Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Software. Show all posts
Software
Businesses Cyber Attacks Finance Healthcare Online Safety organisations Software

Don’t Wait for a Cyberattack to Find Out You’re Not Ready

 



In today’s digital age, any company that uses the internet is at risk of being targeted by cybercriminals. While outdated software and unpatched systems are often blamed for these risks, a less obvious but equally serious problem is the false belief that buying security tools automatically means a company is well-protected.

Many businesses think they’re cyber resilient simply because they’ve invested in security tools or passed an audit. But overconfidence without real testing can create blind spots leaving companies exposed to attacks that could lead to data loss, financial damage, or reputational harm.


Confidence vs. Reality

Recent years have seen a rise in cyberattacks, especially in sectors like finance, healthcare, and manufacturing. These industries are prime targets because they handle valuable and sensitive information. A report by Bain & Company found that while 43% of business leaders felt confident in their cybersecurity efforts, only 24% were actually following industry best practices.

Why this mismatch? It often comes down to outdated evaluation methods, overreliance on tools, poor communication between technical teams and leadership, and a natural human tendency to feel “safe” once something has been checked off a list.


Warning Signs of Overconfidence

Here are five red flags that a company may be overestimating its cybersecurity readiness:

1. No Real-World Testing - If an organization has never run a simulated attack, like a red team exercise or breach test, it may not know where its weaknesses are.

2. Rare or Outdated Risk Reviews - Cyber risks change constantly. Companies that rely on yearly or outdated assessments may be missing new threats.

3. Mistaking Compliance for Security - Following regulations is important, but it doesn’t mean a system is secure. Compliance is only a baseline.

4. No Stress Test for Recovery Plans - Businesses need to test their recovery strategies under pressure. If these plans haven’t been tested, they may fail when it matters most.

5. Thinking Cybersecurity Is Only an IT Job - True resilience requires coordination across departments. If only IT is involved, the response to an incident will likely be incomplete.


Building Stronger Defenses

To improve cyber resilience, companies should:

• Test and monitor security systems regularly, not just once.

• Train employees to recognize threats like phishing, which remains a common cause of breaches.

• Link cybersecurity to overall business planning, so that recovery strategies are realistic and fast.

• Work with outside experts when needed to identify hidden vulnerabilities and improve defenses.


If a company hasn’t tested its cybersecurity defenses in the past six months, it likely isn’t as prepared as it thinks. Confidence alone won’t stop a cyberattack but real testing and ongoing improvement can.

Read more »
Software
CEN CoinDCX cryptocurrency CyberCrime Cybersecurity CyberThreat ETH Cyber Attacks Software

CoinDCX Suffers Rs 380 Crore Crypto Theft Linked to Insider Involvement

 


An important development underlining the growing threat of insider cybercrime has occurred in Bengaluru, when police arrested a software engineer who was suspected of committing a massive cryptocurrency heist that defrauded CoinDCX of approximately Rs 379 crore. Agarwal, a 30-year-old resident of Carmelaram and originally from Haridwar, Uttarakhand, was arrested on July 26 by the Whitefield CEN Crime Police, and is currently being held in custody. An investigation conducted by 

The Times of India prompted by a formal complaint from Neblio Technologies, the parent company of CoinDCX, led to the identification of Agarwal. As a consequence of the breach, which was reportedly made possible by Agarwal's login credentials, hackers were able to exploit confidential financial protocols within the exchange's infrastructure, prompting the exchange to investigate the potential for internal access vulnerabilities as a whole. 

There was a serious breach on July 19, when CoinDCX's internal monitoring systems flagged unusual activity within CoinDCX's digital infrastructure, which began to reveal the complex nature of the breach. According to Hardeep Singh's First Information Report that was submitted by CoinDCX on July 22, the attackers initially performed a seemingly benign 1USDT test transaction at 2:37 a.m., in an effort to test the security of the CoinDCX network.

It was followed shortly afterward by an unauthorized transfer worth $44 million, which was carried out by a high-value individual. As a means of evading detection and hindering recovery efforts, the stolen cryptocurrency was routed via a web of digital wallets, which significantly impeded traceability of the stolen cryptocurrency. 

Upon a subsequent investigation, authorities discovered signs that the company had been compromised internally, which led to the arrest of CoinDCX employee Rahul Agarwal. According to sources close to the investigation, Agarwal has been using a company-issued laptop to freelance without official authorization-a practice that has allegedly paid him about 15 lakh rupees in the last year alone. 

