Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Privacy. Show all posts
User Privacy
Juice Jacking Mobile Security Travel Security TSA User Privacy

TSA Advises Against Using Airport USB Ports to Charge Your Phone

 

So-called juice jacking is the most controversial topic in cybersecurity circles. In most years, when a new alert is issued by a government agency before the holidays, it creates new headlines. Stories are written and cyber eyebrows are raised — there are more stories than attacks. But still those stories come. However, a recent alert raises the possibility that travellers may actually be at risk.

In reality, juice jacking occurs when you plug your phone into a public charging cable or socket at a hotel or airport, and rather than a dumb charger, a computer operates in the background to retrieve data from your device. This is not the same as carefully designed attack cables that contain a malicious payload inside the cable.

The latest official warning (and headlines 1,2) comes from the TSA. "When you're at an airport, do not plug your phone directly into a USB port," it warns you. "Bring your TSA-compliant power brick or battery pack and plug in there." This is so because "hackers can install malware at USB ports (we've been told that's called 'juice/port jacking').” 

TSA also urges smartphone users not to use free public WiFi, especially if they intend to make any online purchases. Do not enter any sensitive information while using unsecure WiFi. Cyber experts are almost as divided on the public WiFi hijacking problem as they are on juice-jacking. TL;DR: While it compromises your location, all encrypted data transmitted to or from your device via websites or apps should be secure.

The greater risk is downloading an app from the malicious access point's splash page, filling online forms, or being routed to bogus login sites for Microsoft, Google, or other accounts. The typical advice applies: use passkeys, avoid logging in to linked or popup windows and instead utilise the traditional channels, and do not reveal personal information. You should also be cautious about which WiFi hotspots you connect to - are they legitimate services from the hotel, airport, or mall, or are they cleverly labelled fakes? 

This is more of an issue for Android than iOS, but it isn't something most people need be concerned about. However, if you believe you may be the target of an attack or if you travel to high-risk areas of the world, I strongly advise against utilising public charging outlets or public WiFi without some type of data protection.
Read more »
User Privacy
Data Facebook Meta Social Media Technology User Privacy

Want to Leave Facebook? Do this.

Want to Leave Facebook? Do this.

Confused about leaving Facebook?

Many people are changing their social media habits and opting out of many services. Facebook has witnessed a large exodus of users deserting the platform after the announcement in March that Meta was terminating the independent fact-checking on its platform. However, fact-checking has been replaced with community notes, letting users make changes to potentially false/misleading information. 

Users having years of photos and posts on Facebook are confused about how to collect their data before removing their accounts. If you also feel the same problem, this post will help you delete Facebook permanently, while taking all your information on the way out. 

How to remove Facebook?

For users who do not want to be on Facebook anymore, deleting their account is the only way to completely remove yourself from the platform. If you are not sure, deactivating your account allows you to have some life off of Facebook without account deletion. 

Make sure to remove third-party Facebook logins before deleting your account. 

How to leave third-party apps?

Third-party apps like DoorDash and Spotify allow you to log in using your Facebook account. This lets you log in without remembering another password, but if you’re planning on deleting Facebook, you have to update your login settings. That is because if you delete your account, there will not be another Facebook account for the user to log in through. 

Fortunately, there is another simple way to find which of your sites and applications are connected to Facebook and delete them before removing your account. Once you disconnect from other websites and applications from Facebook, you will need to adjust how you login to them. 

Users should try specific applications and websites to set new passwords or passkeys or log in via a single-service sign-on option, such as Google. 

How is deactivating different than deactivating a Facebook account?

If you want to stay away from Facebook, you have two choices. Either delete your account permanently, or you can disable it temporarily to deactivate it. 

Read more »
User Privacy
Adidas Data Breach Data Leak Third-party breach User Privacy

Adidas Confirms Data Leak After User Service Provider Hack

 

Adidas confirmed that a third-party customer service provider's vulnerability allowed a threat actor to steal company data. 

Contact details of customers who have previously dealt with the Adidas customer service help desk are among the impacted data. However, passwords, credit cards, and other financial or payment information are not included.

"Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law," the company explained in a notification on its website. 

It has subsequently initiated an investigation to gather facts about a breach and is working with information security professionals. Adidas did not reveal the name of its third-party customer support provider. It also remains unknown who carried out the strike. 

"This incident underscores a critical truth: third-party breaches swiftly become your organization's breaches, which highlights the necessity of robust oversight mechanisms," noted Fletcher Davis, senior security research manager at BeyondTrust. "Mandating security assessments, multifactor authentication, and zero-trust architecture for all vendor access, while deploying real-time identity infrastructure monitoring to cut response times to minutes, as opposed to days.” 

Adidas is not the first well-known brand to have experienced data leaks or cyberattacks in recent years. Recent ransomware attacks have targeted the Co-op Group, Marks & Spencer, and the luxury shop Harrods. Marks & Spencer reported that its customers' personal information was stolen during the incident, and that retail operations had been affected.

Scattered Spider was possibly responsible for the attack, unleashing DragonForce ransomware against the UK retailer, forcing Marks & Spencer to estimate a $400 million hit on earnings.

Establishing strong defense 

Forward-thinking merchants are implementing new techniques to mitigate third-party risk. Consider the following best practices: 

Zero trust approach: Treat every provider as a potential risk and restrict data access to what is absolutely essential. 

Incident simulation: Conduct regular exercises that simulate third-party breaches and test your response procedures. 

Continuous vendor assessment: Use automated systems to track vendor security status all year, not just during annual audits. 

