Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
trending news
Cyber Security Cybersecurity Coalition NATO trending news

NATO Concludes Cyber Coalition Exercise in Estonia, Preparing for Future Digital Threats

 

NATO has wrapped up its annual Cyber Coalition exercise in Estonia after a week of intensive drills focused on protecting networks and critical infrastructure from advanced cyberattacks. 

More than 1,300 cyber defenders joined the 2025 exercise. Participants represented 29 NATO countries, 7 partner nations, as well as Austria, Georgia, Ireland, Japan, South Korea, Switzerland, Ukraine, the European Union, industry experts, and universities. 

The goal of the training was to strengthen cooperation and improve the ability to detect, deter, and respond to cyber threats that could affect military and civilian systems. 

Commander Brian Caplan, the Exercise Director, said that Cyber Coalition brings countries together to learn how they would operate during a cyber crisis. He highlighted that cyber threats do not stay within borders and that sharing information is key to improving global defence. 

This year’s exercise presented seven complex scenarios that mirrored real-world challenges. They included attacks on critical national infrastructure, cyber disruptions linked to space systems, and a scenario called “Ghost in the Backup,” which involved hidden malware inside sensitive data repositories. 

Multiple simulated threat actors carried out coordinated digital operations against a NATO mission. The drills required participants to communicate continuously, share intelligence, and use systems such as the Virtual Cyber Incident Support Capability. 

The exercise also tested the ability of teams to make difficult decisions. Participants had to identify early warning signs like delayed satellite data, irregular energy distribution logs, and unexpected power grid alerts. They were also challenged to decide when to escalate issues to civilian authorities or NATO headquarters and how to follow international law when sharing military intelligence with law enforcement. 

A British officer taking part in the event said cyber warfare is no longer limited to watching computers. Participants must also track information shared by media and social networks, including sources that may be run by hostile groups.

Over the years, Cyber Coalition has evolved based on new technologies, new policies, and new threats. According to Commander Caplan, the exercise helps NATO and its partners adjust together before a real crisis takes place. 

Cyber defence is now a major pillar in NATO’s training efforts. Leaders say large-scale drills like Cyber Coalition are necessary as cyber threats continue to grow in both sophistication and frequency.
Read more »
SMS
Compliance Cyber Security Employee Data Google Google RCS security SMS

Google’s New Update Allows Employers To Archive Texts On Work-Managed Android Phones

 




A recent Android update has marked a paradigm shifting change in how text messages are handled on employer-controlled devices. This means Google has introduced a feature called Android RCS Archival, which lets organisations capture and store all RCS, SMS, and MMS communications sent through Google Messages on fully managed work phones. While the messages remain encrypted in transport, they can now be accessed on the device itself once delivered.

This update is designed to help companies meet compliance and record-keeping requirements, especially in sectors that must retain communication logs for regulatory reasons. Until now, many organizations had blocked RCS entirely because of its encryption, which made it difficult to archive. The new feature gives them a way to support richer messaging while still preserving mandatory records.

Archiving occurs via authorized third-party software that integrates directly with Google Messages on work-managed devices. Once enabled by a company's IT, the software will log every interaction inside of a conversation, including messages received, sent, edited, or later deleted. Employees using these devices will see a notification when archiving is active, signaling their conversations are being logged.

Google's indicated that this functionality only refers to work-managed Android devices, personal phones and personal profiles are not impacted, and the update doesn't allow employers access to user data on privately-owned devices. The feature must also be intentionally switched on by the organisation; it is not automatically on.

The update also brings to the surface a common misconception about encrypted messaging: End-to-end encryption protects content only while it's in transit between devices. When a message lands on a device that is owned and administered by an employer, the organization has the technical ability to capture it. It does not extend to over-the-top platforms - such as WhatsApp or Signal - that manage their own encryption. Those apps can expose data as well in cases where backups aren't encrypted or when the device itself is compromised.

This change also raises a broader issue: one of counterparty risk. A conversation remains private only if both ends of it are stored securely. Screenshots, unsafe backups, and linked devices outside the encrypted environment can all leak message content. Work-phone archiving now becomes part of that wider set of risks users should be aware of.

For employees, the takeaway is clear: A company-issued phone is a workplace tool, not a private device. Any communication that originates from a fully managed device can be archived, meaning personal conversations should stay on a personal phone. Users reliant on encrypted platforms have reason to review their backup settings and steer clear of mixing personal communication with corporate technology.

Google's new archival option gives organisations a compliance solution that brings RCS in line with traditional SMS logging, while for workers it is a further reminder that privacy expectations shift the moment a device is brought under corporate management. 


