Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberthreats. Show all posts
Wi-fi
Cyberhackers Cybersecurity Cyberthreats Router Hacking Technology TP-Link Wi-fi

TP-Link Outlines Effective Measures for Preventing Router Hacking

 


The presentation of a TP-Link Wi-Fi router by Representative Raja Krishnamoorthi of Illinois to Congress was one of the rare displays that highlighted increasing national security concerns on March 5. As a result of the congressman's stark warning — "Don't use this" — he sounded an alarm that the use of this network would carry significant security risks. His stark warning — "Don't use this" — immediately brought to mind the issue of potential vulnerabilities resulting from the use of foreign-made networking devices that may not have been adequately tested. 

The United States Representative Krishnamoorthi has been advocating for a ban on the sale and distribution of TP-Link routers across the nation for several months. His stance comes from an investigation that indicates that these devices may have been involved in state-sponsored cyber intrusions from China in 2023. There is increasing apprehension concerning the matter, and several federal agencies, including the Departments of Commerce, Defence, and Justice, have begun to conduct formal inquiries into the matter in the coming months. 

As federal agencies investigate the potential security risks associated with TP-Link's operations, one of the largest providers of consumer networking devices in the United States is currently being subjected to greater scrutiny. Though there is no doubt that the company is widely used in American households and businesses, there have been fears that regulators might take action against it over its alleged ties to mainland Chinese entities. 

This was a matter that was reported in December by The Wall Street Journal. It is reported that the U.S. Departments of Commerce, Defence, and Justice are investigating the matter, but there has not been conclusive evidence to indicate that intentional misconduct has occurred. In light of these developments, TP-Link's American management has clarified the company's organizational structure and operational independence as a result of these developments. 

The President of TP-Link USA, Jeff Barney, stated in a recent statement to WIRED that the American division operates as a separate and autonomous entity. According to Barney, TP-Link USA is a U.S.-based company. He asserted that the company has no connection with TP-Link Technologies, its counterpart operating in mainland China.

In addition, he also emphasised that the company was capable of demonstrating its operational and legal separation, as well as that it was committed to adhering to ensuring compliance with U.S. regulatory requirements. This increased scrutiny comes as a result of a bipartisan effort led by Representative Krishnamoorthi and Representative John Moolenaar of Michigan, who are currently working as representatives of the state of Michigan. According to the Wall Street Journal, federal authorities are seriously considering banning TP-Link routers. 

It is believed that the two lawmakers jointly submitted a formal request to the Department of Commerce in the summer of 2024, calling for immediate regulatory action because of the national security implications it might have. This incident has intensified the discussion surrounding the security of consumer networking devices and the broader consequences of relying on foreign technology infrastructure, while federal investigations are ongoing. 

There has recently been an appointment at TP-Link for Adam Robertson to become its new head of cybersecurity, a strategic move that underscores the company's commitment to ensuring the safety of consumers as well as enterprises. A 17-year industry veteran, he has been in executive leadership roles at firms like Reliance, Inc. and Incipio Group for the past eight years. In addition to playing an important role in advancing the company's cybersecurity initiatives, Robertson also has experience with Incipio Group and TP-Link's global headquarters in Irvine, California.

From his base at TP-Link's global headquarters, he is responsible for overseeing TP-Link's security operations across a wide range of networking and smart home products. In the past year, company executives have expressed strong confidence in Robertson's ability to drive significant change within the organisation. 

Jeff Barney, President of TP-Link USA, described Robertson's appointment as a timely and strategic addition to the organisation. He commented that Robertson's technical execution skills, as well as strategic planning skills, are in line with TP-Link's long-term innovation goals, which are centred upon innovation. With Robertson as the leader of the company, he is expected to help create a robust security culture within the company and help set more stringent industry standards for product integrity as well as consumer protection. 

Additionally, Robertson expressed enthusiasm for the organisation and his determination to contribute to its mission to advance secure, accessible technology by joining and contributing. It was his commitment to TP-Link to build on its strong foundation in cybersecurity to ensure that the brand will continue to be regarded as a trusted name in the global technology industry as a whole. As a result of the potential for it to be categorised as critical, a new security flaw, referred to as CVE-2023-1389, has raised considerable concern within the cybersecurity community. 

It is a vulnerability in TP-Link routers, called the Archer AX-21 router, that results from an inadequate input validation within the device's web-based management interface that leads to the vulnerability. By leveraging this weakness, malicious actors can craft specific HTTP requests that result in the execution of arbitrary commands with root privileges. As of right now, the Ballista botnet, an extremely sophisticated and rapidly evolving threat, is exploiting this vulnerability. 

