process and respond to information in a way similar to how humans do. In its simplest form, artificial intelligence is a software program that replicates and enhances human critical thinking within digital environments. Several advanced technologies are incorporated into artificial intelligence systems to accomplish this. These technologies include machine learning, natural language processing, deep learning, and computer vision. 

As a consequence of these technologies, AI systems can analyze a vast amount of structured and unstructured data, identify patterns, adapt to new inputs, and improve over time. Businesses are relying increasingly on artificial intelligence to drive innovation and operational excellence as a foundational tool. In the next generation, organizations are leveraging artificial intelligence to streamline workflows, improve customer experiences, optimize supply chains, and support data-driven strategic decisions. 

Throughout its evolution, Artificial Intelligence is destined to deliver greater efficiency, agility, and competitive advantage to industries as a whole. It should be noted, however, that such rapid adoption also highlights the importance of ethical considerations, particularly regarding data privacy, transparency, and the ability to account for actions taken. Throughout the era of artificial intelligence, Cisco has provided a comprehensive analysis of the changing privacy landscape through its new 2025 Data Privacy Benchmark Study. 

The report sheds light on the challenges organizations face in balancing innovation with responsible data practices as well as the challenges they face in managing their data. With actionable information, the report provides businesses with a valuable resource for deploying artificial intelligence technologies while maintaining a commitment to user privacy and regulatory compliance as they develop AI technology. Finding the most suitable place for storing the data that they require efficiently and securely has been a significant challenge for organizations for many years. 

The majority of the population - approximately 90% - still favors on-premises storage due to perceived security and control benefits, but this approach often comes with increased complexity and increased operational costs. Although these challenges exist, there has been a noticeable shift towards trusted global service providers in recent years despite these challenges. 

There has been an increase from 86% last year in the number of businesses claiming that these providers provide superior data protection, including industry leaders such as Cisco, in recent years. It appears that this trend coincides with the widespread adoption of advanced artificial intelligence technologies, especially generative AI tools like ChatGPT, which are becoming increasingly integrated into day-to-day operations across a wide range of industries. This is also a sign that professional knowledge of these tools is increasing as they gain traction, with 63% of respondents indicating a solid understanding of the functioning of these technologies. 

However, a deeper engagement with AI carries with it a new set of risks as well—ranging from privacy concerns, and compliance challenges, to ethical questions regarding algorithmic outputs. To ensure responsible AI deployment, businesses must strike a balance between embracing innovation and ensuring that privacy safeguards are enforced. 

AI in Modern Business

As artificial intelligence (AI) becomes embedded deep in modern business frameworks, its impact goes well beyond routine automation and efficiency gains. 

In today's world, organizations are fundamentally changing the way they gather, interpret, and leverage data – placing data stewardship and robust governance at the top of the strategic imperative list. A responsible use of data, in this constantly evolving landscape, is no longer just an option; it's a necessity for innovation in the long run and long-term competitiveness. As a consequence, there is an increasing obligation for technological practices to be aligned with established regulatory frameworks as well as societal demands for transparency and ethical accountability, which are increasingly becoming increasingly important. 

Those organizations that fail to meet these obligations don't just incur regulatory penalties; they also jeopardize stakeholder confidence and brand reputation. As digital trust has become a critical asset for businesses, the ability to demonstrate compliance, fairness, and ethical rigor in AI deployment has become one of the most important aspects of maintaining credibility with clients, employees, and business partners alike. AI-driven applications that seamlessly integrate AI features into everyday digital tools can be used to build credibility. 

The use of artificial intelligence is not restricted to specific software anymore. It has now expanded to enhance user experiences across a broad range of sites, mobile apps, and platforms. Samsung's Galaxy S24 Ultra, for example, is a perfect example of this trend. The phone features artificial intelligence features such as real-time transcription, intuitive search through gestures, and live translation—demonstrating just how AI is becoming an integral part of consumer technology in an increasingly invisible manner. 

In light of this evolution, it is becoming increasingly evident that multi-stakeholder collaboration will play a significant role in the development and implementation of artificial intelligence. In her book, Adriana Hoyos, an economics professor at IE University, emphasizes the importance of partnerships between governments, businesses, and individual citizens in the promotion of responsible innovation. She cites Microsoft's collaboration with OpenAI as one example of how AI accessibility can be broadened while still maintaining ethical standards of collaboration with OpenAI. 