As suspected by investigators, Agarwal may have facilitated the high-profile heist by utilizing his internal access as a tool to facilitate a collaboration with external threat actors. With the progression of the investigation, an increasingly intricate narrative developed about the circumstances surrounding the breach. According to the senior police officials quoted in the Deccan Herald, Rahul Agarwal may have been a victim of a job-task fraud scam. 

A job-task fraud scheme involves cybercriminals offering payment in return for seemingly harmless tasks online, such as writing Google reviews. As soon as Agarwal started carrying out these tasks on his personal laptop, the perpetrators coerced him into switching to his company-issued device after he had initially used his personal laptop to do so. 

According to reports, the attackers obtained access to CoinDCX's internal systems as well as its digital asset wallets through this action, which he did not realize. A formal complaint was filed on July 22, after Hardeep Singh, the Vice President of Public Policy and Government Affairs of Neblio Technologies Pvt Ltd, CoinDCX's parent company, submitted a letter of complaint. This led the Whitefield Cyber, Economic, and Narcotics (CEN) Crime Police to issue a First Information Report.

A report was filed by Singh on July 19 at 2:37 a.m. regarding the infiltration of his company's wallet by unknown actors, resulting in an initiation of USDT - a stablecoin pegged to the dollar – 1 USDT. In the course of further investigation at 9:40 a.m the next morning, it was discovered that a significant volume of cryptocurrency had been sucked into six personal wallets that had not been identified by any of the parties, confirming the severity and scale of the attack. 

As a consequence of a sophisticated cyberattack that took place on July 19, CoinDCX suffered a major security breach, which resulted in the theft of approximately $44.2 million in cryptocurrency assets. A total of 155,000 SOL (Solana) and 4,400 ETH (Ethereum) funds were compromised, as initially identified by blockchain monitoring firms such as Cyvers via on-chain analysis, but there are no reports that customer wallets were affected by this breach. 

The stolen assets were actually withdrawn from an internal operating wallet which was used by the exchange to maintain liquidity and facilitate seamless transactions between various crypto trading pairs, much in the same way that banks hold reserve funds. A well-coordinated and rapid laundering operation was executed by the attackers, who transferred the stolen assets across several blockchain networks using a well-known cryptocurrency mixer tool called Tornado Cash to mask the source of the funds and obscure the trail.

CoinDCX confirmed that all its customers' funds remain safe and untouched, while the wallet affected was strictly for internal use. As a result of the incident, the company has covered the entire loss from its corporate treasury and provided an $11 million bounty in support of white-hat hackers who can assist in tracing and recovering the stolen funds by helping to locate and recover the stolen funds. 

There is no need to stress that the breach did not occur as a result of a vulnerability in CoinDCX's blockchain, rather it was caused by a compromise in CoinDCX's infrastructure. A cybersecurity expert explained that, although the blockchain (the "vault") still remains secure, the attacker exploited weaknesses in the software and infrastructure that the exchange used to interact with blockchain networks, known as the "lock on the vault's door."

CoinDCX has responded by strengthening its security protocols and partnering with leading cybersecurity firms to conduct a comprehensive forensic examination. In the event of CoinDCX's breach, it serves as a stark example of the critical security gaps that exist not only within the blockchain technology itself, but also within the infrastructure surrounding the technology that makes it possible for the technology to work. 

In spite of the fact that the core blockchain systems remained intact and no retail investor funds were compromised as a result of this incident, it highlighted the weaknesses that existed in the operational processes, access controls, and backend systems that connect the platform with the blockchain. As a matter of fact, this incident does not indicate that cryptocurrencies are necessarily dangerous. 

However, it does emphasize the fundamental truth of cybersecurity: even the most robust technologies are only as safe as the systems and individuals who manage them. Since the cryptocurrency ecosystem in India continues to flourish, it is evident that comprehensive regulatory frameworks, rigorous auditing protocols, and consumer protection measures are urgently needed in order to ensure the growth of the industry. 

The crypto exchanges operating in the country must also prioritize the use of advanced threat detection systems and proactive security infrastructures in order to avoid similar breaches and to maintain the trust of the digital asset market. There is more to this incident than just a cybersecurity lapse in India; it is a defining moment for the Indian cryptocurrency ecosystem as it navigates its way through scaling, security, and trust challenges. 

