Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud Services. Show all posts
Zestix
Cloud Services Corporate Data Breach Credential Phishing Cyber Security Data Exposure Files Zestix

Cybercriminals Target Cloud File-Sharing Services to Access Corporate Data

 



Cybersecurity analysts are raising concerns about a growing trend in which corporate cloud-based file-sharing platforms are being leveraged to extract sensitive organizational data. A cybercrime actor known online as “Zestix” has recently been observed advertising stolen corporate information that allegedly originates from enterprise deployments of widely used cloud file-sharing solutions.

Findings shared by cyber threat intelligence firm Hudson Rock suggest that the initial compromise may not stem from vulnerabilities in the platforms themselves, but rather from infected employee devices. In several cases examined by researchers, login credentials linked to corporate cloud accounts were traced back to information-stealing malware operating on users’ systems.

These malware strains are typically delivered through deceptive online tactics, including malicious advertising and fake system prompts designed to trick users into interacting with harmful content. Once active, such malware can silently harvest stored browser data, saved passwords, personal details, and financial information, creating long-term access risks.

When attackers obtain valid credentials and the associated cloud service account does not enforce multi-factor authentication, unauthorized access becomes significantly easier. Without this added layer of verification, threat actors can enter corporate environments using legitimate login details without immediately triggering security alarms.

Hudson Rock also reported that some of the compromised credentials identified during its investigation had been present in criminal repositories for extended periods. This suggests lapses in routine password management practices, such as timely credential rotation or session invalidation after suspected exposure.

Researchers describe Zestix as operating in the role of an initial access broker, meaning the actor focuses on selling entry points into corporate systems rather than directly exploiting them. The access being offered reportedly involves cloud file-sharing environments used across a range of industries, including transportation, healthcare, utilities, telecommunications, legal services, and public-sector operations.

To validate its findings, Hudson Rock analyzed malware-derived credential logs and correlated them with publicly accessible metadata and open-source intelligence. Through this process, the firm identified multiple instances where employee credentials associated with cloud file-sharing platforms appeared in confirmed malware records. However, the researchers emphasized that these findings do not constitute public confirmation of data breaches, as affected organizations have not formally disclosed incidents linked to the activity.

The data allegedly being marketed spans a wide spectrum of corporate and operational material, including technical documentation, internal business files, customer information, infrastructure layouts, and contractual records. Exposure of such data could lead to regulatory consequences, reputational harm, and increased risks related to privacy, security, and competitive intelligence.

Beyond the specific cases examined, researchers warn that this activity reflects a broader structural issue. Threat intelligence data indicates that credential-stealing infections remain widespread across corporate environments, reinforcing the need for stronger endpoint security, consistent use of multi-factor authentication, and proactive credential hygiene.

Hudson Rock stated that relevant cloud service providers have been informed of the verified exposures to enable appropriate mitigation measures.

Read more »
Technology
Asia Cloud Services Cybersecurity Data protection data sovereignty Europe Geopolitical Cyber Risk Government organisations Technology

Geopolitical Conflict Is Increasing the Risk of Cyber Disruption




Cybersecurity is increasingly shaped by global politics. Armed conflicts, economic sanctions, trade restrictions, and competition over advanced technologies are pushing countries to use digital operations as tools of state power. Cyber activity allows governments to disrupt rivals quietly, without deploying traditional military force, making it an attractive option during periods of heightened tension.

This development has raised serious concerns about infrastructure safety. A large share of technology leaders fear that advanced cyber capabilities developed by governments could escalate into wider cyber conflict. If that happens, systems that support everyday life, such as electricity, water supply, and transport networks, are expected to face the greatest exposure.

Recent events have shown how damaging infrastructure failures can be. A widespread power outage across parts of the Iberian Peninsula was not caused by a cyber incident, but it demonstrated how quickly modern societies are affected when essential services fail. Similar disruptions caused deliberately through cyber means could have even more severe consequences.

There have also been rare public references to cyber tools being used during political or military operations. In one instance, U.S. leadership suggested that cyber capabilities were involved in disrupting electricity in Caracas during an operation targeting Venezuela’s leadership. Such actions raise concerns because disabling utilities affects civilians as much as strategic targets.