Read more »
Wireless Threats
Cyber Security Data Privacy digital surveillance Encryption Standards Malware Defense Network Safety Router Protection Wifi security Wireless Threats

Growing Concerns Over Wi-Fi Router Surveillance and How to Respond


 

A new report from security researchers warns that a humble Wi-Fi router has quietly become one of the most vulnerable gateways into home and work in an era where digital dependency is becoming more prevalent each day. Despite being overlooked and rarely reconfigured after installation, these routers remain one of the most vulnerable gateways to cybercrime. 

It is becoming increasingly clear that stalkers, hackers, and unauthorized users can easily infiltrate networks that are prone to outdated settings or weak protections as cyberattacks become more sophisticated. Various studies have shown that encryption standards like WPA3, when combined with strong password hygiene practices, can serve as the first line of defense in the fight against cybercrime. However, these measures can be undermined when users neglect essential security practices, such as safe password practices. 

Today, comprehensive security strategies require much more than just a password to achieve the desired results: administrators need to regularly check router-level security settings, such as firewall rules, guest network isolation, administrative panel restrictions, tracking permissions, and timely firmware updates. This is particularly true for routers that can support hundreds, or even thousands of connected devices in busy offices and homes. 

Modern wireless security relies on layers of defenses that combine to repel unauthorized access through layered defenses. WPA2 and WPA3 encryption protocols scramble data packets, ensuring that intercepted information remains unreadable by anyone outside of the network. 

A user's legitimacy is verified by an authentication prompt prior to any device being permitted on to the network, and granular access-control rules determine who can connect, what they can view, and how deeply they can communicate with the network. 

By maintaining secure endpoints—such as updating operating systems, antivirus applications, and restricting administrator access—we further decrease the chances of attackers exploiting weak links in the system. In addition to monitoring traffic patterns constantly, intrusion detection and prevention systems also recognize anomalies, block malicious attempts in real time, and respond to threats immediately. 

In conjunction with these measures, people have the capability of creating a resilient Wi-Fi defense architecture that protects both the personal and professional digital environments alike. According to researchers, although it seems trivial to conceal the physical coordinates of a Wi-Fi router, concealing this information is essential both for the safety of the individual and for the security of the organization. 

It is possible for satellite internet terminals such as Starlink to unwittingly reveal the exact location of a user-an issue particularly important in conflicting military areas and disaster zones where location secrecy is critical. Mobile hotspots present similar issues as well. In the event that professionals frequently travel with portable routers, their movement can reveal travel patterns, business itineraries, or even extended stays in specific areas of the country. 

People who have relocated to escape harassment or domestic threats may experience increased difficulties with this issue, as an old router connected by acquaintances or adversaries may unintentionally reveal their new address to others. It is true that these risks exist, but researchers note that the accuracy of Wi-Fi Positioning System (WPS) tracking is still limited. 

There is typically only a short period of time between a router appearing in location databases—usually several days after it has been detected repeatedly by multiple smartphones using geolocation services—conditions that would not be likely to occur in isolated, sparsely populated, or transient locations. 

Furthermore, modern standards allow for BSSID randomization, a feature that allows a router's broadcast identifier to be rotated regularly. This rotation, which is similar to the rotation of private MAC addresses on smartphones, disrupts attempts at mapping or re-identifying a given access point over time, making it very difficult to maintain long-term surveillance capabilities.

The first line of defense remains surprisingly simple: strong, unique passwords. This can be accomplished by reinforcing the basic router protections that are backed by cybersecurity specialists. Intruders continue to exploit weak or default credentials, allowing them to bypass security mechanisms with minimal effort and forging secure access keys with minimal effort. 

Experts recommend long, complex passphrases enriched with symbols, numbers, and mixed character cases, along with WPA3 encryption, as a way to safeguard data while it travels over the internet. Even so, encryption alone cannot cover up for outdated systems, which is why regular firmware updates and automated patches are crucial to closing well-documented vulnerabilities that are often ignored by aging routers. 

A number of features that are marketed as conveniences, such as WPS and UPnP, are widely recognized as high-risk openings which are regularly exploited by cybercriminals. Analysts believe that disabling these functions drastically reduces one's exposure to targeted attacks. Aside from updating the default administrator usernames, modern routers come with a number of security features that are often left untouched by organizations and households alike. 

As long as a guest network is used, you can effectively limit unauthorized access and contain potential infections by changing default administrator usernames, enabling two-step verification, and segmenting traffic. As a general rule, firewalls are set to block suspicious traffic automatically, while content filters can be used to limit access to malicious or inappropriate websites. 

Regular checks of device-level access controls ensure that only recognized, approved hardware may be connected to the network, in addition to making sure that only approved hardware is allowed access. The combination of these measures is one of the most practical, yet often neglected, frameworks available for strengthening router defenses, preventing attackers from exploiting breaches in digital hygiene, and limiting the opportunities available to attackers. 

