Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label protecting sensitive data. Show all posts
protecting sensitive data
Banking Data Critical security flaw Cyber Security Data Exposure Government of India. Income Tax Department Information Security protecting sensitive data

Indian Tax Department Fixes Major Security Flaw That Exposed Sensitive Taxpayer Data

 

The Indian government has patched a critical vulnerability in its income tax e-filing portal that had been exposing sensitive taxpayer data to unauthorized users. The flaw, discovered by security researchers Akshay CS and “Viral” in September, allowed logged-in users to access personal and financial details of other taxpayers simply by manipulating network requests. The issue has since been resolved, the researchers confirmed to TechCrunch, which first reported the incident. 

According to the report, the vulnerability exposed a wide range of sensitive data, including taxpayers’ full names, home addresses, email IDs, dates of birth, phone numbers, and even bank account details. It also revealed Aadhaar numbers, a unique government-issued identifier used for identity verification and accessing public services. TechCrunch verified the issue by granting permission for the researchers to look up a test account before confirming the flaw’s resolution on October 2. 

The vulnerability stemmed from an insecure direct object reference (IDOR) — a common but serious web flaw where back-end systems fail to verify user permissions before granting data access. In this case, users could retrieve another taxpayer’s data by simply replacing their Permanent Account Number (PAN) with another PAN in the network request. This could be executed using simple, publicly available tools such as Postman or a browser’s developer console. 

“This is an extremely low-hanging thing, but one that has a very severe consequence,” the researchers told TechCrunch. They further noted that the flaw was not limited to individual taxpayers but also exposed financial data belonging to registered companies. Even those who had not yet filed their returns this year were vulnerable, as their information could still be accessed through the same exploit. 

Following the discovery, the researchers immediately alerted India’s Computer Emergency Response Team (CERT-In), which acknowledged the issue and confirmed that the Income Tax Department was working to fix it. The flaw was officially patched in early October. However, officials have not disclosed how long the vulnerability had existed or whether it had been exploited by malicious actors before discovery. 

The Ministry of Finance and the Income Tax Department did not respond to multiple requests for comment on the breach’s potential scope. According to public data available on the tax portal, over 135 million users are registered, with more than 76 million having filed returns in the financial year 2024–25. While the fix has been implemented, the incident highlights the critical importance of secure coding practices and stronger access validation mechanisms in government-run digital platforms, where the sensitivity of stored data demands the highest level of protection.
Read more »
protecting sensitive data
Cyber Security Data Leak Data protection data security Exploits leaked sensitive data protecting sensitive data

Zimbra Zero-Day Exploit Used in ICS File Attacks to Steal Sensitive Data

 

Security researchers have discovered that hackers exploited a zero-day vulnerability in Zimbra Collaboration Suite (ZCS) earlier this year using malicious calendar attachments to steal sensitive data. The attackers embedded harmful JavaScript code inside .ICS files—typically used to schedule and share calendar events—to target vulnerable Zimbra systems and execute commands within user sessions. 

The flaw, identified as CVE-2025-27915, affected ZCS versions 9.0, 10.0, and 10.1. It stemmed from inadequate sanitization of HTML content in calendar files, allowing cybercriminals to inject arbitrary JavaScript code. Once executed, the code could redirect emails, steal credentials, and access confidential user information. Zimbra patched the issue on January 27 through updates (ZCS 9.0.0 P44, 10.0.13, and 10.1.5), but at that time, the company did not confirm any active attacks. 

StrikeReady, a cybersecurity firm specializing in AI-based threat management, detected the campaign while monitoring unusually large .ICS files containing embedded JavaScript. Their investigation revealed that the attacks began in early January, predating the official patch release. In one notable instance, the attackers impersonated the Libyan Navy’s Office of Protocol and sent a malicious email targeting a Brazilian military organization. The attached .ICS file included Base64-obfuscated JavaScript designed to compromise Zimbra Webmail and extract sensitive data. 