Across Europe, multiple incidents have reinforced these fears. Security agencies have reported attempts to interfere with energy infrastructure, including dams and national power grids. In one case, unauthorized control of a water facility allowed water to flow unchecked for several hours before detection. In another, a country narrowly avoided a major blackout after suspicious activity targeted its electricity network. Analysts often view these incidents against the backdrop of Europe’s political and military support for Ukraine, which has been followed by increased tension with Moscow and a rise in hybrid tactics, including cyber activity and disinformation.

Experts remain uncertain about the readiness of smart infrastructure to withstand complex cyber operations. Past attacks on power grids, particularly in Eastern Europe, are frequently cited as warnings. Those incidents showed how coordinated intrusions could interrupt electricity for millions of people within a short period.

Beyond physical systems, the information space has also become a battleground. Disinformation campaigns are evolving rapidly, with artificial intelligence enabling the fast creation of convincing false images and videos. During politically sensitive moments, misleading content can spread online within hours, shaping public perception before facts are confirmed.

Such tactics are used by states, political groups, and other actors to influence opinion, create confusion, and deepen social divisions. From Eastern Europe to East Asia, information manipulation has become a routine feature of modern conflict.

In Iran, ongoing protests have been accompanied by tighter control over internet access. Authorities have restricted connectivity and filtered traffic, limiting access to independent information. While official channels remain active, these measures create conditions where manipulated narratives can circulate more easily. Reports of satellite internet shutdowns were later contradicted by evidence that some services remained available.

Different countries engage in cyber activity in distinct ways. Russia is frequently associated with ransomware ecosystems, though direct state involvement is difficult to prove. Iran has used cyber operations alongside political pressure, targeting institutions and infrastructure. North Korea combines cyber espionage with financially motivated attacks, including cryptocurrency theft. China is most often linked to long-term intelligence gathering and access to sensitive data rather than immediate disruption.

As these threats manifest into serious matters of concern, cybersecurity is increasingly viewed as an issue of national control. Governments and organizations are reassessing reliance on foreign technology and cloud services due to legal, data protection, and supply chain concerns. This shift is already influencing infrastructure decisions and is expected to play a central role in security planning as global instability continues into 2026.

Read more »
Regulatory Compliance
Cloud Services cybersecurity risks Data protection Data Sharing Digital Transformation Privacy Privacy Regulations Regulatory Compliance

EU Data Act Compliance Deadline Nears With Three Critical Takeaways


 

A decisive step forward in shaping the future of Europe's digital economy has been taken by the regulation of harmonised rules for fair access to and use of data, commonly known as the EU Data Act, which has moved from a legislative text to a binding document. 

The regulation was first adopted into force on the 11th of January 2024 and came into full effect on the 12th of September 2025, and is regarded as the foundation for the EU’s broader data strategy. Its policymakers believe that this is crucial to the Digital Decade's goal of accelerating digital transformation across industries by ensuring that the data generated within the EU can be shared, accessed, and used more equitably, as a cornerstone of the Digital Decade's ambition. 

The Data Act is not only a technical framework for creating a more equitable digital landscape, but it is also meant to rebalance the balance of power in the digital world, giving rise to new opportunities for innovation while maintaining the integrity of the information. With the implementation of the Data Act in place from 12 September 2025, the regulatory landscape will be dramatically transformed for companies that deal with connected products, digital services, or cloud or other data processing solutions within the European Union, regardless of whether the providers are located within its borders or beyond. 

It seems that businesses were underestimating the scope of the regime before it was enforced, but as a result, the law sets forth a profound set of obligations that go well beyond what was previously known. In essence, this regulation grants digital device and service users unprecedented access rights to the data they generate, regardless of whether that data is personal or otherwise. Until recently, the rights were mostly unregulated, which meant users had unmatched access to data. 

The manufacturer, service provider, and data owner will have to revise existing contractual arrangements in order to comply with this regulation. This will be done by creating a framework for data sharing on fair and transparent terms, as well as ensuring that extensive user entitlements are in place. 

It also imposes new obligations on cloud and processing service providers, requiring them to provide standardised contractual provisions that allow for switching between services. A violation of these requirements will result in a regulatory investigation, civil action, or significant financial penalties, which is the same as a stringent enforcement model used by the General Data Protection Regulation (GDPR), which has already changed the way data practices are handled around the world today. 