As reported by CNET journalist Ry Crist in his review of major router manufacturers' disclosures, the landscape of data collection practices is fragmented and sometimes opaque. During a recent survey conducted by the companies surveyed, we found out that they gathered a variety of information from users, ranging from basic identifiers like names and addresses to detailed technical metrics that were used to evaluate the performance of the devices. 

Despite the fact that most companies justify collecting operational data as an essential part of maintenance and troubleshooting, they admit that this data is often incorporated into marketing campaigns as well as shared with third parties. There remains a large amount of ambiguity in the scope and specificity of the data shared by CommScope. 

In its privacy statement, which is widely used by consumers to access the Internet, CommScope notes that the company may distribute "personal data as necessary" to support its services or meet business obligations. Nevertheless, the company does not provide sufficient details about the limits of the sharing of this information. However, it is somewhat clearer whether router makers harvest browsing histories when we examine their privacy policies. 

It is explicitly stated by Google that its systems do not track users' web activity. On the other hand, both Asus and Eero have expressed a rejection of the practice to CNET directly. TP-Link and Netgear both maintain that browsing data can only be collected when customers opt into parental controls or similar services in addition to that. 

The same is true of CommScope, which claimed that Surfboard routers do not access individuals' browsing records, though several companies, including TP-Link and CommScope, have admitted that they use cookies and tracking tools on their websites. There is no definitive answer provided by public agreements or company representatives for other manufacturers, such as D-Link, which underscores the uneven level of transparency throughout the industry. 

There are also inconsistencies when it comes to the mechanisms available to users who wish to opt out of data collection. In addition, some routers, such as those from Asus and Motorola managed by Minim, allow customers to disable certain data sharing features in the router’s settings. Nest users, on the other hand, can access these controls through a privacy menu that appears on the mobile app. 

Some companies, on the other hand, put heavier burdens on their customers, requiring them to submit e-mails, complete online forms, or complete multi-step confirmation processes, while others require them to submit an email. Netgear's deletion request form is dedicated to customers, whereas CommScope offers opt-out options for targeted advertising on major platforms such as Amazon and Facebook, where consumers can submit their objections online. 

A number of manufacturers, including Eero, argue that the collection of selected operational data is essential for the router to function properly, limiting the extent to which users can turn off this tracking. In addition, security analysts advise consumers that routers' local activity logs are another privacy threat that they often ignore. 

The purpose of these logs is to collect network traffic and performance data as part of diagnostic processes. However, the logs can inadvertently reveal confidential browsing information to administrators, service providers, or malicious actors who gain access without authorization. There are several ways to review and clear these records through the device's administration dashboard, a practice which experts advise users to adhere to on a regular basis. 

It is also important to note that the growing ecosystem of connected home devices, ranging from cameras and doorbells to smart thermostats and voice assistants, has created more opportunities to be monitored, if they are not appropriately secured. As users are advised to research the data policies of their IoT hardware and apply robust privacy safeguards, they must acknowledge that routers are just one part of a much larger and deeper digital ecosystem. 

It has been suggested by analysts that today's wireless networks require an ecosystem of security tools that play a unique role within a larger defensive architecture in order to safeguard them, as well as a number of specialized security tools. As a result of the layered approach modern networks require, frameworks typically categorize these tools into four categories: active, passive, preventive, and unified threat management. 

Generally speaking, active security devices function just like their wired counterparts, but they are calibrated specifically to handle the challenges of wireless environments, for example. It includes firewalls that monitor and censor incoming and outgoing traffic in order to block intrusions, antivirus engines that continuously scan the airwaves for malware, and content filtering systems designed to prevent access to dangerous or noncompliant websites. This type of tool is the frontline mechanism by which a suspicious activity or a potential threat can be identified immediately and key controls enforced at the moment of connection. 

Additionaly, passive security devices, in particular wireless intrusion detection systems, are frequently used alongside them. In addition to monitoring network traffic patterns for anomalies, they also detect signs of malware transmission, unusual login attempts or unusual data spikes. These tools do not intervene directly. Administrators are able to respond to an incident swiftly through their monitoring capabilities, which allows them to isolate compromised devices or adjust configurations prior to an incident escalate, which allows administrators to keep a close eye on their network. 

A preventive device, such as a vulnerability scanner or penetration testing appliance, also plays a crucial role. It is possible for these tools to simulate adversarial behaviors, which can be used to probe network components for weaknesses that can be exploited without waiting for an attack to manifest. By using preventive tools, organizations are able to uncover misconfigurations, outdated protections, or loopholes in the architecture of the systems, enabling them to address deficiencies well before attackers are able to exploit them. 

In a way, the Unified Threat Management system provides a single, manageable platform at the edge of the network, combining many of these protections into one. Essentially, UTM devices are central gateways that integrate firewalls, anti-malware engines, intrusion detection systems, and other security measures, making it easier to monitor large or complex environments. 

