Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Privacy. Show all posts
User Privacy
Cyber Security Legislative Amendment Ransomware attack UK Government User Privacy

UK Government Proposes Mandatory Reporting of Ransomware Attacks

 

The British government's proposals to amend its ransomware strategy marked a minor milestone on Tuesday, when the Home Office issued its formal answer to a survey on modifying the law, but questions remain regarding the effectiveness of the measures. 

The legislative process in the United Kingdom regularly involves public consultations. In order to address the ransomware issue, the Home Office outlined three main policy recommendations and asked for public input in order to support forthcoming legislation. 

The three main policy ideas are prohibiting payments from public sector or critical national infrastructure organisations; requiring victims to notify the government prior to making any extortion payments; and requiring all victims to report attacks to law enforcement.

Following a string of high-profile ransomware incidents that affected the nation, including several that left the shelves of several high-street grocery stores empty and one that contributed to the death of a hospital patient in London, the official response was published on Tuesday, cataloguing feedback for and against the measures.

Despite being labelled as part of the government's much-talked-about Plan for Change, the plans are identical to those made while the Conservative Party was in control prior to Rishi Sunak's snap election, which delayed the consultation's introduction. Even that plan in 2024 was late to the game. 

In 2022, ransomware attacks dominated the British government's crisis management COBR meetings. However, successive home secretaries prioritised responding to small boat crossings of migrants in the English Channel. Ransomware attacks on British organisations had increased year after year for the past five years. 

“The proposals are a sign that the government is taking ransomware more seriously, which after five years of punishing attacks on UK businesses and critical national infrastructure is very welcome,” stated Jamie MacColl, a senior research fellow at think tank RUSI. But MacColl said there remained numerous questions regarding how effective the response might be. 

Earlier this year, the government announced what the Cyber Security and Resilience Bill (CSRB) will include when it is brought to Parliament. The CSRB, which only applies to regulated critical infrastructure firms, is likely to overlap with the ransomware regulations by enhancing cyber incident reporting requirements, but it is unclear how.
Read more »
User Privacy
Chinese Government Cyber Security Digital Protection National ID Online Surveillance User Privacy

Chinese Government Launches National Cyber ID Amid Privacy Concerns

 

China's national online ID service went into effect earlier this month with the promise of improving user privacy by limiting the amount of data collected by private-sector companies. However, the measures have been criticised by privacy and digital rights activists as giving the government more control over citizens' online activities.

The National Online Identity Authentication Public Service is a government-run digital identity system that will reduce the overall information footprint by allowing citizens to register with legitimate government documents and then protecting their data from Internet services. Users can choose not to utilise the service at this time, however businesses are expected to refrain from collecting users' personal information unless specifically mandated by law. 

Kendra Schaefer, a partner at Beijing-based policy consultancy Trivium China, claims that the rules, on the surface, give Internet users a centralised repository for their identity data, owned by the government, and to prevent inconsistent handling by private enterprises. 

"Basically, they're just switching the holder of data," Schaefer stated. "Users use to have to put their ID information into each new website when they logged into that website. ... It would be up to the collector of that data — for example, the platform itself — to properly encrypt it, properly transmit it to the state for verification. ... That is sort of being eliminated now.” 

Several nations are adopting regulations to establish digital identity systems that link online and offline identities. For instance, Australia expanded its government digital ID, permitted private sector participation, and strengthened privacy protections in 2024 with the adoption of the Digital ID Act of 2024. Based on Estonia's digital-government system, Singapore has long provided its people with a digital ID, SingPass, to facilitate transactions with government services. 

However, China's strategy has sparked serious concerns about escalating government monitoring under the guise of privacy and data security. According to an analysis by the Network of Chinese Human Rights Defenders (CHRD), a non-governmental collective of domestic and international Chinese human rights activists and groups, and Article 19, an international non-governmental organisation, the measures contain privacy and notification clauses, but several loopholes allow authorities to easily access private information without notification.

According to Shane Yi, a researcher with CHRD, the new Internet ID system is intended to bolster the state's monitoring apparatus rather than to safeguard individual privacy. 

The goal of the Internet ID numbers, also known as Network Numbers, is to centralise the process of confirming residents' digital identities. Real-name verification is required by the Chinese government, but since it is spread across numerous internet services, it may pose a data security threat. The Chinese regulation states that Internet platforms cannot maintain information about a citizen's true identity if they use a digital ID. The new restrictions (translation) entered into effect on July 15, 2025.

"After internet platforms access the Public Service, where users elect to use Network Numbers or Network Credentials to register and verify their real identity information, and pass verification, the internet platforms must not require that the users separately provide explicit identification information, except where laws or administrative regulations provide otherwise or the users consent to provide it," the regulation reads. 

Chinese officials say that the strategy strengthens citizens' privacy. Lin Wei, president of the Southwest University of Political Science and Law in Chongqing, China, claims that the 67 sites and applications that use the virtual ID service collect 89% less personal information. According to reports, the Ministry of Public Security in China released the academic's work.
Read more »
User Privacy
Home Safety Tech Surveillance Technology Trojan Horse User Privacy

Here's How Everyday Tech Is Being Weaponized to Deploy Trojan

 

The technology that facilitates your daily life, from the smartphone in your hand to the car in your garage, may simultaneously be detrimental to you. Once the stuff of spy thrillers, consumer electronics can today be used as tools of control, tracking, or even warfare if they are manufactured in adversarial countries or linked to opaque systems. 

Mandatory usage and dependence on technology in all facets of our lives has led to risks and vulnerabilities that are no longer hypothetical. In addition to being found in your appliances, phone, internet, electricity, and other utility services, connected technology is also integrated in your firmware, transmitted through your cloud services, and magnified over your social media feeds. 