The Adidas breach was not an isolated incident. It is a warning to the entire retail sector. As hackers become more adept, businesses must consider third-party risk as a key priority rather than just a compliance concern.
Read more »
User Privacy
Cyber Attacks MathWorks MATLAB Ransomware attack User Privacy

MathWorks Hit by Ransomware Attack Affecting Over 5 Million Clients

 

The renowned MATLAB programming language and numeric computing environment's developer has reported a ransomware attack on its IT systems. 

MathWorks, based in Massachusetts, sent an update to users after initially reporting issues on May 18, stating that the company had been hit by a ransomware attack that shut down online services and internal systems used by employees. 

“We have notified federal law enforcement of this matter,” the company noted. “We have brought many of these systems back online and are continuing to bring other systems back online with the assistance of cybersecurity experts.” 

MathWorks has millions of users, including engineers and scientists who use MATLAB for data analysis, calculation, and other purposes. MATLAB and other MathWorks products are utilised by nearly 6,500 colleges and universities, according to the company.

The firm has 6,500 employees and over 30 offices in Europe, Asia, and North America. This issue affected several MATLAB services as well as parts of the MathWorks website, such as the job page, cloud centre, store, and file exchange. MATLAB Online and MATLAB Mobile were restored on Friday.

MathWorks stated in a Tuesday update that the issue was still being investigated. Several pages on the MathWorks website are still offline. The firm did not immediately respond to a request for comment. 

Verizon's comprehensive data breach report released last month revealed that ransomware was utilised in nearly half of the 12,195 confirmed data breaches in 2024. The researchers discovered that 64% of ransomware victims did not pay the ransoms, up from 50% two years ago, and the typical amount paid to ransomware groups has dropped to $115,000 (down from $150,000 last year). 

“This could be partially responsible for the declining ransom amounts. Ransomware is also disproportionately affecting small organizations,” the researchers noted. “In larger organizations, ransomware is a component of 39% of breaches, while small and medium-sized businesses experienced ransomware-related breaches to the tune of 88% overall.” 

The number of large ransoms paid has also reduced, with Verizon estimating that 95% of ransoms paid will be less than $3 million by 2024. That value is a significant increase above the $9.9 million recorded in 2023.
Read more »
Vietnam
Data Leak Illicit Activity Mobile Security Telegram User Privacy Vietnam

Vietnam Blocks Telegram Messaging App

 

Vietnam's technology ministry has ordered telecommunications service providers to ban the messaging app Telegram for failing to cooperate in the investigation of alleged crimes committed by its users, a move Telegram described as shocking.

In a document dated May 21 and signed by the deputy head of the telecom department at the technology ministry, telecommunications firms were asked to start steps to block Telegram and report back to the ministry by June 2. 

In the document seen by Reuters, the ministry was acting on behalf of the nation's cybersecurity department after police revealed that 68% of Vietnam's 9,600 Telegram channels and groups were breaking the law. They cited drug trafficking, fraud, and "cases suspected of being related to terrorism" as some of the illicit activities conducted through the app. 

According to the document, the ministry requested that telecom companies "deploy solutions and measures to prevent Telegram's activities in Vietnam.” Following the release of the Reuters piece, the government announced the measures against Telegram on its website. 

"Telegram is surprised by those statements. We have responded to legal requests from Vietnam on time. This morning, we received a formal notice from the Authority of Communications regarding a standard service notification procedure required under new telecom regulations. The deadline for the response is May 27, and we are processing the request," the Telegram representative noted. 

According to a technology ministry official, the move was prompted by Telegram's failure to share customer information with the government when requested as part of criminal investigations.

The Vietnamese police and official media have regularly cautioned citizens about potential crimes, frauds, and data breaches on Telegram channels and groups. Telegram, which competes globally with major social networking apps such as Facebook's (META.O), WhatsApp and WeChat, remain available in Vietnam on Friday. 

Vietnam's ruling Communist Party maintains strict media censorship and tolerates minimal opposition. The country has regularly asked firms such as Facebook, Google (GOOGL.O), YouTube, and TikTok to work with authorities to remove "toxic" data, which includes offensive, misleading, and anti-state content. 

According to the document, Telegram has been accused of failing to comply with regulations requiring social media platforms to monitor, remove, and restrict illegal content. "Many groups with tens of thousands of participants were created by opposition and reactionary subjects spreading anti-government documents" based on police information. 

The free-to-use site, which has about 1 billion users globally, has been embroiled in scandals over security and data breaches, particularly in France, where its founder, Pavel Durov, was temporarily detained last year.
Read more »
zero-click
Mobile Security Spyware Threat Intelligence User Privacy Whatsapp Leak zero-click

Here's How to Safeguard Your Smartphone Against Zero-Click Attacks

 

Spyware tools have been discovered on the phones of politicians, journalists, and activists on numerous occasions over the past decade. This has prompted worries regarding the lack of protections in the tech industry and an unprecedented expansion of spyware technologies. 

Meta's WhatsApp recently stated that it has detected a hacking campaign aimed at roughly ninety users, the majority of whom were journalists and civil society activists from two dozen countries. 

According to a WhatsApp representative, the attack was carried out by the Israeli spyware company Paragon Solutions, which is now controlled by the Florida-based private equity firm AE Industrial Partners. Graphite, Paragon's spyware, infiltrated WhatsApp groups by sending them a malicious PDF attachment. It can access and read messages from encrypted apps such as WhatsApp and Signal without the user's knowledge. 

What is a zero-click attack? 

