Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Security. Show all posts
WhatsApp Web
Data Privacy Indian Government Mobile Security User Security WhatsApp Web

Indian Government Flag Security Concerns with WhatsApp Web on Work PCs

 

The Indian government has issued a significant cybersecurity advisory urging citizens to avoid using WhatsApp Web on office computers and laptops, highlighting serious privacy and security risks that could expose personal information to employers and cybercriminals. 

The Ministry of Electronics and Information Technology (MeitY) released this public advisory through its Information Security Awareness (ISEA) team, warning that while accessing WhatsApp Web on office devices may seem convenient, it creates substantial cybersecurity vulnerabilities. The government describes the practice as a "major cybersecurity mistake" that could lead to unauthorized access to personal conversations, files, and login credentials. 

According to the advisory, IT administrators and company systems can gain access to private WhatsApp conversations through multiple pathways, including screen-monitoring software, malware infections, and browser hijacking tools. The government warns that many organizations now view WhatsApp Web as a potential security risk that could serve as a gateway for malware and phishing attacks, potentially compromising entire corporate networks. 

Specific privacy risks identified 

The advisory outlines several "horrors" of using WhatsApp on work-issued devices. Data breaches represent a primary concern, as compromised office laptops could expose confidential WhatsApp conversations containing sensitive personal information. Additionally, using WhatsApp Web on unsecured office Wi-Fi networks creates opportunities for malicious actors to intercept private data.

Perhaps most concerning, the government notes that even using office Wi-Fi to access WhatsApp on personal phones could grant companies some level of access to employees' private devices, further expanding the potential privacy violations. The advisory emphasizes that workplace surveillance capabilities mean employers may monitor browser activity, creating situations where sensitive personal information could be accessed, intercepted, or stored without employees' knowledge. 

Network security implication

Organizations increasingly implement comprehensive monitoring systems on corporate devices, making WhatsApp Web usage particularly risky. The government highlights that corporate networks face elevated vulnerability to phishing attacks and malware distribution through messaging applications like WhatsApp Web. When employees click malicious links or download suspicious attachments through WhatsApp Web on office systems, they could inadvertently provide hackers with backdoor access to organizational IT infrastructure. 

Recommended safety measures

For employees who must use WhatsApp Web on office devices, the government provides specific precautionary guidelines. Users should immediately log out of WhatsApp Web when stepping away from their desks or finishing work sessions. The advisory strongly recommends exercising caution when clicking links or opening attachments from unknown contacts, as these could contain malware designed to exploit corporate networks. 

Additionally, employees should familiarize themselves with their company's IT policies regarding personal application usage and data privacy on work devices. The government emphasizes that understanding organizational policies helps employees make informed decisions about personal technology use in professional environments. 

This advisory represents part of broader cybersecurity awareness efforts as workplace digital threats continue evolving, with the government positioning employee education as crucial for maintaining both personal privacy and corporate network security.
Read more »
Vulnerabilities and Exploits
Midnight Blue Radio Encryption TETRA Radio User Security Vulnerabilities and Exploits

Security Flaws Found in Police and Military Radio Encryption

 

Cybersecurity experts have uncovered significant flaws in encryption systems used by police and military radios globally, potentially allowing malicious actors to intercept secure communications. 

Background and context 

In 2023, Dutch security researchers from Midnight Blue unearthed an intentional backdoor in TETRA (Terrestrial Trunked Radio) encryption algorithms used in radios deployed by law enforcement, intelligence agencies, and military organizations worldwide. This discovery led the European Telecommunications Standards Institute (ETSI) to recommend users implement additional end-to-end encryption (E2EE) for sensitive communications. 

The same research team has now identified that at least one version of the TCCA-endorsed E2EE solution contains similar flaws. The encryption algorithm analyzed starts with a 128-bit key but reduces it to just 56 bits before encrypting data, making it vulnerable to unauthorized access. Additionally, researchers discovered a second vulnerability that could allow attackers to send deceptive messages or replay legitimate communications.

The TETRA standard includes four encryption algorithms (TEA1, TEA2, TEA3, TEA4) designed for different security levels based on the target customer. All use 80-bit keys, but TEA1 was found to reduce to just 32 bits, enabling researchers to crack it in under a minute. The key reduction appears to be implemented to comply with export control regulations for encryption sold to customers outside Europe. 

Global impact

TETRA radios are extensively employed by law enforcement agencies in Belgium, Scandinavian nations, Eastern European countries, and Middle Eastern nations including Iran, Iraq, Lebanon, and Syria. Defense ministries in Bulgaria, Kazakhstan, and Syria, along with intelligence services from Poland, Finland, Lebanon, and Saudi Arabia also employ these systems. However, it remains unclear how many entities use the vulnerable E2EE implementation.

Disclosure challenges

The research reveals a concerning lack of transparency regarding security limitations. While some manufacturers include vulnerability information in brochures, others only address it in internal communications or don't mention it at all. A leaked product bulletin indicated that encryption key length is "subject to export control regulations," but it's uncertain whether end users are properly informed about potential security risks.

The findings will be presented at the BlackHat security conference, highlighting ongoing challenges in securing critical communications infrastructure used by law enforcement and military organizations worldwide.
Read more »
User Security
Cyber Fraud Malicious Campaign Pharmacy Scam PharmaFraud User Security

Millions Face Potential Harm After Experts Uncovered a Vast Network of 5,000+ Fake Pharmacy Sites

 

Security experts have exposed "PharmaFraud," a criminal network of more than 5,000 fraudulent online pharmacies. The operation puts millions of consumers at risk by selling unsafe counterfeit medications while also stealing their private data. 