China's dominance in electronics manufacturing, which gives it enormous influence over the global tech supply chain, is a major cause for concern. Malware has been found pre-installed on electronic equipment exported from Chinese manufacturing. These flaws are frequently built into the hardware and cannot be fixed with a simple update. 

These risks are genuine and cause for concern, according to former NSA director Mike Rogers: We know that China sees value in putting at least some of our key infrastructure at risk of disruption or destruction. I believe that the Chinese are partially hoping that the West's options for handling the security issue will be limited due to the widespread use of inverters.

A new level of complexity is introduced by autonomous cars. These rolling data centres have sensors, cameras, GPS tracking, and cloud connectivity, allowing for remote monitoring and deactivation. Physical safety and national infrastructure are at risk if parts or software come from unreliable sources. Even seemingly innocuous gadgets like fitness trackers, smart TVs, and baby monitors might have security flaws. 

They continuously gather and send data, frequently with little security or user supervision. The Electronic Privacy Information Center's counsel, Suzanne Bernstein, stated that "HIPAA does not apply to health data collected by many wearable devices and health and wellness apps.”

The message is clear: even low-tech tools can become high-risk in a tech-driven environment. Foreign intelligence services do not need to sneak agents into enemy territory; they simply require access to the software supply chain. Malware campaigns such as China's APT41 and Russia's NotPetya demonstrate how compromised consumer and business software can be used for espionage and sabotage. Worse, these attacks are sometimes unnoticed for months or years before being activated—either during conflict or at times of strategic strain.
Read more »
User Privacy
Cyber Security Dark Web threat report Travel Agencies User Privacy

Trustwave Reveals Dark Web Travel Agencies' Secrets

 

Within the underground economy, dark web travel agencies have become one of the more sophisticated and profitable businesses. 

According to the Wall Street Journal's report on Trustwave's findings, these shady companies use credit card fraud, compromised loyalty program accounts, and fake identification documents to provide drastically reduced airfare, upscale hotel stays, rental cars, and full vacation packages. However, what some may consider to be inexpensive vacation packages are actually the last in a series of cybercrimes.

One of their main advantages is their flexibility; as soon as one channel is closed, another one opens up, often with better strategies and more extensive service offerings. The core of the issue is a robust, decentralised underground economy that views fraudulent travel as just another way to make money, rather than any one platform or provider. 

Credential theft campaigns, automation, and the development of AI tools only increase the accessibility and scalability of these services. Dark web travel firms will persist as long as there is a need for big travel bargains with no questions asked and as long as data breaches continue to generate profits. 

Potential red flags in the system 

For airlines, hotels, car rental services, and booking platforms, the symptoms of fraud perpetrated by dark web travel companies are often subtle at first, but if ignored, these indicators can swiftly develop into financial losses, reputation harm, and increased fraud risk exposure. Recognising early symptoms of carded bookings is critical for any organisation involved in the travel industry. 

One of the most prevalent red flags is a high-value or international booking made under a newly formed account, especially if it's linked with last-minute travel or same-day check-in. These are traditional methods to shorten the time frame for detecting or reversing fraud. 

  • Mismatched information is another crucial indicator. This includes discrepancies between the ID shown at check-in, the credit card name, and the booking name. In situations involving hotels and rental cars, a visitor may act evasively when asked for confirmation, appear unfamiliar with the booking details, or refuse to provide further proof. 
  • Loyalty-based bookings may show high or unexpected point redemptions, particularly from dormant accounts or those accessed from foreign IP addresses. Fraudsters frequently abuse these apps using previously compromised login credentials or phishing efforts. 
  • Finally, be wary of repeat bookings with similar names or patterns that come from different accounts. This could imply organised abuse, in which a dark web agency operates primarily through a specific travel platform or API.

Safety tips 

  • Monitor the Dark Web and Telegram Channels for Brand Abuse: Invest in threat intelligence tools or collaborate with cybersecurity firms that can detect unauthorised mentions of your company on underground forums, marketplaces, and encrypted messaging platforms.
  • Improve loyalty program security: Add MFA, transaction alerts, and geofencing to your loyalty accounts. These programs are commonly targeted since they make it easy to monetise miles and points for bookings. 
  • Review API Access and Third-Party Integrations: Dark web retailers frequently exploit flaws in booking APIs or third-party aggregators. Regularly check these systems for abuse patterns, access controls, and rate-limiting enforcement.
Read more »
User Privacy
Cyber Crime Data Leak Fraud Campaign Southeast Asia User Privacy

Asia is a Major Hub For Cybercrime, And AI is Poised to Exacerbate The Problem

 

Southeast Asia has emerged as a global hotspot for cybercrimes, where human trafficking and high-tech fraud collide. Criminal syndicates operate large-scale "pig butchering" operations in nations like Cambodia and Myanmar, which are scam centres manned by trafficked individuals compelled to defraud victims in affluent markets like Singapore and Hong Kong. 

The scale is staggering: one UN estimate puts the global losses from these scams at $37 billion. And things may soon get worse. The spike in cybercrime in the region has already had an impact on politics and policy. Thailand has reported a reduction in Chinese visitors this year, after a Chinese actor was kidnapped and forced to work in a Myanmar-based scam camp; Bangkok is now having to convince tourists that it is safe to visit. Singapore recently enacted an anti-fraud law that authorises law enforcement to freeze the bank accounts of scam victims. 