A zero-click attack, such as the one on WhatsApp, compromises a device without requiring any user activity. Unlike phishing or one-click attacks, which rely on clicking a malicious link or opening an attachment, zero-click leverages a security flaw to stealthily gain complete access after the device has been infected. 

"In the case of graphite, via WhatsApp, some kind of payload, like a PDF or an image, [was sent to the victims' devices] and the underlying processes that receive and handle those packages have vulnerabilities that the attackers exploit [to] infect the phone,” Rocky Cole, co-founder of mobile threat protection company iVerify, noted.

While reports do not indicate "whether graphite can engage in privilege escalation [vulnerability] and operate outside WhatsApp or even move into the iOS kernel itself, we do know from our own detections and other work with customers, that privilege escalation via WhatsApp in order to gain kernel access is indeed possible," Cole added. 

The iVerify team believes that the malicious attacks are "potentially more widespread" than the 90 individuals who were reported to have been infected by graphite because they have discovered cases where a number of WhatsApp crashes on [mobile] devices [they're] monitoring with iVerify have seemed to be malicious in nature.

While the WhatsApp hack primarily targeted civil society activists, Cole believes mobile spyware is a rising threat to everyone since mobile exploitation is more pervasive than many people realise. Moreover, the outcome is an emerging ecosystem around mobile spyware development and an increasing number of VC-backed mobile spyware companies are under pressure to become viable organisations. This eventually increases marketing competition for spyware merchants and lowers barriers that might normally deter these attacks. 

Mitigation tips

Cole recommends users to treat their phones as computers. Just as you use best practices to safeguard traditional endpoints like laptops from exploitation and compromise, you should do the same for phones. This includes rebooting your phone on a daily basis because most of these exploits remain in memory rather than files, and rebooting your phone should theoretically wipe out the malware as well, he said. 

If you have an Apple device, you can also enable Lockdown Mode. As indicated by Cole, "lockdown mode has the effect of reducing some functionality of internet-facing applications [which can] in some ways reduce the attack surface to some degree."

Ultimately, the only way to properly safeguard oneself from zero-click capabilities is to address the underlying flaws. Cole emphasised that only Apple, Google, and app developers may do so. "So as an end user, it's critically important that when a new security patch is available, you apply it as soon as you possibly can," the researcher added.
Read more »
User Privacy
Data Breach Google Privacy Lawsuit Texas User Privacy

Google to Pay Texas $1.4 Billion For Collecting Personal Data

 

The state of Texas has declared victory after reaching a $1 billion-plus settlement from Google parent firm Alphabet over charges that it illegally tracked user activity and collected private data. 

Texas Attorney General Ken Paxton announced the state's highest sanctions to date against the tech behemoth for how it manages the data that people generate when they use Google and other Alphabet services. 

“For years, Google secretly tracked people’s movements, private searches, and even their voiceprints and facial geometry through their products and services. I fought back and won,” Paxton noted in a May 9 statement announcing the settlement.

“This $1.375 billion settlement is a major win for Texans’ privacy and tells companies that they will pay for abusing our trust. I will always protect Texans by stopping Big Tech’s attempts to make a profit by selling away our rights and freedoms.”

The dispute dates back to 2022, when the Texas Attorney General's Office filed a complaint against Google and Alphabet, saying that the firm was illegally tracking activities, including Incognito searches and geolocation. The state also claimed that Google and Alphabet acquired biometric information from consumers without their knowledge or consent. 

According to Paxton's office, the Texas settlement is by far the highest individual penalty imposed on Google for alleged user privacy violations and data collecting, with the previous high being a $341 million settlement with a coalition of 41 states in a collective action. 

The AG's office declined to explain how the funds will be used. However, the state maintains a transparency webpage that details the programs it funds through penalties. The settlement is not the first time Google has encountered regulatory issues in the Lone Star State. 

The company previously agreed to pay two separate penalties of $8 million and $700 million in response to claims that it used deceptive marketing techniques and violated anti-competitive laws. 

Texas also went after other tech behemoths, securing a $1.4 billion settlement from Facebook parent firm Meta over allegations that it misused data and misled its customers about its data gathering and retention practices. 

The punitive restrictions are not uncommon in Texas, which has a long history of favouring and protecting major firms through legislation and legal policy. Larger states, such as Texas, can also have an impact on national policy and company decisions due to their population size.
Read more »
User Privacy
beWanted Data Breach Data Leak Job Platform User Privacy

Details of 1.1 Million Job Applicants Leaked by a Major Recruitment Platform

 

While looking for a new job can be enjoyable, it is surely not fun to lose your personal information in the process. In the meantime, the Cybernews investigation team found an unprotected GCS bucket belonging to the talent pool platform beWanted that had more than 1.1 million files.

The company, which has its headquarters in Madrid, Spain, bills itself as "the largest Talent Pool ecosystem in the world." beWanted is a software-as-a-service (SaaS) company that links companies and job seekers. The business maintains offices in the UK, Germany, and Mexico. 

The exposed instance was found by the researchers in November of last year. Despite the fact that the relocation temporarily affected service availability, beWanted claims that the company secured the bucket on May 9. 

"We prioritized data security. The solution was fully implemented, and the properly secured service was restored last Friday, May 9, 2025. We have been conducting exhaustive internal testing since Friday and can confirm that the solution is definitive. Furthermore, to the best of our knowledge and following relevant investigations, no data leakage has occurred," the company stated.

The researchers claim that resumes and CVs from job seekers make up the vast majority of the files from the more than a million compromised files. The information that was leaked included details that a job seeker would normally include such as Full names and surnames, phone numbers, email addresses, home addresses, dates of birth national id numbers, nationalities, places of birth, social media links, employment history and educational background. 