Analysis of the payload showed that it was programmed to operate stealthily and execute in asynchronous mode. It created hidden fields to capture usernames and passwords, tracked user actions, and automatically logged out inactive users to trigger data theft. The script exploited Zimbra’s SOAP API to search through emails and retrieve messages, which were then sent to the attacker every four hours. It also added a mail filter named “Correo” to forward communications to a ProtonMail address, gathered contacts and distribution lists, and even hid user interface elements to avoid detection. The malware delayed its execution by 60 seconds and only reactivated every three days to reduce suspicion. 

StrikeReady could not conclusively link the attack to any known hacking group but noted that similar tactics have been associated with a small number of advanced threat actors, including those linked to Russia and the Belarusian state-sponsored group UNC1151. The firm shared technical indicators and a deobfuscated version of the malicious code to aid other security teams in detection efforts. 

Zimbra later confirmed that while the exploit had been used, the scope of the attacks appeared limited. The company urged all users to apply the latest patches, review existing mail filters for unauthorized changes, inspect message stores for Base64-encoded .ICS entries, and monitor network activity for irregular connections. The incident highlights the growing sophistication of targeted attacks and the importance of timely patching and vigilant monitoring to prevent zero-day exploitation.
Read more »
protecting sensitive data
Cyber Security Data Loss Data Privacy Data protection Data Recovery data security protecting sensitive data

Why CEOs Must Go Beyond Backups and Build Strong Data Recovery Plans

 

We are living in an era where fast and effective solutions for data challenges are crucial. Relying solely on backups is no longer enough to guarantee business continuity in the face of cyberattacks, hardware failures, human error, or natural disasters. Every CEO must take responsibility for ensuring that their organization has a comprehensive data recovery plan that extends far beyond simple backups. 

Backups are not foolproof. They can fail, be misconfigured, or become corrupted, leaving organizations exposed at critical moments. Modern attackers are also increasingly targeting backup systems directly, making it impossible to restore data when needed. Even when functioning correctly, traditional backups are usually scheduled once a day and do not run in real time, putting businesses at risk of losing hours of valuable work. Recovery time is equally critical, as lengthy downtime caused by delays in data restoration can severely damage both reputation and revenue.  

Businesses often overestimate the security that traditional backups provide, only to discover their shortcomings when disaster strikes. A strong recovery plan should include proactive measures such as regular testing, simulated ransomware scenarios, and disaster recovery drills to ensure preparedness. Without this, the organization risks significant disruption and financial losses. 

The consequences of poor planning extend beyond operational setbacks. For companies handling sensitive personal or financial data, legal and compliance requirements demand advanced protection and recovery systems. Failure to comply can lead to legal penalties and fines in addition to reputational harm. To counter modern threats, organizations should adopt solutions like immutable backups, air-gapped storage, and secure cloud-based systems. While migrating to cloud storage may seem time-consuming, it offers resilience against physical damage and ensures that data cannot be lost through hardware failures alone. 

An effective recovery plan must be multi-layered. Following the 3-2-1 backup rule—keeping three copies of data, on two different media, with one offline—is widely recognized as best practice. Cloud-based disaster recovery platforms such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) should also be considered to provide automated failover and minimize downtime. Beyond technology, employee awareness is essential. IT and support staff should be well-trained and recovery protocols tested quarterly to confirm readiness. 

Communication plays a vital role in data recovery planning. How an organization communicates a disruption to clients can directly influence how much trust is retained. While some customers may inevitably be lost, a clear and transparent communication strategy can help preserve the majority. CEOs should also evaluate cyber insurance options to mitigate financial risks tied to recovery costs. 

Ultimately, backups are just snapshots of data, while a recovery plan acts as a comprehensive playbook for survival when disaster strikes. CEOs who neglect this responsibility risk severe financial losses, regulatory penalties, and even business closure. A well-designed, thoroughly tested recovery plan not only minimizes downtime but also protects revenue, client trust, and the long-term future of the organization.
Read more »
protecting sensitive data
China Critical Infrastructure cyber espionage Cyber Security Czech data security Data Transfer protecting sensitive data

Czechia Warns of Chinese Data Transfers and Espionage Risks to Critical Infrastructure

 

Czechia’s National Cyber and Information Security Agency (NÚKIB) has issued a stark warning about rising cyber espionage campaigns linked to China and Russia, urging both government institutions and private companies to strengthen their security measures. The agency classified the threat as highly likely, citing particular concerns over data transfers to China and remote administration of assets from Chinese territories, including Hong Kong and Macau. According to the watchdog, these operations are part of long-term efforts by foreign states to compromise critical infrastructure, steal sensitive data, and undermine public trust. 