According to the EU Data Act, the intention is to revolutionise the way information generated by connected devices and cloud-based services is accessed, managed and exchanged within and across the European Union. In addition to establishing clear rules for access to data, the regulations incorporate obligations to guarantee organisations' service portability, and they embed principles of contractual fairness into business agreements as a result. 

The legislation may have profound long-term consequences, according to industry observers. It is not possible to ignore the impact that the law could have on the digital economy, as Soniya Bopache, vice president and general manager for data compliance at Arctera, pointed out, and she expected that the law would change the dynamics of the use and governance of data for a long time to come. 

It is important to note that the EU Data Act has a broader scope than the technology sector, with implications for industries that include manufacturing, transportation, consumer goods, and cloud computing in addition to the technology sector. Additionally, the regulation is expected to benefit both public and private institutions, emphasising how the regulation has a broad impact. 

Cohesity's vice president and head of technology, Peter Grimmond, commented on the law's potential by suggesting that, by democratising and allowing greater access to data, the law could act as a catalyst for innovation. It was suggested that organisations that already maintain strong compliance and classification procedures will benefit from the Act because it will provide an environment where collaboration can thrive without compromising individual rights or resilience. 

Towards the end of the EU regulation, the concept of data access and transparency was framed as a way to strengthen Europe's data economy and increase competitiveness in the market, according to EU policymakers. It is becoming increasingly evident that connected devices generate unprecedented amounts of information. 

As a result of this legislation, businesses and individuals alike are able to use this data more effectively by granting greater control over the information they produce, which is of great importance to businesses and individuals alike. Additionally, Grimmond said that the new frameworks for data sharing between enterprises are an important driver of long-term benefits for the development of new products, services, and business models, and they will contribute to the long-term development of the economy. 

There is also an important point to be made, which is that the law aims to achieve a balance between the openness of the law and the protected standards that Europe has established, aligned with GDPR's global privacy benchmark, and complementing the Digital Operational Resilience Act (DORA), so that the levels of trust and security are maintained. 

In some ways, the EU Data Act will prove to be even more disruptive than the EU Artificial Intelligence Act, as it will be the most significant overhaul of European data laws since the GDPR and will have a fundamental effect on how businesses handle information collected by connected devices and digital services in the future. 

Essentially, the Regulation is a broad-reaching law that covers both personal data about individuals as well as non-personal data, such as technical and usage information that pertains to virtually every business model associated with digital products and services within the European Union. This law creates new sweeping rights for users, who are entitled to access to the data generated by their connected devices at any time, including real-time, where it is technically feasible, as per Articles 4 and 5. 

Additionally, these rights allow users to determine who else may access such data, whether it be repairers, aftermarket service providers, or even direct competitors, while allowing users to limit how such data is distributed by companies. During the years 2026 and 2030, manufacturers will be required to make sure that products have built-in data accessibility at no extra charge, which will force companies to reconsider their product development cycles, IT infrastructure, and customer contracts in light of this requirement. 

Moreover, the legislation provides guidelines for fair data sharing and stipulates that businesses are required to provide access on reasonable, non-discriminatory terms, and prohibits businesses from stating terms in their contracts that impede or overcharge for access in a way that obstructs it. As a result of this, providers of cloud computing and data processing services face the same transformative obligations as other companies, such as mandatory provisions that allow customers to switch services within 30 days, prohibit excessive exit fees, and insist that contracts be transparent so vendors won't get locked into contracts. 

There are several ways in which these measures could transform fixed-term service contracts into rolling, short-term contracts, which could dramatically alter the business model and competitive dynamics in the cloud industry. The regulation also gives local authorities the right to request data access in cases of emergency or when the public interest requires it, extending its scope beyond purely commercial applications. 

In all Member States, enforcement will be entrusted to national authorities who will be able to impose large fines for non-compliance, as well as provide a new path for collective civil litigation, opening doors to the possibility of mass legal actions similar to class actions in the US. Likely, businesses from a broad range of industries, from repair shops to insurers to logistics providers to AI developers, will all be able to benefit from greater access to operational data. 

In the meantime, sectors such as the energy industry, healthcare, agriculture, and transportation need to be prepared to respond to potential government requests. In total, the Data Act constitutes an important landmark law that rebalances power between companies and users, while redrawing the competitive landscape for Europe's digital economy in the process. In the wake of the EU Data Act's compliance deadline, it will not simply be viewed as a regulatory milestone, but also as a strategic turning point for the digital economy as a whole. 