The researchers believe that a data leak involving over a million files, each of which likely represents a single person, is a serious security issue for beWanted. The fact that the data has been exposed for at least six months exacerbates the situation: hostile actors continue to comb the web for unprotected instances, downloading whatever they can find.

“This exposure creates multiple attack vectors, enabling cybercriminals to engage in identity theft, where personal information can be used to create synthetic identities or fraudulent accounts,” researchers added. 

Malicious actors can also use leaked information to create highly personalised and credible-looking phishing attempts, which could result in unauthorised access to financial accounts, passwords, or other sensitive data. 

Furthermore, the leaked information highlighted that the problem has worldwide implications. The leaked national ID numbers, for example, are from Spanish, Argentine, Guatemalan, Honduran, and other residents.
Read more »
User Privacy
Data Breach Data Leak IT Infrastructure Kelly Benefits User Privacy

Kelly Benefits Data Leak Affects 260,000 People

 

A Maryland-based outsourced benefits and payroll manager is notifying nine large customers and nearly 264,000 individuals that their private and sensitive data may have been compromised in a December hack. The number of impacted people has increased by eight-fold since Kelly & Associates Insurance Group, also known as Kelly Benefits, published an estimate of the hack's scope earlier this month. 

The company's current total of 263,893 affected persons is far higher than the 32,234 initially reported on April 9 to state regulators and the US Department of Health and Human Services as a HIPAA breach. 

The benefits company announced that it is sending breach notices to impacted individuals on behalf of nine clients: Amergis, Beam Benefits, Beltway Companies, CareFirst BlueCross BlueShield, Guardian Life Insurance Co., Intercon Truck of Baltimore, Publishers Circulation Fulfilment, Quantum Real Estate Management, and Transforming Lives. 

Kelly Benefits declined to comment, citing "the sensitive nature of the incident and subsequent investigation.” An investigation following the incident revealed that unauthorised access to the company's IT infrastructure occurred between December 12 and December 17, 2024. The company claimed that throughout that period, the attackers copied and stole specific files.

"Kelly Benefits then began a time-intensive and detailed review of all files affected by this event to determine what information was present in the impacted files and to whom it related," the company noted. It analysed internal records to match the individual with the relevant client or carrier. 

Individuals' information compromised in the event varies, but it could include their name, Social Security number, date of birth, medical information, health insurance information, or financial account information.

Kelly Benefits informed the FBI about the incident. This company stated that it is still reviewing its security policies, procedures, and technologies. At the time of writing, at least one proposed federal class action lawsuit against Kelly Benefits was filed in connection with the hacking incident. The lawsuit claims Kelly Benefits was negligent in failing to safeguard sensitive personally identifying information from unauthorised access.

"Even with several months of credit monitoring services, the risk of identity theft and unauthorized use of plaintiff's and class members' PII is still substantially high. Cybercriminals need not harvest a person's Social Security number or financial account information in order to commit identity fraud or misuse plaintiffs and the class's PII," the lawsuit notes. "Cybercriminals can cross-reference the data stolen from the data breach and combine with other sources to create 'Fullz' packages, which can then be used to commit fraudulent account activity on plaintiff and the class's financial accounts."
Read more »
User Privacy
Cyber Fraud IT Help Desk Marks & Spencer Social Engineering User Privacy

M&S Hackers Conned IT Help Desk Workers Into Accessing Firm Systems

 

Hackers who attacked Marks & Spencer and the Co-op duped IT professionals into giving them access to their companies' networks, according to a report.

The "social engineering" attack on the Co-op allowed fraudsters to reset an employee's password before infiltrating the network, and a similar method was employed against M&S, insiders told BleepingComputer. 

Hundreds of agency workers at Marks & Spencer were advised not to come to work as the retailer grappled with the aftermath of a hack that cost the business £650 million in a matter of days. 

The disruption started in April when click-and-collect orders and contactless payments were impacted. Stuart Machin, the CEO of M&S, confirmed the issue in a message to customers, stating that the retailer would be making "minor, temporary changes" to in-store operations while it dealt with the ongoing "cyber incident.” 

In order to counter the "social engineering" tactic employed by the hackers from the Scattered Spider network against the UK supermarkets, the National Cyber Security Centre (NCSC) has released new guidelines. 

“Criminal activity online — including, but not limited to, ransomware and data extortion — is rampant. Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared,” noted Jonathon Ellison, NCSC’s national resilience director, and Ollie Whitehouse, its chief technology officer, in a blog post. 

They have recommended firms to "review help desk password reset processes" and pay special attention to "admin" accounts, which typically have more access to a company's network. 

The Scattered Spider network is a group of young guys from the UK and the United States who gained popularity in September 2023 when they broke into and locked up the networks of casino companies Caesars Entertainment and MGM Resorts International, demanding large ransoms. 

Caesars paid approximately $15 million to rebuild its network. It specialises in "breaking down the front door" of networks before passing control to a "ransomware" group, which cripples the network and extorts its owner, according to the Times. 

Tyler Buchanan, a Scottish man accused of being a key member of the organisation, was extradited to the United States from Spain last month after being charged with attempting to hack into hundreds of companies, Bloomberg News reported, citing a US Justice Department official.