The agency’s concerns are rooted in China’s legal and regulatory framework, which it argues makes private data inherently insecure. Laws such as the National Intelligence Law of 2017 require all citizens and organizations to assist intelligence services, while the 2015 National Security Law and the 2013 Company Law provide broad avenues for state interference in corporate operations. Additionally, regulations introduced in 2021 obligate technology firms to report software vulnerabilities to government authorities within two days while prohibiting disclosure to foreign organizations. NÚKIB noted that these measures give Chinese state actors sweeping access to sensitive information, making foreign businesses and governments vulnerable if their data passes through Chinese systems. 

Hong Kong and Macau also fall under scrutiny in the agency’s assessment. In Hong Kong, the 2024 Safeguarding National Security Ordinance integrates Chinese security laws into its own legal system, broadening the definition of state secrets. Macau’s 2019 Cybersecurity Law grants authorities powers to monitor data transmissions from critical infrastructure in real time, with little oversight to prevent misuse. NÚKIB argues that these developments extend the Chinese government’s reach well beyond its mainland jurisdiction. 

The Czech warning gains credibility from recent attribution efforts. Earlier this year, Prague linked cyberattacks on its Ministry of Foreign Affairs to APT31, a group tied to China’s Ministry of State Security, in a campaign active since 2022. The government condemned the attacks as deliberate attempts to disrupt its institutions and confirmed a high degree of certainty about Chinese involvement, based on cooperation among domestic and international intelligence agencies. 

These warnings align with broader global moves to limit reliance on Chinese technologies. Countries such as Germany, Italy, and the Netherlands have already imposed restrictions, while the Five Eyes alliance has issued similar advisories. For Czechia, the implications are serious: NÚKIB highlighted risks across devices and systems such as smartphones, cloud services, photovoltaic inverters, and health technology, stressing that disruptions could have wide-reaching consequences. The agency’s message reflects an ongoing effort to secure its digital ecosystem against foreign influence, particularly as geopolitical tensions deepen in Europe.
Read more »
protecting sensitive data
Cyber Security Data Leak Data protection data security Hacker group hacking groups protecting sensitive data

Telegram Blocks Black Mirror Hacker Group and Data Leak Channels

 

Telegram has stepped up its efforts to curb the spread of sensitive information by blocking several channels accused of leaking private data, with the high-profile Black Mirror hacker group being among the most prominent targets. The platform accused Black Mirror of engaging in activities such as “doxxing and extortion,” according to Novaya Europe. Known for publishing the private correspondence and documents of Russian government officials and influential businessmen, the group often attempted to monetize its activities by offering archives of stolen material to interested buyers. Telegram has gone further by deleting content associated with Black Mirror that had been shared by users in private conversations or added to their favourites, indicating a broad effort to erase the group’s digital footprint. 

The move follows a statement from Telegram’s founder, Pavel Durov, who recently revealed that he had received hundreds of reports about scams, blackmail, and extortion schemes running on the platform. Based on this feedback, he confirmed that numerous channels would be banned for similar violations by the end of the week. According to Durov, Telegram had collected clear evidence that some administrators published damaging content only to later remove it in exchange for money. Others were accused of selling “protection blocks,” where victims were forced to pay to avoid further targeting. Such practices, he noted, amounted to clear violations of Telegram’s rules and could not be tolerated. 

The crackdown comes at a time when Telegram is facing growing suspicion over its relationship with Russian authorities. Reports indicate that the platform deleted more than 373,000 posts and channels in April 2025 alone at the request of Roskomnadzor, Russia’s state censorship body. In late June, at least 10 channels dedicated to open-source investigations, all with “OSINT” in their names, were also blocked. These actions have sparked concerns among journalists, researchers, and independent outlets who rely on Telegram as a primary communication tool to reach Russian audiences, especially since traditional media channels have come under stricter state control following the invasion of Ukraine. 