Business owners must now shift from seeing compliance as an obligation to a means of increasing competitiveness, improving customer trust, and unlocking new value through data-driven innovation to strengthen their competitiveness and deepen customer relationships. In the future, businesses that take proactive steps towards redesigning their products, modernising their IT infrastructure, and cultivating transparent data practices are better positioned to stay ahead of the curve and develop stronger relationships with their users, for whom information is now more in their control. 

Aside from that, the regulation has the potential to accelerate the pace of digital innovation across a wide range of sectors by lowering barriers to switching providers and enforcing fairer contractual standards, stimulating a more dynamic and collaborative marketplace. This Act provides the foundation for a robust public-interest data use system in times of need for governments and regulators. 

In the end, the success of this ambitious framework will rest on how quickly the business world adapts and how effective its methods are at developing a fairer, more transparent, and more competitive European data economy, which can be used as a global benchmark in the future.
Read more »
Technology
Cloud Ownership Cloud Services CyberCrime Cybersecurity CyberThreat Deglobalization Technology

The Future of Cloud Ownership Amid Deglobalization

 


Modern digital landscapes have become increasingly challenging for data management because of the rapid expansion of data volumes and sources. Organizations have to navigate the complexities of storing a vast amount of data while ensuring seamless access for a variety of users, regardless of their location in the world. It has become increasingly important to manage data efficiently due to the increased demand for real-time data availability and the need to maintain stringent security measures. 

The growing need for real-time data availability has resulted in the need for efficient data management. Many enterprises are turning to cloud computing as a reliable solution to address these challenges. Cloud-based systems offer the flexibility needed to accommodate diverse access needs while maintaining the integrity and security of the data. A business can streamline its operation, improve collaboration, and develop scalable data management strategies tailored to the needs of its customers by leveraging cloud technologies.

To make the most of cloud services, a comprehensive understanding of cloud data management principles is needed to effectively utilize cloud services for complex business needs. To maximize the benefits of cloud solutions, it is essential to maintain knowledge of industry best practices, adopt advanced security measures, and learn from successful implementations in order to maximize their potential. In a world where organizations are constantly embracing digital transformation, the cloud remains one of the most effective and efficient ways to manage data while ensuring efficiency, security, and long-term sustainability. 

According to a comprehensive analysis of global trends, a noticeable shift has been witnessed toward conservative governance and a retreat from globalization. Increasingly, nations are emphasizing self-reliance as a result of economic, security, and social concerns. In order to reduce dependency on foreign entities, they are concentrating on strengthening their domestic industries. In this sense, this transition reflects a wider trend towards economic nationalism, in which governments seek to preserve their interests by utilizing their local resources and capabilities in order to protect themselves. 

Among the many challenges faced by this shift in data management and cloud computing are infrastructure, security, and accessibility issues that are very important. It is important to understand that even though the cloud is perceived by many as a borderless, abstract entity, it is fundamentally based on physical data centres strategically located across the globe. Organizations carefully select these data centers to enhance performance, decrease latency, and deliver seamless service by placing data closer to end users.

A key challenge for businesses and policy makers as deglobalization takes hold is balancing the need for efficiency with evolving regulatory and geopolitical constraints, as well as the increasing need for deglobalization to succeed. The ability to maintain the integrity, security, and compliance of data in cloud environments requires effective cloud data governance. As a result of this framework, data collection, storage, protection, and utilization across various cloud platforms are overseen by a set of structured policies, regulations, and procedures.

By implementing the combination of best practices and advanced technologies, organizations can ensure that the quality and security of their data are maintained regardless of the physical location in which the information is stored or the cloud provider in which it is hosted. In the context of cloud data governance, the primary objective is to enhance the security of the data by enforcing stringent access controls, encryption protocols, and continuous auditing measures, which are designed to enhance data security. 

Cloud-based infrastructures have become increasingly popular as they distribute data across multiple locations, and safeguarding sensitive data from unauthorized access, breaches, and cyber threats becomes progressively more important. Besides ensuring the protection of organizational assets, strong security policies foster trust among customers and stakeholders. Additionally, regulation compliance remains a fundamental aspect of cloud data governance. Among all the companies operating across many industries and jurisdictions, a wide range of laws are important to follow, such as GDPR, CCPA, and HIPAA. With a well-defined governance framework, companies are able to navigate the complex world of global regulatory requirements, ensuring that all data management practices are aligned with legal and industry specific standards so they are not exposed to legal and regulatory penalties. 