However, Hoyos also emphasizes the importance of regulatory frameworks evolving along with technological advances, so that progress remains aligned with public interests while at the same time ensuring the public interest is protected. She also identifies areas in which big data analytics, green technologies, cybersecurity, and data encryption will play an important role in the future. 

AI is becoming increasingly used as a tool to enhance human capabilities and productivity rather than as a replacement for human labor in organizations. In areas such as software development that incorporates AI technology, the shift is evident. AI provides support for human creativity and technical expertise but does not replace it. The world is redefining what it means to be "collaboratively intelligent," with the help of humans and machines complementing one another. AI scholar David De Cremer, as well as Garry Kasparov, are putting together a vision for this future.

To achieve this vision, forward-looking leadership will be required, able to cultivate diverse, inclusive teams, and create an environment in which technology and human insight can work together effectively. As AI continues to evolve, businesses are encouraged to focus on capabilities rather than specific technologies to navigate the landscape. The potential for organizations to gain significant advantages in productivity, efficiency, and growth is enhanced when they leverage AI to automate processes, extract insights from data, and enhance employee and customer engagement. 

Furthermore, responsible adoption of new technologies demands an understanding of privacy, security, and thics, as well as the impact of these technologies on the workforce. As soon as AI becomes more mainstream, the need for a collaborative approach will become increasingly important to ensure that it will not only drive innovation but also maintain social trust and equity at the same time.
Read more »
Ransomware
Cyberattacks Data Privacy Private Information quiet ransomware Ransomware

The Growing Danger of Hidden Ransomware Attacks

 


Cyberattacks are changing. In the past, hackers would lock your files and show a big message asking for money. Now, a new type of attack is becoming more common. It’s called “quiet ransomware,” and it can steal your private information without you even knowing.

Last year, a small bakery in the United States noticed that their billing machine was charging customers a penny less. It seemed like a tiny error. But weeks later, they got a strange message. Hackers claimed they had copied the bakery’s private recipes, financial documents, and even camera footage. The criminals demanded a large payment or they would share everything online. The bakery was shocked— they had no idea their systems had been hacked.


What Is Quiet Ransomware?

This kind of attack is sneaky. Instead of locking your data, the hackers quietly watch your system. They take important information and wait. Then, they ask for money and threaten to release the stolen data if you don’t pay.


How These Attacks Happen

1. The hackers find a weak point, usually in an internet-connected device like a smart camera or printer.

2. They get inside your system and look through your files— emails, client details, company plans, etc.

3. They make secret copies of this information.

4. Later, they contact you, demanding money to keep the data private.


Why Criminals Use This Method

1. It’s harder to detect, since your system keeps working normally.

2. Many companies prefer to quietly pay, instead of risking their reputation.

3. Devices like smart TVs, security cameras, or smartwatches are rarely updated or checked, making them easy to break into.


Real Incidents

One hospital had its smart air conditioning system hacked. Through it, criminals stole ten years of patient records. The hospital paid a huge amount to avoid legal trouble.

In another case, a smart fitness watch used by a company leader was hacked. This gave the attackers access to emails that contained sensitive information about the business.


How You Can Stay Safe

1. Keep smart devices on a different network than your main systems.

2. Turn off features like remote access or cloud backups if they are not needed.

3. Use security tools that limit what each device can do or connect to.

Today, hackers don’t always make noise. Sometimes they hide, watch, and strike later. Anyone using smart devices should be careful. A simple gadget like a smart light or thermostat could be the reason your private data gets stolen. Staying alert and securing all devices is more important than ever.


Read more »
Yoojo
AppSecurity CloudMisconfiguration CloudStorage Cybersecurity Data Breach Europe GDPR IdentityTheft Leak PersonalData phishing Privacy TechSecurity UserPrivacy Yoojo

Yoojo Exposes Millions of Sensitive Files Due to Misconfigured Database

 

Yoojo, a European service marketplace, accidentally left a cloud storage bucket unprotected online, exposing around 14.5 million files, including highly sensitive user data. The data breach was uncovered by Cybernews researchers, who immediately informed the company. Following the alert, Yoojo promptly secured the exposed archive.