Adding to user frustration, disruptions have been reported across the service in recent days. Some users complained of difficulties making voice calls through Telegram, which coincided with reports that Russian mobile operators may block calls made via foreign-owned messaging platforms. Analysts suggest this could be part of a broader push by Russian security agencies to limit access to external communication services. For many independent voices in Russia, Telegram has remained one of the few accessible outlets to distribute information freely. With mounting restrictions and targeted bans on influential channels, the future of open dialogue on the platform now appears increasingly uncertain.
Read more »
protecting sensitive data
Data Breach Data Sale data security Data Stolen Data Theft Database Leaked Database Security Infostealer Personal Data Personal Information protecting sensitive data

Startup Sells Stolen Personal Data Online for $50, Raising Alarms Over Privacy and Ethics

 

A new controversy is brewing over a U.S.-based startup accused of making stolen personal data widely accessible—for as little as $50. Farnsworth Intelligence, founded by 23-year-old Aidan Raney, is openly marketing a product called “Infostealers,” which allows customers to search a massive database of sensitive information, including passwords, browser autofill data, and private account credentials. 

According to investigative reporting by 404 Media, this information isn’t simply scraped from public directories or legally collected sources. Instead, it appears to come directly from major data breaches—information illegally obtained from hacked websites and platforms. Users can buy access through the company’s online portal, Infostealers.info, raising serious questions about the legality and ethics of such transactions. 

While services like people-search websites have long existed, Farnsworth’s platform seems to go far beyond what’s commonly available. Some of the information for sale includes usernames, passwords, browser history, addresses saved in auto-fill fields, and more—data types typically leaked only after breaches. Their advanced offering, the Infostealer Data Platform, promises even deeper access. Although not available to everyone, it can be granted upon request for uses like journalism, cybersecurity, private investigations, or law enforcement. The company doesn’t appear to require a court order or warrant for access. 

Farnsworth Intelligence makes bold claims about its reach and capabilities. Its website boasts about human intelligence operations and even claims to have infiltrated a North Korean laptop farm via social engineering. It promotes use cases like “corporate due diligence,” “background checks,” and “asset searches,” without clearly explaining how it acquires its “trillions” of data points. The lack of transparency, coupled with the open sale of sensitive data, is alarming. 

Experts argue that while security researchers and cybersecurity firms often monitor breach data to help protect users, monetizing it so brazenly is a different matter entirely. As Cooper Quintin from the Electronic Frontier Foundation notes, “It would be illegal and unethical to sell stolen cell phones even if you didn’t steal them yourself, and I don’t see how this is any different.”  

Even more concerning is the potential for abuse. With no real verification or oversight, bad actors—including stalkers or authoritarian agencies—could exploit this platform to target individuals, especially those already at risk. The implications for personal safety, privacy rights, and digital ethics are profound. 

This development underscores how data breaches don’t just disappear—they become weapons for profit in the wrong hands.
Read more »
protecting sensitive data
Army British Army Data Breach Data Leak Data protection data security Information Security protecting sensitive data

UK Army Probes Leak of Special Forces Identities in Grenadier Guards Publication

 

The British Army has initiated an urgent investigation following the public exposure of sensitive information identifying members of the UK Special Forces. General Sir Roly Walker, Chief of the General Staff, has directed a comprehensive review into how classified data was shared, after it was found that a regimental newsletter had published names and postings of elite soldiers over a period of more than ten years. 

The internal publication, created by the Grenadier Guards Regimental Association, is believed to have revealed the identities and current assignments of high-ranking officers serving in confidential roles. Several names were reportedly accompanied by the abbreviation “MAB,” a known military code linked to Special Forces. Security experts have expressed concern that such identifiers could be easily deciphered by hostile actors, significantly raising the risk to those individuals. 

The revelation has triggered backlash within the Ministry of Defence, with Defence Secretary John Healey reportedly outraged by the breach. The Ministry had already issued warnings about this very issue, yet the publication remained online until it was finally edited last week. The breach adds to growing concern over operational security lapses in elite British military units.  

This latest disclosure follows closely on the heels of another incident in which the identities of Special Forces soldiers involved in missions in Afghanistan were exposed through a separate data leak. That earlier breach had been shielded by a legal order for nearly two years, emphasizing the persistent nature of such security vulnerabilities. 