It can, by exploiting this vulnerability, infect and propagate across vulnerable devices on the Internet autonomously, enabling it to recruit these devices in large-scale Distributed Denial of Service (DDoS) attacks. There is still a risk of exploitation for router firmware versions before 1.1.4 Build 202330219, according to cybersecurity analysts. The fact that this threat is capable of operating at a large scale makes it especially alarming. 

Due to its popularity among both consumers and businesses, the Archer AXE-21 has become a popular target for threat actors. As a result of several manufacturers in both the United States and Australia already being affected by this issue, there is a pressing need for mitigation. To prevent further compromise, experts stress immediate firmware updates and network security measures. As a result of the widespread use of this vulnerability, many previous botnet operations have exploited this vulnerability, further increasing the concerns surrounding its ongoing abuse. 

Multiple cybersecurity reports, including coverage by TechRadar Pro, have documented several threat actor groups utilising this particular vulnerability, among them the notorious Mirai botnet that has been operating for over 10 years. In both 2023 and 2024, activity surrounding this vulnerability was observed, which indicates that it has continued to attract malicious operators for years to come. 

Cato Networks researchers have identified an attack that occurs when an attacker deploys a Bash script to drop the malware onto a targeted system using the payload dropper function. This script is used to initiate the compromise by acting as a payload dropper for malicious code. During Cato's analysis, the botnet operators appeared to change their behaviour as the campaign progressed, moving to Tor-based domains, perhaps in response to increased cybersecurity professionals' attention. 

As soon as the malware has been executed, it establishes a secure TLS-encrypted C2 channel via port 82 that can be used for command-and-control (C2) purposes. Through the use of this channel, threat actors can take complete control of the compromised device remotely, enabling shell commands to be executed, remote code execution to be performed, and denial-of-service (Dos) attacks to be launched. This malware also has the capability of extracting sensitive data from the affected systems. This adds an exfiltration component to the malware's capabilities, giving it a significant amount of capability. 

As far as attribution is concerned, Cato Networks said it was reasonably confident that the operators behind the Ballista botnet are based in Italy, citing IP addresses that came from the region and Italian language strings embedded within the malware's binary. As a result of these indicators, the malware campaign was named "Ballista", and this is a result of those indicators. 

Several critical industries are the primary targets of the botnet, including manufacturing, healthcare, professional services, and technology. Its primary activity has been recorded in the United States, Australia, China, and Mexico, with noteworthy activity being observed there. It has been estimated that over 6,000 internet-connected devices are vulnerable, which means that the attack surface remains extensive as well as that the threat is still present.
Read more »
social media platforms
CyberCrime Cyberhackers Cyberthreats Digital Service Privacy social media platforms

Why Personal Identity Should Remain Independent of Social Platforms

 


Digital services are now as important as other public utilities such as electricity and water in today's interconnected world. It is very important for society to expect a similar level of consistency and quality when it comes to these essential services, including the internet and the systems that protect personal information. In modern times, digital footprints are used to identify individuals as extensions of their identities, capturing their relationships, preferences, ideas, and everyday experiences. 

In Utah, the Digital Choice Act has been introduced to ensure that individuals have control over sensitive, personal, and personal information rather than being dominated by large technology corporations. Utah has taken a major step in this direction by enacting the act. As a result of this pioneering legislation, users have been given meaningful control over how their data is handled on social media platforms, which creates a new precedent for digital rights in modernity. 

Upon the enactment of Utah's Digital Choice Act, on July 1, 2026, it is anticipated that the act will make a significant contribution to restoring control over personal information to individuals, rather than allowing it to remain within the authority of large corporations who control it. As a result of the Act, users are able to use open-source protocols so that they can transfer their digital content and social connections from one platform to another using open-source protocols. 

As a result of this legislation, individuals can retain continuity in their digital lives – preserving relationships, media, and conversations – even when they choose to leave a platform. Furthermore, the legislation affirms the principle of data ownership, which provides users with the ability to permanently delete their data upon departure. Moreover, the Act provides a fundamentally new relationship between users and platforms. 

Traditional social media companies are well known for monetizing user attention, earning profits through targeted advertising and offering their services to the general public without charge. This model of economics involves the creation of a product from the user data. As a result of the Digital Choice Act, users' data ownership is placed back in their hands instead of corporations, so that they are the ones who determine how their personal information will be used, stored, and shared. As a central aspect of this legislation, there is a vision of a digital environment that is more open, competitive, and ethical. 