The database contained a range of personally identifiable information (PII), including full names, passport details, government-issued IDs, user messages, and phone numbers. This level of detail, according to experts, could be exploited for phishing, identity theft, or even financial fraud.

Yoojo offers an online platform connecting users with service providers for tasks like cleaning, gardening, childcare, IT support, moving, and homecare. With over 500,000 downloads on Google Play, the app has gained significant traction in France, Spain, the Netherlands, and the UK.

Cybernews stated that the exposed database was publicly accessible for at least 10 days, though there's no current evidence of malicious exploitation. Still, researchers cautioned that unauthorized parties might have already accessed the data. Yoojo has yet to issue a formal comment on the incident.

“Leaked personal details enables attackers to create highly targeted phishing, vishing, and smishing campaigns. Fraudulent emails and SMS scams could involve impersonating Yoojo service providers asking for sensitive information like payment details or verification documents,” Cybernews researchers said.

The incident underscores how frequently misconfigured databases lead to data exposures. While many organizations rely on cloud services for storing confidential information, they often overlook the shared responsibility model that cloud infrastructure follows.

On a positive note, most companies act swiftly once made aware of such vulnerabilities—just as Yoojo did—by promptly restricting access to the exposed data.
Read more »
Workspace
Beta Enterprise Compliance CSE Cybersecurity Encryption Gmail Privacy S/MIME Security Workspace

Google Rolls Out Simplified End-to-End Encryption for Gmail Enterprise Users

 

Google has begun the phased rollout of a new end-to-end encryption (E2EE) system for Gmail enterprise users, simplifying the process of sending encrypted emails across different platforms.

While businesses could previously adopt the S/MIME (Secure/Multipurpose Internet Mail Extensions) protocol for encrypted communication, it involved a resource-intensive setup — including issuing and managing certificates for all users and exchanging them before messages could be sent.

With the introduction of Gmail’s enhanced E2EE model, Google says users can now send encrypted emails to anyone, regardless of their email service, without needing to handle complex certificate configurations.

"This capability, requiring minimal efforts for both IT teams and end users, abstracts away the traditional IT complexity and substandard user experiences of existing solutions, while preserving enhanced data sovereignty, privacy, and security controls," Google said today.

The rollout starts in beta with support for encrypted messages sent within the same organization. In the coming weeks, users will be able to send encrypted emails to any Gmail inbox — and eventually to any email address, Google added.

"We're rolling this out in a phased approach, starting today, in beta, with the ability to send E2EE emails to Gmail users in your own organization. In the coming weeks, users will be able to send E2EE emails to any Gmail inbox, and, later this year, to any email inbox."

To compose an encrypted message, users can simply toggle the “Additional encryption” option while drafting their email. If the recipient is a Gmail user with either an enterprise or personal account, the message will decrypt automatically.

For users on the Gmail mobile app or non-Gmail email services, a secure link will redirect them to view the encrypted message in a restricted version of Gmail. These recipients can log in using a guest Google Workspace account to read and respond securely.

If the recipient already has S/MIME enabled, Gmail will continue to use that protocol automatically for encryption — just as it does today.

The new encryption capability is powered by Gmail's client-side encryption (CSE), a Workspace control that allows organizations to manage their own encryption keys outside of Google’s infrastructure. This ensures sensitive messages and attachments are encrypted locally on the client device before being sent to the cloud.

The approach supports compliance with various regulatory frameworks, including data sovereignty, HIPAA, and export control policies, by ensuring that encrypted content is inaccessible to both Google and any external entities.

Gmail’s CSE feature has been available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers since February 2023. It was initially introduced in beta for Gmail on the web in December 2022, following earlier launches across Google Drive, Docs, Sheets, Slides, Meet, and Calendar.
Read more »
VPN
Apple Data Privacy Data Regulation Google Internet Privacy VPN

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Google (GOOGL) and Apple (AAPL) are under harsh scrutiny after a recent report disclosed that their app stores host VPN applications associated with a Chinese cybersecurity firm, Qihoo 360. The U.S government has blacklisted the firm. The Financial Times reports that 5 VPNs still available to U.S users, such as VPN Proxy master and Turbo VPN, are linked to Qihoo. It was sanctioned in 2020 on the charges of alleged military ties. 