In this increasingly data-driven world, companies can reduce risks, avoid legal penalties, and enhance operational efficiency by integrating compliance strategies into cloud governance policies. An interconnected global economy traditionally relies on cross-border infrastructures for data storage and management. Nations typically store and access information through data centers located in other countries, resulting in an efficient data flow by minimizing latency and optimizing data flow that enables data to be stored and accessed.

Several companies in Europe might not use servers based in Oceania due to performance restrictions, but instead host data at intermediary locations in Southeast Asia in order to improve speed and reduce latency. However, recent geopolitical developments have begun to reshape how cloud data infrastructures are constructed. A number of international conflicts, especially after the beginning of the Ukrainian conflict, have emphasized the vulnerability of businesses that rely on foreign cloud services. As a result of sanctions imposed by the United States and allied nations on Russia, businesses operating in the region have had to rethink their dependence on data.

Other nations were prompted to take notice of the risks associated with relying on foreign digital infrastructure, which raised pressing concerns among them. A larger issue of data sovereignty has been raised as a result of these uncertainties. Relying on cloud infrastructure from a foreign country not only exposes companies and governments to potential sanctions but also imposes varying data privacy and security requirements on their business operations. As a result of this recognition of these risks, many nations have begun to prioritize the importance of self-reliance in data management, aiming to gain a greater sense of control over their digital assets through self-reliance. 

As a result of this shift towards localized cloud infrastructure, national data is being protected against external influences, regulatory risks are mitigated, and a long-term digital resilience is being strengthened. There has been a dramatic shift in the landscape of data management, from traditional, locally hosted storage solutions to more dynamic, scalable cloud-based frameworks that are becoming more popular. 

The industry standard for data storage has long been on-premises; however, with advances in cloud technologies, new alternatives have emerged that are more efficient, secure, and affordable. As organizations realize the benefits of cloud computing, conventional storage methods are gradually being replaced by cloud computing. It is expected that digital transformation will result in an increase in the number of enterprises migrating their data management systems to the cloud over the next few years. 

The transition to this new technology does not only result from technological developments, but it is also a strategic necessity to remain competitive in a rapidly evolving environment of business. In today's fast-paced business environment, data has become one of the most crucial assets for decision-making, operational efficiency, and innovation, which emphasizes the need for organizations to implement robust and scalable strategies for managing data. 

With the continued evolution of industries, it is increasingly important that organizations ensure that they have a well-structured and efficient data management framework to ensure long-term success. As the data-driven world becomes increasingly data-driven, these companies will be better able to adapt to market shifts, enhance their overall business agility, and leverage real-time analytics through the use of cloud-based technology solutions, enhancing their competitiveness in the increasingly data-driven world.
Read more »
Protonmail
AT&T Cloud Services comcast credential harvesting Cyber Crime Protonmail

Cybercriminals Exploit Cloud Services to Steal Login Information

 


You may think you are receiving an email from your trusted ProtonMail account — only to discover it’s a trap set by cybercriminals. Recent research throws light on how attackers are targeting both widely known and lesser-used cloud platforms like AT&T, Comcast Xfinity, and Gravatar to deceive users into handing over their credentials.  

This growing trend is a testament to how cybercriminals evolve to exploit users’ trust in familiar brands and unsuspecting services, creating significant security risks for individuals and businesses alike.  


What Are Cloud Services, and Why Are They Targeted?

To understand these threats, it’s crucial to know what cloud services are. These platforms allow users to access tools and store data online, eliminating the need for physical hardware. Examples include ProtonMail, which provides secure email communication, and Gravatar, a service that manages user avatars across the web.  

Cybercriminals target these services due to their widespread adoption and the trust users place in them. Services like Gravatar, often overlooked in cybersecurity protocols, become particularly attractive to attackers as they can bypass many conventional defenses.  


How Attackers Exploit Cloud Platforms 

While telecom giants like AT&T and Comcast Xfinity are attacked for their reputation and vast user base, platforms like Gravatar are exploited due to their unique features. For instance, Gravatar’s “Profiles as a Service” functionality allows attackers to create convincing fake profiles, tricking users into revealing sensitive information.  