Essentially, the Act mandates interoperability and data portability to empower users and reduce entry barriers for emerging platforms, which leads to the creation of a thriving social media industry that fosters innovation and competition. As in the past, similar successes have been witnessed in other industries as well. In the US, the 1996 Telecommunications Act led to a massive growth in mobile communications, while in the UK, open banking initiatives were credited with a wave of fintech innovation. 

There is the promise that interoperability holds for digital platforms in the same way that it has for those sectors in terms of choice and diversity. Currently, individuals remain vulnerable to the unilateral decisions made by technology companies. There are limited options for recourse when it comes to content moderation policies, which are often opaque. As a result of the TikTok outage of January 2025, millions of users were suddenly cut off from their years-old personal content and relationships, demonstrating the fragility of this ecosystem. 

The Digital Choice Act would have allowed users to move their data and networks to a new platform with a seamless transition, eliminating any potential risks of service disruption, by providing them with the necessary protections. Additionally, many creators and everyday users are often deplatformed suddenly, leaving them with no recourse or the ability to restore their digital lives. By adopting the Act, users now can publish and migrate content across platforms in real-time, which allows them to share content widely and transition to services that are better suited to their needs.

A flexible approach to data is essential in today's digitally connected world. Beyond social media, the consequences of data captivity are becoming increasingly urgent, and the implications are becoming more pressing. 23andMe's collapse highlighted how vulnerable deeply personal information is in the hands of private companies, especially as artificial intelligence becomes more and more integrated into the digital infrastructure. This increases the threat of misuse of data exponentially. 

As the stakes of data misuse increase exponentially, robust, user-centred data protection systems are becoming increasingly necessary and imperative. There is no doubt that Utah has become a national leader in the area of digital privacy over the past few years. As a result of enacting SB 194 and HB 464 in 2024, the state focuses on the safety of minors and the responsibility for mental health harms caused by social media. As a result of this momentum, the Digital Choice Act offers a framework that other states and countries could replicate and encourage policymakers to recognize data rights as a fundamental human right, leveraging this momentum.

The establishment of a legal framework that protects data portability and user autonomy is essential to the development of a more equitable digital ecosystem. When individuals are given the power to take their information with them, the dynamics of the online world change—encouraging personal agency, responsibility and transparency. Such interoperability can already be achieved by using the tools and technologies that are already available. 

Keeping up with the digital revolution is essential. To ensure the future of digital citizenship, lawmakers, technology leaders, as well as civil society members must work together to prioritize the protection of personal identity online. There is a rapid change occurring in the digital world, which means that the responsibilities of those responsible for overseeing and designing it are also changing as well. 

There is no question that as data continues to transform the way people live, work, and connect, people need to have their rights to control their digital presence embedded at the core of digital policy. The Digital Choice Act serves as a timely blueprint for how governments can take proactive measures to address the mounting concern over data privacy, platform dominance, and a lack of user autonomy in the age of digital technology. 

Although Utah has taken a significant step towards implementing a similar law, other jurisdictions must also recognize the long-term social, economic, and ethical benefits of implementing similar legislation. As part of this strategy, open standards should be fostered, fair competition should be maintained, and mechanisms should be strengthened to allow individuals to easily move and manage their digital lives without having to worry about them. 

It is both necessary and achievable to see a future where digital identities do not belong to private corporations but are protected and respected by law instead. The adoption of user-centric principles and the establishment of regulatory safeguards that ensure transparency and accountability can be enough to ensure that technology serves the people and does not exploit them to the detriment of them. 

To ensure a healthy and prosperous society in an increasingly digital era, users must return control over their identity to a shared and urgent priority that requires bold leadership, collaborative innovation, and a greater commitment to digital rights to ensure a prosperous and prosperous society.
Read more »
Windows
Akira CyberCrime Cybersecurity Cyberthreats EDR EDR Protections Ransomware S-RM Technology Webcam Windows

Webcam Exploited by Ransomware Group to Circumvent EDR Protections

 


Researchers at S-RM have discovered an unusual attack method used by the Akira ransomware gang. The Akira ransomware gang utilized an unsecured webcam to conduct encryption attacks against victims' networks via the use of an unsecured webcam. The attackers were able to bypass the Endpoint Detection and Response (EDR) mechanisms, which had been successful in stopping the ransomware encryptor from functioning on Windows computers.

