Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberspace. Show all posts
Cyberspace
AI Chatbot Copilot Cyber Security Cyberspace

AI Chatbots Like Copilot Retain Private GitHub Data, Posing Security Threats, Researchers Warn

 

Security experts have uncovered a serious vulnerability in AI-driven chatbot services that allows them to access and reveal private GitHub repositories, potentially exposing sensitive corporate information. Israeli cybersecurity firm Lasso has reported that this flaw affects thousands of developers, organizations, and major tech companies, raising concerns over data retention practices in AI models. 

Lasso’s investigation began when its own private GitHub repository was unexpectedly accessible through Microsoft’s Copilot. According to co-founder Ophir Dror, the repository had briefly been public, allowing Bing to index and cache its contents. Even after it was made private again, Copilot continued to generate responses based on the cached data. “If I was to browse the web, I wouldn’t see this data. But anyone in the world could ask Copilot the right question and get this data,” Dror stated. 

Further research by Lasso revealed that more than 20,000 GitHub repositories that had been switched to private in 2024 were still accessible through Copilot. The issue reportedly impacted over 16,000 organizations, including major corporations such as IBM, Google, PayPal, Tencent, Microsoft, and Amazon Web Services (AWS). While Amazon denied being affected, Lasso claims that AWS’s legal team pressured them to remove references to the company from their findings. 

The exposed repositories contained sensitive data, including security credentials, intellectual property, and corporate secrets. Lasso warned that bad actors could potentially manipulate AI chatbots to extract this information, putting businesses at risk. The company has advised organizations most affected by the breach to revoke or update any compromised credentials immediately. 

Microsoft was informed of the security flaw in November 2024 but categorized it as a “low-severity” issue. While Bing removed cached search results of the affected data in December, Microsoft maintained that the caching issue was “acceptable behavior.” 

However, Lasso cautioned that despite the cache being cleared, Copilot’s AI model still retains the data. The firm has since published its findings, urging greater oversight and stricter safeguards in AI systems to prevent similar security risks.
Read more »
Technology Threats
Chinese App Ban Cyberspace India Social Media threats Technology Technology Threats

MCA to Strike Off 400 Chinese Companies for Fraud in India

 

The Ministry of Corporate Affairs (MCA) is preparing to strike off as many as 400 Chinese companies operating in India due to severe financial irregularities and incorporation-related fraud. These companies, which primarily deal in online loans and job services, are spread across 17 states, including key areas such as Delhi, Mumbai, Chennai, Bengaluru, Uttar Pradesh, and Andhra Pradesh. According to a report by Moneycontrol, which cited an anonymous government official, the action is expected to be completed within the next three months. 

The MCA has been investigating nearly 600 Chinese companies, focusing on those involved in digital lending and online job platforms. The official stated that the investigation phase has concluded, revealing that 300 to 400 of these companies are likely to be struck off the register. 

The primary reasons for this drastic action include predatory lending practices, financial fraud, and violations of India’s financial regulations. These Chinese companies have come under scrutiny for a variety of reasons. Many of them have been accused of engaging in aggressive tactics to recover loans, imposing exorbitant interest rates on borrowers, and resorting to harassment. 

Additionally, several companies have been found to have Indian directors but operate with Chinese bank accounts, with no recorded financial transactions in India. This has raised suspicions of money laundering and other financial crimes. Furthermore, some companies were not found at their registered office addresses, while others were discovered to be investing in businesses unrelated to their stated purpose, further indicating potential financial fraud. 

Under Section 248 of the Companies Act, the process of striking off a company from the register takes approximately three months. The MCA first issues a notice to the company, allowing time for a response. If the company fails to respond, a second notice is sent after one month. Should there be no reply even then, the company is removed from the register.  

This sweeping action by the MCA underscores the Indian government’s ongoing efforts to regulate the digital lending space and ensure financial transparency, particularly in light of the growing concerns around the proliferation of predatory lending apps in the country.
Read more »
Threat actors
Artificial Intelligence Cyber Defence Cyber Security Cyberspace Global Economy International Cooperation Malicious actor Military Intelligence Threat actors

Cyber Militarization: Navigating the Digital Battlefield

Technology and the internet are now ubiquitous, creating vulnerabilities and enabling the militarization of cyberspace. This trend poses a number of threats to global security, including accidental or deliberate conflict between states, empowerment of non-state actors, and new arms races. The international community must cooperate to address this issue, developing norms and rules, building trust, and investing in cybersecurity.