The methods attackers use often depend on two key factors:  

1. Familiarity: Trusted brands like AT&T and Comcast Xfinity are lucrative targets because users inherently trust their platforms.  

2. Low Visibility: Lesser-known platforms, such as Gravatar, often evade suspicion and security monitoring, making them easy prey.  


How Credential Theft Works  

Cybercriminals follow a systematic approach to harvest user credentials:  

1. Deceptive Emails: Victims receive phishing emails that mimic trusted platforms.  

2. Fake Websites: These emails direct users to fraudulent login pages resembling legitimate ones.  

3. Impersonation: Fake profiles and interfaces add credibility to the scam.  

4. Data Theft: Once users input their login details, attackers gain unauthorized access, leading to potential breaches.  


Telecom Companies Under Siege  

Telecommunications companies like AT&T, Comcast Xfinity, and regional Canadian ISPs, including Kojeko and Eastlink, are particularly vulnerable. These companies manage vast amounts of sensitive user data, making them high-value targets. A successful breach could enable hackers to exploit customer data on a massive scale, creating widespread consequences.  


How to Protect Yourself from These Attacks  

To stay secure against credential theft attempts, follow these precautions:  

  1. Verify Websites: Always confirm the authenticity of a URL before entering personal information.  
  2. Scrutinize Emails: Be cautious of unsolicited emails, especially those requesting sensitive data.  
  3. Strengthen Passwords: Use complex, unique passwords for every account.  
  4. Two-Factor Authentication (2FA): This adds an extra security layer, making it harder for attackers to succeed.  
  5. Stay Updated: Regularly educate yourself on emerging cybersecurity threats.  


Conclusion: Awareness is Key to Cybersecurity

Credential theft campaigns have become more intricate in their execution, targeting both renowned and overlooked platforms. By understanding the tactics used by attackers and adopting proactive security measures, individuals and businesses can safeguard themselves from these evolving threats.  

For an in-depth look at this issue and additional insights, refer to the SlashNext report.


Read more »
Privacy
Business Cloud Computing Cloud Services data security Healthcare IT Industry Privacy

Rethinking the Cloud: Why Companies Are Returning to Private Solutions


In the past ten years, public cloud computing has dramatically changed the IT industry, promising businesses limitless scalability and flexibility. By reducing the need for internal infrastructure and specialised personnel, many companies have eagerly embraced public cloud services. However, as their cloud strategies evolve, some organisations are finding that the expected financial benefits and operational flexibility are not always achieved. This has led to a new trend: cloud repatriation, where businesses move some of their workloads back from public cloud services to private cloud environments.

Choosing to repatriate workloads requires careful consideration and strategic thinking. Organisations must thoroughly understand their specific needs and the nature of their workloads. Key factors include how data is accessed, what needs to be protected, and cost implications. A successful repatriation strategy is nuanced, ensuring that critical workloads are placed in the most suitable environments.

One major factor driving cloud repatriation is the rise of edge computing. Research from Virtana indicates that most organisations now use hybrid cloud strategies, with over 80% operating in multiple clouds and around 75% utilising private clouds. This trend is especially noticeable in industries like retail, industrial sectors, transit, and healthcare, where control over computing resources is crucial. The growth of Internet of Things (IoT) devices has played a defining role, as these devices collect vast amounts of data at the network edge.

Initially, sending IoT data to the public cloud for processing made sense. But as the number of connected devices has grown, the benefits of analysing data at the edge have become clear. Edge computing offers near real-time responses, improved reliability for critical systems, and reduced downtime—essential for maintaining competitiveness and profitability. Consequently, many organisations are moving workloads back from the public cloud to take advantage of localised edge computing.

Concerns over data sovereignty and privacy are also driving cloud repatriation. In sectors like healthcare and financial services, businesses handle large amounts of sensitive data. Maintaining control over this information is vital to protect assets and prevent unauthorised access or breaches. Increased scrutiny from CIOs, CTOs, and boards has heightened the focus on data sovereignty and privacy, leading to more careful evaluations of third-party cloud solutions.

Public clouds may be suitable for workloads not bound by strict data sovereignty laws. However, many organisations find that private cloud solutions are necessary to meet compliance requirements. Factors to consider include the level of control, oversight, portability, and customization needed for specific workloads. Keeping data within trusted environments offers operational and strategic benefits, such as greater control over data access, usage, and sharing.