At the time of the assault, M&S stated that it is "working extremely hard to restart online and app shopping" and apologies for the inconvenience to customers. It has already been unable to process click and collect orders in stores due to the "cyber incident".
Read more »
User Privacy
Data Breach Domain Provider FBI LabHost PHaas User Privacy

FBI Shares Details of 42,000 LabHost Phishing Domains

 

The LabHost cybercrime platform, one of the biggest worldwide phishing-as-a-service (PhaaS) platforms, was shut down in April 2024, but the FBI has disclosed 42,000 phishing domains associated with it. In order to raise awareness and offer signs of compromise, the published domains—which were registered between November 2021 and April 2024, when they were seized—are being shared. 

Operations and removal of LabHost 

LabHost is a significant PhaaS platform that sells access to a large number of phishing kits aimed at US and Canadian banks for $179 to $300 per month. It featured numerous customisation options, innovative 2FA bypass mechanisms, automatic SMS-based interactions with victims, and a real-time campaign management panel. Despite its launch in 2021, LabHost became a major player in the PhaaS market in late 2023/early 2024, surpassing established competitors in popularity and attack volume. 

It is estimated that LabHost stole over 1,000,000 user credentials and over 500,000 credit card details. In April 2024, a global law enforcement campaign supported by investigations in 19 nations resulted in the shutdown of the platform, which had 10,000 customers at the time. 

During the simultaneous searches of 70 residences, 37 people suspected of having links to LabHost were arrested. Although the LabHost operation is no longer active, and the shared 42,000 domains are unlikely to be used in malicious operations, the information remains valuable to cybersecurity firms and defenders. First, the domain list can be used to generate a blocklist, reducing the likelihood of attackers recycling or re-registering any of them in future attacks. 

The list can also be used by security teams to search logs from November 2021 to April 2024 in order to detect earlier connections to these domains and find previously unknown breaches. Finally, the list can assist cybersecurity experts in analysing domain patterns in PhaaS systems, improving attribution and intelligence correlation, and providing realistic data for phishing detection model training. The list is shared with the warning that it has not been vetted and may contain errors. 

"FBI has not validated every domain name, and the list may contain typographical or similar errors from LabHost user input," notes the FBI ."The information is historical in nature, and the domains may not currently be malicious. The FBI also noted that investigation of this list may show additional domains tied to the same infrastructure, therefore the list may not be exhaustive."
Read more »
User Privacy
Australian Bank Data Breach Data Leak Financial Security User Privacy

Cybercriminals Stole Thousands of Australians' Banking Details

 

Security experts believe that more than 30,000 Australians' banking details have been compromised online. According to Dvuln, an Australian computer security firm, the exposed data, discovered during the last four years, refers to "multiple major banks". However, rather than being stolen from banks, the credentials were swiped from customers' devices by hackers employing "infostealer malware infections". 

Dvuln warned that the data only reflects a "fraction" of the situation. Details from ten thousand users of one bank were discovered on "infostealer logs" where perpetrators can share and sell the information. Another bank had 5000 details found, while another had 4000. 

Customers from Australia's major banks, such as Commonwealth Bank, NAB, ANZ, and Westpac, had their information compromised. Dvuln advises that multi-factor authentication, which is increasingly required to access banking apps or websites, is "not a complete defence.” 

"The infections targeted individual user devices and harvested their credentials, rather than compromising banking infrastructure directly," the report said. 

Financial institutions, government, cybersecurity professionals, and the public must take coordinated action to mitigate the gap between endpoint compromise and financial misuse. 

Malicious software, or infostealer malware, is "one of the most pervasive yet underreported threats facing Australia's financial sector," the report further reads. The CEO of the Australian Banking Association, Anna Bligh, stated that the issue is not a breach of bank security systems, but rather the access of data from personal devices like laptops and phones.

"Keeping customers secure online is the top priority for Australia's banks," Blight stated. "They continue to invest in security defences to help keep customers safe, including using advanced intelligence systems to monitor both open and dark web sources for compromised customer credentials.” 

CommBank also recommended users to develop and change unique, strong passwords on a regular basis, install and maintain reliable anti-virus software, monitor their accounts and enable transaction notifications, and contact them if they see any suspicious behaviour.
Read more »
User Privacy
Carolina Anaesthesiology Data Breach Data Leak medical records User Privacy

Carolina Anaesthesiology Firm's Massive Data Breach Impacts Nearly 21,000 Patients

 

Jeremiah Fowler, a security researcher, uncovered a non-password-protected database thought to be owned by Carolina Anaesthesiology PA, a healthcare organisation based in North Carolina. This dataset included several states, had 21,344 records, and was about 7GB in size.

The data included sensitive information such as patient names, physical addresses, phone numbers, and email addresses, as well as insurance coverage details, anaesthesia summaries, diagnoses, family medical histories, and doctor's notes. 

According to the researcher, there were files labelled 'Billing and Compliance Reports', which indicates the sort of data contained. While there is no proof that the database fell into criminal hands, the vulnerability of the unsecured database might expose numerous people to social engineering attacks such as phishing, identity theft, or fraud. 

The dataset included a "detailed analysis and key metrics related to medical billing and healthcare services provided," according to the researcher. However, the healthcare company that was contacted stated that it did not own or manage the database, but that the owner had been notified and that public access was restricted.

It remains unclear whether the information was accessed by a threat actor or a third party; only an internal audit would reveal this, and as far as we know, the content has not appeared on any dark web sites for sale by hackers. The researcher's investigation revealed that the contents of this folder were most likely associated with Atrium Health, a Carolina Anaesthesiology PA partner. 

“Our cyber security team immediately launched an internal investigation upon receiving an email tip in mid-February 2025 about a possible data breach. Our investigation found that Carolina Anesthesiology, P.A., who regularly provides anesthesia services at select facilities, misconfigured the technology service used for billing data, exposing some of their patient data,” Atrium Health responded to the intrusion. 