A number of UTM solutions also incorporate performance-monitoring capabilities, which include bandwidth, latency, packet loss, and signal strength, essential metrics for ensuring a steady and uninterrupted wireless network. There are several ways in which administrators can receive alerts when irregularities appear, helping them to identify bottlenecks or looming failures before they disrupt operations. 

In addition to these measures, compliance-oriented tools exist to audit network behavior, verify encryption standards, monitor for unauthorized access, and document compliance with regulations. With these layered technologies, it becomes clear that today's wireless security opportunities extend far beyond passwords and encryption to cover a broad range of threats and requires a coordinated approach that includes detection, prevention, and oversight to counter today's fast-evolving digital threats. 

As far as experts are concerned, it is imperative to protect the Wi-Fi router so that it may not be silently collected and accessed by unauthorized individuals. As cyberthreats grow increasingly sophisticated, simple measures such as updating firmware, enabling WPA3 encryption, disabling remote access, and reviewing connected devices can greatly reduce the risk. 

Users must be aware of these basic security principles in order to protect themselves from tracking, data theft, and network compromise. It is essential that router security is strengthened because it is now the final line of defense for making sure that personal information, online activities, and home networks remain secure and private.
Read more »
Threat Intelligence
agentic AI AI Risk Management Cloud Governance Cyber defense Cyber Security Data Resilience Identity Protection SaaS security security automation Threat Intelligence

Balancing Rapid Innovation and Risk in the New Era of SaaS Security


 

The accelerating pace of technological innovation is leaving a growing number of organizations unwittingly exposing their organization to serious security risks as they expand their reliance on SaaS platforms and experiment with emerging agent-based AI algorithms in an effort to thrive in the age of digital disruption. Businesses are increasingly embracing cloud-based services to deliver enterprise software to their employees at breakneck speed. 

With this shift toward cloud-delivered services, it has become necessary for them to adopt new features at breakneck speed-often without pausing to implement, or even evaluate, the basic safeguards necessary to protect sensitive corporate information. There has been an unchecked acceleration of the pace of adoption of SaaS, creating a widening security gap that has renewed the urgent need for action from the Information Security community to those who are responsible for managing SaaS ecosystems. 

Despite the fact that frameworks such as the NIST Cybersecurity Framework (CSF) have served as a guide for InfoSec professionals for many years, many SaaS teams are only now beginning to use its rigorously defined functions—Govern, Identify, Protect, Detect, Respond, and Recover—particularly considering that NIST 2.0 emphasizes identity as the cornerstone of cyber defenses in a manner unparalleled to previous versions. 

Silverfort's identity-security approach is one of many new approaches emerging to help organizations meet these ever-evolving standards against this backdrop, allowing them to extend MFA to vulnerable systems, monitor lateral movements in real-time, and enforce adaptive controls more accurately. All of these developments are indicative of a critical moment for enterprises in which they need to balance relentless innovation with uncompromising security in a SaaS-driven, AI-driven world that is increasingly moving towards a SaaS-first model. 

The enterprise SaaS architecture is evolving into expansive, distributed ecosystems built on a multitenant infrastructure, microservices, and an ever-expanding web of open APIs, keeping up with the sheer scale and fluidity of modern operations is becoming increasingly difficult for traditional security models. 

The increasing complexity within an organization has led to enterprises focusing more on intelligent and autonomous security measures, making use of behavioral analytics, anomaly detection, and artificial intelligence-driven monitoring to identify threats much in advance of them becoming active. 

As opposed to conventional signature-based tools, advanced systems can detect subtle deviations from user behavior in real-time, neutralize risks that would otherwise remain undetected, and map user behavior in a way that will never be seen in the future. Innovators in the SaaS security space, such as HashRoot, are leading the way by integrating AI into the core of SaaS security workflows. 

A combination of predictive analytics and intelligent misconfiguration detection in HashRoot's AI Transformation Services can be used to improve aging infrastructures, enhance security postures, and construct proactive defense mechanisms that can keep up with the evolving threat landscape of 2025 and the unpredictable threats ahead of us. 

During the past two years, there has been a rapid growth in the adoption of artificial intelligence within enterprise software, which has drastically transformed the SaaS landscape at a rapid pace. According to new research, 99.7 percent of businesses rely on applications with AI capabilities built into them, which demonstrates how the technology is proven to boost efficiency and speed up decision-making for businesses. 

There is a growing awareness that the use of AI-enhanced SaaS tools is becoming increasingly common in the workplace, and that these systems have become increasingly integrated in every aspect of the work process. However, as organizations begin to grapple with the sweeping integration of AI into their businesses, a whole new set of risks emerge. 

As one of the most pressing concerns arises, a loss of control of sensitive information and intellectual property is a significant concern, raising complex concerns about confidentiality and governance, as well as long-term competitive exposure, as AI models often consume sensitive data and intellectual property. 

