Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Bitcoin Edges Closer to Q-Day Following Quantum Key Breakthrough

 After an anonymous researcher was able to compromise a simplified Bitcoin-style encryption key with the help of a publicly accessible quant...

All the recent news you need to know
Technology
Digital Sovereignty Europe France Microsoft Technology

France’s Break From Microsoft Signals Europe’s Growing Push for Digital Sovereignty


In a move that reflects Europe’s deepening concerns over data sovereignty and foreign technological dependence, France has decided to move its national Health Data Hub away from Microsoft's cloud infrastructure and into the hands of domestic provider Scaleway. The decision marks one of the most significant shifts yet in Europe’s growing effort to reclaim control over sensitive public data. 
 
The Health Data Hub contains medical information relating to millions of French citizens and serves as a major research platform for healthcare analysis and innovation. Since 2019, the system had been hosted on Microsoft Azure, a decision that triggered years of political and legal controversy due to fears surrounding American surveillance laws and extraterritorial access to European data.   
 
French authorities have now selected Scaleway, a subsidiary of Iliad, after an extensive evaluation involving more than 350 technical criteria related to security, resilience, and operational capacity. The migration is expected to be completed between late 2026 and early 2027.   
 

Why Europe Is Growing Wary of American Cloud Giants 

 
The decision is part of a much broader European movement toward what policymakers increasingly describe as “digital sovereignty.” Governments across Europe have become increasingly uneasy about relying on American technology firms for critical infrastructure, especially after repeated debates surrounding the US CLOUD Act, which can compel US companies to provide data to American authorities even if that data is stored overseas.  
 
In France, these concerns intensified after Microsoft reportedly acknowledged before a French Senate inquiry that it could not fully resist certain US government data requests involving French citizens. That revelation significantly strengthened calls for sovereign cloud infrastructure controlled entirely within European legal jurisdiction. The shift also aligns with France’s wider technological repositioning. Earlier this year, the country announced plans to reduce reliance on Microsoft products across government systems, replacing several US-based platforms with domestic or open source alternatives.   
 

A Defining Moment for Europe’s Tech Independence 

 
France’s decision extends beyond healthcare infrastructure as it clearly represents a symbolic turning point in Europe’s evolving relationship with Big Tech. 
 
For years, European nations depended heavily on American cloud providers because of their scale, maturity, and technological dominance. But growing geopolitical tensions, concerns around privacy, and the strategic importance of data have begun reshaping that equation. 
 
By transferring one of its most sensitive national databases to a domestic provider, France is effectively signalling that technological convenience can no longer outweigh sovereignty concerns. The move may now encourage other European governments to reassess where their own critical data resides. 
 
At its core, this is no longer simply a cloud migration story. It is a declaration that, in the age of AI and mass data infrastructure, control over information has become inseparable from national security itself.
Read more »
WebVPN
CISA Cisco Firewall malware Vulnerabilities WebVPN

Firestarter Malware Persists on Cisco Firewalls Even After Security Updates

 



Cybersecurity authorities in the United States and the United Kingdom have issued a joint alert about a previously undocumented malware strain called Firestarter that is capable of maintaining access on Cisco firewall systems even after updates and security patches are applied.

The malware affects Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. Investigators have linked the activity to a threat actor tracked by Cisco Talos as UAT-4356, a group associated with espionage-focused operations, including campaigns such as ArcaneDoor.

According to assessments from the Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC), the attackers likely gained initial entry by exploiting two vulnerabilities. One is an authorization flaw identified as CVE-2025-20333, and the other is a buffer overflow issue tracked as CVE-2025-20362. Both weaknesses could allow unauthorized access to targeted devices.

In one confirmed case involving a U.S. federal civilian executive branch agency, investigators observed a staged intrusion. The attackers first deployed a tool called Line Viper, which operates as a user-mode shellcode loader. This malware was used to establish VPN connections and extract sensitive configuration data from the device, including administrator credentials, certificates, and private cryptographic keys.