Cyberspace once considered a relatively neutral domain for communication and information sharing, is now increasingly becoming a battlefield where nation-states vie for power and influence. The articles linked in this discussion shed light on the complex issue of militarization in cyberspace.

Kaspersky, a leading cybersecurity company, delves into the subject in their blog post, "How to Deal with Militarizing Cyberspace." They emphasize the growing concerns about the use of cyberspace for military purposes, such as cyberattacks and espionage. This article emphasizes the need for international cooperation and cybersecurity measures to address the challenges posed by this evolving landscape.

In the blog post from EasyTech4All, titled "The Inevitability of Militarization of CyberAI," the focus is on the convergence of artificial intelligence and cyber warfare. It highlights the significant role AI plays in enhancing military capabilities in cyberspace. This shift underlines the need for discussions and regulations to govern the use of AI in military operations.

Additionally, the document from the Cooperative Cyber Defence Centre of Excellence (CCDCOE) titled "The Militarization Of Cyberspace" offers an in-depth examination of the historical context and evolution of militarization in cyberspace. It explores the various facets of this phenomenon, from the development of offensive cyber capabilities to the establishment of cyber commands in military structures.

The militarization of cyberspace raises critical questions about the use of cyber tools for aggressive purposes, the potential for escalation, and the importance of international agreements to prevent cyber warfare. The interconnectedness of the global economy and critical infrastructure further amplifies the risks associated with cyber warfare.

To address these challenges, a multi-faceted approach is essential. This includes the development of international norms and regulations governing cyber warfare, cooperation between nations, investment in cybersecurity, and continuous monitoring of cyber threats.

Cyberspace militarization is a complex and evolving issue that requires our attention. By exploring the articles and materials provided, we gain a glimpse into the many facets of this challenge, from its historical roots to the use of AI in warfare. As technology advances, it becomes increasingly important to use cyberspace in an ethical and responsible manner. It is up to us all to ensure that the digital realm remains a force for good and progress, rather than a catalyst for instability and conflict.

Read more »
Micron
Chinese Government Cyber Attacks Cyber Technology CyberCrime Cybersecurity Cyberspace Micron

China's Assessment of Micron's Security Was Rejected

 


As a result of Micron's failure to pass a security review, the Chinese government has banned the company from supplying memory chips to local industries that are critical to the country. 

The Chinese cyberspace regulator has announced that it will bar operators of key infrastructure from buying products made by American memory chipmaker Micron Technology Inc. (MU.O). Micron Technology Inc. is an American memory chip maker with international reach. 

Washington is looking to cut off Beijing's access to the most advanced semiconductors to limit its access to the United States' advanced chip manufacturing facilities. Despite the ongoing chip war between the two nations, the probe represents the latest effort by investigators to escalate the crisis. 

As a result of the incident, China tightened its enforcement of anti-espionage and national security laws, tightening its control over international espionage. 

In a report by the news agency Reuters, the US government has instituted a series of export controls on certain American components and chipmaking tools to prevent them from being used to advance China's military capabilities, following a series of export controls by the USA on certain American components and chipmaking tools. 

There was an additional phase in the bitter chip war between the United States and China. Washington was attempting to prevent Beijing from having access to top-of-the-line semiconductors and the latest technology.    

Chinese authorities launched a review of Micron, one of the world's largest chip manufacturers, in March last year. This was following several complaints related to its products available in the country.   

From transportation to healthcare, critical information infrastructure is broadly defined as the network infrastructure that supports the system of the country.   

On Monday, shares in several local chipmaker-related companies rose as a result of the move. Shares in corporations including Gigadevice Semiconductors, Ingenic Semiconductors, and Shenzhen Kaifa Technology opened up by 3% to 8% on Monday, according to Reuters. 

Based on Micron's financials for the year ended March 31, 2013, it was estimated that China contributed approximately 10 percent of Micron's USD 30.8 billion revenue. 

It was unclear whether the cybersecurity watchdog's decision would affect sales to foreign customers since a large portion of Micron products sold in the country were purchased by foreign manufacturers, analysts said earlier. Even if the decision does affect sales, the effect may not be felt for some time. 