“We immediately shut down all data feeds to Carolina Anesthesiology and, as a courtesy, notified the regular governing entities. We continue to learn more from the Carolina Anesthesiology team about their plan to notify their patients of this breach. All data feeds remain off until this issue has been satisfactorily addressed.”
Read more »
User Privacy
Biosecurity Cyber Security DNA Sequencing Health Security User Privacy

Scientists Warn of Cybersecurity Threats in Next-Gen DNA Sequencing

 

Next-generation DNA sequencing (NGS) is under increasing criticism for its cyber risks. While NGS has transformed disciplines ranging from cancer diagnosis to infectious disease tracking, a recent study warns that the platforms that enable these advancements could also be used as a gateway by hackers and bad actors.

The study, published in IEEE Access and headed by Dr. Nasreen Anjum of the University of Portsmouth's School of Computing, is the first to systematically map cyber-biosecurity vulnerabilities throughout the NGS workflow. 

NGS technology, which enables rapid and cost-effective DNA and RNA sequencing, supports not only cancer research and medicine development, but also agricultural innovation and forensic science. Its ability to process millions to billions of DNA fragments at once has significantly reduced the cost and enhanced the speed of genome analysis, making it a standard in labs around the world. 

However, the study focuses on a less-discussed aspect of this technological advancement: the increasing number of vulnerabilities at each stage of the NGS pipeline. From sample preparation to sequencing and data processing, each stage requires specialised instruments, complicated software, and networked systems. 

According to Dr. Anjum, these interrelated processes generate several points where security might be compromised. As large genetic databases are being stored and shared online, cybercriminals are more likely to access and misuse this sensitive information. The report cautions that such breaches might lead to not only privacy violations or identity tracing, but potentially more serious possibilities like data manipulation or the fabrication of synthetic DNA-encoded malware. 

Experts from Anglia Ruskin University, the University of Gloucestershire, Najran University, and Shaheed Benazir Bhutto Women's University contributed to the research. The researchers discovered multiple emerging threats including AI-powered genomic data manipulation and improved re-identification techniques that could jeopardise individual privacy. These concerns, they suggest, transcend beyond the person and endanger scientific integrity and possibly national security. 

Despite these risks, Dr Anjum observes that cyber-biosecurity remains a neglected field, with fragmented safeguards and little collaboration between computer science, bioinformatics, biotechnology, and security. To address these challenges, the research suggests a number of feasible options, including secure sequencing procedures, secured data storage, and AI-powered anomaly detection systems. The authors recommend governments, regulatory agencies, and academic institutions to prioritise research, education, and policy development in order to close biosecurity gaps.
Read more »
Viral Tend
Barbie Doll Trend Cyber Security Generative AI Threat Intelligence User Privacy Viral Tend

Security Analysts Express Concerns Over AI-Generated Doll Trend

 

If you've been scrolling through social media recently, you've probably seen a lot of... dolls. There are dolls all over X and on Facebook feeds. Instagram? Dolls. TikTok?

You guessed it: dolls, as well as doll-making techniques. There are even dolls on LinkedIn, undoubtedly the most serious and least entertaining member of the club. You can refer to it as the Barbie AI treatment or the Barbie box trend. If Barbie isn't your thing, you can try AI action figures, action figure starter packs, or the ChatGPT action figure fad. However, regardless of the hashtag, dolls appear to be everywhere. 

And, while they share some similarities (boxes and packaging resembling Mattel's Barbie, personality-driven accessories, a plastic-looking smile), they're all as unique as the people who post them, with the exception of one key common feature: they're not real. 

In the emerging trend, users are using generative AI tools like ChatGPT to envision themselves as dolls or action figures, complete with accessories. It has proven quite popular, and not just among influencers.

Politicians, celebrities, and major brands have all joined in. Journalists covering the trend have created images of themselves with cameras and microphones (albeit this journalist won't put you through that). Users have created renditions of almost every well-known figure, including billionaire Elon Musk and actress and singer Ariana Grande. 

The Verge, a tech media outlet, claims that it started on LinkedIn, a professional social networking site that was well-liked by marketers seeking interaction. Because of this, a lot of the dolls you see try to advertise a company or business. (Think, "social media marketer doll," or even "SEO manager doll." ) 

Privacy concerns

From a social perspective, the popularity of the doll-generating trend isn't surprising at all, according to Matthew Guzdial, an assistant professor of computing science at the University of Alberta.

"This is the kind of internet trend we've had since we've had social media. Maybe it used to be things like a forwarded email or a quiz where you'd share the results," Guzdial noted. 

But as with any AI trend, there are some concerns over its data use. Generative AI in general poses substantial data privacy challenges. As the Stanford University Institute for Human-Centered Artificial Intelligence (Stanford HAI) points out, data privacy concerns and the internet are nothing new, but AI is so "data-hungry" that it magnifies the risk. 

Safety tips 

As we have seen, one of the major risks of participating in viral AI trends is the potential for your conversation history to be compromised by unauthorised or malicious parties. To stay safe, researchers recommend taking the following steps: 

Protect your account: This includes enabling 2FA, creating secure and unique passwords for each service, and avoiding logging in to shared computers.

Minimise the real data you give to the AI model: Fornés suggests using nicknames or other data instead. You should also consider utilising a different ID solely for interactions with AI models.