It should be noted that CoinDCX’s breach is more than an isolated incident, and that it reveals a number of systemic vulnerabilities within the crypto platforms that affect how internal access is managed, cybersecurity protocols are enforced, and operational infrastructure is safeguarded. Considering the scale and ease with which threat actors were able to exploit a single compromised user, this theft should serve as an alarm for the entire industry. 

In addition to technical safeguards, this incident also raises questions about internal risk management, accountability among employees, and unchecked use of company resources for external engagements, going beyond technical safeguards. By exploiting backend systems rather than blockchains themselves, it highlights the urgent need for an end-to-end infrastructure hardening, establishing clear boundaries between production environments and user-accessible systems that are accessible by the public. 

A new layer of complication has been added to the laundering of assets via privacy-oriented tools such as Tornado Cash, thus emphasizing the need for advanced forensic capabilities to trace and recover stolen digital funds within a global context. Considering the future of the Indian crypto industry, there must be a shift from reactive security to proactive resilience. As part of this effort, robust audit trails, mandatory cybersecurity training for employees, and real-time threat monitoring will be implemented. 

Regulators also play a vital role in this regard, enforcing stronger compliance standards while fostering the adoption of industry best practices by platforms. A commendable commitment to user confidence was demonstrated by CoinDCX’s quick actions to cover the losses and strengthen its infrastructure. It is necessary to understand that in order for the digital asset industry to mature, it must not view this incident as an anomaly, but as a critical inflection point that calls for long-term structural improvements if India is to remain competitive and sustainable over the next decade.
Read more »
Software
adoption agency Data Breach Gladney Center Ransomware Software

Sensitive Records of Over 1 Million People Exposed by U.S. Adoption Organization

 



A large scale data exposure incident has come to light involving the Gladney Center for Adoption, a U.S.-based non-profit that helps connect children with adoptive families. According to a cybersecurity researcher, an unsecured database containing over a million sensitive records was recently discovered online.

The breach was uncovered by Jeremiah Fowler, a researcher who specializes in finding misconfigured databases. Earlier this week, he came across a large file measuring 2.49 gigabytes that was publicly accessible and unprotected by a password or encryption.

Inside the database were more than 1.1 million entries, including names and personal information of children, biological parents, adoptive families, employees, and potential applicants. Details such as phone numbers, mailing addresses, and information about individuals' approval or rejection for adoption were also found. Even private data related to biological fathers was reportedly visible.

Experts warn that this kind of data, if accessed by malicious actors, could be extremely dangerous. Scammers could exploit the information to create convincing fake emails targeting people in the database. These emails could trick individuals into clicking harmful links, revealing banking details, or paying fake fees leading to financial fraud, identity theft, or even ransomware attacks.

To illustrate, a criminal could pretend to be an official from the adoption agency, claiming that someone’s previous application had been reconsidered, but required urgent action and a payment to proceed. Although this is just a hypothetical scenario, it highlights how exposed data could be misused.

The positive takeaway is that there is currently no evidence suggesting that cybercriminals accessed the database before it was found by Fowler. Upon discovering the breach, he immediately alerted the Gladney Center, and the organization took quick action to restrict access.

However, it remains unclear how long the database had been publicly available or whether any information was downloaded by unauthorized users. It’s also unknown whether the database was directly managed by Gladney or by an external vendor. What is confirmed is that the data was generated by a Customer Relationship Management (CRM) system, software used to track and manage interactions with clients.

This incident serves as a strong reminder for organizations handling personal data to regularly review their digital systems for vulnerabilities and to apply proper safeguards like encryption and password protection.

Read more »
Windows
Browsers CyberCrime Cybersecurity Digital Data Digital Transformation Linux Linux Security macOS PC Privacy Software VPN Windows

Linux Distribution Designed for Seamless Anonymous Browsing



Despite the fact that operating systems like Windows and macOS continue to dominate the global market, Linux has gained a steady following among users who value privacy and security as well as cybersecurity professionals, thanks to its foundational principles: transparency, user control, and community-based development, which have made it so popular. 

Linux distributions—or distros—are open-source in contrast to proprietary systems, and their source code is freely available to anyone who wishes to check for security vulnerabilities independently. In this way, developers and ethical hackers around the world can contribute to the development of the platform by identifying flaws, making improvements, and ensuring that it remains secure against emerging threats by cultivating a culture of collective scrutiny.