During an investigation conducted by the S-RM team as part of an incident response, the S-RM team uncovered Akira's sophisticated adaptations in response to security defences. As a first step, the threat actors tried to implement encryption tools on Windows endpoints, but these attempts were thwarted by the EDR solution provided by the victim. 

It is important to note that the attackers reacted to this by exploiting the unsecured webcam as an entry point for the malware to infiltrate the network and launch their ransomware attacks. This incident illustrates how ransomware operators are increasingly using unconventional vulnerabilities to circumvent modern cybersecurity defenses, highlighting the evolution of ransomware operations. 

Network vulnerabilities exploited by Akira ransomware operators. 


Researchers in the cybersecurity field recently discovered a sophisticated attack strategy that was employed by the Akira ransomware group. Initially, the threat actors gained access to the network via an externally exposed remote access solution through which unauthorized access was gained. The attackers then installed AnyDesk.exe, a legitimate remote desktop tool, to maintain persistent access within the compromised network, and proceeded to exfiltrate sensitive data using this tool. 

In the months following the initial breach, the attackers used Remote Desktop Protocol (RDP) to move laterally through the network, simulating legitimate system administrator activities to conceal their activity and blend into normal networking operations. They evaded detection by mimicking legitimate system administrator activities. 

Akira Ransomware Group: A Rising Threat in the Cybercrime Landscape 


Emergence and Rapid Expansion 


Originally identified in early 2023, the Akira ransomware group has rapidly gained popularity as one of the most active ransomware operations in the world. As of 2024, the Akira group is responsible for around 15% of all ransomware incidents that were examined by cybersecurity firm S-RM. The company specializes in targeting small to medium sized businesses (SMEs) in North America, Europe, and Australia, especially businesses that have fewer than 1,000 employees as their primary target market. 

Operational Model and Organizational Structure 


Rather than using the typical paid-for model, Akira also uses a ransomware-as-a-service model: within this model, the group's core developers provide a running platform that allows its affiliates to access its binary and leak sites in exchange for a share of the ransom payments received by the group's owners. 

Triple Extortion Strategy and Technical Adaptability 


By employing a triple approach of extortion, or a series of layers of coercion to maximize leverage over their victims, Akira achieves extreme leverage over them: 

Data Encryption – Locking files and systems to disrupt business operations. 

Data Exfiltration – Stealing sensitive information before encryption. 

Public Disclosure Threats – Threatening to release exfiltrated data unless the ransom is paid. 

Akira's technical adaptability is exemplified by its ability to adjust its attack methods based on security threats. A recent webcam attack highlighted the group's innovative tactics. In this case, the group circumvented Endpoint Detection and Response (EDR) protections by using unsecured Internet of Things devices as an alternative entry point to bypass the system's protections. 

As ransomware operations such as Akira become more sophisticated, organizations, particularly small and medium-sized enterprises, must take proactive cybersecurity measures to mitigate the threats posed by these highly adaptive threat actors. To mitigate these risks, organizations must implement robust endpoint security, network segmentation, and IoT security protocols. 

Initially, the threat actors managed to breach the corporate network through an exposed remote access solution, likely using stolen credentials or brute-force techniques to gain access to the network. Once inside, they deployed AnyDesk, an authentic remote access tool, to gain persistent access and gain access to sensitive data. The data was then used as leverage in a double extortion scheme that later resulted in a double extortion attack. 

When the attack was first initiated, the attackers took advantage of the Remote Desktop Protocol (RDP) to enable them to move laterally, systematically spreading their presence across multiple systems before launching the ransomware attack. Their attack was carried out by introducing a password-protected archive file, win.zip, with the ransomware payload, win.exe, as a payload. Although the threat was initially detected and quarantined by the victim's Endpoint Detection and Response (EDR) system, it was ultimately neutralized when the virus was identified and quarantined. 

The attackers modified their strategy after experiencing this setback by finding alternative ways to attack the device. During a thorough network scan, several potential entry points were discovered, including a webcam and a fingerprint scanner. S-RM, a cybersecurity firm, explains that threat actors eventually chose the webcam as their primary pivot point for gaining access to its data, as it is easy for remote shell access and unauthorized video feeds. Moreover, the attackers took advantage of the device's lightweight Linux-based operating system, which was compatible with Akira's Linux encryptor. 

