Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybersecurity measures. Show all posts
Mobile Security Tools
Android Android Smartphone cybersecurity breaches Cybersecurity measures iOS Mobile Security Mobile Security Tools

Swiss Startup Soverli Introduces a Sovereign OS Layer to Secure Smartphones Beyond Android and iOS

 

A Swiss cybersecurity startup, Soverli, has introduced a new approach to mobile security that challenges how smartphones are traditionally protected. Instead of relying solely on Android or iOS, the company has developed a fully auditable sovereign operating system layer that can run independently alongside existing mobile platforms. The goal is to ensure that critical workflows remain functional even if the underlying operating system is compromised, without forcing users to abandon the convenience of modern smartphones. 

Soverli’s architecture allows multiple operating systems to operate simultaneously on a single device, creating a hardened environment that is logically isolated from Android or iOS. This design enables organizations to maintain operational continuity during cyber incidents, misconfigurations, or targeted attacks affecting the primary mobile OS. By separating critical applications into an independent software stack, the platform reduces reliance on the security posture of consumer operating systems alone. 

Early adoption of the technology is focused on mission-critical use cases, particularly within the public sector. Emergency services, law enforcement agencies, and firefighting units are among the first groups testing the platform, where uninterrupted communication and system availability are essential. By isolating essential workflows from the main operating system, these users can continue operating even if Android experiences failures or security breaches. The same isolation model is also relevant for journalists and human rights workers, who face elevated surveillance risks and require secure communication channels that remain protected under hostile conditions.  

According to Soverli’s leadership, the platform represents a shift in how mobile security is approached. Rather than assuming that the primary operating system will always remain secure, the company’s model is built around resilience and continuity. The sovereign layer is designed to stay operational even when Android is compromised, while still allowing users to retain the familiar smartphone experience they expect. Beyond government and critical infrastructure use cases, the platform is gaining attention from enterprises exploring secure bring-your-own-device programs. 

The technology allows employees to maintain a personal smartphone environment alongside a tightly controlled business workspace. This separation helps protect sensitive corporate data without intruding on personal privacy or limiting device functionality. The system integrates with mobile device management tools and incorporates auditable verification mechanisms to strengthen identity protection and compliance. The underlying technology was developed over four years at ETH Zurich and does not require specialized hardware modifications. 

Engineers designed the system to minimize the attack surface for sensitive applications while encrypting data within the isolated operating system. Users can switch between Android and the sovereign environment in milliseconds, balancing usability with enhanced security. Demonstrations have shown secure messaging applications operating inside the sovereign layer, remaining confidential even if the main OS is compromised. Soverli’s approach aligns with Europe’s broader push toward digital sovereignty, particularly in areas where governments and enterprises demand auditable and trustworthy infrastructure. 

Smartphones, often considered a weak link in enterprise security, are increasingly being re-evaluated as platforms capable of supporting sovereign-grade protection without sacrificing usability. Backed by $2.6 million in pre-seed funding, the company plans to expand its engineering team, deepen partnerships with device manufacturers, and scale integrations with enterprise productivity tools. Investors believe the technology could redefine mobile security expectations, positioning smartphones as resilient platforms capable of operating securely even in the face of OS-level compromise.
Read more »
MaaS model
Critical Infrastructure Cyber Attacks Cyberattack threats Cybersecurity measures Infrastructure Security MaaS MaaS model

CastleLoader Widens Its Reach as GrayBravo’s MaaS Infrastructure Fuels Multiple Threat Clusters

 

Researchers have now identified four distinct threat activity clusters associated with the malware loader CastleLoader, bolstering previous estimates that the tool was being supplied to multiple cybercriminal groups through a malware-as-a-service model. In this, the operator of this ecosystem has been dubbed GrayBravo by Recorded Future's Insikt Group, which had previously tracked the same actor under the identifier TAG-150. 