The fraudulent campaign mimics legitimate online pharmacies and specifically targets individuals seeking discreet access to medications such as erectile dysfunction treatments, antibiotics, steroids, and weight-loss drugs. What makes this operation particularly dangerous is its use of advanced deception techniques, including AI-generated health content, fabricated customer reviews, and misleading advertisements to establish credibility with potential victims. 

These sites are designed to circumvent basic security indicators by omitting legitimate business credentials and requiring payments through cryptocurrency, which makes transactions virtually untraceable. The operation extends beyond simply selling fake drugs—it actively harvests sensitive medical information, personal details, and financial data that can be exploited in subsequent fraud schemes. 

Health and financial risks

Even when products are delivered, there's no guarantee of safety or effectiveness—medications may be expired, contaminated, or completely fake, creating health risks that extend far beyond financial losses. The report highlights that these fraudulent sites often bypass prescription requirements entirely, allowing dangerous medications to reach consumers without proper medical oversight. 

The broader cyberthreat landscape has seen escalation, with financial scams increasing by 340% in just three months, often using fake advertisements and chatbot interfaces to impersonate legitimate legal or investment services. Tech support scams appearing as browser pop-ups have also risen sharply, luring users into contacting fraudulent help services.

Safety tips 

To avoid these scams, consumers should be vigilant about several key warning signs: 

  • Websites that offer prescription medications without requiring valid prescriptions.
  • Missing or unclear contact information and business registration details.
  • Absence of verifiable physical addresses.
  • Unusually low prices and limited-time offers.
  • Payment requests specifically for cryptocurrency.

Essential security measures include verifying that websites use secure checkout processes with HTTPS protocols and trusted payment gateways. Users should also deploy antivirus software to detect malware that may be embedded in fraudulent medical sites, enable firewalls to block suspicious traffic from known scam domains, and install endpoint protection across multiple devices for comprehensive security. 

Consumers should maintain healthy skepticism toward unsolicited health advice, product reviews, or miracle cure claims found through advertisements, emails, or social media links. When in doubt, consumers should verify pharmacy legitimacy through official regulatory channels before sharing any personal or financial information.
Read more »
User Security
Child Influencer Laws Legal Framework Social Media Technology User Security

Here's Why We Need Child Influencer Laws in a Monetised Content Society

 

The increasing urgency around safeguarding children who are featured as influencers or content creators online is a concerning trend that has grown rapidly in recent years. Earlier, U.S. child labor laws like the Coogan Law were designed to protect child actors, but the rise of social media has created an environment where many minors—sometimes as family breadwinners—are now regularly producing monetized content. This shift raises new legal and ethical questions regarding consent, financial exploitation, and the long-term impact on children’s wellbeing. 

Recent popular documentaries, such as Hulu’s "Devil in the Family" and Netflix’s "Bad Influence," have brought to light extreme cases of abuse and exploitation involving child influencers. These shows highlight not only physical and emotional abuse but also the dangers posed when children’s most private moments are shared for profit. Central concerns include whether children can meaningfully consent to being featured, how difficult it is for them to refuse their parents, and who ultimately controls the digital footprint these young people accumulate. 

State legislatures are starting to take action in response to these harms. In 2023, Illinois took the lead by amending its child labour laws to specifically define vlogging as work and required parents to record their children's participation in content. Additionally, the state established trust funds to receive a percentage of the revenue.Other states, including Minnesota, Montana, California, and Utah, have enacted similar laws with unique provisions. For example, Minnesota prohibits children under 14 from engaging in content creation as labor, while Utah only mandates compensation for children when families earn a threshold amount from content. 

A key feature of some new state laws is the “right to be forgotten,” allowing individuals who were featured as minors to have their content removed later in life. While this empowers former child influencers, it can sometimes conflict with law enforcement needs for evidence. Even so, these laws mark important progress toward recognizing and addressing the specific risks faced by children in the influencer economy, mainly by treating online content creation as work and prioritizing financial safeguards. 

However, child experts stress that legislation alone cannot solve all problems associated with child influencing. Effective protection requires a collaborative approach: tech platforms should enforce clear and accessible privacy options, families must educate themselves and respect children’s right to consent, and policymakers should continue to advocate for balanced regulations. Ultimately, safeguarding the emotional and psychological wellbeing of child influencers—and considering the lasting effects of exposing personal lives online—must remain the top priority.
Read more »
User Security
Chrome Updates FBI FBI CISA advisory Mobile Security User Security

FBI Warns Chrome Users Against Unofficial Updates Downloading

 

If you use Windows, Chrome is likely to be the default browser. Despite Microsoft's ongoing efforts to lure users to the Edge and the rising threat of AI browsers, Google's browser remains dominant. However, Chrome is a victim of its own success. Because attackers are aware that you are likely to have it installed, it is the ideal entry point for them to gain access to your PC and your data. 

That is why you are seeing a series of zero-day alerts and emergency updates. This is also why the FBI is warning about the major threat posed by fraudulent Chrome updates. As part of the "ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors," the FBI and CISA, America's cyber defence agency, have issued their latest warning. 

The latest advisory addresses the recent rise in Interlock ransomware attacks. And, while the majority of the advice is aimed at individuals in charge of securing corporate networks and enforcing IT policies, it also includes a caution for PC users. Ransomware assaults require an entry point, or "initial access." And if you have a PC (or smartphone) connected to your employer's network, you are affected. The advisory also recommends that organisations "train users to spot social engineering attempts.”

In the case of Interlock, two of these ways of first entrance leverage the same lures that cybercriminals employ to target your personal accounts, as well as the data and security credentials on your own devices. You should be looking for these anyway. One of the techniques is ClickFix, which is easily detectable. This is where a notice or popup encourages you to paste content into a Windows command and run the script. It's accomplished by impersonating a technical issue, a secure website, or a file that you need to open. Any such directive is always an attack and should be ignored. 