After this initial access phase, the attackers introduced the Firestarter backdoor to ensure continued control. CISA noted that while the precise date of the breach has not been verified, the compromise likely occurred in early September 2025, before the agency applied patches required under Emergency Directive 25-03.

Firestarter is designed to maintain persistence. Once installed, it continues functioning across system reboots, firmware upgrades, and security patching. In addition, if its process is terminated, it is capable of restarting itself automatically.

The malware achieves this persistence by integrating with LINA, a core process within Cisco ASA systems. It uses signal-handling mechanisms to detect termination events and trigger routines that reinstall the malware.

A joint technical analysis from CISA and NCSC found that Firestarter modifies the system’s boot configuration by altering the CSP_MOUNT_LIST file, ensuring that it executes during device startup. It also stores a copy of itself within system log directories and restores its executable into a critical system path, allowing it to run silently in the background.

Separate analysis from Cisco Talos indicates that the persistence mechanism is activated when the system receives a process termination signal, such as during a controlled or “graceful” reboot.

The primary function of Firestarter is to act as a backdoor, providing attackers with remote access to compromised devices. It can also execute arbitrary shellcode supplied by the attacker.

This capability is enabled by modifying an internal XML handler within the LINA process and injecting malicious code directly into memory. Execution is triggered through specially crafted WebVPN requests. Once a built-in identifier is validated, the malware loads and executes attacker-provided payloads in memory without writing them to disk. Authorities have not disclosed details about the specific payloads used in observed incidents.

Cisco has released a security advisory outlining mitigation steps, recommended workarounds, and indicators of compromise to help identify infections. The company advises organizations to fully reimage affected devices and upgrade to fixed software versions, regardless of whether compromise has been confirmed.

To check for signs of infection, administrators are instructed to run a diagnostic command that inspects running processes. If any output is returned indicating the presence of a specific process, the device should be treated as compromised.

As an alternative, Cisco noted that performing a complete power shutdown may remove the malware. However, this approach is not recommended because it introduces the risk of database or disk corruption, which could lead to system instability or boot failures.

To assist with detection, CISA has also released two YARA rules that can identify the Firestarter backdoor when analyzing disk images or memory dumps from affected systems.

There is a noticeable change in how attackers approach the network infrastructure. Instead of focusing only on endpoints such as laptops or servers, threat actors are placing long-term implants directly within security appliances that sit at the edge of enterprise networks.

Firestarter introduces a specific operational challenge. Even after vulnerabilities are patched, the implanted malware remains active because it embeds itself within core system processes and startup routines. This separates the persistence mechanism from the original point of entry.

The use of in-memory execution through WebVPN requests also reduces visibility. Since payloads are not written to disk, traditional file-based detection methods may not identify malicious activity.

For defenders, this means that patching alone cannot be treated as confirmation that a system is secure. Additional validation steps are required, including process inspection, firmware integrity checks, and monitoring for abnormal behavior in network appliances.

The incident also reinforces the importance of restricting exposure of management interfaces and ensuring that critical infrastructure devices are continuously monitored, not just periodically updated.

Read more »
User Security
Cyber Attacks Financial Scam Srilanka User Security

Sri Lanka Finance Ministry Loses $2.5 Million in Cyberattack on Payment System

 

Sri Lanka is trying to recover $2.5 million after a cyberattack on the Finance Ministry’s payment system redirected funds away from their intended recipient, exposing fresh weaknesses in the country’s public financial controls. Officials say the breach involved email manipulation, and the issue surfaced after opposition lawmakers alleged that treasury money had landed in a hacker’s account instead of reaching the correct creditor. The incident has prompted a high-level probe, with authorities treating it as both a financial loss and a serious security breach. 

According to finance ministry secretary Harshana Suriyapperuma, cybercriminals were first detected trying to enter the External Resources Department’s system in January 2026, and the ministry took steps with overseas partners to stop further damage. He said the earlier attempt was contained, but the later payment breach still led to losses that are now under review. The stolen amount formed part of a larger $22.9 million payment, with $2.5 million reportedly disbursed between December 2025 and January 31, 2026. 