CastleLoader emerged in early 2025 and has since evolved into a dynamically developing malware distribution apparatus. Recorded Future's latest analysis underscores GrayBravo's technical sophistication, the ability to promptly adapt operations after public reporting, and the growing infrastructure currently supporting multiple threat campaigns. 

GrayBravo's toolkit consists of several components, including a remote access trojan dubbed CastleRAT and a modular malware framework named CastleBot. CastleBot is composed of three interconnected main elements: a shellcode stager, a loader, and a core backdoor. The loader injects the backdoor into memory, following which the malware communicates with command-and-control servers to receive instructions. These further enable downloading and executing a variety of payloads in the form of DLL, EXE, and PE files. CastleLoader has been used to distribute various well-known malware families, including RedLine Stealer, StealC, DeerStealer, NetSupport RAT, SectopRAT, MonsterV2, WARMCOOKIE, and other loaders, such as Hijack Loader, which demonstrates how well the CastleBot and CastleLoader combo serves as a widely useful tool.  

Recorded Future's new discoveries uncover four separate operational clusters, each using CastleLoader for its purposes. One cluster, attributed to TAG-160, has been operational since March 2025, targeting the logistics industry by leveraging phishing lures and ClickFix for CastleLoader delivery. Another one, referred to as TAG-161, started its operations in June 2025 and has used Booking.com-themed ClickFix campaigns for spreading CastleLoader and Matanbuchus 3.0. One more cluster has utilized infrastructure that spoofs Booking.com, complementing the spoofing with ClickFix and leveraging Steam Community pages as dead-drop resolvers to distribute CastleRAT via CastleLoader. A fourth cluster, which has been active since April 2025, leverages malvertising and fake update notices posing as Zabbix and RVTools for delivering CastleLoader together with NetSupport RAT. 

The actor's infrastructure spans from victim-facing command-and-control servers attributed to CastleLoader, CastleRAT, SectopRAT, and WARMCOOKIE to several other VPS servers, presumably held as spares. Of special interest are the TAG-160 operations, which feature the use of hijacked or fake accounts on freight-matching platforms, including DAT Freight & Analytics and Loadlink Technologies, to create rather plausible phishing messages. The customised lures suggest that the operators have extensive domain knowledge of logistics processes and related communication practices in the industry. 

Recorded Future concluded that the continued expansion in the use of CastleLoader by independent threat groups testifies to how rapidly such advanced and adaptive tools can diffuse in the cybercrime ecosystem once they get credit. Supporting this trend, the recent case documented by the researchers at Blackpoint involved a Python-based dropper chain in which the attackers used ClickFix to download an archive, stage files in the AppData directory, and execute a Python stager that rebuilt and launched a CastleLoader payload. Continued evolution of these delivery methods shows that the malware-as-a-service model behind CastleLoader is really enabling broader and more sophisticated operations through multiple threat actors.
Read more »
MSP
CISO best practices Cyber Attacks Cyber-recovery Cybersecurity measures cybersecurity solutions Data Recovery IT Industry MSP

Clarity, Control, And Recovery Define Effective Response To Cyberattacks For IT Teams And MSPs

 

When a cyberattack strikes, the impact is immediate. Systems slow down, files are locked, phones flood with alerts, and the pressure mounts by the second. The speed and precision of the response often determine whether the situation ends in recovery or spirals into disaster. What IT teams and managed service providers need most in these moments are clarity, control, and a dependable recovery path. Without them, even the most experienced professionals risk being overwhelmed as damage escalates. With them, organizations can act decisively, protect clients, and reduce the fallout. 

Clarity is often the first and most urgent requirement. Cyberattacks cause confusion because the nature of the threat is not always obvious at the start. Without a clear understanding of whether it is ransomware, phishing, insider activity, or some other form of compromise, teams are left to guess. Guesswork wastes time and can worsen the situation. Real-time visibility into anomalies such as suspicious login attempts, sudden file encryption, or unusual network traffic provides a unified picture of what is happening. This enables teams to see the blast radius, identify compromised systems, and determine which data remains safe. With clarity, chaos turns into something manageable, allowing quick decisions on isolating, preserving, or shutting down systems. 