Meanwhile, the threat landscape is shifting as malicious actors are deploying sophisticated impersonator applications to mimic legitimate SaaS platforms in an attempt to trick users into granting them access to confidential corporate data through impersonation applications. It is even more challenging because AI-related vulnerabilities are traditionally identified and responded to manually—an approach which requires significant resources as well as slowing down the speed at which fast-evolving threats can be countered. 

Due to the growing reliance on cloud-based AI-driven software as a service, there has never been a greater need for automated, intelligent security mechanisms. It is also becoming increasingly apparent to CISOs and IT teams that disciplined SaaS configuration management is a critical priority. This is in line with CSF's Protect function under Platform Security, which has a strong alignment with the CSF's Protect function. In the recent past, organizations were forced to realize that they cannot rely solely on cloud vendors for secure operation. 

A significant share of cloud-related incidents can be traced back to preventable misconfigurations. Modern risk governance has become increasingly reliant on establishing clear configuration baselines and ensuring visibility across multiple platforms. While centralized tools can simplify oversight, there are no single solutions that can cover the full spectrum of configuration challenges. As a result of the recent development of multi-SaaS management systems, native platform controls and the judgment of skilled security professionals working within the defense-in-depth model, effective protection has become increasingly important. 

It is important to recognize that SaaS security is never static, so continuous monitoring is indispensable to protect against persistent threats such as authorized changes, accidental modifications, and gradual drifts from baseline security. It is becoming increasingly apparent that Agentic AI is playing a transformative role here. 

By detecting configuration drift at scale, correcting excessive permissions, and maintaining secure settings at a pace that humans alone can never match, it has begun to play a transformative role. In spite of this, configuration and identity controls are not all that it takes to secure an organization. Many organizations continue to rely on what is referred to as an “M&M security model” – a hardened outer shell with a soft, vulnerable center.

Once a valid user credential or API key is compromised, an attacker may be able to pass through perimeter defenses and access sensitive data without getting into the system. A strong SaaS data governance model based on the principles of identifying, protecting, and recovering critical information, including SaaS data governance, is essential to overcoming these challenges. This effort relies on accurate classification of data, which ensures that high-value assets are protected from unauthorised access, field level encryption, and adequate protection when they are copied into environments that are of lower security. 

There is now a critical role that automated data masking plays in preventing production data from being leaked into these environments, where security controls are often weak and third parties often have access to the data. In order to ensure compliance with evolving privacy regulations when personal information is used in testing, the same level of oversight is required as it is with production data. This evaluation must also be repeated periodically as policies and administrative practices change in the future. 

Within SaaS ecosystems, it is equally important to ensure that data is maintained in a manner that is both accurate and available. Although the NIST CSF emphasizes the need to implement a backup strategy that preserves data, allows precise recovery, and maintains uninterrupted operation, the service provider is responsible for maintaining the reliability of the underlying infrastructure. 

Modern SaaS environments require the ability to recover only the affected data without causing a lot of disruption, as opposed to traditional enterprise IT, which often relies on broad rollbacks to previous system states. It is crucial to maintain continuity in an enterprise-like environment by using granular resilience, especially because in order for agentic AI systems to function effectively and securely, they must have accurate, up-to-date information. 

Together, these measures demonstrate that safeguarding SaaS environments has evolved into a challenging multidimensional task - one that requires continuous coordination between technology teams, information security leaders, and risk committees in order to ensure that innovation can take place in a secure and scalable manner. 

Organizations are increasingly relying on cloud applications to conduct business, which means that SaaS risk management is becoming a significant challenge for security vendors hoping to meet the demands of enterprises. Businesses nowadays need more than simple discovery tools that identify which applications are being used to determine which application is being used. 

There is a growing expectation that platforms will be able to classify SaaS tools accurately, assess their security postures, and take into consideration the rapidly growing presence of artificial intelligence assistants, large language model-based applications, which are now able to operate independently across corporate environments, as well as the growing presence of AI assistants. A shift in SaaS intelligence has led to the need for enriched SaaS intelligence, an advanced level of insight that allows vendors to provide services that go beyond basic visibility. 

The ability to incorporate detailed application classification, function-level profiling, dynamic risk scoring, and the detection of shadow SaaS and unmanaged AI-driven services can provide security providers with a more comprehensive, relevant and accurate platform that will enable a more accurate assessment of an organization's risks. 

Vendors that are able to integrate enriched SaaS application insights into their architectures will be at an advantage in the future. Vendors that are able to do this will be able to gain a competitive edge as they begin to address the next generation of SaaS and AI-related risks. Businesses can close persistent blind spots by using enriched SaaS application insights into their architectures. 