The trend towards cloud repatriation shows a growing realisation that the public cloud is only sometimes the best choice for every workload. Organisations are increasingly making strategic decisions to align their IT infrastructure with their specific needs and priorities. 



Read more »
VIPRE Security Group
AI Detection Chat-GPT Cloud Services cloud storage services generative AI tools hacker tactics malspam malware delivery Phishing emails phishing threats Spam Technology VIPRE Security Group

Rising Email Security Threats: Here’s All You Need to Know

 

A recent study highlights the heightened threat posed by spam and phishing emails due to the proliferation of generative artificial intelligence (AI) tools such as Chat-GPT and the growing popularity of cloud services.

According to a fresh report from VIPRE Security Group, the surge in cloud usage has correlated with an uptick in hacker activity. In this quarter, 58% of malicious emails were found to be delivering malware through links, while the remaining 42% relied on attachments.

Furthermore, cloud storage services have emerged as a prominent method for delivering malicious spam (malspam), accounting for 67% of such delivery in the quarter, as per VIPRE's findings. The remaining 33% utilized legitimate yet manipulated websites.

The integration of generative AI tools has made it significantly harder to detect spam and phishing emails. Traditionally, grammatical errors, misspellings, or unusual formatting were red flags that tipped off potential victims to the phishing attempt, enabling them to avoid downloading attachments or clicking on links.

However, with the advent of AI tools like Chat-GPT, hackers are now able to craft well-structured, linguistically sophisticated messages that are virtually indistinguishable from benign correspondence. This necessitates victims to adopt additional precautions to thwart the threat.

In the third quarter of this year alone, VIPRE's tools identified a staggering 233.9 million malicious emails. Among these, 110 million contained malicious content, while 118 million carried malicious attachments. Moreover, 150,000 emails displayed "previously unknown behaviors," indicating that hackers are continually innovating their strategies to optimize performance.

Phishing and spam persist as favored attack methods in the arsenal of every hacker. They are cost-effective to produce and deploy, and with a stroke of luck, can reach a wide audience of potential victims. Companies are advised to educate their staff about the risks associated with phishing and to meticulously scrutinize every incoming email, regardless of the sender's apparent legitimacy.
Read more »
Yahoo
Cloud Services Cyber Security Identity Theft Law Enforcement Malicious actor police force Protocols Sensitive Information Yahoo

Met Police Investigates Alleged Data Breach of Officer Information

The Metropolitan Police in London has launched an investigation into a suspected data breach that reportedly involves the leakage of sensitive information related to officers. The breach has raised concerns over the security of law enforcement personnel's data and the potential consequences of such incidents.

According to reports from reputable sources, the alleged data breach has exposed the personal details of police officers. This includes information that could potentially compromise the safety and privacy of officers and their families. The breach highlights the growing challenge of protecting digital information in an age of increasing cyber threats.

The Metropolitan Police's response to this incident underscores the seriousness of the matter. As law enforcement agencies collect and manage a significant amount of sensitive data, any breach can have far-reaching implications. The leaked information could potentially be exploited by malicious actors for various purposes, including identity theft, targeted attacks, or harassment of officers.

Data breaches are a pressing concern for organizations worldwide, and law enforcement agencies are no exception. The incident serves as a reminder of the need for robust cybersecurity measures to safeguard sensitive information. This includes not only protecting data from external threats but also ensuring that internal protocols and practices are in place to prevent accidental leaks.

Data breaches have the potential to reduce public faith in institutions in the current digital environment. The public's trust in the Metropolitan Police's capacity to handle sensitive data responsibly could be harmed by the disclosure of officer information. Transparent communication about the incident, steps taken to lessen the harm, and initiatives to stop similar breaches in the future are all necessary for reestablishing this trust.

Concerns concerning permission and data sharing are also raised by the breach. The cited sources' link to Yahoo's consent page raises the possibility that the breach and user consent are related. This demonstrates the significance of transparent and moral data-gathering procedures as well as the necessity of granting individuals control over the use of their data.

The Metropolitan Police must work closely with cybersecurity professionals and regulatory agencies as the investigation develops to comprehend the magnitude of the incident and its potential consequences. Lessons acquired from this incident can offer other businesses useful guidance as they work to improve their data protection strategies.


Read more »
Subscribe to: Comments (Atom)