Since the webcam was without a protection agent against EDR attacks, it was an ideal choice for the ransomware attack to take place. The threat actors were able to successfully encrypt files on network shares by leveraging their connectivity to the Internet, circumventing conventional security measures and demonstrating the evolving sophistication of ransomware tactics. Instead of abandoning their original objective, the ransomware operators chose to utilize a previous internal network scan data as the basis for their next strategy. 

An investigation of the Internet of Things (IoT) revealed that several vulnerable devices were not adequately protected, including webcams and fingerprint scanners. As the attackers recognized the potential of unprotected devices as alternative entry points to traditional security systems, they sought to bypass those mechanisms. They discovered several vulnerabilities during their assessment, including an unsecured webcam, which proved to be the most feasible vulnerability. 

Several reasons contributed to this, most notably that it lacked Endpoint Detection and Response (EDR) protection, which made it an ideal target for exploiting. Additionally, the device was capable of being accessed remotely through a remote shell, making it even easier for attackers to gain access.

In addition, the Linux-based operating system presented a lightweight security footprint, which reduced the chances of detection and strengthened the appeal of the operating system as a potential entry point for cybercriminals. Execution of the Attack Through IoT Exploitation This attacker was able to create malicious SMB traffic directed towards a target Windows server by compromising a vulnerable webcam, which was able to be used by the attacker to create malicious SMB traffic. 

Due to the organization's lack of active monitoring of IoT devices, this technique enabled the ransomware payload to bypass traditional detection mechanisms. As a result of the attack, a large number of files were encrypted across the network of the victim. Even though SMB-based attacks have generally been considered to be less efficient than other intrusion techniques, this attack proved extremely effective in this case, mainly because they are frequently incompatible with conventional security monitoring tools, such as this tool. 

It is as a consequence of this incident that organizations must take proactive steps to ensure that all network-connected devices, most notably IoT endpoints, are secured via encryption so that sophisticated ransomware operators are not able to exploit them as attack vectors. 

The fact that the compromised webcam lacked an Endpoint Detection and Response (EDR) protection was a critical factor in the success of this attack, as largely due to its limited storage capacity, it could not cope with advanced security measures needed to defend itself. 

The Akira ransomware group exploited this vulnerability to deploy its Linux-based ransomware quickly from the compromised machine, encrypting files across the victim's network by using the Server Message Block protocol (SMB). As a result of this strategic approach, the attackers were able to operate covertly since malicious SMB traffic originating from the webcam was not detected by security systems, allowing them to evade detection by the organization's cybersecurity team. 

In light of these events, it is due to the growing necessity for comprehensive security protocols, in particular for securing Internet of Things (IoT) devices, that are more and more exploited as attack vectors by cyber criminals. A proactive cybersecurity approach is imperative to mitigate similar threats by ensuring that IoT devices are patched and managed, conducting regular vulnerability assessments within the organization's internal networks, and implementing robust network segmentation so that connected devices are limited in their ability to communicate. 

Further, turning off IoT devices when not in use can serve as a preventive measure against potential exploitation. To effectively defend against emerging threats, it is imperative to continuously monitor your network and implement robust security frameworks. As demonstrated by the Akira ransomware group, you must monitor your network constantly and implement robust security measures. With ransomware-as-a-service (RaaS) operations continuing to evolve at a rapid pace, organizations must remain vigilant, improving their cybersecurity strategies proactively to remain protected from increasingly sophisticated cyberattacks.
Read more »
Russia-Ukraine War
Cyber Security Cybersecurity Agencies Cyberthreats International Cooperation Russia-Ukraine War

USAID Cybersecurity Aid to Ukraine Halted as Trump Administration Freezes Projects

 

Before and after Russia’s 2022 invasion, U.S.-funded initiatives played a crucial role in strengthening Ukraine’s cybersecurity. Many of these efforts, backed by the United States Agency for International Development (USAID), aimed to protect the country against cyber threats. 

However, progress has stalled since the Trump administration directed USAID and its contractors to halt operations. Meanwhile, Elon Musk’s DOGE undergoes restructuring, and unless legal action intervenes, the aid agency faces dismantlement. One of the most significant projects put on pause is the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity, managed by Maryland-based DAI. In October, the initiative announced its collaboration with Ukraine’s Ministry of Foreign Affairs to secure diplomatic communications networks worldwide. 