In an increasingly artificial intelligence-enabled world, which will essentially become a machine learning-enabled future, it will be the ability of platforms to anticipate emerging vulnerabilities, rather than just responding to them, that will determine which platforms will remain trusted partners in safeguarding enterprise ecosystems in the future. 

A company's path forward will ultimately be shaped by its ability to embrace security as a strategic enabler rather than a roadblock to innovation. Using continuous monitoring, identity-centric controls, SaaS-enhanced intelligence, and AI-driven automation as a part of its operational fabric, enterprises are able to modernize at a speed without compromising trust or resilience in their organizations. 

It is imperative that companies that invest now, strengthening governance, enforcing data discipline, and demanding greater transparency from vendors, will have the greatest opportunity to take full advantage of SaaS and agentic AI, while also navigating the risks associated with an increasingly volatile digital future.
Read more »
Phishing Attacks
Account Takeover AI Powered Scams Amazon Scam Alert Consumer Data Protection Cyber Security Cyberthreats Fake Retail Websites Holiday Fraud Risks Online Shopping Safety Phishing Attacks

Amazon Sounds Alarm Over Attack Threatening 300 Million Accounts

 


In the face of looming Black Friday 2025 frenzy, Amazon has unveiled a warning to its large customer base that is expected to overlap the holiday season's busiest shopping week. The warning warns of a surge in sophisticated scams expected to shadow the holiday season's busiest shopping week. On November 24, the company emailed a security advisory to millions of users, one that Forbes first reported on, warning that cybercriminals are increasingly exploiting the seasonal spike in online purchases by impersonating individuals, using fraudulent advertising, and sending unsolicited messages to elicit personal and financial information from them. 

There are approximately 310 million active customers on Amazon, making the retailer a high-value target for attackers looking for easy money during the holiday season, so they outlined five prominent tactics currently used to deceive shoppers, including the use of fake account verification emails and unsolicited phone calls to deceive shoppers. 

As Consumer Protection experts, we agree with these concerns; Mr. Mike Andrews, a representative from National Trading Standards, told Metro that scammers have an advantage over consumers when it comes to the weeks leading up to Christmas, knowing that even a small fraction of successful attempts during peak retail activities can yield significant returns. 

In a new study published in the journal Cybercrime: Science and Technology, a cybercriminal network has stepped up their impersonation campaigns against global companies such as Netflix, PayPal, and many more, with the use of browser-based notification traps and criminal infrastructures, as well as a variety of other methods for deceiving large numbers of users. 

Amidst this background, Amazon’s advisory dated November 24 details how similar tactics have now been employed against Amazon’s own customers, as scammers are attempting to coerce victims into providing them with personal data, financial credentials, and Amazon login information in exchange for money. The fact that such scams aren't new, but they have become more refined and adaptive as they cycle through techniques such as credential-stuffing attacks and malware-assisted account takeovers. 

Fraudsters often carry out such operations by posing as customer service personnel or technical support personnel - a similar tactic that the FBI has also warned about in parallel alerts concerning bank-related scams. The underlying mechanics of the deception are essentially the same: attackers send persuasive text messages, emails, or phone calls that push customers to verify activity, or to resolve a supposed issue, resulting in password disclosures or multifactor authentication codes. 

A fraudster will immediately reset all of the security settings within an account once he has gained access. He will lock out legitimate users' accounts as soon as he gets access. A recent study by the FBI reveals that there have been an increase in lookalike websites and bogus alerts mimicking delivery updates and promotional offers, as well as misleading third-party advertisements and unsolicited calls masquerading as Amazon support. 

These methods are closely related to the patterns outlined in recent FBI investigations. According to FortiGuard Labs, new findings published on November 25 further emphasize the urgency of Amazon's warning. These findings indicate a sharp increase in threats specifically designed for the holiday season, which has already been identified by the researchers. 

Over 18,000 domains were recently registered that included the terms "Black Friday," "Christmas," and "Flash Sale," with over 750 of those domains already confirmed to be malicious. In addition, nearly 3,000 of the 19,000 domains that were designed to mimic major retailers, including Amazon, were verified by the report as fraudulent, of which nearly half were identified as frauds. Decoy sites are often created with subtle spelling variations and visual similarities, which can be easily overlooked by shoppers who are rushing through deals while focusing on them. 

Among the cyber security experts who warn that the threat landscape is changing at a rapid rate, experts like Anne Cutler of Keeper Security point out that many of the latest scams are driven by artificial intelligence. By doing so, attackers are able to generate convincing order confirmations, spoofed customer service conversations, and highly realistic retailer websites with the aid of artificial intelligence. 

A response to these escalating risks has been the adoption by Amazon of stricter digital hygiene guidelines. Amazon has requested that customers rely solely on the Amazon app or website to manage their accounts, enable two-factor authentication or use passkeys to protect their login credentials, and remember that Amazon never solicits your payment or credential information via unsolicited phone calls or email. 