The incident has drawn wider attention because it involves government debt repayment funds and an apparent failure in payment verification. Australia’s high commissioner in Sri Lanka said Canberra was aware of irregularities in payments owed to it, and Australian officials are assisting the investigation. That international angle has made the breach more sensitive, since the diverted funds were tied to a sovereign obligation rather than a routine domestic transaction. 

A high-powered committee has been formed to investigate the hacking incident and identify how the payment was rerouted. Opposition lawyers have also asked Parliament to examine the matter, arguing that public finances fall under legislative oversight. The issue has been raised before the Committee on Public Accounts, adding political pressure on the government to explain how the breach happened and whether more funds may have been exposed. 

The episode is a damaging reminder that cyberattacks can hit not just banks and companies but also state payment systems handling international debt obligations. For Sri Lanka, which is still recovering from its severe economic crisis and debt default, even a single diverted payment can deepen concerns about administrative safeguards and digital resilience. The investigation will likely focus on email security, approval controls, and how quickly suspicious payment changes were detected.
Read more »
data security
ADT ADT data breach customer data leak customer data privacy Data Breach Data Extortion Data Leak data security

ADT Data Breach Confirmed After ShinyHunters Threatens Leak of Stolen Customer Information

 

Now comes word that ADT, a provider of home security systems, suffered a data breach following threats by the hacking collective ShinyHunters to expose purloined records if payment isn’t made. This event joins others recently where attackers gain access via compromised credentials or outside service providers. 

On April 20, the company noticed unusual activity within its systems - response teams moved quickly to limit exposure and launch a review from within. It turned out some customer and prospective customer details were reached and copied by those responsible. Names, contact numbers, and home locations made up most of what was seen; in a few cases, birth dates showed up alongside incomplete identification digits used for tax or government purposes. Though only a narrow collection of files was involved, steps followed to assess how far the breach extended. 

What ADT made clear is that financial details of high sensitivity stayed secure. It turned out bank accounts, credit cards, along with any payment records, remained untouched through the incident. On top of this, home security setups and active monitoring kept running without interference. Evidently, the breach never reached operational systems - only certain data areas felt its effect. After claims surfaced on a hacker forum, ShinyHunters stated they accessed more than 10 million records - some containing personal details and private business files. 
Despite the threat to publish everything unless met with demands, confirmation of the full extent remains unverified by ADT. Still, notification letters have gone out to impacted users during ongoing review efforts. What happens next depends on internal assessments already underway. One claim points to vishing as the starting point - a tactic aimed at one worker. Posing as known contacts, hackers won entry through a company-wide login system. 

Once inside, they navigated sideways into linked environments without immediate detection. Access likely extended to cloud services including Salesforce, where information was pulled from storage. Identity theft now drives many cyber intrusions, moving past old tactics that hunted software bugs. Instead of probing code flaws, hackers aim at sign-in systems like Okta, Microsoft Entra, or Google logins. Breaching one verified profile opens doors to numerous company tools. 

With entry secured, stolen information gets pulled out quietly. That data then becomes leverage - no malware needed to lock files. What happened lately isn’t new for ADT - earlier leaks of staff and client details came out earlier this year. Facing repeated issues, many companies struggle to protect digital identities while handling permissions in linked platforms. 

Still under investigation, the incident highlights how often social engineering now shapes current cyber attacks. Rather than exploiting software flaws, hackers rely on mistakes people make - slipping past defenses by tricking users. 

Because of this shift, training staff to spot risks matters just as much as strong login protections. Preventing future breaches depends less on technology alone, more on understanding human behavior. Awareness becomes a shield when passwords fail.
Read more »
spoofed calls scams
banking fraud prevention Cyber Fraud digital fraud USA online scams 2025 Phishing Attacks spoofed calls scams

Sophisticated Scams Surge in 2025, Costing Americans $2.1 Billion

 

Online fraud is evolving rapidly, with scammers employing increasingly sophisticated techniques that have already cost Americans an estimated $2.1 billion in 2025—a number expected to climb further. While social media continues to be the leading platform where scams originate, impersonated phone calls, text messages, and emails remain a major avenue for cybercriminal activity.