Installing and updating fake Chrome has become commonplace, both on Android smartphones and Windows PCs. As with ClickFix, the guidance is quite explicit. Never use links in emails or texts to access upgrades or new installs. Always get updates and programs from the official websites or shops. Keep in mind that Chrome will automatically download updates and will prompt you to restart your browser to ensure the installation. Although those links are delivered to you, you are not required to look for them or click on random links.
Read more »
World Leaks
Customer Solution Centers Data Breach Dell Technologies User Security World Leaks

World Leaks Outfit Linked to Dell Test Lab Intrusion

 

Dell Technologies has acknowledged a serious security compromise affecting its Customer Solution Centers platform, the latest high-profile intrusion by the World Leaks extortion outfit. 

The breach occurred earlier this month and targeted Dell's isolated demonstration environment, which is designed to showcase commercial solutions to enterprise customers, however the company claims that critical user data and operating systems are still secure. 

The attack targeted Dell's Customer Solution Centres infrastructure, which is a controlled environment used for product presentations and proof-of-concept testing for commercial users. Threat actors were able to successfully breach this platform, which follows stringent network segmentation guidelines to keep it isolated from production systems, according to Dell's official statement. 

The platform "is intentionally separated from customer and partner systems, as well as Dell's networks and is not used in the provision of services to Dell customers," according to Dell, which underlined the purposeful isolation of the compromised environment. Multiple isolation levels and clear warnings that forbid users from uploading private or sensitive data to the demonstration environment are features of the company's security architecture. 

The breach investigation discovered that the stolen data mostly consisted of fake test information, publicly available datasets used for demonstrations, Dell scripts, system data, and testing results. The only authentic data exposed appears to be an out-of-date contact list with little operational value, severely limiting the possible impact on Dell's company operations and customer relationships. 

Security review 

Report claims that Dell's thorough security response shows how well their multi-layered defence architecture can limit the potential harm caused by advanced cyberattacks. While ensuring that partner systems, production networks, and customer data repositories are unaffected by the incident, the company's security team is still looking into the breach vectors. 

The breach's limited scope shows Dell's strong data management processes and network segmentation strategies, which effectively prevented lateral movement into vital company systems. Dell's emphasis on using synthetic data for demonstration reasons was critical in limiting the breach's potential damage, as attackers accessed created information rather than sensitive consumer or company data.

This incident shows the expanding landscape of cyber threats, as attackers increasingly target demonstration and testing environments as potential entry points into larger corporate networks, making robust security architecture vital for organisational protection.
Read more »
User Security
CrowdStrike outage Cyber Security Hospital System threat report User Security

Patient Care Technology Disruptions Linked With the CrowdStrike Outage, Study Finds

 

A little more than a year ago, nearly 8.5 million Windows-based IT systems went down due to a simple error made during a routine software update. Computers were unable to reboot for several hours due to a bug from CrowdStrike, a cybersecurity business whose products are used to detect and respond to security attacks. Many of the systems needed further manual patches, which prolonged the outage.

The estimated financial toll? Anywhere between $5 billion and $10 billion for Fortune 500 firms – and close to $2 billion for the healthcare sector specifically.

A new report reveals that the negative repercussions on healthcare organisations have gone far beyond financial. A study published in JAMA Network Open by the University of California San Diego found that the incident triggered measurable disruptions in a large proportion of US hospitals, including technical issues that impacted basic operations, research activities, and direct patient care. The researchers discovered that immediately following the CrowdStrike upgrade on July 19, 759 hospitals (out of 2232 with available data) had measurable service disruptions. That represents more than one-third of healthcare organisations.

Of a total of 1098 service outages across those organisations, 21.8% were patient-facing and had a direct impact on patient care. Just over 15% were relevant to health-care operations, with 5.3% affecting research activities. The remaining 57% were either not classified as significant or unknown. 

“Patient-facing services spanned imaging platforms, prehospital medicine health record systems, patient transfer portals, access to secure documentation, and staff portals for viewing patient details,” the researchers explained. “In addition to staff portals, we saw outages in patient access platforms across diverse hospital systems; these platforms, when operating as usual, allow patients to schedule appointments, contact health care practitioners, access laboratory results, and refill prescriptions.” 

Additionally, some hospitals experienced outages in laboratory information systems (LIS), behavioural health apps, and patient monitoring systems like foetal monitors and cardiac telemetry devices. Software in development or pre-deployment stages, informational pages, educational resources for medical and nursing students, or donation pages for institutions were primarily impacted by the outages classified as irrelevant or unknown.

3.9% of hospitals had outages longer than 48 hours, while the majority of hospital services returned within 6 hours. Outages lasting longer than two full days were most common in hospitals in South Carolina, Maryland, and New Jersey. With the majority of assessed hospitals returning to service within six hours, Southern US organizations—including those in Tennessee, North Carolina, Louisiana, Alabama, Texas, and Florida—were among the quickest to recover.

The incident served as a stark reminder that human error is and always will be a serious threat to even the most resilient-seeming technologies, while also highlighting the extraordinarily fragile nature of the modern, hyperconnected healthcare ecosystem. CrowdStrike criticised the UCSD research methods and findings, but it also acknowledged and apologised to its customers and other impacted parties for the disruption and promised to be focused on enhancing the resilience of its platform.
Read more »
Vulnerabilities and Exploits
Healthcare Firm Risk Management Threat Management User Security Vulnerabilities and Exploits

Healthcare Firms Face Major Threats from Risk Management and Legacy Tech, Report Finds

 

With healthcare facilities scrambling to pinpoint and address their top cyber threats, Fortified's report provides some guidance on where to begin. The report identifies five major security gaps in healthcare organisations: inadequate asset inventories, a lack of unified risk management strategies, a lack of focus on supply-chain vulnerabilities, a preference for installing new technology over maintaining legacy systems, and poor employee training.