But why has Asia become associated with cybercrime? Ben Goodman, Okta's general manager for Asia-Pacific, observes that the region has several distinct characteristics that make cybercrime schemes simpler to carry out. For example, the region is a "mobile-first market": popular mobile messaging apps including WhatsApp, Line, and WeChat promote direct communication between the fraudster and the victim. 

AI is also helping scammers navigate Asia's linguistic variety. Goodman observes that machine translations, although a "phenomenal use case for AI," can make it "easier for people to be baited into clicking the wrong links or approving something.” Nation-states are also becoming involved. Goodman also mentions suspicions that North Korea is hiring fake employees at major tech companies to acquire intelligence and bring much-needed funds into the isolated country. 

A new threat: Shadow AI 

Goodman is concerned about a new AI risk in the workplace: "shadow" AI, which involves individuals utilising private accounts to access AI models without firm monitoring. That could be someone preparing a presentation for a company review, going into ChatGPT on their own personal account, and generating an image.

This can result in employees unintentionally submitting private information to a public AI platform, creating "potentially a lot of risk in terms of information leakage. The lines separating your personal and professional identities may likewise be blurred by agentic AI; for instance, something associated with your personal email rather than your business one. 

And this is when it gets tricky for Goodman. Because AI agents have the ability to make decisions on behalf of users, it's critical to distinguish between users acting in their personal and professional capacities. “If your human identity is ever stolen, the blast radius in terms of what can be done quickly to steal money from you or damage your reputation is much greater,” Goodman warned.
Read more »
User Privacy
Critical Infrastructure Cyber Security Healthcare Sector Patient Data User Privacy

Here's Why Cyber Security is Critical For Healthcare Sector

 

Healthcare organisations provide an essential service that, if disrupted by a cyber attack, could jeopardise patient safety, disrupt care delivery, and even result in death. In the case of a security incident, the implications could impact not only the victim organisation, but also their patients and national security. 

What makes medical device cybersecurity critical?

Unlike traditional computers, medical devices often lack adequate security protections, making them more vulnerable to hacking. These devices frequently rely on hard-coded and typically known passwords, and thus may not be easily patched or updated. 

Complicating matters further, the variety of manufacturers and distribution channels leads to a lack of conventional security controls like passwords, encryption, and device monitoring. The primary security risk is the possible exposure of both data and device control, resulting in a delicate balance between safety and security that necessitates stakeholder collaboration, particularly in implementation and maintenance methods. 

Given that older medical devices were not initially created with cyber security in mind and are difficult to secure properly, healthcare institutions must prioritise and invest in securing these devices. In order to minimise operational disruptions and protect patient safety and privacy, it is imperative to safeguard medical equipment, as the proliferation of newly linked devices exacerbates pre-existing vulnerabilities. 

Mitigation tips

Based on their experience working in healthcare the sector, researchers suggested  safety guidelines for healthcare organisations aiming to strengthen their cyber security:

  • Adopt a proactive strategy to cyber security, addressing people, processes, and technology. 
  • Define clear roles and responsibilities for network and information system security so that employees can take ownership of essential cybersecurity practices. 
  • Conduct regular cyber risk assessments to uncover flaws, evaluate potential threats, and prioritise remedial activities based on the risk to critical systems and patient data.
  • Conduct training programs to raise awareness and prepare for cyber threats. 
  • Establish well-defined policies and procedures as part of your security management system, together with conveniently available documentation to guide your security personnel. 
  • Use defence-in-depth technical controls to effectively guard, detect, respond to, and recover from incidents.
  • Backup and disaster recovery plans are used to ensure the availability and integrity of essential data in the case of a cyberattack, system failure, or data breach. 
  • Medical device security should be addressed explicitly throughout the product/system lifetime.

By implementing these best practices, healthcare companies can fortify their defences, mitigate cyber risks, and safeguard patient data and critical infrastructure from emerging cyber threats.
Read more »
User Privacy
Cyber Security Mass Surveillance Palantir Trump Administration User Privacy

US Government Secretly Builds Enormous Database Tracking Citizens

 

An explosive story regarding the Trump administration's collaboration with Palantir, which could result in the creation of a master database containing data on every American, was released by the New York Times last month. If such a "master list" was created, the Times claims, it would grant the president "untold surveillance power." 

President Donald Trump signed an executive order earlier this year allowing the federal government to exchange data on Americans among multiple organisations. However, we now have a better idea of how the administration plans to accomplish this. Trump has hired Palantir, a software startup co-founded by Trump and Republican megadonor Peter Thiel, to carry out these initiatives. 

According to the New York Times, Palantir's technology would allow for the compilation of sensitive information from agencies such as the Department of Homeland Security, Immigration and Customs Enforcement, and the Internal Revenue Service. Various government databases already have information on Americans' bank account numbers, medical claims, disabilities, student loan levels, and other details, though not in one location. 

In order to boost government efficiency and save hard-earned public cash, the Trump administration has stated that it wants to "eliminate information silos and streamline data collection across all agencies." The threat of a central database, however, is a nightmare for privacy advocates and has even prompted security and privacy worries from former Palantir staff members. 

Palantir controversial role

Despite its reputation for being extremely covert about its data mining and spying activities, Palantir positions itself as a data and analytics firm. Additionally, Palantir has been under fire for offering information services to support the Israeli military during the Israel-Hamas conflict in 2023. The IDF receives intelligence services from Palantir, as CEO Karp has previously revealed.

Palantir has responded by defending its collaboration with Israel and refuting claims that it is supporting war crimes, as its most vocal detractors claim. As part of the Trump Administration's contentious policing and deportation initiatives, Palantir has also been called upon to assist U.S. Immigration and Customs Enforcement (ICE) in tracking immigrants in the United States. 