The protection of Special Forces members’ identities is a critical requirement due to the covert and high-risk nature of their work. Publicly exposing their names can not only endanger lives but also jeopardize ongoing intelligence missions and international collaborations. The leaked material is also said to have included information about officers working within the Cabinet Office’s National Security Secretariat—an agency that advises the Prime Minister on national defence—and even a soldier assigned to General Walker’s own operational staff. 

While the Grenadier Guards’ publication has now removed the sensitive content, another regiment had briefly published similar details before promptly deleting them. Still, the extended availability of the Grenadier data has raised questions about oversight and accountability in how military associations manage sensitive information.  

General Walker, a former commander of the Grenadier Guards, announced that he has mandated an immediate review of all information-sharing practices between the army and regimental associations. His directive aims to ensure that stronger protocols are in place to prevent such incidents in the future, while still supporting the positive role these associations play for veterans and serving members alike. 

The Defence Ministry has not released details on whether those named in the leak will be relocated or reassigned. However, security analysts say the long-term consequences of the breach could be serious, including potential threats to the personnel involved and operational risks to future Special Forces missions. As investigations continue, the British Army is now under pressure to tighten internal controls and better protect its most confidential information from digital exposure.
Read more »
protecting sensitive data
Chinese Hackers Cyber Attacks cyber espionage cybercriminal group Cyberthreatm Salt Typhoon Hacks data security Data Theft DHS Hacker attack Hacker group protecting sensitive data

Chinese Hacker Group Salt Typhoon Breaches U.S. National Guard Network for Nine Months

 

An elite Chinese cyber-espionage group known as Salt Typhoon infiltrated a U.S. state’s Army National Guard network for nearly nine months, according to a classified Pentagon report revealed in a June Department of Homeland Security (DHS) memo. The memo, obtained by the nonprofit Property of the People through a freedom of information request, indicates the hackers had deep access between March and December 2024, raising alarms about compromised military or law enforcement data. 

Salt Typhoon has previously been linked to some of the most expansive cyber-intrusions into American infrastructure. This latest revelation suggests their reach was even broader than earlier believed. Authorities are still investigating the full extent of data accessed, including sensitive internal documents, personal information of service members, and network architecture diagrams. The affected state’s identity remains undisclosed. 

The Department of Defense declined to comment on the matter, while a spokesperson from the National Guard Bureau confirmed the breach but assured that the incident did not hinder any ongoing state or federal missions. Investigations are ongoing to determine the scope and potential long-term impact of the breach. 

China’s embassy in Washington did not directly deny the allegations but claimed the U.S. had not provided concrete evidence linking Salt Typhoon to the Chinese government. They reiterated that cyberattacks are a global threat and that China also faces similar risks. 

Salt Typhoon is particularly notorious for its ability to infiltrate and pivot across different networks. In a prior campaign, the group was linked to breaches at major telecom companies, including AT&T and Verizon, where hackers allegedly monitored text messages and calls tied to U.S. political figures, including both Trump and Harris campaigns and Senate Majority Leader Chuck Schumer’s office.

The hybrid structure of the National Guard — functioning under both federal and state authority — may have provided a wider attack surface. According to the DHS memo, the group may have obtained intelligence that could be used to compromise other states’ National Guard units and their local cybersecurity partners. Fourteen state National Guard units reportedly share intelligence with local fusion centers, potentially magnifying the risk. 

In January 2025, the U.S. Treasury Department sanctioned a company in Sichuan believed to be facilitating Salt Typhoon operations for China’s Ministry of State Security. Past incidents have shown that Salt Typhoon can maintain access for years, making complete removal and defense particularly challenging.
Read more »
protecting sensitive data
Chinese Data Breach Data Leak data security Data Surveillance database Database Breach Personal Information protecting sensitive data

Massive Data Leak Exposes Billions of Records in Suspected Chinese Surveillance Database

 

Cybersecurity experts have uncovered a massive trove of sensitive information left exposed online, potentially placing millions of individuals at significant risk. The discovery, made by researchers from Cybernews in collaboration with SecurityDiscovery.com, revealed an unsecured database totaling 631 gigabytes—containing an estimated four billion individual records. 