Major cyberattacks in recent years have demonstrated how these threats are linked. Weak supply-chain oversight is an especially critical issue given the interconnected framework of the healthcare ecosystem, which includes hospitals, pharmacies, and specialty-care institutions.

The 2024 Change Healthcare hack highlighted the industry's reliance on a few obscure but ubiquitous vendors. Outdated asset inventories exacerbate these flaws, making it more difficult to repair the damage after a supply-chain attack. And these attacks frequently target the very legacy technologies that have been overlooked in favour of new products.

While securing old systems remains a persistent challenge for healthcare organisations, Fortified discovered that it was the most significant area for improvement in the previous year, followed by recovery process improvements, response planning, post-incident communications, and threat analysis maturity.

Identity management, risk assessment maturity, and leadership involvement were further areas that needed improvement. Since many attacks start with credentials that have been stolen or falsified, the latter is particularly critical. 

A spokesperson stated that Fortified's study is predicated on client interactions, including incident engagements and security ratings derived from the Cybersecurity Framework, that took place between 2023 and June 2025. Fortified serves all of its clients in North America, including major university medical centres, integrated delivery networks, and small community hospitals.
Read more »
User Security
Blockchain Developer Crypto Theft Cyber Fraud Malicious Campaign User Security

Online Criminals Steal $500K Crypto Via Malicious AI Browser Extension

 

A Russian blockchain engineer lost over $500,000 worth of cryptocurrencies in a sophisticated cyberattack, highlighting the persisting and increasing threats posed by hostile open-source packages. Even seasoned users can be duped into installing malicious software by attackers using public repositories and ranking algorithms, despite the developer community's growing knowledge and caution.

The incident was discovered in June 2025, when the victim, an experienced developer who had recently reinstalled his operating system and only employed essential, well-known applications, noticed his crypto assets had been drained, despite rigorous attention to cybersecurity. 

The researchers linked the breach to a Visual Studio Code-compatible extension called "Solidity Language" for the Cursor AI IDE, a productivity-boosting tool for smart contract developers. The extension, which was made public via the Open VSX registry, masqueraded as a legal code highlighting tool but was actually a vehicle for remote code execution. After installation, the rogue extension ran a JavaScript file called extension.js, which linked to a malicious web site to download and run PowerShell scripts. 

These scripts, in turn, installed the genuine remote management tool ScreenConnect, allowing the perpetrators to maintain remote access to the compromised PC. The attackers used this access to execute further VBScripts, which delivered additional payloads such as the Quasar open-source backdoor and a stealer module capable of syphoning credentials and wallet passphrases from browsers, email clients, and cryptocurrency wallets. 

The masquerade was effective: the malicious extension appeared near the top of search results in the extension marketplace, thanks to a ranking mechanism that prioritised recency and perceived activity over plain download counts. The attackers also plagiarised descriptions from legitimate items, thus blurring the distinction between genuine and fraudulent offerings. When the bogus extension failed to deliver the promised capabilities, the user concluded it was a glitch, allowing the malware to remain undetected. 

In an additional twist, after the malicious item was removed from the store, the threat actors swiftly uploaded a new clone called "solidity," employing advanced impersonation techniques. The malicious publisher's name differed by only one character: an uppercase "I" instead of a lowercase "l," a discrepancy that was nearly hard to detect due to font rendering. The bogus extension's download count was intentionally boosted to two million in a bid to outshine the real program, making the correct choice difficult for users.

The effort did not end there; similar attack tactics were discovered in further malicious packages on both the Open VSX registry and npm, which targeted blockchain developers via extensions and packages with recognisable names. Each infection chain followed a well-known pattern: executing PowerShell scripts, downloading further malware, and communicating with attacker-controlled command-and-control servers. This incident highlights the ongoing threat of supply-chain attacks in the open-source ecosystem.
Read more »
User Security
Data Breach Data Leak Episource United States User Security

Major Breach at Medical Billing Giant Results in The Data Leak of 5.4 Million Users

 

Episource, the medical billing behemoth, has warned millions of Americans that a hack earlier this year resulted in the theft of their private and medical data. According to a listing with the United States Department of Health and Human Services, one of the year's largest healthcare breaches affects around 5.4 million people. 

Episource, which is owned by Optum, a subsidiary of the largest health insurance company UnitedHealth Group, offers billing adjustment services to doctors, hospitals, and other healthcare-related organisations. In order to process claims through their health insurance, the company handles a lot of patients' personal and medical data.

In notices filed in California and Vermont on Friday last week, Episource stated that a criminal was able to "see and take copies" of patient and member data from its systems during the weeklong breach that ended on February 6. 

Private information stolen includes names, postal and email addresses, and phone numbers, as well as protected health data such as medical record numbers and information on doctors, diagnoses, drugs, test results, imaging, care, and other treatments. The stolen data also includes health insurance information, such as health plans, policies, and member numbers. 

Episource would not elaborate on the nature of the issue, but Sharp Healthcare, one of the organisations that worked with Episource and was impacted by the intrusion, notified its clients that the Episource hack was triggered by ransomware. This is the latest cybersecurity incident to affect UnitedHealth in recent years.