In addition to its transparency, Linux also offers a significant degree of customisation, giving users a greater degree of control over everything from system behaviour to network settings, according to their specific privacy and security requirements. In addition to maintaining strong privacy commitments, most leading distributions explicitly state that their data will not be gathered or monetised in any way. 

Consequently, Linux has not only become an alternative operating system for those seeking digital autonomy in an increasingly surveillance-based, data-driven world, but is also a deliberate choice for those seeking digital autonomy. Throughout history, Linux distributions have been developed to serve a variety of user needs, ranging from multimedia production and software development to ethical hacking and network administration to general computing. 

With the advent of purpose-built distributions, Linux shows its flexibility, as each variant caters to a particular situation and is optimised for that specific task. However, not all distributions are confined to a single application. For example, ParrotOS Home Edition is designed with flexibility at its core, offering a balanced solution that caters to the privacy concerns of both individuals and everyday users. 

In the field of cybersecurity circles, ParrotOS Home Edition is a streamlined version of Parrot Security OS, widely referred to as ParrotSec. Despite the fact that it also shares the same sleek, security-oriented appearance, the Home Edition was designed to be used as a general-purpose computer while maintaining its emphasis on privacy in its core. 

As a consequence of omitting a comprehensive suite of penetration testing tools, the security edition is lighter and more accessible, while the privacy edition retains strong privacy-oriented features that make it more secure. The built-in tool AnonSurf, which allows users to anonymise their online activity with remarkable ease, is a standout feature in this regard. 

It has been proven that AnonSurf offers the same level of privacy as a VPN, as it disguises the IP address of the user and encrypts all data transmissions. There is no need for additional software or configuration; you can use it without installing anything new. By providing this integration, ParrotOS Home Edition is particularly attractive to users who are looking for secure, anonymous browsing right out of the box while also providing the flexibility and performance a user needs daily. 

There are many differences between Linux distributions and most commercial operating systems. For instance, Windows devices that arrive preinstalled with third-party software often arrive bloated, whereas Linux distributions emphasise performance, transparency, and autonomy in their distributions. 

When it comes to traditional Windows PCs, users are likely to be familiar with the frustrations associated with bundled applications, such as antivirus programs or proprietary browsers. There is no inherent harm in these additions, but they can impact system performance, clog up the user experience, and continuously remind users of promotions or subscription reminders. 

However, most Linux distributions adhere to a minimalistic and user-centric approach, which is what makes them so popular. It is important to note that open-source platforms are largely built around Free and Open Source Software (FOSS), which allows users to get a better understanding of the software running on their computers. 

Many distributions, like Ubuntu, even offer a “minimal installation” option, which includes only essential programs like a web browser and a simple text editor. In addition, users can create their own environment, installing only the tools they need, without having to deal with bloatware or intrusive third-party applications, so that they can build it from scratch. As far as user security and privacy are concerned, Linux is committed to going beyond the software choices. 

In most modern distributions, OpenVPN is natively supported by the operating system, allowing users to establish an encrypted connection using configuration files provided by their preferred VPN provider. Additionally, there are now many leading VPN providers, such as hide.me, which offer Linux-specific clients that make it easier for users to secure their online activity across different devices. The Linux installation process often provides robust options for disk encryption. 

LUKS (Linux Unified Key Setup) is typically used to implement Full Disk Encryption (FDE), which offers military-grade 256-bit AES encryption, for example, that safeguards data on a hard drive using military-grade 256-bit AES encryption. Most distributions also allow users to encrypt their home directories, making sure that the files they store on their computer, such as documents, downloads, and photos, remain safe even if another user gets access to them. 

There is a sophisticated security module called AppArmor built into many major distributions such as Ubuntu, Debian, and Arch Linux that plays a major part in the security mechanisms of Linux. Essentially, AppArmor enforces access control policies by defining a strict profile for each application. 

Thus, AppArmor limits the data and system resources that can be accessed by each program. Using this containment approach, you significantly reduce the risk of security breaches because even if malicious software is executed, it has very little chance of interacting with or compromising other components of the system.

In combination with these security layers,and the transparency of open-source software, Linux positioned itself as one of the most powerful operating systems for people who seek both performance and robust digital security. Linux has a distinct advantage over its proprietary counterparts, such as Windows and Mac OS, when it comes to security. 