There is no doubt that the retailer stressed the importance of these safeguards as cybercriminals intensify their efforts before the busiest shopping season of the year. In the end, Amazon shoppers should also keep in mind that security experts warn that the threat goes well beyond phishing attacks and fraudulent domains; it is also possible to face threats within the broader online marketplace. 

A researcher, Mike Andrews, explains that artificial intelligence has made it significantly easier for scammers to manipulate product credibility by creating a large volume of convincing fake reviews on popular platforms like Google, Trustpilot, and Amazon in order to create fake reviews for their products. A growing number of bots are capable of flooding product pages with glowing testimonials, making it more difficult for customers to distinguish genuinely well-rated products from items that have been artificially boosted to mask inferior and even dangerous products. 

In addition, Andrews explains that despite the difficulty of quantifying the amount of online reviews that may be misleading, consumers should not rely on them blindly when making purchase decisions. If a high number of reviews appears within a very short period of time, overly vague praise without mentioning product features, or suspiciously generic comments are noticed, it may be a sign that the product is not as good as it sounds. 

It is possible to gain additional perspective using services like TheReviewIndex and RateBud that analyze review authenticity. Such manipulations of customer reviews vary in their goals. However, they are often aimed at convincing shoppers to make a purchase for substandard items or to purchase products that may never arrive in their hands. 

There is also an aggressive scam that seeks personal information, financial information, or Amazon login credentials through fake messages, advertisements, or phone calls. Moreover, Andrews warns that social media advertisers are becoming increasingly sophisticated when it comes to deceptive advertising, with artificial intelligence (AI) often generating storefronts that mimic small businesses or festive markets using fake images and videos. 

Even though these sites sound quite convincing, they often deliver nothing more than cheaply produced goods shipped from overseas, leaving customers disappointed and out of pocket. A surge in seasonal scams, on the other hand, illustrates the importance of taking an active role in one's online security as a shopper. Analysts believe that even simple habits, such as verifying sender addresses, checking URLs, updating passwords, and enabling multi-factor authentication, are enough to prevent the vast majority of attempts to penetrate an online network. 

The consumer is also encouraged to inform Amazon and the relevant authorities of suspicious pages or messages, so that they can be dismantled before they spread. Even though cybercriminals are developing their tactics with artificial intelligence (AI) and precision, the best way to stop them is to have an informed public that shop deliberately, questions what might be unexpected, and prioritizes safety over urgency.
Read more »
Phishing Attacks
Cyber Security Data Digital Scams Identity Thefts Internet Phishing Attacks

Scammers Used Fake WhatsApp Profiles of District Collectors in Kerala


Scammers target government officials 

In a likely phishing attempt, over four employees of Kasaragod and Wayanad Collectorates received WhatsApp texts from accounts imitating their district Collectors and asking for urgent money transfers. After that, the numbers have been sent to the cyber police, according to the Collectorate officials. 

Vietnam scammers behind the operation 

The texts came from Vietnam based numbers but showed the profile pictures of concerned collectors, Inbasekar K in Kasaragod and D R Meghasree. 

In one incident, the scammers also shared a Google Pay number, but the target didn't proceed. According to the official, "the employees who received the messages were saved simply because they recognised the Collector’s tone and style of communication." 

Two employees from Wayanad received texts, all from different numbers from Vietnam. In the Kasaragod incident, Collector Inbasekar said a lot of employees received the phishing texts on WhatsApp. Two employees reported the incident. No employee lost the money. 

Scammers used typical scripts

The scam used a similar script in the two districts. The first text read: Hello, how are you? Where are you currently? In the Wayanad incident, the first massage was sent around 4 pm, and in Kasaragod, around 5:30 pm. When the employee replied, a follow up text was sent: Very good. Please do something urgently. This shows that the scam followed the typical pitches used by scammers. 

The numbers have been reported to the cyber police. According to Wayanad officials, "Once the messages were identified as fake, screenshots were immediately circulated across all internal WhatsApp groups." Cyber Unit has blocked both Vietnam-linked and Google Pay numbers.

What needs to be done?

Kasaragod Collector cautioned the public and staff to be careful when getting texts asking for money transfers. Coincidentally, in both the incidents, the texts were sent to staff employed in the Special Intensive Revision of electoral rolls. In this pursuit, the scammers revealed the pressures under which booth-level employees are working.

According to cyber security experts, the fake identity scams are increasingly targeting top government officials. Scammers are exploiting hierarchical structures to trick officials into acting promptly. “Police have urged government employees and the public to avoid responding to unsolicited WhatsApp messages requesting money, verify communication through official phone numbers or email, and report suspicious messages immediately to cybercrime authorities,” the New Indian Express reported.