The open instance, which lacked any form of password protection, was quickly taken offline once the exposure was reported, but experts remain unsure about how long it had remained publicly accessible. The data, according to the investigation, appears to primarily concern Chinese citizens and users, with entries collected from various platforms and sources. 

Cybernews researchers believe this is not a random collection, but rather a systematically curated database. They described it as a tool capable of constructing detailed behavioral, social, and financial profiles of nearly any individual included in the records. The structured and diverse nature of the data has led analysts to suspect that the repository may have been created as part of a broader surveillance or profiling initiative. 

Among the most alarming elements of the database is the presence of extensive personally identifiable information (PII). The exposed details include full names, birth dates, phone numbers, financial records, bank card data, savings balances, debt figures, and personal spending patterns. Such information opens the door to a wide range of malicious activities—ranging from identity theft and financial fraud to blackmail and sophisticated social engineering attacks. 

A large portion of the exposed records is believed to originate from WeChat, the popular Chinese messaging app, which accounts for over 805 million entries. Another 780 million records relate to residential data tied to specific geographic locations. Meanwhile, a third major portion of the database labeled “bank” contains around 630 million records of financial and sensitive personal data. 

If confirmed, the scale of this leak could surpass even the National Public Data breach, one of the most significant data security incidents in recent memory. Experts are particularly troubled by the implications of a centralized data cache of this magnitude—especially one that may have been used for state-level surveillance or unauthorized commercial data enrichment. 

While the server hosting the information has been taken offline, the potential damage from such an exposure may already be done. Investigators continue to analyze the breach to determine its full impact and whether any malicious actors accessed the data while it was left unsecured.
Read more »
secure medical
Cyber Security cyberattacks on hospitals Healthcare cybersecurity medical data breaches protecting sensitive data ransomware healthcare risks secure medical

Why Medical Records Are Prime Targets for Cyberattacks and How to Stay Safe


Healthcare organizations have experienced a significant transformation, transitioning from paper-based records to digital systems. This change enables medical records to be accessed and updated anytime, improving coordination among hospitals, clinics, and specialists.

Despite the advantages, digital storage poses significant challenges, particularly the risk of data breaches. The vast amounts of sensitive information stored by hospitals and health insurance companies make them attractive targets for cybercriminals.

According to the HIPAA Journal, data breaches have steadily risen. In 2022, 720 incidents exposed over 500 records each, increasing to 725 breaches and 133 million compromised records in 2023. A ransomware attack on Change Healthcare in 2024 affected an estimated 100 million individuals.

Why Hackers Target Medical Records

1. Medical Data's High Value

Healthcare systems store a wealth of sensitive data, including names, social security numbers, medical histories, and insurance details. Unlike credit card numbers, which can be replaced, personal details like social security numbers are permanent, enabling long-term fraud.

Stolen data is often sold on the dark web or used for identity theft, medical fraud, or harassment. Ransomware attacks also target healthcare organizations due to their dependence on immediate system access.

2.Vulnerable Networks

Outdated or insecure networks increase the likelihood of breaches. Some healthcare providers use legacy systems due to compatibility issues or budget constraints.

The risks extend to external factors, such as unsecure devices connected by staff or third-party vendors with inadequate security. Medical devices like heart monitors and imaging systems further complicate matters by adding potential entry points for attackers.

3. Shared Medical Information

Effective patient care relies on data sharing among teams, specialists, insurers, researchers, and patients. This extensive sharing creates multiple exposure points, increasing the risk of data interception.

The urgency in medical settings can also lead to security being deprioritized in favor of quick access, further exposing sensitive information.

Although individuals cannot control healthcare systems' security, the following steps can enhance personal data protection:

  • Use a VPN: Encrypt your internet traffic to prevent unauthorized access.
  • Enable Multi-Factor Authentication (MFA): Add an extra verification step to secure sensitive accounts.
  • Keep Devices Updated: Regular updates ensure vulnerabilities are patched.
  • Avoid Reusing Passwords: Use strong, unique passwords with a password manager if needed.
  • Beware of Phishing: Don’t click on suspicious links, even if they appear urgent or legitimate.
Read more »
Subscribe to: Comments (Atom)