Change Healthcare, one of the top companies in the U.S. healthcare industry, which conducts billions of health transactions each year, was attacked by a ransomware gang in February 2024, resulting in the theft of personal and health information for over 190 million Americans. The cyberattack resulted in the largest healthcare data breach in US history. Several months later, UnitedHealth's Optum division exposed to the internet an internal chatbot used by staff to enquire about claims.
Read more »
User Security
Axis Max Life Insurance Data Breach Data Leak Indian Insurance User Security

Axis Max Life Cyberattack: A Warning to the Indian Insurance Sector

 

On July 2, 2025, Max Financial Services revealed a cybersecurity incident targeting its subsidiary, Axis Max Life Insurance, India's fifth-largest life insurer. This incident raises severe concerns regarding data security and threat detection in the Indian insurance sector. 

The breach was discovered by an unknown third party who notified Axis Max Life Insurance of the data access, while exact technical specifics are still pending public release. In response, the company started: 

  • Evaluation of internal security 
  • Log analysis 
  • Consulting with cybersecurity specialists for investigation and remediation 

Data leaked during the breach 

The firm accepted that some client data could have been accessed, but no specific data types or quantities were confirmed at the time of the report. Given the sensitive nature of insurance data, the exposed data could include: 

  • Personally identifiable information (PII). 
  • Financial/Insurance Policy Data Contact and health information (common for life insurers) 

This follows a recent trend of PII-focused assaults on Indian insurers (e.g., Niva Bupa, Star Health, HDFC Life), indicating an increased threat to consumer data. 

Key takeaways

Learning of a breach from an anonymous third party constitutes a serious failure in internal threat identification and monitoring. Implement real-time threat detection across endpoints, servers, and cloud platforms with SIEM, UEBA, and EDR/XDR to ensure that the organisation identifies breaches before external actors do. 

Agents, partners, and tech vendors are frequently included in insurance ecosystems, with each serving as a possible point of compromise. Extend Zero Trust principles to all third-party access, requiring tokenised, time-limited access and regular security evaluations of suppliers with data credentials. 

Mitigation tips 

  • Establish strong data inventory mapping and access logging, particularly in systems that store personally identifiable information (PII) and financial records. 
  • Have a pre-established IR crisis communication architecture that is linked with legal, regulatory, and consumer response channels that can be activated within hours. 
  • Continuous vulnerability scanning, least privilege policies, and red teaming should be used to identify exploitable holes at both the technical and human layers. 
  • Employ continuous security education, necessitate incident reporting processes, and behavioural monitoring to detect policy violations or insider abuse early.
Read more »
User Security
Cyber Fraud Deepfakes Financial Scam User Privacy User Security

Deepfakes Explained: How They Operate and How to Safeguard Yourself

 

In May of this year, an anonymous person called and texted elected lawmakers and business executives pretending to be a senior White House official. U.S. senators were among the recipients who believed they were speaking with White House chief of staff Susie Wiles. In reality, though, it was a phoney. 

The scammer employed AI-generated deepfake software to replicate Wiles' voice. This easily accessible, low-cost software modifies a public speech clip to deceive the target. 

Why are deepfakes so convincing? 

Deepfakes are alarming because of how authentic they appear. AI models can analyse public photographs or recordings of a person (for example, from social media or YouTube) and then create a fake that mimics their face or tone very accurately. As a result, many people overestimate their ability to detect fakes. In an iProov poll, 43% of respondents stated they couldn't tell the difference between a real video and a deepfake, and nearly one-third had no idea what a deepfake was, highlighting a vast pool of potential victims.

Deepfakes rely on trust: the victim recognises a familiar face or voice, and alarms do not sound. These scams also rely on haste and secrecy (for example, 'I need this wire transfer now—do not tell anyone'). When we combine emotional manipulation with visual/auditory reality, it is no surprise that even professionals have been duped. The employee in the $25 million case saw something odd—the call stopped abruptly, and he never communicated directly with colleagues—but only realised it was a scam after the money was stolen. 

Stay vigilant 

Given the difficulty in visually recognising a sophisticated deepfake, the focus switches to verification. If you receive an unexpected request by video call, phone, or voicemail, especially if it involves money, personal data, or anything high-stakes, take a step back. Verify the individual's identity using a separate channel.

For example, if you receive a call that appears to be from a family member in distress, hang up and call them back at their known number. If your supervisor requests that you buy gift cards or transfer payments, attempt to confirm in person or through an official company channel. It is neither impolite or paranoid; rather, it is an essential precaution today. 

Create secret safewords or verification questions with loved ones for emergencies (something a deepfake impostor would not know). Be wary of what you post publicly. If possible, limit the amount of high-quality videos or voice recordings you provide, as these are used to design deepfakes.
Read more »
User Security
Ahold Delhaize Data Breach Grocery Giant Ransomware attack User Security

2.2 Million People Impacted by Ahold Delhaize Data Breach

 

Ahold Delhaize, the Dutch grocery company, reported this week that a ransomware attack on its networks last year resulted in a data breach that affected more than 2.2 million customers. 

The cybersecurity breach was discovered in November 2024, when numerous US pharmacies and grocery chains controlled by Ahold Delhaize reported network troubles. The incident affected Giant Food pharmacies, Hannaford supermarkets, Food Lion, The Giant Company, and Stop & Shop.

In mid-April 2025, Ahold Delhaize was attacked by the Inc Ransom ransomware organisation. Shortly after, the company acknowledged that the hackers probably stole data from some of its internal business systems.

 Since then, Ahold Delhaize has determined that personal data has been hacked, and those affected are currently being notified. Internal employment records for both current and defunct Ahold Delhaize USA enterprises were included in the stolen files. The organization told the Maine Attorney General’s Office that 2,242,521 people are affected.

The compromised information differs from person to person, however it includes name, contact information, date of birth, Social Security number, passport number, driver's license number, financial account information, health information, and employment-related information. Affected consumers will receive free credit monitoring and identity protection services for two years. 