Read more »
Salesforce
API Cyber Security Gainsight Google OAuth token compromise Salesforce

Gainsight Breach Spread into Salesforce Environments; Scope Under Investigation

 



An ongoing security incident at Gainsight's customer-management platform has raised fresh alarms about how deeply third-party integrations can affect cloud environments. The breach centers on compromised OAuth tokens connected with Gainsight's Salesforce connectors, leaving unclear how many organizations touched and the type of information accessed.

Salesforce was the first to flag suspicious activity originating from Gainsight's connected applications. As a precautionary measure, Salesforce revoked all associated access tokens and, for some time, disabled the concerned integrations. The company also released detailed indicators of compromise, timelines of malicious activity, and guidance urging customers to review authentication logs and API usage within their own environments.

Gainsight later confirmed that unauthorized parties misused certain OAuth tokens linked to its Salesforce-connected app. According to its leadership, only a small number of customers have so far reported confirmed data impact. However, several independent security teams-including Google's Threat Intelligence Group-reported signs that the intrusion may have reached far more Salesforce instances than initially acknowledged. These differing numbers are not unusual: supply-chain incidents often reveal their full extent only after weeks of log analysis and correlation.

At this time, investigators understand the attack as a case of token abuse, not a failure of Salesforce's underlying platform. OAuth tokens are long-lived keys that let approved applications make API calls on behalf of customers. Once attackers have them, they can access the CRM records through legitimate channels, and the detection is far more challenging. This approach enables the intruders to bypass common login checks, and therefore Salesforce has focused on log review and token rotation as immediate priorities.

To enhance visibility, Gainsight has onboarded Mandiant to conduct a forensic investigation into the incident. The company is investigating historical logs, token behavior, connector activity, and cross-platform data flows to understand the attacker's movements and whether other services were impacted. As a precautionary measure, Gainsight has also worked with platforms including HubSpot, Zendesk, and Gong to temporarily revoke related tokens until investigators can confirm they are safe to restore.

The incident is similar to other attacks that happened this year, where other Salesforce integrations were used to siphon customer records without exploiting any direct vulnerability in Salesforce. Repeated patterns here illustrate a structural challenge: organizations may secure their main cloud platform rigorously, but one compromised integration can open a path to wider unauthorized access.

But for customers, the best steps are as straightforward as ever: monitor Salesforce authentication and API logs for anomalous access patterns; invalidate or rotate existing OAuth tokens; reduce third-party app permissions to the bare minimum; and, if possible, apply IP restrictions or allowlists to further restrict the range of sources from which API calls can be made.

Both companies say they will provide further updates and support customers who have been affected by the issue. The incident served as yet another wake-up call that in modern cloud ecosystems, the security of one vendor often relies on the security practices of all in its integration chain. 



Read more »
Tor Network
Algorithm Cyber Security Security Upgrade Tor Network

Tor Network to Roll Out New Encryption Algorithm in Major Security Upgrade

 

The developers of the Tor network are preparing to replace one of the project’s oldest encryption systems in an effort to defend users against increasingly sophisticated cyberattacks. Tor confirmed that the relay encryption algorithm known as “tor1” will be retired and replaced by a new design called Counter Galois Onion, or CGO. Tor1 has been in use since the early 2000s and encrypts the traffic that travels between the relays that form a user’s circuit inside the Tor network. 

Although the system has been widely relied on for more than two decades, researchers say its design now presents several weaknesses, including exposure to so-called “tagging attacks.” These attacks allow an adversary to alter traffic at one relay and then look for predictable patterns further along the circuit that could help trace a user. The algorithm also reuses the same AES keys throughout a circuit and provides only a small authentication field, which Tor developers say has led to a non-negligible probability of forged data passing undetected. 

CGO has been designed to eliminate these issues. According to Tor, the new protocol adds forward secrecy to messages, prevents tampering, and brings encryption standards in line with modern cryptography. Tor explained in a technical post that the system ensures that if a message is modified, that message and all subsequent messages in the circuit become unreadable. The Tor Project described the upgrade as an effort to “defend users against a broader class of online attackers and form the basis for more encryption work in the future.” 

CGO is already implemented in Arti, Tor’s Rust-based client. A C version is in development to support the current relay infrastructure, since Rust relays are not yet deployed across the network. Developers have not provided a timeline for when CGO will arrive in the Tor Browser, noting that they are still tuning performance for modern processors. They acknowledged that CGO will likely be slower than tor1 initially, though optimizations are ongoing. 

The upgrade represents one of the most significant changes to Tor’s core cryptography in years. While the network is widely associated with the dark web and illicit markets, it is also used by journalists, activists and residents of authoritarian states seeking safe access to information. Tor’s history includes involvement from both government research institutions and privacy advocates, and the project continues to position encryption as a key protection against online surveillance.
Read more »
Subscribe to: Comments (Atom)