Earlier this year, the Chinese government announced that it would pay more attention to protecting the critical infrastructure of its information systems by enforcing stricter data security regulations. There has been a recent intensification of its enforcement of its anti-espionage and data security laws, which have been implemented as well. 

During the last year, China and the United States stepped up their chip war by imposing restrictions on Chinese access to high-end chips, chipmaking equipment, and software used in the design of semiconductors. Yangtze Memory Technologies Co Ltd, a rival of Micron, was also placed on a blacklist by the United States government. 

Despite the high level of risk that the Chinese armed forces and intelligence services may possess technology that could be used in developing advanced military equipment, Washington cited national security concerns and insisted that it wanted to prevent the acquisition of such technology. 

One of the largest chip manufacturers in the world, Micron, has been surveyed by Chinese authorities regarding products sold within the country by the company. 

Based on the review, the Cyberspace Administration of China (CAC) concluded that Micron's products pose significant security risks to China's critical information infrastructure supply chain, affecting the safety and security of the country's key infrastructure, an influence that could adversely affect China's national security. 

Several manufacturers of semiconductor technology equipment, such as the Netherlands and Japan, have recently announced new restrictions on the export of certain products, although neither of them named China as a major source of these restrictions. 

There has been a lot of opposition from Beijing to Washington's controversial move, which Beijing has called "bully tactics" and declared as "technological terrorism", saying it is not only strengthening its resolve to self-sufficiency in the sector but also strengthening US business interests.

There have been billions of dollars invested in domestic chip companies over the past few decades by the Chinese government to build up a robust semiconductor industry domestically. 

It is expected that by the year 2030, the chip industry in the world will generate a $1 trillion market, a figure that can be attributed to the fact that chips are the lifeblood of modern global economies, powering everything from cars to smartphones. 

In response to the ban, the United States opposes it; Micron is committed to engaging in negotiations with China. There was strong opposition to the Micron ban from the US Commerce Department. 

A spokesperson for the Commerce Department said in a statement that "we strongly oppose restrictions that have no basis in fact." China claims that they are open to a transparent regulatory framework and that they are committed to a transparent regulatory framework, which contradicts this action, along with raids and targetings of other American firms that have been reported in the past. 

It is now the department's responsibility to clarify the actions of the Chinese authorities in Beijing directly through direct communication with them.  

Beijing, which is China's largest manufacturer of semiconductors, has been forbidden from buying cutting-edge semiconductors as part of the US-China trade dispute. It's the latest escalation between the two countries. 

Despite Micron's review by the CAC, the company said it was looking forward to engaging with Chinese authorities in further discussions following its receipt of the review. The company said in a statement that it is evaluating the conclusion of the investigation and determining what we should do next.
Read more »
Turla
APT Group Cyber Attacks CyberCrime Cyberspace Government attacks LNKs malware Tomiris Turla

APT Groups Tomiris and Turla Target Governments

 


As a result of an investigation under the Advanced Persistence Threat (APT) name Tomiris, the group has been discovered using tools such as KopiLuwak and TunnusSched that were previously linked to another APT group known as Turla. 

Positive results are the result of an investigation conducted into the Tomiris APT group. This investigation focused on an intelligence-gathering campaign in Central Asia. As a possible method to obstruct attribution, the Russian-speaking actor used a wide array of malware implants that were created rapidly and in all programming languages known to man to develop the malware implants. A recently published study aims to understand how the group uses malware previously associated with Turla, one of the most notorious APT groups. 

Cyberspace is a challenging environment for attribution. There are several ways highly skilled actors throw researchers off track with their techniques. These include masking their origins, rendering themselves anonymous, or even misrepresenting themselves as part of other threat groups using false flags. Adam Flatley, formerly Director of Operations at the National Security Agency and Vice President for Intelligence at [Redacted], explains this in excellent depth. Adam and his team can determine their real identities only by taking advantage of threat actor operational security mistakes. 

Based on Kaspersky's observations, the observed attacks were backed by several low-sophisticated "burner" implant attacks using different programming languages, regularly deployed against the same targets by using basic but efficient packaging and distribution techniques as well as deployed against the same targets consistently. Tomiris also uses open-source or commercial risk assessment tools. 