Use the tool cautiously and properly: When feasible, use the AI model in incognito mode and without activating the history or conversational memory functions.
Read more »
User Privacy
Bangchak Data Breach Data Leak PDPC User Privacy

PDPC Probes Bangchak Data Breach Impacting 6.5 Million Records

 

A major data breach involving Bangchak Corporation Public Company Limited is being swiftly investigated by Thailand's Personal Data Protection Committee (PDPC). The company stated that unauthorised access to its customer feedback system had affected roughly 6.5 million records. 

A statement posted on the PDPC Thailand Facebook page on April 11 claims that Bangchak discovered the breach on April 9 and acted right away to secure the compromised systems and prevent unauthorised access. The portal from which the hacked data originated was used to gather customer input. 

The PDPC has directed Bangchak to conduct an extensive internal investigation and submit a comprehensive report outlining the nature of the exposed data, the impact on consumers, the root cause of the breach, and a risk assessment. The agency is also investigating whether there was a violation of Thailand's Personal Data Protection Act (PDPA), which might result in legal action if noncompliance is discovered.

In response to the breach, Bangchak delivered SMS alerts to affected customers. The company declared that no sensitive personal or financial information was compromised. However, it advised users not to click on strange links or share their OTP (One-Time Password) tokens with others, which is a typical practice in phishing and fraud schemes. The PDPC stressed the necessity of following data protection rules and taking proactive measures to avoid similar incidents in the future. 

Prevention tips

Set security guidelines: Security protocols must include the cybersecurity policies and processes necessary to safeguard sensitive company data. One of the most effective strategies to prevent data theft is to establish processes that ensure unauthorised persons do not have access to data. Only authorised personnel should be able to view sensitive information. Businesses should have a thorough grasp of the data that could be compromised in order to minimise the risk of a cybersecurity attack.

Implement password protection: One of the most effective things a small business can do to protect itself from a data breach is to use strong passwords for all sites visited on a daily basis. Strong passwords should be unique for each account and include a mix of letters, numbers, and symbols. Furthermore, passwords should never be shared with coworkers or written down where others can see them.

Update security software: Employing firewalls, anti-virus software, and anti-spyware applications can help businesses make sure that hackers can't just access confidential information. To maintain these security programs free of vulnerabilities, they also need to be updated on a regular basis. To find out about impending security patches and other updates, visit the websites of any software suppliers.
Read more »
User Privacy
Apollo Hospitals Data Breach Data Leak Medical Data User Privacy

Researchers Unearth a Massive Data Leak Within Apollo Hospitals

 

For security analysts Akshay and Viral, a casual check of a healthcare system's security quickly turned into a huge finding. The duo discovered a major data leak at Apollo Hospitals, one of India's leading hospital networks. 

The breach first came to their attention on January 9, when they discovered a zip file on one of Apollo's subsidiary websites. Recognising the sensitivity, they notified Apollo's management within a few hours on January 10.

The file was erased by February 1, but they raised the issue with the Indian Computer Emergency Response Team (CERT-In) and the National Critical Information Infrastructure Protection Centre (NCIIPC), urging further investigation. 

In March, they uncovered another zip file, which was smaller in size but still included sensitive material, raising new concerns about ongoing security threats. It remains unknown whether Apollo or an intruder is adding and deleting files from the server. 

The leaked data include scanned copies of critical personal documents such as work identification cards, PAN cards, Aadhaar cards, passports, and student IDs. This type of data can be used to commit identity theft, fraud, or illegal access to services. 

Additionally, the breach exposed patient medical records, immunisation information, and credentials associated with patient IDs and many internal databases. This means that an attacker could misuse or publicly disclose confidential health information, such as diagnosis, prescriptions, and treatments.

Who is behind the leak?

The experts suspect the attack was carried out by the KillSec ransomware organisation, a well-known cybercriminal outfit that has attacked a variety of sectors, including healthcare.

Using Halcyon, a cybersecurity platform that tracks ransomware gangs and its actions, they learnt that KillSec targeted Apollo Hospitals in October 2024. The compromised data they discovered also dated back to that time period, establishing the connection.

KillSec is notorious for stealing sensitive data and threatening to publish or sell it unless a ransom is paid. Unlike some ransomware gangs who encrypt data to demand payment, KillSec frequently uses double extortion—stealing data before spreading ransomware, giving them leverage even if the victim refuses to pay. 

No action taken 

The researchers highlighted that well over 60 days had passed since their initial attempt to notify Apollo, far exceeding the industry threshold for responsible disclosure. While non-critical security issues are routinely addressed within this timeframe, breaches of this magnitude are usually resolved within hours by firms of comparable size. 

Organisations must report particular types of cyber incidents to CERT-In within six hours of detection. They must submit accurate data, such as the nature of the breach, the systems involved, and any preliminary results.
Read more »
Zero-day Flaw
Data Breach Data Leak Oracle User Privacy Zero-day Flaw

Oracle Finally Acknowledges Cloud Hack

 

Oracle is reportedly trying to downplay the impact of the attack while quietly acknowledging to clients that some of its cloud services have been compromised. 

A hacker dubbed online as 'rose87168' recently offered to sell millions of lines of data reportedly associated with over 140,000 Oracle Cloud tenants, including encrypted credentials. The hacker initially intended to extort a $20 million ransom from Oracle, but eventually offered to sell the data to anyone or swap it for zero-day vulnerabilities.

The malicious actor has been sharing a variety of materials to support their claims, such as a sample of 10,000 customer data records, a link to a file demonstrating access to Oracle cloud systems, user credentials, and a long video that seems to have been recorded during an internal Oracle meeting.