The attackers published around 800 Gb of data allegedly stolen from Ahold Delhaize on their Tor-based leak website, indicating that the corporation did not pay a ransom. Inc Ransom claimed to have stolen 6 TB of data from the company.

Cyberattacks on the retail industry, notably supermarkets, have increased in recent months. In April, cybercriminals believed to be affiliated with the Scattered Spider group targeted UK retailers Co-op, Harrods, and M&S. 

Earlier this month, United Natural Foods (UNFI), the primary distributor for Amazon's Whole Foods and many other North American grocery shops, was targeted by a hack that disrupted company operations and resulted in grocery shortages. According to UNFI, there is no evidence that personal or health information was compromised, and no ransomware group claimed responsibility for the attack.
Read more »
User Security
AI tools Cyber Security Data Privacy Generative AI User Security

New Report Ranks Best And Worst Generative AI Tools For Privacy

 

Most generative AI companies use client data to train their chatbots. For this, they may use private or public data. Some services take a more flexible and non-intrusive approach to gathering customer data. Not so much for others. A recent analysis from data removal firm Incogni weighs the benefits and drawbacks of AI in terms of protecting your personal data and privacy.

As part of its "Gen AI and LLM Data Privacy Ranking 2025," Incogni analysed nine well-known generative AI services and evaluated their data privacy policies using 11 distinct factors. The following queries were addressed by the criteria: 

  • What kind of data do the models get trained on? 
  • Is it possible to train the models using user conversations? 
  • Can non-service providers or other appropriate entities receive prompts? 
  • Can the private data from users be erased from the training dataset?
  • How clear is it when training is done via prompts? 
  • How simple is it to locate details about the training process of models? 
  • Does the data collection process have a clear privacy policy?
  • How easy is it to read the privacy statement? 
  • Which resources are used to gather information about users?
  • Are third parties given access to the data? 
  • What information are gathered by the AI apps? 

The research involved Mistral AI's Le Chat, OpenAI's ChatGPT, xAI's Grok, Anthropic's Claude, Inflection AI's Pi, DeekSeek, Microsoft Copilot, Google Gemini, and Meta AI. Each AI performed well on certain questions but not so well on others. 

For instance, Grok performed poorly on the readability of its privacy policy but received a decent rating for how clearly it communicates that prompts are used for training. As another example, the ratings that ChatGPT and Gemini received for gathering data from their mobile apps varied significantly between the iOS and Android versions.

However, Le Chat emerged as the best privacy-friendly AI service overall. It did well in the transparency category, despite losing a few points. Additionally, it only collects a small amount of data and achieves excellent scores for additional privacy concerns unique to AI. 

Second place went to ChatGPT. Researchers at Incogni were a little worried about how user data interacts with the service and how OpenAI trains its models. However, ChatGPT explains the company's privacy standards in detail, lets you know what happens to your data, and gives you explicit instructions on how to restrict how your data is used. Claude and PI came in third and fourth, respectively, after Grok. Each performed reasonably well in terms of protecting user privacy overall, while there were some issues in certain areas. 

"Le Chat by Mistral AI is the least privacy-invasive platform, with ChatGPT and Grok following closely behind," Incogni noted in its report. "These platforms ranked highest when it comes to how transparent they are on how they use and collect data, and how easy it is to opt out of having personal data used to train underlying models. ChatGPT turned out to be the most transparent about whether prompts will be used for model training and had a clear privacy policy.” 

In its investigation, Incogni discovered that AI firms exchange data with a variety of parties, including service providers, law enforcement, members of the same corporate group, research partners, affiliates, and third parties. 

"Microsoft's privacy policy implies that user prompts may be shared with 'third parties that perform online advertising services for Microsoft or that use Microsoft's advertising technologies,'" Incogni added in the report. "DeepSeek's and Meta's privacy policies indicate that prompts can be shared with companies within its corporate group. Meta's and Anthropic's privacy policies can reasonably be understood to indicate that prompts are shared with research collaborators.” 

You can prevent the models from being trained using your prompts with some providers. This is true for Grok, Mistral AI, Copilot, and ChatGPT. However, based on their privacy rules and other resources, it appears that other services do not allow this kind of data collecting to be stopped. Gemini, DeepSeek, Pi AI, and Meta AI are a few of these. In response to this concern, Anthropic stated that it never gathers user input for model training. 

Ultimately, a clear and understandable privacy policy significantly helps in assisting you in determining what information is being gathered and how to opt out.
Read more »
User Security
Cyber Fraud Helpdesk Scam IT Fraud User Privacy User Security

The Rise in IT Helpdesk Scams: What Can Users Do?

 

Over 37,500 complaints concerning phoney tech-support scams were filed in the United States last year alone, resulting in losses of over $924 million, according to the latest FBI's Internet Crime Report. 

In this piece, we'll look at how these scams work, the risks they bring, and how you can prevent them. 

Modus operandi

In this scheme, scammers generally mimic technical or customer-service representatives from prominent corporations, most often in the tech industry. This allows fraudsters to utilise impressive-sounding phrases and technical information that the common user cannot understand.

The most typical pretext used by fraudulent tech-support scammers to contact potential victims is claiming to have discovered a problem with the latter's computer. For example, fake employees of a software developer or a well-known antivirus company call you and tell you that they have discovered malware on your computer, you should be suspicious. 

Scammers therefore overwhelm their victims, creating panic and a sense of helplessness. The fraudsters then use these emotions to gain trust; these techniques are typically designed to make the victim feel compelled to trust them. It is this trust that the scammers ultimately use to achieve their objectives. 

Prevention tips

If someone approaches you claiming to be from tech support, warns you of a danger, and insists that action be taken immediately, it is most certainly a fake tech-support fraudster. Try not to panic and avoid doing anything you'll regret later.