At the time, Julie Koenen, USAID’s director in Ukraine, reaffirmed the agency’s commitment to maintaining essential government functions. Until January 17, the cybersecurity team remained active on social media, encouraging Ukrainian businesses to explore opportunities in the U.S. However, since Trump took office, its online presence has gone silent. Both USAID and DAI have not responded to inquiries regarding the program’s status. 

Former SSSCIP deputy head Victor Zhora, now a cybersecurity consultant, expressed concerns about funding uncertainty. Although he left his government position in 2023 amid a corruption probe—an allegation he denies—he remains hopeful that cybersecurity efforts will continue under another entity or a restructured version of USAID. He emphasized the program’s value in developing talent, training professionals, and advancing Ukraine’s cybersecurity infrastructure. 

Among its contributions, USAID had supplied over 5,000 Starlink devices for use across the country. Oleh Derevianko, founder of Ukraine’s Information Systems Security Partners, collaborated with USAID on various projects over the past five years. While he acknowledged inconsistencies in execution, he stressed the program’s overall benefit. USAID efforts focused on three key areas: legislative support, vulnerability assessments of critical infrastructure, and cybersecurity training programs.  

Looking ahead, even if Ukraine seeks international cybersecurity assistance, the absence of operational contractors could be a major obstacle. A source familiar with USAID’s funding model warned that if the freeze lasts beyond three months, many contractors will run out of funds. Since USAID-funded projects require contractors to cover expenses upfront and later invoice the government, delayed payments could cripple their financial stability. Additionally, banks may become reluctant to extend credit, further jeopardizing the sustainability of these projects.
Read more »
Privacy
Cyberattacks Cybercrimes Cyberhackers Cybersafety Cybersecurity Cyberthreats Hackers Privacy

The Evolution of Data Protection: Moving Beyond Passwords

 


As new threats emerge and defensive strategies evolve, the landscape of data protection is undergoing significant changes. With February 1 marking Change Your Password Day, it’s a timely reminder of the importance of strong password habits to safeguard digital information.

While conventional wisdom has long emphasized regularly updating passwords, cybersecurity experts, including those at the National Institute of Standards and Technology (NIST), have re-evaluated this approach. Current recommendations focus on creating complex yet easy-to-remember passphrases and integrating multi-factor authentication (MFA) as an additional layer of security.

Microsoft’s Vision for a Passwordless Future

Microsoft has long envisioned a world where passwords are no longer the primary method of authentication. Instead, the company advocates for the use of passkeys. While this vision has been clear for some time, the specifics of how this transition would occur have only recently been clarified.

In a detailed update from Microsoft’s Identity and Access Management team, Sangeeta Ranjit, Group Product Manager, and Scott Bingham, Principal Product Manager, outlined the anticipated process. They highlighted that cybercriminals are increasingly aware of the declining relevance of passwords and are intensifying password-focused attacks while they still can.

Microsoft has confirmed that passwords will eventually be phased out for authentication. Although over a billion users are expected to adopt passkeys soon, a significant number may continue using both passkeys and traditional passwords simultaneously. This dual usage introduces risks, as both methods can be exploited, potentially leading to privacy breaches.

According to Bingham and Ranjit, the long-term focus must be on phishing-resistant authentication techniques and the complete elimination of passwords within organizations. Simplifying password management while enhancing security remains a critical challenge.

The Need for Advanced Security Solutions

While passwords still play a role in authentication, they are no longer sufficient as the sole defense against increasingly sophisticated cyber threats. The shift toward passwordless authentication requires the development of new technologies that provide robust security without complicating the user experience.

One such solution is compromised credential monitoring, which detects when sensitive information, such as passwords, is exposed on the dark web. This technology promptly notifies administrators or affected users, enabling them to take immediate corrective actions, such as changing compromised credentials.

As the era of passwords draws to a close, organizations and individuals must embrace more secure and user-friendly authentication methods. By adopting advanced technologies and staying informed about the latest developments, we can better protect our digital information in an ever-evolving threat landscape.

Read more »
Vulnerabilities and Exploits
CyberCrime Cyberfrauds Cybersecurity Cyberthreats Darkweb Databreach Hackers Vulnerabilities and Exploits

FortiGate Vulnerability Exposes 15,000 Devices to Risks

 



Fortinet Firewall Data Breach: 15,000 Devices Compromised by Belsen Group

On January 14, 2025, it was reported that the configuration data of over 15,000 Fortinet FortiGate firewalls was leaked on the dark web. The hacker group, identified as Belsen, shared this data for free on its newly created TOR website. The leaked information includes full firewall configurations, plaintext VPN credentials organized by IP address and country, serial numbers, management certificates, and other sensitive data. This breach poses a significant security risk to affected organizations, as it enables attackers to compromise internal networks with ease.