Why would the Trump Administration use Palantir to acquire data?

Palantir has already been contracted by the federal government for several years. For example, Palantir previously collaborated with Health and Human Services to track the COVID-19 pandemic. However, Palantir's stock and revenue have soared since Trump's inauguration earlier this year. To date, the federal government has given Palantir around $113 million in 2025.

Furthermore, last week, Palantir was given a $795 million contract by the Department of Defence. In 2024, Palantir earned $1.2 billion from the U.S. government, according to the company's last quarterly report. Furthermore, Thiel, a co-founder of Palantir, is a key Republican fundraiser. In addition to giving $1.25 million to Trump's 2016 campaign, he has contributed tens of millions of dollars to Republican congressional campaigns over the years.
Read more »
User Security
Cyber Fraud Deepfakes Financial Scam User Privacy User Security

Deepfakes Explained: How They Operate and How to Safeguard Yourself

 

In May of this year, an anonymous person called and texted elected lawmakers and business executives pretending to be a senior White House official. U.S. senators were among the recipients who believed they were speaking with White House chief of staff Susie Wiles. In reality, though, it was a phoney. 

The scammer employed AI-generated deepfake software to replicate Wiles' voice. This easily accessible, low-cost software modifies a public speech clip to deceive the target. 

Why are deepfakes so convincing? 

Deepfakes are alarming because of how authentic they appear. AI models can analyse public photographs or recordings of a person (for example, from social media or YouTube) and then create a fake that mimics their face or tone very accurately. As a result, many people overestimate their ability to detect fakes. In an iProov poll, 43% of respondents stated they couldn't tell the difference between a real video and a deepfake, and nearly one-third had no idea what a deepfake was, highlighting a vast pool of potential victims.

Deepfakes rely on trust: the victim recognises a familiar face or voice, and alarms do not sound. These scams also rely on haste and secrecy (for example, 'I need this wire transfer now—do not tell anyone'). When we combine emotional manipulation with visual/auditory reality, it is no surprise that even professionals have been duped. The employee in the $25 million case saw something odd—the call stopped abruptly, and he never communicated directly with colleagues—but only realised it was a scam after the money was stolen. 

Stay vigilant 

Given the difficulty in visually recognising a sophisticated deepfake, the focus switches to verification. If you receive an unexpected request by video call, phone, or voicemail, especially if it involves money, personal data, or anything high-stakes, take a step back. Verify the individual's identity using a separate channel.

For example, if you receive a call that appears to be from a family member in distress, hang up and call them back at their known number. If your supervisor requests that you buy gift cards or transfer payments, attempt to confirm in person or through an official company channel. It is neither impolite or paranoid; rather, it is an essential precaution today. 

Create secret safewords or verification questions with loved ones for emergencies (something a deepfake impostor would not know). Be wary of what you post publicly. If possible, limit the amount of high-quality videos or voice recordings you provide, as these are used to design deepfakes.
Read more »
User Privacy
Business Security Cyber Security Document-Borne Malware Malicious Campaign User Privacy

Here's Why Businesses Need to be Wary of Document-Borne Malware

 

The cybersecurity experts are constantly on the lookout for novel tactics for attack as criminal groups adapt to better defences against ransomware and phishing. However, in addition to the latest developments, some traditional strategies seem to be resurfacing—or rather, they never really went extinct. 

Document-borne malware is one such strategy. Once believed to be a relic of early cyber warfare, this tactic remains a significant threat, especially for organisations that handle huge volumes of sensitive data, such as those in critical infrastructure.

The lure for perpetrators is evident. Routine files, including Word documents, PDFs, and Excel spreadsheets, are intrinsically trusted and freely exchanged between enterprises, often via cloud-based systems. With modern security measures focussing on endpoints, networks, and email filtering, seemingly innocuous files can serve as the ideal Trojan horse. 

Reasons behind malicious actors using document-borne malware 

Attacks utilising malicious documents seems to be a relic. It's a decades-old strategy, but that doesn't make it any less detrimental for organisations. Still, while the concept is not novel, threat groups are modernising it to keep it fresh and bypass conventional safety procedures. This indicates that the seemingly outdated method remains a threat even in the most security-conscious sectors.

As with other email-based techniques, attackers often prefer to hide in plain sight. The majority of attacks use standard file types like PDFs, Word documents, and Excel spreadsheets to carry malware. Malware is typically concealed in macros, encoded in scripts like JavaScript within PDFs, or hidden behind obfuscated file formats and layers of encryption and archiving. 

These unassuming files are used with common social engineering approaches, such as a supplier invoice or user submission form. Spoofed addresses or hacked accounts are examples of email attack strategies that help mask malicious content. 

Organisations' challenges in defending against these threats 

Security analysts claim that document security is frequently disregarded in favour of other domains, such as endpoint protection and network perimeter. Although document-borne attacks are sufficiently commonplace to be overlooked, they are sophisticated enough to evade the majority of common security measures.

There is an overreliance on signature-based antivirus solutions, which frequently fail to detect new document-borne threats. While security teams are often aware of harmful macros, formats such as ActiveX controls, OLE objects, and embedded JavaScript may be overlooked. 

Attackers have also discovered that there is a considerable mental blind spot when it comes to documents that appear to have been supplied via conventional cloud-based routes. Even when staff have received phishing awareness training, there is a propensity to instinctively believe a document that arrives from an expected source, such as Google or Office 365.

Mitigation tips 

As with other evolving cyberattack strategies, a multi-layered strategy is essential to defending against document-borne threats. One critical step is to use a multi-engine strategy to malware scanning. While threat actors may be able to deceive one detection engine, using numerous technologies increases the likelihood of detecting concealed malware and minimises false negatives. 