There is a reason why Linux has earned a reputation as a highly secure mainstream operating system—not simply anecdotal—but it is due to its core architecture, open source nature, and well-established security protocols that it holds this reputation. There is no need to worry about security when it comes to Linux; unlike closed-source platforms that often conceal and are controlled solely by vendors, Linux implements a "security by design" philosophy with layered, transparent, and community-driven approaches to threat mitigation. 

Linux is known for its open-source codebase, which allows for the continual auditing, review, and improvement of the system by independent developers and security experts throughout the world. Through global collaboration, vulnerabilities can be identified and remedied much more rapidly than in proprietary systems, because of the speed with which they are identified and resolved. In contrast, platforms like Windows and macOS depend on "security through obscurity," by hiding their source code so malicious actors won't be able to take advantage of exploitable flaws. 

A lack of visibility, however, can also prevent independent researchers from identifying and reporting bugs before they are exploited, which may backfire on this method. By adopting a true open-source model for security, Linux is fostering an environment of proactive and resilient security, where accountability and collective vigilance play an important role in improving security. Linux has a strict user privilege model that is another critical component of its security posture. 

The Linux operating system enforces a principle known as the least privilege principle. The principle is different from Windows, where users often operate with administrative (admin) rights by default. In the default configuration, users are only granted the minimal permissions needed to fulfil their daily tasks, whereas full administrative access is restricted to a superuser. As a result of this design, malware and unapproved processes are inherently restricted from gaining system-wide control, resulting in a significant reduction in attack surface. 

It is also important to note that Linux has built in several security modules and safeguards to ensure that the system remains secure at the kernel level. SELinux and AppArmor, for instance, provide support for mandatory access controls and ensure that no matter how many vulnerabilities are exploited, the damage will be contained and compartmentalised regardless. 

It is also worth mentioning that many Linux distributions offer transparent disk encryption, secure boot options, and native support for secure network configurations, all of which strengthen data security and enhance online security. These features, taken together, demonstrate why Linux has been consistently favoured by privacy advocates, security professionals, and developers for years to come. 

There is no doubt in my mind that the flexibility of it, its transparency, and its robust security framework make it a compelling choice in an environment where digital threats are becoming increasingly complex and persistent. As we move into a digital age characterised by ubiquitous surveillance, aggressive data monetisation, and ever more sophisticated cyber threats, it becomes increasingly important to establish a secure and transparent computing foundation. 

There are several reasons why Linux presents a strategic and future-ready alternative to proprietary systems, including privacy-oriented distributions like ParrotOS. They provide users with granular control, robust configurability, and native anonymity tools that are rarely able to find in proprietary platforms. 

A migration to a Linux-based environment is more than just a technical upgrade for those who are concerned about security; it is a proactive attempt to protect their digital sovereignty. By adopting Linux, users are not simply changing their operating system; they are committing to a privacy-first paradigm, where the core objective is to maintain a high level of user autonomy, integrity, and trust throughout the entire process.

Read more »
Web browser
AMD Software TSA Vulnerabilities and Exploits Web browser

Newly Found AMD Processor Flaws Raise Concerns, Though Risk Remains Low



In a recent security advisory, chipmaker AMD has confirmed the discovery of four new vulnerabilities in its processors. These issues are related to a type of side-channel attack, similar in nature to the well-known Spectre and Meltdown bugs that were revealed back in 2018.

This time, however, the flaws appear to affect only AMD chips. The company’s research team identified the vulnerabilities during an internal investigation triggered by a Microsoft report. The findings point to specific weaknesses in how AMD processors handle certain instructions at the hardware level, under rare and complex conditions.

The newly disclosed flaws are being tracked under four identifiers: CVE-2024-36350, CVE-2024-36357, CVE-2024-36348, and CVE-2024-36349. According to AMD, the first two are considered medium-risk, while the others are low-risk. The company is calling this group of flaws “Transient Scheduler Attacks” (TSA).

These vulnerabilities involve exploiting the timing of certain CPU operations to potentially access protected data. However, AMD says the practical risk is limited because the attacks require direct access to the affected computer. In other words, someone would need to physically run malicious software on the system in order to take advantage of these issues. They cannot be triggered through a web browser or remotely over the internet.

The impact of a successful attack could, in theory, allow an attacker to view parts of the system memory that should remain private — such as data from the operating system. This might allow a hacker to raise their access level, install hidden malware, or carry out further attacks. Still, AMD stresses that the difficulty of executing these attacks makes them unlikely in most real-world scenarios.