However, Oracle categorically denied an Oracle Cloud hack after the hacker's claims surfaced, stating, "There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

However, multiple independent reports suggest Oracle privately notified concerned customers and confirmed a data incident. On the other hand, specifics remain unclear, and there appears to be some conflicting information. 

Bloomberg has learned from people familiar with the matter that Oracle has started privately informing users of a data leak involving usernames, passkeys and encrypted passwords. The FBI and CrowdStrike are reportedly investigating the incident.

Security firm CyberAngel learned from an unknown source that ‘Gen 1’ cloud servers were attacked — newer ‘Gen 2’ servers were not — that the exposed material is at least 16 months old and does not include full private details. 

“Our source, who we are not naming as requested, is reporting that Oracle has allegedly determined an attacker who was in the shared identity service as early as January 2025,” Cyber Angel said. “This exposure was facilitated via a 2020 Java exploit and the hacker was able to install a webshell along with malware. The malware specifically targeted the Oracle IDM database and was able to exfil data.” 

“Oracle allegedly became aware of a potential breach in late February and investigated this issue internally,” it added. “Within days, Oracle reportedly was able to remove the actor when the first demand for ransom was made in early March.” 

Following the story, cybersecurity expert Kevin Beaumont discovered from Oracle cloud users that the tech firm has simply verbally notified them; no written notifications have been sent. According to Beaumont, "Gen 1" servers might be a reference to Oracle Classic, the moniker for earlier Oracle Cloud services. Oracle is able to deny that Oracle Cloud was compromised thanks to this "wordplay," as Beaumont refers to it.
Read more »
User Privacy
AWS Credentials Mobile Security Spyware Stalkerware User Privacy

Amazon Faces Criticism For Still Hosting Stalkerware Victims' Data

 

Amazon is drawing fire for hosting data from the Cocospy, Spyic, and Spyzie apps weeks after being notified of the problem, as the spyware firms continue to upload sensitive phone data of 3.1 million users to Amazon Web Services (AWS) servers. 

Last month on February 20, threat analysts at TechCrunch, an American global news outlet, notified Amazon of the stalkerware-hosted data, including exact storage bucket information where the stolen data from victims' phones was stored. However, as of mid-March, no firm steps have been taken to disable the hosting servers. 

In response, AWS thanked TechCrunch for the tip and sent a link to its abuse report form. In response to this statement, Ryan, the AWS spokesperson stated, "AWS responded by requesting specific technical evidence through its abuse reporting form to investigate the claims. TechCrunch declined to provide this evidence or submit an abuse report.”

The Android apps Cocospy, Spyic, and Spyzie share identical source code and a security vulnerability that can be easily exploited. The flaw abuses poorly secured servers used by the apps, allowing external access to exfiltrated data. The servers employed by the apps have Chinese origins and store data on Cloudflare and AWS infrastructure.

On March 10, TechCrunch notified Amazon that the Spyzie app was also uploading stolen data to its own Amazon bucket. According to Amazon, AWS responds to complaints of abuse and has stringent acceptable usage guidelines. The company's procedural reaction, however, has come under fire for taking too long to take action regarding hosting stolen data.

Ryan clarified that AWS responded quickly and made repeated requests for the technical data required to conduct the investigation, which TechCrunch declined. He went on to say: "AWS's request to submit the findings through its publicly available abuse reporting channel was questioned by the outlet, which declined to provide the requested technical data.” 

Stalkerware thrives on direct downloads, despite being banned from major app stores like Google Play and Apple's App Store. While some sellers say that the apps are for legal purposes, their capabilities are frequently utilised in ways that breach privacy regulations.
Read more »
User Privacy
Data Leak Mobile Security Samsung Folder Secure Folder User Privacy

Samsung Secure Folder Vulnerability Exposes Hidden Images

 

Samsung's Secure Folder, a feature designed to provide industry-grade security for sensitive data on Galaxy smartphones, has been identified to have a major flaw. Recent discoveries indicate that apps and images saved in the Secure Folder can be accessible under certain conditions, raising concerns about the privacy and security of the data stored there. 

Modus operandi

The Secure Folder acts as a "Work" profile, allowing users to keep private apps, images, and files separate from their primary profile. Normally, when an app seeks to access files from the Secure Folder, the system prevents it unless the app is specifically approved. 

However, a Reddit user named lawyerz88 revealed that this security feature is ineffective when utilising a "Work" app (with a media picker) linked to a separate work profile. In that instance, files stored in the Secure Folder become available via the app. So it is not difficult to circumvent the intended privacy protections.

“If you have the work profile enabled through something like Island or Shelter (or you know, your actual workplace), any apps in the work profile can access the entirety of files saved in a secure folder without any restrictions whatsoever.” notes the Reddit user. “It seems it’s restricted by policy only and only from the personal profile and someone forgot to restrict access via another work profile.” 

Android Authority confirmed the flaw with the Shelter app, which allows you to create a work profile on any device. This means that anyone with physical access to a Galaxy smartphone might use this flaw to view Secure Folder data. 

Samsung's claim of strong security is called into question by this defect, since private data kept in the Secure Folder can be accessed without the owner's knowledge.While accessing the Secure Folder usually requires biometric authentication or a PIN/password, the workaround via Work applications renders these safeguards ineffective. 

The tech giant reportedly acknowledged that they were aware of the user's findings after he reported them. The firm recently rectified the boot loop issue linked with the Secure Folder, and now that more people are aware of it, we hope it is resolved as quickly as possible.
Read more »
Subscribe to: Posts (Atom)