Content Disarm and Reconstruction (CDR) tools are also critical. These sanitise and remove malicious macros, scripts, and active material while keeping the page intact. Suspect files can then be run through enhanced standboxes to detect previously unknown threats' malicious behaviour while in a controlled environment. 

The network should also be configured with strict file rules, such as limiting high-risk file categories and requiring user authentication before document uploads. Setting file size restrictions can also help detect malicious documents that have grown in size due to hidden coding. Efficiency and dependability are also important here. Organisations must be able to detect fraudulent documents in their regular incoming traffic while maintaining a rapid and consistent workflow for customers.
Read more »
User Privacy
Data Breach Data Leak Logistics Firm Noida Firm User Privacy

FIR Filed After Noida Logistics Company Claims User Data Leaked

 

High-profile clients' private information, including that of top government officials, was leaked due to a significant cybersecurity incident at Agarwal Packers and Movers Ltd (APML) in India. Concerns over the security of corporate data as well as possible national security implications have been raised by the June 1 incident. An inquiry is still under progress after police filed a formal complaint. 

In what could be one of the most sensitive data breaches in recent memory, Agarwal Packers and Movers Ltd (APML), a well-known logistics company with its headquarters located in Sector 60, Noida, has disclosed that private client information, including the addresses and phone numbers of senior government clients, has been stolen. 

The intrusion was detected on June 1 after several clients, including prominent bureaucrats, diplomats, and military people, began receiving suspicious, highly targeted phone calls.

"The nature of the calls strongly indicated that the callers had access to specific customer queries and records related to upcoming relocations," the complainant, Jaswinder Singh Ahluwalia, Group President and CEO of APML, stated in the police FIR. He cautioned that this is more than just a disclosure of company data. It has an impact on personal privacy, public trust, and possibly national security. 

The company initiated an internal technical inspection, which uncovered traces of unauthorised cyber infiltration, confirming worries regarding a breach. The audit detected collaboration between internal personnel and external cybercriminals. While the scope of the hack is still being investigated, its significance is undeniable: the firm serves India's elite, making the stolen data a potential goldmine for bad actors. 

In accordance with Sections 318(4) and 319(2) of the Bharatiya Nyaya Sanhita and Sections 66C (identity theft) and 66D (impersonation by computer resource) of the Information Technology Act, a formal complaint was filed at the Sector 36 Cyber Crime Police Station. 

According to Cyber SHO Ranjeet Singh, they have a detailed complaint with technological proof to back it up. At the moment, their cyber unit is looking through access trails, firewall activity, and internal server records. Due to the nature of clients impacted, the issue is being handled with the highest attention. 

The attack has triggered calls for stricter cybersecurity practices in private companies that serve sensitive sectors. While APML has yet to reveal how many people were affected, its internal records allegedly include relocation information for high-level clientele like as judges, intelligence officers, and foreign dignitaries.
Read more »
User Security
Cyber Fraud Helpdesk Scam IT Fraud User Privacy User Security

The Rise in IT Helpdesk Scams: What Can Users Do?

 

Over 37,500 complaints concerning phoney tech-support scams were filed in the United States last year alone, resulting in losses of over $924 million, according to the latest FBI's Internet Crime Report. 

In this piece, we'll look at how these scams work, the risks they bring, and how you can prevent them. 

Modus operandi

In this scheme, scammers generally mimic technical or customer-service representatives from prominent corporations, most often in the tech industry. This allows fraudsters to utilise impressive-sounding phrases and technical information that the common user cannot understand.

The most typical pretext used by fraudulent tech-support scammers to contact potential victims is claiming to have discovered a problem with the latter's computer. For example, fake employees of a software developer or a well-known antivirus company call you and tell you that they have discovered malware on your computer, you should be suspicious. 

Scammers therefore overwhelm their victims, creating panic and a sense of helplessness. The fraudsters then use these emotions to gain trust; these techniques are typically designed to make the victim feel compelled to trust them. It is this trust that the scammers ultimately use to achieve their objectives. 

Prevention tips

If someone approaches you claiming to be from tech support, warns you of a danger, and insists that action be taken immediately, it is most certainly a fake tech-support fraudster. Try not to panic and avoid doing anything you'll regret later.

It is preferable to share what is going on with someone else, as this might help you discover inconsistencies and flaws in the scammer's story. To buy time, tell them you're busy, have another call, your phone's battery is running low, or simply pretend to be disconnected. Furthermore, to protect yourself from scammers, you can take the following steps: 

  • Install a reputable security solution on all of your devices and heed its warnings. 
  • Never enter your login information while someone else is viewing, such as while screen sharing or when someone has remote access to your computer. 
  • Avoid installing remote access software on your computer, and never provide access to outsiders. By the way, our protection can alert you to such threats.

It's also worth noting that the elderly are particularly prone to tech support frauds. They may not be very cyber-savvy, therefore they want reliable security more than anyone else.
Read more »
User Privacy
Mobile Security SMS Code threat report two-factor authentication User Privacy

Here's Why Using SMS Two-Factor Authentication Codes Is Risky

 

We've probably all received confirmation codes via text message when trying to enter into an account. These codes are intended to function as two-factor verification, confirming our identities and preventing cybercriminals from accessing our accounts solely through a password. But who handles the SMS codes, and can they be trusted? 

 New findings from Bloomberg and the collaborative investigative newsroom Lighthouse findings offer insight on how and why text-based codes might put people in danger. In their investigations, both organisations stated that they got at least a million data packets from a phone company whistleblower. Individual users got the packets, which contained SMS texts with two-factor authentication codes. 