Exploitation of Critical Vulnerabilities

According to cybersecurity analysts, the Belsen Group exploited a zero-day vulnerability, identified as CVE-2022-40684, to obtain the leaked data. This vulnerability, published in 2022, allowed attackers to bypass administrative authentication through specially crafted HTTP/HTTPS requests. By leveraging this flaw, the attackers exfiltrated configuration files containing sensitive details such as passwords, firewall rules, and advanced settings. These files, though obtained in 2022, remained undisclosed until January 2025, significantly increasing the risk exposure for affected organizations.

In response to this ongoing threat, Fortinet released patches for CVE-2022-40684 and announced a new critical authentication bypass vulnerability, CVE-2024-55591, on the same day the leak was disclosed. This new vulnerability is being actively exploited in campaigns targeting FortiGate firewalls, particularly those with public-facing administrative interfaces. Devices running outdated FortiOS versions are especially at risk.

Impact and Recommendations

The leaked configuration files provide a comprehensive map of victim networks, including firewall rules and administrator credentials. Threat actors can exploit this information to:

  • Bypass perimeter defenses and gain unauthorized access to internal networks.
  • Deploy ransomware, perform lateral movement, and exfiltrate sensitive data.
  • Identify additional vulnerabilities within the network architecture to maximize attack impact.

Organizations affected by this breach must take immediate action to mitigate risks. This includes:

  • Updating credentials for all compromised devices.
  • Applying the latest security patches, including fixes for CVE-2022-40684 and CVE-2024-55591.
  • Conducting thorough security audits to identify and address additional vulnerabilities.

Cybersecurity expert Kevin Beaumont has announced plans to release an IP list from the leak to help FortiGate administrators determine if their devices were affected. Meanwhile, security firms like CloudSEK and Arctic Wolf have emphasized the importance of prioritizing updates and vigilance against future exploitation campaigns.

Fortinet devices' history of vulnerabilities has made them frequent targets for cybercriminals and nation-state actors. Addressing these security gaps is crucial to preventing further breaches and protecting sensitive organizational data.

Read more »
IT risks
Banking Cyber Security Cyber Technology Cyberattacks CyberCrime Cyberthreats Digital Supply IT risks

EU Mandates Tougher Cybersecurity for Banking Sector

 


European Banks Strengthen Cybersecurity Amid Strict Regulations

European banks are being compelled to enhance their cybersecurity systems to comply with stringent regulations aimed at safeguarding critical infrastructure against cyber threats. The rise of digital tools in the financial sector has brought with it an urgent need for robust data protection systems and comprehensive cybersecurity measures.

Cyber risks remain a persistent challenge in the banking industry, with no signs of abatement. According to industry projections by Cybersecurity Ventures, global cybercrime costs are expected to escalate to a staggering $10.5 trillion annually by 2025. While these figures highlight the gravity of the issue, financial institutions have an opportunity to protect themselves from financial and reputational harm through the strategic implementation of dependable cybersecurity frameworks.

The Digital Operational Resilience Act (DORA)

On January 17, after a two-year implementation period, the Digital Operational Resilience Act (DORA) was signed into law. This legislation mandates financial services firms and their technology providers to enhance their resilience against cyberattacks and operational disruptions.

Under the new rules, financial institutions must:

  • Implement proactive risk management systems to identify and mitigate operational disruptions.
  • Establish rapid-response protocols to address technological challenges.
  • Conduct regular resilience tests to strengthen their digital defenses.
  • Continuously monitor and assess third-party IT risks across the supply chain.

The act affects over 22,000 institutions, including banks, digital banks, and cryptocurrency service providers. Non-compliance can result in fines of up to 2% of annual global revenue, with managers personally liable for breaches, facing penalties of up to €1 million.

Compliance with European cybersecurity regulations remains complex. Harvey Jang, Chief Privacy Officer and Deputy General Counsel at Cisco, notes that the financial sector operates under multiple overlapping regulations. These include the Network and Information Systems Directive (NIS), which focuses on critical infrastructure security, and the General Data Protection Regulation (GDPR), which standardizes data protection across the EU.

Each regulation introduces unique requirements, and national implementation adds further fragmentation. For instance:

  • The NIS Directive mandates member states to ensure high-security standards for critical infrastructure.
  • The GDPR emphasizes privacy, security, and breach management, significantly impacting financial institutions that control and process vast amounts of data.