It is preferable to share what is going on with someone else, as this might help you discover inconsistencies and flaws in the scammer's story. To buy time, tell them you're busy, have another call, your phone's battery is running low, or simply pretend to be disconnected. Furthermore, to protect yourself from scammers, you can take the following steps: 

  • Install a reputable security solution on all of your devices and heed its warnings. 
  • Never enter your login information while someone else is viewing, such as while screen sharing or when someone has remote access to your computer. 
  • Avoid installing remote access software on your computer, and never provide access to outsiders. By the way, our protection can alert you to such threats.

It's also worth noting that the elderly are particularly prone to tech support frauds. They may not be very cyber-savvy, therefore they want reliable security more than anyone else.
Read more »
User Security
Cyber Attacks keylogger Microsoft Exchange threat report User Security

Keylogger Injection Targets Microsoft Exchange Servers

 

Keylogging malware is a particularly dangerous as it is often designed to steal login passwords or other sensitive information from victims. When you add a compromised Exchange server to the mix, it makes things significantly worse for any organisation. 

Positive Technologies researchers recently published a new report on a keylogger-based campaign that targets organisations worldwide. The effort, which is identical to an attack uncovered in 2024, targets compromised Microsoft Exchange Server installations belonging to 65 victims in 26 nations. 

The attackers infiltrated Exchange servers by exploiting well-known security flaws or using completely novel techniques. After getting access, the hackers installed JavaScript keyloggers to intercept login credentials from the organization's Outlook on the Web page. 

OWA is the web version of Microsoft Outlook and is integrated into both the Exchange Server platform and the Exchange Online service within Microsoft 365. According to the report, the JavaScript keyloggers gave the attackers persistence on the compromised servers and went unnoticed for months.

The researchers uncovered various keyloggers and classified them into two types: those meant to save captured inputs to a file on a local server that could be accessed from the internet later, and those that transferred stolen credentials across the global network using DNS tunnels or Telegram bots. The files containing the logged data were properly labelled to help attackers identify the compromised organisation.

PT researchers explained that most of the affected Exchange systems were owned by government agencies. A number of other victims worked in industries like logistics, industry, and IT. The majority of infections were found in Taiwan, Vietnam, and Russia; nine infected companies were found in Russia alone. 

The researchers emphasised that a huge number of Exchange servers remain vulnerable to well-known security issues. The PT experts encouraged companies to regard security flaws as major issues and implement adequate vulnerability management strategies. 

Furthermore, organisations that use the Microsoft platform should implement up-to-date web applications and security measures to detect malicious network activities. It is also a good idea to analyse user authentication files on a regular basis for potentially malicious code.
Read more »
Vulnerabilities and Exploits
Critical Flaw Security Patch User Security Veeam Vulnerabilities and Exploits

Researchers Advise Caution as Veeam Releases Patch to Fix Critical Vulnerability

 

Following Veeam Backup & Replication's Tuesday patch release to patch a critical remote code execution vulnerability, researchers are advising customers to ensure their systems are completely upgraded to the latest version

An authorised domain user can execute code on a backup server thanks to the vulnerability, which is tagged as CVE-2025-23121. It was previously revealed by watchTowr and Code White GmbH researchers that a fix for an earlier vulnerability, identified as CVE-2025-23120, could be circumvented. As a result of the disclosure, a new patch was prepared. 

Benjamin Harris, CEO of watchTowr, claims that Veeam is essentially updating a blacklist of "dangerous deserialisation gadgets" once they have been identified. Harris said that throughout the deployment of multiple patches for the Backup & Replication product, researchers have observed this occur repeatedly.

"This blacklisting approach will never be sufficient, as we advocated in March," Harris wrote in an email to Cybersecurity Dive, further stating that his team "demonstrated [this] once again in March when we reported further gadgets to Veeam that they have released patches for [on Tuesday] to address.” 

Veeam stated that the patch fixes the issue, and automatic updates have been enabled for all backup versions.

“When a vulnerability is identified and disclosed, attackers will still try to exploit and reverse-engineer the patches to use the vulnerability on an unpatched version of Veeam software in their exploitation attempts,” a Veeam spokesperson told Cybersecurity Dive via email. “This underlines the importance of ensuring customers are using the latest versions of all software and patches are installed in a timely manner.”

In the case of a ransomware attack or other malicious infiltration, Veeam Backup & Replication is a solution that assists in backing up, replicating, and restoring enterprise data. Domain-joined backup servers, which Veeam has previously recommended against deploying, are at risk of being abused. However, it seems that the risky method is frequently employed for efficiency.

Harris noted that Veeam employs a function to handle data that is known to be intrinsically insecure, and that rather than eliminating this function, they will try to maintain a list of bad "gadgets" that should not be processed within this function. 

Veeam has around 550,000 customers, and ransomware gangs often exploit the product's flaws. Rapid7 researchers revealed on Tuesday that more than 20% of the firm's incident response cases in 2024 involved Veeam being accessed or abused.
Read more »
User Security
Antivirus Tool Domain Hijack Google OAuth malware User Security

Hackers Circumvent AntiVirus Using Google OAuth in New Malware Surge

 

A new campaign of browser-based malware has emerged, revealing how hackers are now circumventing conventional antivirus protections by exploiting trusted domains like Google.com.

This technique, according to a report by security researchers at c/side, is subtle, conditionally triggered, and challenging for users and traditional security software to detect. It appears to originate from a legitimate OAuth-related URL, but it actually runs a malicious payload with full access to the user's browser session. 

Malware hides in plain sight 

The assault starts with a script installed in a hijacked Magento-based ecommerce site that points to a seemingly harmless Google OAuth logout URL: https://accounts.google.com/o/oauth2/revoke. 