You may believe that these messages are handled directly by the companies and websites with which you have an account. However, Bloomberg and Lighthouse's investigation suggests that this is not always the case. In this case, the messages went through a contentious Swiss company called Fink Telecom Services. And Bloomberg used the label "controversial" to describe Fink for a reason. 

"The company and its founder have worked with government spy agencies and surveillance industry contractors to surveil mobile phones and track user location. Cybersecurity researchers and investigative journalists have published reports alleging Fink's involvement in multiple instances of infiltrating private online accounts,” Bloomberg reported. 

Of course, Fink Telecom didn't exactly take that and other comments lying down. In a statement shared with ZDNET, Fink called out the article: "A simple reading of this article reveals that it presents neither new findings nor original research," Fink noted in its statement. "Rather, it is largely a near-verbatim repetition of earlier reports, supplemented by selective and out-of-context insinuations intended to create the appearance of a scandal-without providing any substantiated factual basis.”

Bloomberg and Lighthouse discovered that the senders included major tech companies including Google, Meta, and Amazon. Several European banks were also involved, as were applications like Tinder and Snapshot, the Binance cryptocurrency market, and even encrypted communication apps like Signal and WhatsApp. 

Why would businesses leave their two-factor authentication codes to an outside source, especially one with a questionable reputation? Convenience and money. External contractors can normally handle these types of SMS messages at a lower cost and with greater ease than enterprises themselves. That is especially true if a company has to interact with clients all around the world, which can be complicated and costly. 

Instead, firms turn to providers like Fink Telecom for access to "global titles." A global title is a network address that allows carriers to interact between countries. This makes it appear that a company is headquartered in the same country as any of its consumers. 

According to Lighthouse's investigation, Fink utilised worldwide titles in Namibia, Chechnya, the United Kingdom, and his native Switzerland. Though outsourcing such messages can be convenient, it carries risks. In April, UK phone regulator Ofcom banned global title leasing for UK carriers, citing the risk to mobile phone users. 

The key issue here is whether the data in the documents examined by Bloomberg and Lighthouse was ever at risk. In an interview with Bloomberg, Fink Telecom CEO Andreas Fink stated: "Our company offers infrastructure and technical services, such as signalling and routing capabilities. We do not analyse or meddle with the traffic sent by our clients or their downstream partners. 

Fink further shared the following statement with ZDNET: "Fink Telecom Services GmbH has always acted transparently and cooperatively with the authorities," Fink said. "Legal opinions and technical documentation confirm that the company's routing services are standardized, internationally regulated, and do not require authorization under Swiss telecommunications law, export control law, or sanctions legislation. Authorities were also informed that the company is in no way involved in any misuse of its services.”

In terms of outsourcing, Google, Meta, Signal, and Binance informed Bloomberg that they did not deal directly with Fink Telecom. Google also stated that it was discontinuing the use of SMS to authenticate accounts, although Signal stated that it provided solutions to SMS vulnerabilities. A Meta representative told Bloomberg that the company has warned its partners not to do business with Fink Telecom.
Read more »
User Privacy
Insikt Group malware Mozambique Predator spyware User Privacy

Predator Spyware Campaign Resurfaces With a New Infrastructure

 

The latest discovery of new Predator spyware-related equipment suggests that the surveillance technology is still finding new clients, despite US penalties imposed on its backers since July 2023. 

In a report published earlier this month, analysts at Insikt Group claimed to have traced the sophisticated malware to operators in Mozambique for the first time. According to Insikt, Mozambique is one of many African countries where the spyware has spread, with the continent home to more than half of all known Predator users.

According to Insikt, a new discovery in the probe revealed "the first technical connection made between Predator infrastructure and corporate entities associated with the Intellexa Consortium," referring to the group believed to be backing Predator. The United States sanctioned several entities, including Intellexa.

The disclosure stems from an Insikt investigation into entities associated with Dvir Horef Hazan, a Czech bistro owner, entrepreneur, and programmer who, according to a Czech news source, worked for Intellexa. A Greek law enforcement investigation into the alleged Predator targeting of journalist Thanasis Koukakis revealed that Intellexa moved over €3 million (around $3.5 million) to Hazan and his businesses. 

The details of Hazan's alleged work for Intellexa are unclear, but Insikt claims to have identified a link between Predator's multi-tiered architecture and a Czech company that is indirectly tied to Hazan.

The researchers claim that Predator's basic infrastructure has stayed mostly unaltered, however there is evidence that operators have modified the spyware to make it trickier to detect on a device. Insikt's recent data support previous reports that Predator activities continued following the US government's steps in July 2023. 

Initially, the Commerce Department placed Intellexa and a subsidiary unit, Cytrox, on the Entity List, which limits how companies conduct business with the United States and tarnish their reputation. Then, in 2024, federal agencies acted twice to ban Predator-related organisations.
Read more »
User Privacy
Acoustic Attack Air-Gapped System Cyber Attacks smartwatch User Privacy

Smartwatches: New Air-Gapped System Assault Vehicle

 

A novel assault identified as 'SmartAttack' leverages smartwatches as a covert ultrasonic signal receiver to extract data from physically isolated (air-gapped) devices.

Air-gapped systems, which are often used in mission-critical environments such as government buildings, weapons platforms, and nuclear power plants, are physically separated from external networks to prevent malware infestations and data theft. Despite their isolation, they are still susceptible to compromise from insider threats like rogue employees utilising USB devices or state-sponsored supply chain attacks. 