To address the flaws, AMD is working with software partners to release updates. Fixes include firmware (microcode) updates and changes to operating systems or virtualization software. One possible fix, involving a command called VERW, might slow system performance slightly. System administrators are encouraged to assess whether applying this mitigation is necessary in their environments.

So far, firmware updates have been shared with hardware vendors to patch the two higher-severity issues. The company does not plan to patch the two lower-severity ones, due to their limited risk. Microsoft and other software vendors are expected to release system updates soon.

The vulnerabilities have been shown to affect multiple AMD product lines, including EPYC, Ryzen, Instinct, and older Athlon chips. While the flaws are not easy to exploit, their wide reach means that updates and caution are still important. 

Read more »
Technology
AI AI Bot AI tools ChatGPT CyberCrime Cyberhacekrs CyberThreat Software Technology

Navigating AI Security Risks in Professional Settings


 

There is no doubt that generative artificial intelligence is one of the most revolutionary branches of artificial intelligence, capable of producing entirely new content across many different types of media, including text, image, audio, music, and even video. As opposed to conventional machine learning models, which are based on executing specific tasks, generative AI systems learn patterns and structures from large datasets and are able to produce outputs that aren't just original, but are sometimes extremely realistic as well. 

It is because of this ability to simulate human-like creativity that generative AI has become an industry leader in technological innovation. Its applications go well beyond simple automation, touching almost every sector of the modern economy. As generative AI tools reshape content creation workflows, they produce compelling graphics and copy at scale in a way that transforms the way content is created. 

The models are also helpful in software development when it comes to generating code snippets, streamlining testing, and accelerating prototyping. AI also has the potential to support scientific research by allowing the simulation of data, modelling complex scenarios, and supporting discoveries in a wide array of areas, such as biology and material science.

Generative AI, on the other hand, is unpredictable and adaptive, which means that organisations are able to explore new ideas and achieve efficiencies that traditional systems are unable to offer. There is an increasing need for enterprises to understand the capabilities and the risks of this powerful technology as adoption accelerates. 

Understanding these capabilities has become an essential part of staying competitive in a digital world that is rapidly changing. In addition to reproducing human voices and creating harmful software, generative artificial intelligence is rapidly lowering the barriers for launching highly sophisticated cyberattacks that can target humans. There is a significant threat from the proliferation of deepfakes, which are realistic synthetic media that can be used to impersonate individuals in real time in convincing ways. 

In a recent incident in Italy, cybercriminals manipulated and deceived the Defence Minister Guido Crosetto by leveraging advanced audio deepfake technology. These tools demonstrate the alarming ability of such tools for manipulating and deceiving the public. Also, a finance professional recently transferred $25 million after being duped into transferring it by fraudsters using a deepfake simulation of the company's chief financial officer, which was sent to him via email. 

Additionally, the increase in phishing and social engineering campaigns is concerning. As a result of the development of generative AI, adversaries have been able to craft highly personalised and context-aware messages that have significantly enhanced the quality and scale of these attacks. It has now become possible for hackers to create phishing emails that are practically indistinguishable from legitimate correspondence through the analysis of publicly available data and the replication of authentic communication styles. 

Cybercriminals are further able to weaponise these messages through automation, as this enables them to create and distribute a huge volume of tailored lures that are tailored to match the profile and behaviour of each target dynamically. Using the power of AI to generate large language models (LLMs), attackers have also revolutionised malicious code development. 

A large language model can provide attackers with the power to design ransomware, improve exploit techniques, and circumvent conventional security measures. Therefore, organisations across multiple industries have reported an increase in AI-assisted ransomware incidents, with over 58% of them stating that the increase has been significant.

It is because of this trend that security strategies must be adapted to address threats that are evolving at machine speed, making it crucial for organisations to strengthen their so-called “human firewalls”. While it has been demonstrated that employee awareness remains an essential defence, studies have indicated that only 24% of organisations have implemented continuous cyber awareness programs, which is a significant amount. 

As companies become more sophisticated in their security efforts, they should update training initiatives to include practical advice on detecting hyper-personalised phishing attempts, detecting subtle signs of deepfake audio and identifying abnormal system behaviours that can bypass automated scanners in order to protect themselves from these types of attacks. Providing a complement to human vigilance, specialised counter-AI solutions are emerging to mitigate these risks. 