In the past, scam attempts were often easy to identify—poorly written emails and far-fetched stories, such as appeals from so-called Nigerian princes, made them obvious to most recipients. Today, however, fraudsters have significantly refined their approach, making their schemes far more convincing.

A recent case highlights how advanced these scams have become. Jennifer Lichthardt was deceived into transferring $40,000 after receiving a call that appeared to come directly from Chase Bank, as reported by ABC Chicago News. The caller ID matched the number listed on the back of her bank card, and the scammers even possessed detailed information about her account, including the exact balance.

Such access to sensitive data is often the result of data breaches—incidents that many people overlook. Personal information is frequently sold on the dark web at surprisingly low prices, allowing scammers to craft highly targeted attacks.

To reduce exposure, individuals can use data removal services like DeleteMe, though no solution is foolproof. Authorities, including the FBI, urge consumers to remain cautious when contacted by anyone claiming to represent banks or government agencies. In Lichthardt’s case, the fraudsters convinced her that her account was compromised internally and instructed her to move her funds into a “secured” account. The money was withdrawn shortly after the transfer.

Because the transaction was authorized by Lichthardt herself, it bypassed traditional security measures. However, awareness of official warnings could have prevented the loss. Financial institutions and government bodies do not request sensitive information or ask customers to transfer funds over phone calls. For example, the IRS does not collect payments via phone, and legitimate banks do not require customers to move money into so-called “secure” accounts.

If you receive such a call, experts recommend ending the conversation immediately and contacting the organization directly using verified contact details, such as those found on official websites or the back of your card. Taking this extra step can be crucial in avoiding becoming the next victim of fraud.
Read more »
malware
Cyber Crime CyberCriminal Human Psychology Malicious Activities malware

When Screens Turn Against You: The Dark Mechanics of Webcam Sextortion

 

In the dim privacy of a personal screen, where anonymity is often assumed and discretion rarely questioned, a silent threat has begun to take shape. What was once dismissed as a crude bluff has, in certain cases, evolved into something far more tangible. Cybercriminals are increasingly exploiting adult content viewers, using a blend of malware, deception, and psychological manipulation to turn private moments into instruments of blackmail. 
 
Security researchers have identified malware capable of detecting when explicit content is being viewed and quietly activating a device’s camera to capture compromising footage. These recordings, paired with screenshots of on-screen activity, are then transmitted to attackers who weaponise them in what is now widely known as sextortion. However, what makes this threat particularly insidious is the emotional leverage it exploits, more than the technology behind it. Shame, fear, and urgency become tools more powerful than any line of malicious code. 
 

Fear as a Weapon: The Psychology Behind the Scam 

 
Even in cases where no actual recording exists, scammers have perfected the art of persuasion. Victims often receive emails claiming that their devices have been hacked and that their webcam has captured explicit footage. To make the threat believable, attackers sometimes include previously leaked passwords or personal details, creating an illusion of total access.   
 
In reality, many such claims are entirely fabricated. Experts have repeatedly clarified that these messages rely on social engineering rather than real surveillance. The objective is simple. Induce panic, push the victim into silence, and extract payment before reason can intervene.   
 
This strategy has proven alarmingly effective. Large-scale campaigns have generated substantial profits, not through technical sophistication alone, but through an acute understanding of human vulnerability. 
 

Beyond Malware: A Wider Ecosystem of Exploitation 

 
The threat landscape extends well beyond a single strain of malicious software. Adult content platforms, particularly those operating outside regulated ecosystems, have long been fertile ground for cybercrime. Malware disguised as media players or exclusive content continues to lure users into unknowingly compromising their own devices.   
 
At the same time, new variations of these scams are emerging. In some instances, fraudsters pose as law enforcement officials, accusing individuals of viewing illegal material and demanding immediate payment under the threat of legal action.  Taken together, these tactics reveal a broader pattern. The target is the individual behind the device, not just the device. 
Read more »
Subscribe to: Posts (Atom)

Featured