Once infiltrated, malware can function silently, modulating the physical features of hardware components to communicate sensitive data to a nearby receiver without interfering with the system's regular operations. 

SmartAttack was developed by Israeli university researchers led by Mordechai Guri, a covert attack channel expert who has previously shown ways for leaking data using LCD screen noise, RAM modulation, network card LEDs, USB drive RF signals, SATA connectors, and power supply. While assaults on air-gapped environments are often theoretical and exceedingly difficult to execute, they do present interesting and unique ways to exfiltrate data. 

Modus operandi

SmartAttack requires malware to infect an air-gapped machine in order to acquire sensitive data such as keystrokes, encryption keys, and credentials. It can then use the computer's built-in speaker to send ultrasonic signals into the environment. The audio signal frequencies can be modified using binary frequency shift keying (B-FSK) to represent binary data, also known as ones and zeros. A frequency of 18.5 kHz symbolises "0," whereas 19.5 kHz represents "1.”

Humans cannot hear frequencies in this range, but they can be picked up by a smartwatch microphone worn by someone close. The smartwatch's sound monitoring app uses signal processing to detect frequency shifts and demodulate encoded signals, as well as integrity tests. The final data exfiltration can occur via Wi-Fi, Bluetooth, or cellular connectivity. 

Performance and limitations 

The researchers point out that smartwatches use smaller, lower-SNR microphones than smartphones, making signal demodulation challenging, particularly at higher frequencies and lower signal intensities. Even wrist position was discovered to be a significant factor in the attack's feasibility, with the watch operating best when it is in "line-of-sight" with the computer speaker. 

The maximum transmission range varies per transmitter (speaker type) and is between 6 and 9 meters (20 - 30 feet). Data transmission rates range from 5 to 50 bits per second (bps), with dependability decreasing as rate and distance rise. Prohibiting smartwatch use in safe settings is the best method to combat the SmartAttack, according to the researchers. 

Eliminating the built-in speakers from air-gapped devices would be an additional step. This would remove the attack surface for not just SmartAttack but all acoustic covert routes. If none of this is practical, ultrasonic jamming using software-based firewalls, audio-gapping, and wideband noise emission may still work.
Read more »
User Privacy
Cloud Security Cyber Security data security threat report User Privacy

Data Security Posture Insights: Overcoming Complexity and Threat Landscape

 

In today's competitive landscape, it is becoming more critical for businesses to find ways to adapt their data security, governance, and risk management strategies to the volatile economy by increasing efficiency or lowering costs while maintaining the structure, consistency, and guidance required to manage cyber threats and ensure compliance. 

As organisations increasingly migrate various on-premises applications and data workloads to multicloud environments, the complexity and dispersed nature of cloud environments presents significant challenges in terms of managing vulnerabilities, controlling access, understanding risks, and protecting sensitive data.

What is data security risk? 

Data security refers to the process of preserving digital information from unauthorised access, corruption, or theft throughout its lifecycle. Risks are introduced into databases, file servers, data lakes, cloud repositories, and storage devices via all access channels to and from these systems. 

Most importantly, the data itself, whether in motion or at rest, deserves the same level of protection. When effectively executed, a data-centric approach will secure an organization's assets and data from cyberattacks while also guarding against insider threats and human error, which are still among the major causes of data breaches.

Complexity factor into data security risk 

Many variables contribute to organisational growth while also increasing security complexity. Complexity undermines operational stability and has an equivalent influence on security. Understanding and analysing all the causes of complexity allows organisations to develop focused initiatives and efficiently automate observability and control, fostering a lean and responsive operational team. 

Cloud Security Alliance's Understanding Data Security Risk 2025 Survey Report outlines major topics that organisations are actively addressing:

High growth with AI-driven innovation and security: As AI stimulates innovation, it also broadens the threat landscape. Rapid expansion frequently outpaces the creation of required infrastructures, processes, and procedures, resulting in ad hoc measures that add complexity. Gen-AI also introduces a new level of difficulty as it becomes more prominent in cloud environments, which remain a major target owing to their complexity and scale. 

Processes and automation: We understand that limited staff and inefficient or outdated processes frequently result in manual and redundant efforts. This places a significant load on teams that struggle to stay up, resulting in reactive stopgap or workaround actions. To summarise, manual efforts can be error-prone and time-consuming. At the same time, organisations may encounter unwanted bottlenecks, which can increase complexity and impede risk detection and security enforcement. Automate as much as possible, including data security and risk intelligence, to ensure that risks are managed proactively, reducing the escalation of critical occurrences. 

Technology integration: Although technology provides answers for efficiency and effectiveness, integrating several systems without careful planning can result in disjointed security process silos, ineffective security infrastructure, and mismatched security stack components. Fragmented visibility, control, and access enforcement are the unstated costs of fragmented tools. Even though they are crucial, traditional compliance and security systems frequently lack the integration and scalability required for contemporary and successful risk management. 

Proactive data security posture management 

To improve security posture, organisations are adopting proactive, risk-based solutions that include continuous monitoring, real-time risk assessments, and dynamic actionable workflows. This strategy allows for the detection and mitigation of flaws before they are exploited, resulting in a more strong defence against threats. 

According to the poll results, 36% prioritise assessment results, 34% believe a dedicated dashboard is most useful, and 34% want risk scores to better understand their organization's data risk. 

 onquering complexity necessitates a comprehensive approach that incorporates technology, best practices, and risk awareness. By prioritising data security throughout your cloud journey, you can keep your data safe, your apps running smoothly, and your business thriving in the ever-changing cloud landscape.
Read more »
User Privacy
Juice Jacking Mobile Security Travel Security TSA User Privacy

TSA Advises Against Using Airport USB Ports to Charge Your Phone

 

So-called juice jacking is the most controversial topic in cybersecurity circles. In most years, when a new alert is issued by a government agency before the holidays, it creates new headlines. Stories are written and cyber eyebrows are raised — there are more stories than attacks. But still those stories come. However, a recent alert raises the possibility that travellers may actually be at risk.