In addition to spear-phishing emails with malicious content attached (password-protected archives, malicious documents, weaponized LNKs), Tomiris uses a wide range of other attack vectors. Tomiris' creative methods include DNS hijacking, exploiting vulnerabilities (specifically ProxyLogon), suspected drive-by downloads, etc. 

To steal documents inside the CIS, the threat actor targets governments and diplomatic entities within that region. There have been instances where victims have turned up in other regions (overseas as the Middle East and Southeast Asia) only to be foreigners representing the countries of the Commonwealth of Independent States, a clear indication of Tomiris's narrow focus on the region. 

An important clue to figuring out what's happening is the targeting. As Delcher explained, Tomiris focuses on government organizations in CIS, including the Russian Federation. However, in the cybersecurity industry, some vendors refer to Turla as a Russian-backed entity. A Russian-sponsored actor would not target the Russian Federation, which does not make sense. 

According to Delcher, it is not simply an educational exercise to differentiate between threat actors and legitimate actors. A stronger defense can be achieved through the use of such software. There may be some campaigns and tools that need to be re-evaluated in light of the date Tomiris started utilizing KopiLuwak. In addition, there are several tools associated with Turla.
Read more »
ransomware attacks
Cloud Servers Cyber Security Cyberspace Data protection ransomware attacks

Threat from Cyberspace Pushing Data Budgets Up and Delaying Digital Transformation

 

A new report has revealed that the cost of data backup is rising due to the growing threat from cybercrime. This includes the requirement to guarantee the consistency and dependability of hybrid cloud data protection in order to counteract potential losses from a ransomware attack. 

More than 4,300 IT leaders were polled for the Data Protection Trends Report, and many of them claimed that there was a "availability gap" between how quickly their businesses needed a system to be recovered and how quickly IT could get it back online. This issue is serious because, according to the survey, 85% of respondents experienced a cyberattack in the previous year. 

Making sure the data protection provided by Infrastructure as a Service and Software as a Service solutions corresponds with that provided by workloads focused on data centres was one of the top priorities for IT leaders polled for the survey this year.

More than half of those surveyed in the study, which was commissioned by data protection software vendor Veeam, also mentioned a "protection gap" between the amount of data they can lose and the frequency with which IT protects it. These gaps, according to more than half of those surveyed, have led them to consider switching primary data protection providers this year.

Many of those surveyed claimed that ransomware is "winning," with cyberattacks causing the most significant outages for businesses in 2020, 2021, and 2022, despite all of these efforts to increase backup reliability and spend on cybersecurity tools. 

Hackers' increasing threat to data budgets

In the past 12 months, at least 85% of all study participants reported experiencing an attack, up from 76% the year before. Data recovery was noted as a major concern, with many claiming that only 55% of encrypted data was recoverable following a ransomware attack.

This was partially due to the increase in attacks. Due to the strain that ransomware protection and recovery put on budgets and staff, it is also harder to implement digital transformation. Resources intended for digital transformation initiatives have been diverted as IT teams must concentrate on the unstable cyber security landscape. 

According to Veeam's researchers, cyberattacks "not only drain operational budgets from ransoms to recovery efforts, but they also reduce organisations' ability to modernise for their future success, forcing them to pay for prevention and mitigation of the status quo."

With 52% of respondents already using containers and 40% of organisations planning to do so soon, Kubernetes is proving to be one of the major forces behind bettering data security strategies. Despite this, the report's authors discovered that most organisations only protect the underlying storage rather than the workloads themselves. 

The CTO and senior vice president of product strategy at Veeam, Danny Allan, stated that "IT leaders are facing a dual challenge. They are building and supporting increasingly complex hybrid environments, while the volume and sophistication of cyberattacks is increasing. This is a major concern as leaders think through how they mitigate and recover business operations from any type of disruption.”
Read more »
User Security
Cyber Crime Cybersecurity Cyberspace Digital Digital Platform User Data User Privacy User Security

Web3: Cybercrime May Come to an End, Here’s How

 

Cybercrime has increasingly surged at a high rate in the U.S. Annually, cybercrime amounts to damage worth trillion dollars. One of the top cyber threats has been digital identity theft, in which threat actors leverage the stolen personal information of the victims, with the intent of causing financial havoc. 
The issue of cybercrime has persisted over the years and is certainly not going away anytime soon. In regard to the issue, the CEO of Sony, said, “the solution to cybercrime isn’t two-factor identification or your mother’s maiden name. The solution to cybercrime lies in the transition to Web3.” 