However, a manipulated callback parameter in this URL uses eval(atob(...)) to decode and execute an obfuscated JavaScript payload. The usage of Google's domain is essential to the scam because most content security policies (CSPs) and DNS filters don't dispute the script's legitimacy because it loads from a reliable source.

This script only activates under certain situations. If the browser looks to be automated or the URL contains the word "checkout," it silently establishes a WebSocket connection to a malicious server. This means it can modify destructive behaviour to specific user actions. 

Any payload transmitted via this channel is base64-encoded, decoded, and dynamically executed with JavaScript's Function constructor. This arrangement allows the attacker to remotely execute code in the browser in real time. One of the most important aspects determining this attack's effectiveness is its ability to elude many of the best antivirus solutions currently available. 

Even the best Android antivirus apps and static malware scanners are unlikely to identify the script because its logic is deeply obfuscated and only activates under specific conditions. They won't analyse, mark, or prevent JavaScript payloads sent across what appear to be authentic OAuth processes. 

Since the initial request is made to Google's official domain, DNS-based filters or firewall rules likewise provide only a limited level of security. Even the best endpoint protection systems in a corporate setting could have trouble spotting this activity if they mainly rely on domain reputation or fail to check how dynamic scripts are executed in browsers. 

While skilled users and cybersecurity teams can use content inspection proxies or behavioural analysis tools to detect abnormalities like this, regular users remain vulnerable. Limiting third-party scripts, isolating browser sessions for financial transactions, and being watchful for unusual site behaviour could all help reduce risk in the short term.
Read more »
User Security
Bribery Cyber Fraud Cypto Exchange Social Engineering Attack User Security

Coinbase Offers $20m Bounty to Take Down Perpetrators Behind Social Engineering Attack

 

Coinbase, a renowned cryptocurrency exchange, is offering a $20 million prize to anyone who can assist identify and bring down the culprits of a recent cyber-attack, rather than fulfilling their ransom demands. 

On May 15, Coinbase said that attackers bribed and recruited a group of rogue offshore support agents to steal client data and carry out social engineering attacks. The attackers intended to exploit the stolen data to imitate Coinbase and trick users into turning up their cryptocurrency holdings.

The US crypto firm was asked to pay a $20 million ransom to end the scam. However, Coinbase has openly refused to pay the ransom. Instead, it is collaborating with law enforcement and security sector experts to track down the stolen assets and hold those behind the scheme accountable. 

Coinbase introduced the 'Bounty' program, which includes the $20 million reward fund. The funds will be awarded to anyone who can offer information that leads to the arrest and conviction of the culprits responsible for the attack. 

Establishing safety protocols

Coinbase acted quickly against the insider offenders, firing them and reporting them to US and international law authorities. The crypto exchange will compensate consumers who were duped into sending funds to the perpetrators as a result of social engineering work. 

Furthermore, the crypto exchange suggested that it was putting in place additional measures, such as requesting extra ID checks for substantial withdrawals from flagged accounts and showing mandatory scam-awareness messages. 

The company is also expanding its support operations by establishing a new help hub in the United States and tightening security controls and monitoring across all sites. It is also strengthening its defences by investing more in insider threat detection and automated response, as well as replicating similar security risks to discover potential flaws. 

Coinbase is also working with law enforcement and the private sector to identify the attackers' addresses, allowing authorities to track down and perhaps recover the stolen assets. Finally, Coinbase wants to file criminal charges against those who carried out the cyberattack.
Read more »
User Security
Data Breach Lawsuit M&S Thompsons Solicitors User Security

M&S Faces Multi-million Lawsuit Following Major Data Breach

 

Following the cyberattack that affected the retailer for a month, Marks & Spencer is reportedly facing a multimillion-pound lawsuit over the loss of customer data.

It acknowledged earlier this month that customer information, including names, email addresses, postal addresses, and dates of birth, had been stolen by hackers. Chief Executive Stuart Machin stated that the "sophisticated nature of the incident" had allowed access to the data, although he emphasised that it does not include account passwords or payment and card information, which M&S claims it does not store on its servers. 

According to The Sunday Mail, Thompsons Solicitors is now pursuing a class action lawsuit against M&S for exposing customers to the risk of scams by failing to safeguard their data. 

Senior Partner Patrick McGuire of Thompsons Solicitors stated that the firm has been "inundated by Scots M&S clients who have been caught up in this online heist and are contacting Thompsons. We have a situation here where one of the most famous retailers in the UK has allowed criminals to pillage the personal details of hundreds of thousands of Scottish customers. I think this will be the biggest data theft case we have ever been involved in.”

Investors will be expecting that Marks & Spencer will provide further information on the impact of the disastrous cyber assault that has interrupted all online orders at the retail giant. On Friday, the company will provide an update to the stock market on its financial performance over the past year. However, emphasis will be focused on how the company is dealing with weeks of interruption. It's been a month since the retailer was hit by a major "cyber incident" allegedly tied to hacking organisation Scattered Spider.

As a result, the company has suspended online orders for the past three weeks, and payments and click-and-collect orders have also been affected. M&S's store availability was also impacted by the outage, resulting in some bare shelves as it replaced elements of its IT systems, but said it was recovering swiftly in an update last Thursday.

Its stores have remained open, and availability is "now in a much more normal place, with stores well stocked this week". The retailer is yet to reveal the financial cost of the incident, although it is believed to have lost tens of millions of pounds in sales. 

Analysts at Barclays believe the cyber attack might cost £200 million in the fiscal year 2025/26, but this will be mitigated by an insurance payout of roughly £100 million. The attack struck the business following an excellent run under Stuart Machin's leadership, with shares reaching a nearly nine-year high last month before falling recently.
Read more »
Subscribe to: Posts (Atom)