In reality, juice jacking occurs when you plug your phone into a public charging cable or socket at a hotel or airport, and rather than a dumb charger, a computer operates in the background to retrieve data from your device. This is not the same as carefully designed attack cables that contain a malicious payload inside the cable.

The latest official warning (and headlines 1,2) comes from the TSA. "When you're at an airport, do not plug your phone directly into a USB port," it warns you. "Bring your TSA-compliant power brick or battery pack and plug in there." This is so because "hackers can install malware at USB ports (we've been told that's called 'juice/port jacking').” 

TSA also urges smartphone users not to use free public WiFi, especially if they intend to make any online purchases. Do not enter any sensitive information while using unsecure WiFi. Cyber experts are almost as divided on the public WiFi hijacking problem as they are on juice-jacking. TL;DR: While it compromises your location, all encrypted data transmitted to or from your device via websites or apps should be secure.

The greater risk is downloading an app from the malicious access point's splash page, filling online forms, or being routed to bogus login sites for Microsoft, Google, or other accounts. The typical advice applies: use passkeys, avoid logging in to linked or popup windows and instead utilise the traditional channels, and do not reveal personal information. You should also be cautious about which WiFi hotspots you connect to - are they legitimate services from the hotel, airport, or mall, or are they cleverly labelled fakes? 

This is more of an issue for Android than iOS, but it isn't something most people need be concerned about. However, if you believe you may be the target of an attack or if you travel to high-risk areas of the world, I strongly advise against utilising public charging outlets or public WiFi without some type of data protection.
Read more »
User Privacy
Data Facebook Meta Social Media Technology User Privacy

Want to Leave Facebook? Do this.

Want to Leave Facebook? Do this.

Confused about leaving Facebook?

Many people are changing their social media habits and opting out of many services. Facebook has witnessed a large exodus of users deserting the platform after the announcement in March that Meta was terminating the independent fact-checking on its platform. However, fact-checking has been replaced with community notes, letting users make changes to potentially false/misleading information. 

Users having years of photos and posts on Facebook are confused about how to collect their data before removing their accounts. If you also feel the same problem, this post will help you delete Facebook permanently, while taking all your information on the way out. 

How to remove Facebook?

For users who do not want to be on Facebook anymore, deleting their account is the only way to completely remove yourself from the platform. If you are not sure, deactivating your account allows you to have some life off of Facebook without account deletion. 

Make sure to remove third-party Facebook logins before deleting your account. 

How to leave third-party apps?

Third-party apps like DoorDash and Spotify allow you to log in using your Facebook account. This lets you log in without remembering another password, but if you’re planning on deleting Facebook, you have to update your login settings. That is because if you delete your account, there will not be another Facebook account for the user to log in through. 

Fortunately, there is another simple way to find which of your sites and applications are connected to Facebook and delete them before removing your account. Once you disconnect from other websites and applications from Facebook, you will need to adjust how you login to them. 

Users should try specific applications and websites to set new passwords or passkeys or log in via a single-service sign-on option, such as Google. 

How is deactivating different than deactivating a Facebook account?

If you want to stay away from Facebook, you have two choices. Either delete your account permanently, or you can disable it temporarily to deactivate it. 

Read more »
User Privacy
Adidas Data Breach Data Leak Third-party breach User Privacy

Adidas Confirms Data Leak After User Service Provider Hack

 

Adidas confirmed that a third-party customer service provider's vulnerability allowed a threat actor to steal company data. 

Contact details of customers who have previously dealt with the Adidas customer service help desk are among the impacted data. However, passwords, credit cards, and other financial or payment information are not included.

"Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law," the company explained in a notification on its website. 

It has subsequently initiated an investigation to gather facts about a breach and is working with information security professionals. Adidas did not reveal the name of its third-party customer support provider. It also remains unknown who carried out the strike. 

"This incident underscores a critical truth: third-party breaches swiftly become your organization's breaches, which highlights the necessity of robust oversight mechanisms," noted Fletcher Davis, senior security research manager at BeyondTrust. "Mandating security assessments, multifactor authentication, and zero-trust architecture for all vendor access, while deploying real-time identity infrastructure monitoring to cut response times to minutes, as opposed to days.” 

Adidas is not the first well-known brand to have experienced data leaks or cyberattacks in recent years. Recent ransomware attacks have targeted the Co-op Group, Marks & Spencer, and the luxury shop Harrods. Marks & Spencer reported that its customers' personal information was stolen during the incident, and that retail operations had been affected.

Scattered Spider was possibly responsible for the attack, unleashing DragonForce ransomware against the UK retailer, forcing Marks & Spencer to estimate a $400 million hit on earnings.

Establishing strong defense 

Forward-thinking merchants are implementing new techniques to mitigate third-party risk. Consider the following best practices: 

Zero trust approach: Treat every provider as a potential risk and restrict data access to what is absolutely essential. 

Incident simulation: Conduct regular exercises that simulate third-party breaches and test your response procedures. 

Continuous vendor assessment: Use automated systems to track vendor security status all year, not just during annual audits. 

The Adidas breach was not an isolated incident. It is a warning to the entire retail sector. As hackers become more adept, businesses must consider third-party risk as a key priority rather than just a compliance concern.
Read more »
Subscribe to: Posts (Atom)