Once clarity is achieved, control becomes the next critical step. Attacks often spread through privilege escalation, lateral movement, or data exfiltration. Containment prevents small breaches from becoming catastrophic. Rapidly isolating infected endpoints, revoking exploited credentials, and automatically enforcing protective policies are crucial for slowing or halting an attack. Effective incident response relies not only on tools but also on predefined roles, playbooks, and escalation paths, so teams know exactly what actions to take under pressure. Efficiency also matters: the more capabilities managed through a single interface, the faster the recovery. Integrated solutions such as endpoint detection and response or extended detection and response make it easier to contain incidents before they spread. 

Even after containment, damage may remain. Data can be encrypted, systems may be taken offline, and clients demand immediate answers. At this point, the most valuable resource is a reliable recovery lifeline. Secure backup systems provide assurance that even if primary operations are disrupted, organizations can restore data and systems. Backups that are immutable prevent ransomware from altering recovery points, while granular restore functions allow for quick access to specific files or applications. Disaster recovery solutions can even spin up workloads in secure environments while remediation continues. For IT teams, recovery prevents operations from grinding to a halt, and for MSPs, it preserves customer trust. 

Cyberattacks are not hypothetical but inevitable. The organizations that fare best are those that prepare in advance, investing in monitoring, building strong response playbooks, and deploying robust recovery solutions. Preparation does not eliminate attacks, but it makes the difference between manageable disruption and catastrophe.
Read more »
Infrastructure
critical infrastructure cybersecurity Cyber Security Cybersecurity Governance cybersecurity in healthcare Cybersecurity measures Infrastructure

Identity governance must extend to physical access in critical infrastructure security

 

In cybersecurity, much attention is often placed on firewalls, multi-factor authentication, and digital access controls, but in sensitive sectors such as utilities, energy, airports, pharmaceutical plants, and manufacturing, the challenge extends well beyond digital defenses. Physical access plays a critical role, and in many organizations, it remains the weakest link. As digital and physical systems converge, managing identity across both domains has become increasingly complex. What was once considered a facilities matter is now a direct responsibility of security leadership, carrying implications for compliance, safety, and organizational trust. 

In many companies, physical security systems like badge readers, door access points, and turnstiles are treated separately from IT environments. While that may have once been acceptable, the risks today show how flawed this separation is. If an individual no longer employed by the organization can still walk into a sensitive area, or if badge privileges remain after a role change, the organization faces serious vulnerabilities. Facilities such as airports, government offices, data centers, and large manufacturing plants see thousands of individuals moving through them daily, creating countless opportunities for mistakes or misuse. 

The consequences of an insider retaining unnecessary access can be immediate and damaging. The complexity is magnified by scale. Consider the case of an employee whose role shifted within a company. While IT permissions were updated to reflect the new position, the physical badge remained active for higher-level areas. This outdated access was then duplicated for new hires, unintentionally granting them entry to spaces far beyond their job requirements. 

In a global company with thousands of employees and multiple secure sites, such oversights multiply rapidly. Systems are often powerful but remain disconnected from HR records and identity governance tools, making it difficult to track whether access privileges are accurate or necessary. Physical access systems are operational technology, often running independently on separate networks. Like other OT systems, they can be neglected, with access lists left unchanged for years. 

This leads to problems such as orphaned badges for former employees, inherited permissions, excessive access rights, and little visibility into how many people hold credentials for sensitive areas. Unlike digital environments where logs and directories allow oversight, physical access systems are typically siloed, leaving leaders unable to prove whether access controls are correct. 

Even if nothing is wrong, there is rarely substantiated evidence to demonstrate compliance or safety. Unauthorized physical access can be just as damaging as a digital breach, and in many cases, the risks are greater. Governing identity today means addressing both digital and physical dimensions with equal rigor. 