In order to protect against AI-driven phishing campaigns, DuckDuckGoose Suite, for example, uses behavioural analytics and threat intelligence to prevent AI-based phishing campaigns from being initiated. Tessian, on the other hand, employs behavioural analytics and threat intelligence to detect synthetic media. As well as disrupting malicious activity in real time, these technologies also provide adaptive coaching to assist employees in developing stronger, instinctive security habits in the workplace. 
Organisations that combine informed human oversight with intelligent defensive tools will have the capacity to build resilience against the expanding arsenal of AI-enabled cyber threats. Recent legal actions have underscored the complexity of balancing AI use with privacy requirements. It was raised by OpenAI that when a judge ordered ChatGPT to keep all user interactions, including deleted chats, they might inadvertently violate their privacy commitments if they were forced to keep data that should have been wiped out.

AI companies face many challenges when delivering enterprise services, and this dilemma highlights the challenges that these companies face. OpenAI and Anthropic are platforms offering APIs and enterprise products that often include privacy safeguards; however, individuals using their personal accounts are exposed to significant risks when handling sensitive information that is about them or their business. 

AI accounts should be managed by the company, users should understand the specific privacy policies of these tools, and they should not upload proprietary or confidential materials unless specifically authorised by the company. Another critical concern is the phenomenon of AI hallucinations that have occurred in recent years. This is because large language models are constructed to predict language patterns rather than verify facts, which can result in persuasively presented, but entirely fictitious content.

As a result of this, there have been several high-profile incidents that have resulted, including fabricated legal citations in court filings, as well as invented bibliographies. It is therefore imperative that human review remains part of professional workflows when incorporating AI-generated outputs. Bias is another persistent vulnerability.

Due to the fact that artificial intelligence models are trained on extensive and imperfect datasets, these models can serve to mirror and even amplify the prejudices that exist within society as a whole. As a result of the system prompts that are used to prevent offensive outputs, there is an increased risk of introducing new biases, and system prompt adjustments have resulted in unpredictable and problematic responses, complicating efforts to maintain a neutral environment. 

Several cybersecurity threats, including prompt injection and data poisoning, are also on the rise. A malicious actor may use hidden commands or false data to manipulate model behaviour, thus causing outputs that are inaccurate, offensive, or harmful. Additionally, user error remains an important factor as well. Instances such as unintentionally sharing private AI chats or recording confidential conversations illustrate just how easy it is to breach confidentiality, even with simple mistakes.

It has also been widely reported that intellectual property concerns complicate the landscape. Many of the generative tools have been trained on copyrighted material, which has raised legal questions regarding how to use such outputs. Before deploying AI-generated content commercially, companies should seek legal advice. 

As AI systems develop, even their creators are not always able to predict the behaviour of these systems, leaving organisations with a challenging landscape where threats continue to emerge in unexpected ways. However, the most challenging risk is the unknown. The government is facing increasing pressure to establish clear rules and safeguards as artificial intelligence moves from the laboratory to virtually every corner of the economy at a rapid pace. 

Before the 2025 change in administration, there was a growing momentum behind early regulatory efforts in the United States. For instance, Executive Order 14110 outlined the appointment of chief AI officers by federal agencies and the development of uniform guidelines for assessing and managing AI risks. As a result of this initiative, a baseline of accountability for AI usage in the public sector was established. 

A change in strategy has taken place in the administration's approach to artificial intelligence since they rescinded the order. This signalled a departure from proactive federal oversight. The future outlook for artificial intelligence regulation in the United States is highly uncertain, however. The Trump-backed One Big Beautiful Bill proposes sweeping restrictions that would prevent state governments from enacting artificial intelligence regulations for at least the next decade. 

As a result of this measure becoming law, it could effectively halt local and regional governance at a time when AI is gaining a greater influence across practically all industries. Meanwhile, the European Union currently seems to be pursuing a more consistent approach to AI. 

As of March 2024, a comprehensive framework titled the Artificial Intelligence Act was established. This framework categorises artificial intelligence applications according to the level of risk they pose and imposes strict requirements for applications that pose a significant risk, such as those in the healthcare field, education, and law enforcement. 

Also included in the legislation are certain practices, such as the use of facial recognition systems in public places, that are outright banned, reflecting a commitment to protecting the individual's rights. In terms of how AI oversight is defined and enforced, there is a widening gap between regions as a result of these different regulatory strategies. 