Ilusion of Privacy: VPNs collecting data 

In 2025 alone, three VPN apps have had over a million downloads on Google Play and  Apple’s App Store, suggesting these aren’t small-time apps, Sensor Tower reports. They are advertised as “private browsing” tools, but the VPNs provide the companies with complete user data of their online activity. This is alarming because China’s national security laws mandate that companies give user data if the government demands it. 

Concerns around ownership structures

The intricate web of ownership structures raises important questions; the apps are run by Singapore-based Innovative Connecting, owned by Lemon Seed, a Cayman Islands firm. Qihoo acquired Lemon Seed for $69.9 million in 2020. The company claimed to sell the business months late, but FT reports the China-based team making the applications were still under Qihoo’s umbrella for years. According to FT, a developer said, “You could say that we’re part of them, and you could say we’re not. It’s complicated.”

Amid outrage, Google and Apple respond 

Google said it strives to follow sanctions and remove violators when found. Apple has removed two apps- Snap VPN and Thunder VPN- after FT contacted the business, claiming it follows strict rules on VPN data-sharing.

Privacy scare can damage stock valuations

What Google and Apple face is more than public outage. Investors prioritise data privacy, and regulatory threat has increased, mainly with growing concerns around U.S tech firms’ links to China. If the U.S government gets involved, it can result in stricter rules, fines, and even more app removals. If this happens, shareholders won’t be happy. 

According to FT, “Innovative Connecting said the content of the article was not accurate and declined to comment further. Guangzhou Lianchuang declined to comment. Qihoo and Chen Ningyi did not respond to requests for comment.”

Read more »
Studio Ghibli
Animation Artificial Intelligence ChatGPT-4o Privacy Studio Ghibli

Turned Into a Ghibli Character? So Did Your Private Info

 


A popular trend is taking over social media, where users are sharing cartoon-like pictures of themselves inspired by the art style of Studio Ghibli. These fun, animated portraits are often created using tools powered by artificial intelligence, like ChatGPT-4o. From Instagram to Facebook, users are posting these images excitedly. Big entrepreneurs and celebrities have partaken in this global trend, Sam Altman and Elon Musk to name a few.

But behind the charm of these AI filters lies a serious concern— your face is being collected and stored, often without your full understanding or consent.


What’s Really Happening When You Upload Your Face?

Each time someone uploads a photo or gives camera access to an app, they may be unknowingly allowing tech companies to capture their facial features. These features become part of a digital profile that can be stored, analyzed, and even sold. Unlike a password that you can change, your facial data is permanent. Once it’s out there, it’s out for good.

Many people don’t realize how often their face is scanned— whether it’s to unlock their phone, tag friends in photos, or try out AI tools that turn selfies into artwork. Even images of children and family members are being uploaded, putting their privacy at risk too.


Real-World Cases Show the Dangers

In one well-known case, a company named Clearview AI was accused of collecting billions of images from social platforms and other websites without asking permission. These were then used to create a massive database for law enforcement and private use.

In another incident, an Australian tech company called Outabox suffered a breach in May 2024. Over a million people had their facial scans and identity documents leaked. The stolen data was used for fraud, impersonation, and other crimes.

Retail stores using facial recognition to prevent theft have also become targets of cyberattacks. Once stolen, this kind of data is often sold on hidden parts of the internet, where it can be used to create fake identities or manipulate videos.


The Market for Facial Recognition Is Booming

Experts say the facial recognition industry will be worth over $14 billion by 2031. As demand grows, concerns about how companies use our faces for training AI tools without transparency are also increasing. Some websites can even track down a person’s online profile using just a picture.


How to Protect Yourself

To keep your face and personal data safe, it’s best to avoid viral image trends that ask you to upload clear photos. Turn off unnecessary camera permissions, don’t share high-resolution selfies, and choose passwords or PINs over face unlock for your devices.

These simple steps can help you avoid falling into the trap of giving away something as personal as your identity. Before sharing an AI-edited selfie, take a moment to think— are a few likes worth risking your privacy? Rather respect art and the artists who spend years perfecting their craft and maybe consider commissioning a portrait if you're that enthusiastic about it. 


Read more »
Subscribe to: Posts (Atom)