Without integrating and validating badge data, correlating it with employee records, and continuously reviewing privileges, organizations are relying on assumptions rather than facts. In environments where physical presence carries risk, relying on assumptions is not a viable security strategy.
Read more »
data security
3D Guns 3D Printing AI technology Cyber Security Cybersecurity measures Data collection Data Recovery data security

New Forensic System Tracks Ghost Guns Made With 3D Printing Using SIDE

 

The rapid rise of 3D printing has transformed manufacturing, offering efficient ways to produce tools, spare parts, and even art. But the same technology has also enabled the creation of “ghost guns” — firearms built outside regulated systems and nearly impossible to trace. These weapons have already been linked to crimes, including the 2024 murder of UnitedHealthcare CEO Brian Thompson, sparking concern among policymakers and law enforcement. 

Now, new research suggests that even if such weapons are broken into pieces, investigators may still be able to extract critical identifying details. Researchers from Washington University in St. Louis, led by Netanel Raviv, have developed a system called Secure Information Embedding and Extraction (SIDE). Unlike earlier fingerprinting methods that stored printer IDs, timestamps, or location data directly into printed objects, SIDE is designed to withstand tampering. 

Even if an object is deliberately smashed, the embedded information remains recoverable, giving investigators a powerful forensic tool. The SIDE framework is built on earlier research presented at the 2024 IEEE International Symposium on Information Theory, which introduced techniques for encoding data that could survive partial destruction. This new version adds enhanced security mechanisms, creating a more resilient system that could be integrated into 3D printers. 

The approach does not rely on obvious markings but instead uses loss-tolerant mathematical embedding to hide identifying information within the material itself. As a result, even fragments of plastic or resin may contain enough data to help reconstruct its origin. Such technology could help reduce the spread of ghost guns and make it more difficult for criminals to use 3D printing for illicit purposes. 

However, the system also raises questions about regulation and personal freedom. If fingerprinting becomes mandatory, even hobbyist printers used for harmless projects may be subject to oversight. This balance between improving security and protecting privacy is likely to spark debate as governments consider regulation. The potential uses of SIDE go far beyond weapons tracing. Any object created with a 3D printer could carry an invisible signature, allowing investigators to track timelines, production sources, and usage. 

Combined with artificial intelligence tools for pattern recognition, this could give law enforcement powerful new forensic capabilities. “This work opens up new ways to protect the public from the harmful aspects of 3D printing through a combination of mathematical contributions and new security mechanisms,” said Raviv, assistant professor of computer science and engineering at Washington University. He noted that while SIDE cannot guarantee protection against highly skilled attackers, it significantly raises the technical barriers for criminals seeking to avoid detection.
Read more »
Quishing Campaign
Cyber Fraud Cybersecurity measures Cybersecurity Warning Drivers QR code QR Code Phishing QR code scams QR code security Quishing Quishing Campaign

Parking Meter QR Code Scam Grows Nationwide as “Quishing” Threatens Drivers

 

A growing scam involving fake QR codes on parking meters is putting unsuspecting drivers at risk of financial fraud. This deceptive tactic—called “quishing,” a blend of “QR” and “phishing”—relies on tampered QR codes that redirect people to bogus websites designed to steal sensitive information like credit card details or vehicle data. 

The scam works in a surprisingly simple but effective way: fraudsters cover official QR codes on parking meters with nearly identical stickers that feature malicious codes. When scanned, the QR code does not lead to the authorized parking service’s payment portal but instead sends users to a counterfeit site. These phishing websites often look nearly identical to legitimate services, making them difficult to identify as fraudulent. Once there, victims are prompted to enter personal data that can later be misused to withdraw funds or commit identity theft.  