Technology will continue to evolve, and to ensure compliance and manage emerging risks effectively, organisations will have to remain vigilant and adapt to the changing legal landscape as a result of this.
Read more »
Software
Cyber Security IT Security JFrog Security malware python Software

New Malicious Python Package Found Stealing Cloud Credentials

 


A dangerous piece of malware has been discovered hidden inside a Python software package, raising serious concerns about the security of open-source tools often used by developers.

Security experts at JFrog recently found a harmful package uploaded to the Python Package Index (PyPI) – a popular online repository where developers share and download software components. This specific package, named chimera-sandbox-extensions, was designed to secretly collect sensitive information from developers, especially those working with cloud infrastructure.

The package was uploaded by a user going by the name chimerai and appears to target users of the Chimera sandbox— a platform used by developers for testing. Once installed, the package launches a chain of events that unfolds in multiple stages.

It starts with a function called check_update() which tries to contact a list of web domains generated using a special algorithm. Out of these, only one domain was found to be active at the time of analysis. This connection allows the malware to download a hidden tool that fetches an authentication token, which is then used to download a second, more harmful tool written in Python.

This second stage of the malware focuses on stealing valuable information. It attempts to gather data such as Git settings, CI/CD pipeline details, AWS access tokens, configuration files from tools like Zscaler and JAMF, and other system-level information. All of this stolen data is bundled into a structured file and sent back to a remote server controlled by the attackers.

According to JFrog’s research, the malware was likely designed to go even further, possibly launching a third phase of attack. However, researchers did not find evidence of this additional step in the version they analyzed.

After JFrog alerted the maintainers of PyPI, the malicious package was removed from the platform. However, the incident serves as a reminder of the growing complexity and danger of software supply chain attacks. Unlike basic infostealers, this malware showed signs of being deliberately crafted to infiltrate professional development environments.

Cybersecurity experts are urging development and IT security teams to stay alert. They recommend using multiple layers of protection, regularly reviewing third-party packages, and staying updated on new threats to avoid falling victim to such sophisticated attacks.

As open-source tools continue to be essential in software development, such incidents highlight the need for stronger checks and awareness across the development community.

Read more »
Software
Cyber Crime Hacking. Ransomware Software

Cybercriminals Shift Focus to U.S. Insurance Industry, Experts Warn

 


Cybersecurity researchers are sounding the alarm over a fresh wave of cyberattacks now targeting insurance companies in the United States. This marks a concerning shift in focus by an active hacking group previously known for hitting retail firms in both the United Kingdom and the U.S.

The group, tracked by multiple cybersecurity teams, has been observed using sophisticated social engineering techniques to manipulate employees into giving up access. These tactics have been linked to earlier breaches at major companies and are now being detected in recent attacks on U.S.-based insurers.

According to threat analysts, the attackers tend to work one industry at a time, and all signs now suggest that insurance companies are their latest target. Industry experts stress that this sector must now be especially alert, particularly at points of contact like help desks and customer support centers, where attackers often try to deceive staff into resetting credentials or granting system access.

In just the past week, two U.S. insurance providers have reported cyber incidents. One of them identified unusual activity on its systems and disconnected parts of its network to contain the damage. Another confirmed experiencing disruptions traced back to suspicious network behavior, prompting swift action to protect data and systems. In both cases, full recovery efforts are still ongoing.

The hacking group behind these attacks is known for using clever psychological tricks rather than just technical methods. They often impersonate employees or use aggressive language to pressure staff into making security mistakes. After gaining entry, they may deploy harmful software like ransomware to lock up company data and demand payment.

Experts say that defending against such threats starts with stronger identity controls. This includes limiting access to critical systems, separating user accounts with different levels of privileges, and requiring strict verification before resetting passwords or registering new devices for multi-factor authentication (MFA).

Training staff to spot impersonation attempts is just as important. These attackers may use fake phone calls, messages, or emails that appear urgent or threatening to trick people into reacting without thinking. Awareness and skepticism are key defenses.

Authorities in other countries where similar attacks have taken place have also advised companies to double-check their security setups. Recommendations include enabling MFA wherever possible, keeping a close eye on login attempts—especially from unexpected locations—and reviewing how help desks confirm a caller’s identity before making account changes.

As cybercriminals continue to evolve their methods, experts emphasize that staying informed, alert, and proactive is essential. In industries like insurance, where sensitive personal and financial data is involved, even a single breach can lead to serious consequences for companies and their customers.

Read more »
Subscribe to: Posts (Atom)