DORA and NIS2: Strengthening EU Cybersecurity

DORA complements the updated NIS2 Directive, introduced in 2023 to address evolving cyber threats. Together, these regulations aim to bolster resilience across EU member states, ensuring financial institutions are prepared for the complexities of modern cyber threats.

However, a survey by Orange Cyberdefense revealed that 43% of UK financial institutions are still not fully compliant with DORA. Despite the UK’s departure from the EU, DORA applies to any financial institution operating within the EU, including those without an EU office.

Rising Awareness and Proactive Measures

Recent incidents, such as the 2024 Microsoft/CrowdStrike outage, have underscored the importance of proactive cybersecurity measures. These events have prompted organizations to allocate larger budgets to risk management teams and adopt a crisis-preparedness mindset.

"Forward-thinking organizations understand that it’s better to be prepared for crises when they occur, rather than if they occur," states the Boyle report. This shift in mindset has empowered companies to focus on readiness in an increasingly complex threat landscape.

The Role of High-Security Solutions

Companies like Salt, a Belfast-based cybersecurity firm, are addressing the growing need for high-security solutions. Salt serves industries such as finance, defense, and law enforcement in over 50 countries, including clients like BAE Systems and Mishcon de Reya.

Salt’s approach prioritizes customized, high-security communication systems that offer clients absolute control and exclusivity. “Our high-security clients demand systems that are independent and inaccessible once deployed — even to us,” explains Boyle. This assurance gives clients confidence and peace of mind in today’s complex threat environment.

As the financial sector navigates an increasingly digital and interconnected world, the importance of robust and proactive cybersecurity strategies cannot be overstated. Compliance with evolving regulations like DORA and NIS2 is critical to safeguarding financial institutions and maintaining trust in the industry.

Read more »
Social Media
Cyberattacks Cybersecurity Cyberthreats Digital Personal Data Protection IT Ministry Privacy Social Media

India Proposes New Draft Rules Under Digital Personal Data Protection Act, 2023




The Ministry of Electronics and Information Technology (MeitY) announced on January 3, 2025, the release of draft rules under the Digital Personal Data Protection Act, 2023 for public feedback. A significant provision in this draft mandates that parental consent must be obtained before processing the personal data of children under 18 years of age, including creating social media accounts. This move aims to strengthen online safety measures for minors and regulate how digital platforms handle their data.

The draft rules explicitly require social media platforms to secure verifiable parental consent before allowing minors under 18 to open accounts. This provision is intended to safeguard children from online risks such as cyberbullying, data breaches, and exposure to inappropriate content. Verification may involve government-issued identification or digital identity tools like Digital Lockers.

MeitY has invited the public to share their opinions and suggestions regarding the draft rules through the government’s citizen engagement platform, MyGov.in. The consultation window remains open until February 18, 2025. Public feedback will be reviewed before the finalization of the rules.

Consumer Rights and Data Protection Measures

The draft rules enhance consumer data protection by introducing several key rights and safeguards:
  • Data Deletion Requests: Users can request companies to delete their personal data.
  • Transparency Obligations: Companies must explain why user data is being collected and how it will be used.
  • Penalties for Data Breaches: Data fiduciaries will face fines of up to ₹250 crore for data breaches.

To ensure compliance, the government plans to establish a Data Protection Board, an independent digital regulatory body. The Board will oversee data protection practices, conduct investigations, enforce penalties, and regulate consent managers. Consent managers must register with the Board and maintain a minimum net worth of ₹12 crore.

Mixed Reactions to the Proposed Rules

The draft rules have received a blend of support and criticism. Supporters, like Saneh Lata, a teacher and mother of two from Dwarka, Delhi, appreciate the move, citing social media as a significant distraction for children. Critics, however, argue that the regulations may lead to excessive government intervention in children's digital lives.

Certain institutions, such as educational organizations and child welfare bodies, may be exempt from some provisions to ensure uninterrupted educational and welfare services. Additionally, digital intermediaries like e-commerce, online gaming, and social media platforms are subject to specific guidelines tailored to their operations.

The proposed draft rules mark a significant step towards strengthening data privacy, especially for vulnerable groups like children and individuals under legal guardianship. By holding data fiduciaries accountable and empowering consumers with greater control over their data, the government aims to create a safer and more transparent digital ecosystem.
Read more »
Subscribe to: Posts (Atom)