Recent reports have confirmed the presence of such manipulated QR codes on parking infrastructure in multiple cities, and similar schemes have also been spotted on electric vehicle charging stations. In one documented case, a victim unknowingly lost a four-figure amount after entering their payment information on a fake page. According to police authorities in Lower Saxony, Germany—where the scam has seen a surge—this type of attack is rapidly spreading and becoming a nationwide concern. 

Unlike phishing emails, which are often flagged by security software, QR codes are processed as images and generally bypass traditional cybersecurity defenses. This makes “quishing” harder to detect and potentially more dangerous, especially for users with outdated smartphone software. Because these scams exploit visual deception and technical limitations, the responsibility often falls on users to scrutinize QR codes closely before scanning.  

Experts recommend taking a few precautions to stay safe. First, inspect the QR code on the meter to ensure it hasn’t been tampered with or covered by a sticker. If anything appears off, avoid scanning it. For added security, users should download the official parking service app from an app store and enter location details manually. Using third-party QR code scanner apps that reveal the destination URL before opening it can also help prevent falling for a fake link. 

Anyone who believes they may have been scammed should act immediately by contacting their bank to block the card, reporting the incident to local authorities, and monitoring accounts for unauthorized activity. Law enforcement is urging users to stay alert as these scams become more common, especially in urban areas where mobile parking and EV charging stations are widely used.
Read more »
Risk Assessment
business protection Cyber Security cybersecurity for businesses Cybersecurity measures Cybersecurity Strategy Risk Assessment

6 Cybersecurity Mistakes That Put Businesses at Risk

 

In today’s digital-first economy, technology is a vital part of every business, from small local operations to international corporations. However, the growing reliance on tech also brings significant risks. With over half of global businesses reportedly suffering financial losses of at least $300,000 due to cyberattacks, it’s clear that cybersecurity must be taken seriously. Despite this, many organizations still fall short in their implementation, not because of a lack of awareness but due to a range of common yet critical mistakes. 

One frequent issue is a misalignment between a company’s risk tolerance and its cybersecurity efforts. Many businesses either overestimate or underestimate the level of security they need. Without a clear, shared understanding between executive leaders and IT teams on how much risk is acceptable, businesses may implement overly restrictive controls that disrupt operations or leave gaps that hackers can exploit. It’s essential to strike the right balance by openly discussing risk appetite and making security decisions that support overall business objectives. 

Another major problem is the failure to conduct thorough and regular risk assessments. Some organizations rely too heavily on automated tools, skipping manual checks or human analysis that can identify deeper issues. Effective risk assessment goes beyond just identifying technical vulnerabilities — it must also consider employee behavior, third-party risks, and the potential impact on operations. A comprehensive, ongoing evaluation provides a more accurate picture of where improvements are needed. 

Many companies also make the mistake of sticking to outdated or rigid security strategies. Cyber threats are constantly evolving, so security strategies must be flexible and reviewed regularly. A well-developed plan should clearly outline responsibilities, set measurable goals, and be adaptable enough to respond to emerging threats. Without consistent reviews and updates, businesses leave themselves open to new and unexpected forms of attack. Ignoring software updates and patches is another common oversight. Failing to apply critical updates can leave systems vulnerable to known exploits. Organizations need structured patch management routines, including regular scans and prioritized deployments. Using automated tools can help streamline this process, especially for larger teams. 

Data protection is another area where businesses often fall short. Equally important is having a strong backup strategy. A 3-2-1 backup system — three copies of data on two different media, with one off-site — ensures that data can be recovered quickly and reliably. Regular testing of these backups is crucial to ensure they work when needed.

Finally, treating cybersecurity as a one-time setup rather than an ongoing process can leave a company dangerously exposed. Installing antivirus software or enabling multi-factor authentication is just the start. Continuous monitoring and improvement — including real-time threat detection, regular audits, and employee training — are necessary to stay ahead of cybercriminals. Human oversight is just as important as technical tools when interpreting alerts and responding to threats effectively. 