What is Web3?  


Web3, also known as Web 3.0 serves as the succeeded iteration of the internet after Web 2.0. While Web 2.0 is marked as a centralized internet model in which most of the data, content, and other services are controlled by some of the internet giants, also referred to as ‘Big Tech.’ 

WWe3 on the other hand can be described as a decentralised version of the internet, allowing users to communicate with one another in a secure, peer-to-peer environment.  

How are users vulnerable to Web2? 

Since a “digital identity” in Web2 includes more than just a username and a profile picture, a user is supposed to enter a verifiable email address in order to create an identity.  

Certainly, there is no limit to how many email addresses can one user make. Most of the users have multiple email addresses, serving different purposes, such as personal usage, work communication, spam filtering, etc. 

As there is no method to confirm that the person logging in is who they claim to be, beyond the two-factor identification, employing this means anyone with the credentials can get into any of these emails.  

Adding to the misery, once a company gets hold of a user’s personal data, he practically has no control over it. Thus, personal information is sold for the sake of targeted adverts. The data access and secondary sale increase the opportunities for a threat actor to exploit it. 


How is Web3 solving the problem?  


Login security: Centralized authorities would not control the user in the future. It will be as simple as utilising a biometric unlock with the use of DIDs and Blockchain-backed verification.  

Bots are always searching the internet for stray credentials that they may use to access bank accounts, emails, and other accounts. This will be stopped in its tracks by consolidated digital identities that are accessed by biometric logins.  

Control and Monetization of User Data


With the consolidated digital identity, a user can now utilize the data as they see fit, since he has overall control over who sees the data and who has to pay for the same. For an instance, one could build a decentralised ad network on Web3 and allow users to either opt in or out of the system.  

Although, Web3’s growing popularity is being considered the ‘next big revolution’, in digital tech, for its take on making lives easier for the unbanked and others involved in it. It still needs much improvement in regard to risks pertaining to the loopholes and potential vulnerabilities that could cause a great many problems in the future.
Read more »
Ukraine
Cyber Security Cyber Threats Cyberspace Ransom Ransomware attack Russia Ukraine

Russian Group Attack on Bulgarian Refugee Agency

 

A ransomware group that shares strong ties with Russia warned on Wednesday that it will publicly post the files it has stolen from the Bulgarian government agency that is responsible for the refugee management.

LockBit 2.0 published a notice on the dark website saying it had files from the Bulgarian State Agency for Refugees under the Council of Ministers. “All available data will be published!” the notice read under the group’s trademark bright red countdown clock, which has a May 9 publication date. It's worth noting that there was no specific post for a ransom demand. 

According to the Sofia Globe, a news organization in the country’s capital, nearly 5.7 million Ukrainian refugees have fled their country since February and approximately 230,000 fled to Bulgaria, while 100,700 are remaining in the country. 

The official website of the agency remains active, however, a notice on the site’s home page reads, “due to network problems, the e-addresses of the State Agency for Refugees at the Council of Ministers are temporarily unavailable.”

Press contacted an official for a comment on the same matter but the agency didn’t immediately respond to the email. Later, a spokesperson at the Bulgarian embassy in Washington, D.C., said that he did not have information on the incident and would look into the matter. 

LockBit 2.0 is an updated version of LockBit, a ransomware variant that first was spotted in September 2019, as per the cybersecurity firm Emsisoft. Originally known as ABCD ransomware, LockBit is famous for the file extension appended to encrypted files, with the extension later updating to “LockBit”.  Moreover, in September, the group made headlines for launching its own leak website. 

“This is simply the latest in a very long list of hits on organizations which provide critical services...,” said Brett Callow, a threat analyst at Emsisoft. 

“...Hospitals, [search and rescue], fire departments, and charities for the disabled have all been targeted. The individuals involved with ransomware are conscienceless scumbags and the sooner we find a way to deal with the problem, the better.”
Read more »
Subscribe to: Posts (Atom)