Avoiding these common cybersecurity mistakes can significantly strengthen a business’s defense against attacks. Protecting your digital assets doesn’t require the most expensive tools — it requires the right strategies, regular evaluations, and a culture that values security. With a proactive, informed approach, businesses can reduce risk, maintain customer trust, and ensure long-term resilience against evolving cyber threats.
Read more »
Shadow AI
AI Deepfakes AI threats Cyber Security cybercriminals Cybersecurity measures IABs Open Source Ransomwares Shadow AI

Emerging Cybersecurity Threats in 2025: Shadow AI, Deepfakes, and Open-Source Risks

 

Cybersecurity continues to be a growing concern as organizations worldwide face an increasing number of sophisticated attacks. In early 2024, businesses encountered an alarming 1,308 cyberattacks per week—a sharp 28% rise from the previous year. This surge highlights the rapid evolution of cyber threats and the pressing need for stronger security strategies. As technology advances, cybercriminals are leveraging artificial intelligence, exploiting open-source vulnerabilities, and using advanced deception techniques to bypass security measures. 

One of the biggest cybersecurity risks in 2025 is ransomware, which remains a persistent and highly disruptive threat. Attackers use this method to encrypt critical data, demanding payment for its release. Many cybercriminals now employ double extortion tactics, where they not only lock an organization’s files but also threaten to leak sensitive information if their demands are not met. These attacks can cripple businesses, leading to financial losses and reputational damage. The growing sophistication of ransomware groups makes it imperative for companies to enhance their defensive measures, implement regular backups, and invest in proactive threat detection systems. 

Another significant concern is the rise of Initial Access Brokers (IABs), cybercriminals who specialize in selling stolen credentials to hackers. By gaining unauthorized access to corporate systems, these brokers enable large-scale cyberattacks, making it easier for threat actors to infiltrate networks. This trend has made stolen login credentials a valuable commodity on the dark web, increasing the risk of data breaches and financial fraud. Organizations must prioritize multi-factor authentication and continuous monitoring to mitigate these risks. 

A new and rapidly growing cybersecurity challenge is the use of unauthorized artificial intelligence tools, often referred to as Shadow AI. Employees frequently adopt AI-driven applications without proper security oversight, leading to potential data leaks and vulnerabilities. In some cases, AI-powered bots have unintentionally exposed sensitive financial information due to default settings that lack robust security measures. 

As AI becomes more integrated into workplaces, businesses must establish clear policies to regulate its use and ensure proper safeguards are in place. Deepfake technology has also emerged as a major cybersecurity threat. Cybercriminals are using AI-generated deepfake videos and audio recordings to impersonate high-ranking officials and deceive employees into transferring funds or sharing confidential data. 

A recent incident involved a Hong Kong-based company losing $25 million after an employee fell victim to a deepfake video call that convincingly mimicked their CFO. This alarming development underscores the need for advanced fraud detection systems and enhanced verification protocols to prevent such scams. Open-source software vulnerabilities are another critical concern. Many businesses and government institutions rely on open-source platforms, but these systems are increasingly being targeted by attackers. Cybercriminals have infiltrated open-source projects, gaining the trust of developers before injecting malicious code. 

A notable case involved a widely used Linux tool where a contributor inserted a backdoor after gradually establishing credibility within the project. If not for a vigilant security expert, the backdoor could have remained undetected, potentially compromising millions of systems. This incident highlights the importance of stricter security audits and increased funding for open-source security initiatives. 

To address these emerging threats, organizations and governments must take proactive measures. Strengthening regulatory frameworks, investing in AI-driven threat detection, and enhancing collaboration between cybersecurity experts and policymakers will be crucial in mitigating risks. The cybersecurity landscape is evolving at an unprecedented pace, and without a proactive approach, businesses and individuals alike will remain vulnerable to increasingly sophisticated attacks.
Read more »
Subscribe to: Comments (Atom)