Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyersecurity. Show all posts
Samsung
CyberCrime Cyberhackers CyberThreat Cyersecurity Data Breach Google Samsung

Massive Data Breach at Samsung Exposes 270000 Records

 


During the analysis of the Samsung Germany data breach, a wide range of sensitive information was found to be compromised, including customer names, addresses, email addresses, order history, and internal communications, among other sensitive data. Those findings were contained in a report released by cybersecurity firm Hudson Rock, which examined the breach and the reasons that led to it thoroughly. Spectos GmbH, a third-party IT service provider, is believed to have been compromised in 2021 when an infostealer malware infection occurred on an employee's computer. Hudson Rock explains that this is an initial point of compromise dating back to 2021. 

By using the domain samsung-shop.spectos.com, Spectos' software solutions for monitoring and improving service quality are directly integrated with Samsung Germany's customer service infrastructure. It was found that access to Samsung Germany's systems was gained using credentials that had previously been compromised as a result of the Racoon Infostealer malware. It is well known that the specific strain of malware is capable of harvesting a large amount of sensitive data from infected machines, including usernames, passwords, browser cookies, and auto-fill information. 

As it transpired, the credentials in this case came from the device of an employee of Spectos GmbH in 2021 that was stolen. Although there were no security practices in place, such as the rotation of passwords or revocation protocols, the login information was valid and exploitable for nearly four years after the lapse occurred. Cybercriminals exploited outdated credentials and gained unauthorized access through this lapse, further emphasizing the ongoing risks posed by improperly managed third-party access in the future. 

It was not until approximately four years after the login information was inactive, that it was exploited by a threat actor operating under the name "GHNA," which had remained inactive for nearly four years. Through the use of these long-abandoned credentials, the attacker gained access to a Spectos client-Samsung Germany-linked system resulting in approximately 270,000 customer service tickets becoming visible to the public and subsequently being leaked out. 

In light of this incident, there are significant cybersecurity risks associated with third-party access to information. Thus, the importance of regular credential audits, access reviews, and robust identity management practices cannot be overstated. As a result of this breach, the investigation is ongoing, with a particular focus on determining the extent of the breach and implementing remedial measures to prevent similar incidents in the future. 

A growing trend in cyberattacks is to exploit valid credentials which have been poorly managed by malicious actors, so that they may be able to infiltrate systems and escape detection. It is particularly concerning that the compromised credentials have been valid for such a long time in this case, suggesting that access governance and credential lifecycle management may not have been effective enough. Hudson Rock stated in their report that if proactive measures had been taken, “this incident would not have occurred.” 

Because outdated credentials were still active after several years of inactivity, a serious lapse in security hygiene is evident. A chance to mitigate this threat was missed, but the damage has been considerable because of the damage that has already been done. This incident serves as a cautionary example of how vital it is to regularly update login credentials, conduct access reviews, and implement strong practices to manage third parties' risks. In his recent interview with Deepwatch's Chief Information Security Officer, Chad Cragle stressed the importance of protecting credentials from compromise, calling compromised credentials “a time bomb” that can be exploited at any moment if not addressed proactively. 

The warning comes following the recent data breach involving Samsung Germany, which raised serious concerns about identity security and the ability to access third-party systems. Experts in the industry are emphasizing the importance of implementing enhanced security controls, especially when it comes to managing external partner access to systems. It has become increasingly evident that organizations need to implement stricter oversight to mitigate the threat posed by outdated or exposed login credentials, which is evident in the ongoing investigation into the breach. Organizations need to develop more resilient frameworks to mitigate these threats. 

With the rapid adoption of artificial intelligence-driven technologies and cloud infrastructure, the cybersecurity landscape continues to be compounded. While these technological advancements offer significant operational benefits, they also introduce complex vulnerabilities which cybercriminals are increasingly adept at exploiting to gain an advantage over their adversaries. Specifically, the development of artificial intelligence has enabled threat actors to manipulate leaked data even more effectively, and this puts a greater burden on organizations to strengthen their security systems and safeguard customers' data. 

In recent years, Samsung has been subjected to greater scrutiny when it comes to its cybersecurity posture. A significant amount of attention was focused on Samsung in 2023 after the company accidentally leaked sensitive internal code by utilizing generative AI tools like ChatGPT. Such incidents demonstrate a persistent lack of security governance in Samsung and are an indication that the company needs to implement a more rigorous and forward-looking approach to data protection in the future. 

A multi-layered security strategy is essential for businesses to prevent similar breaches from happening in the future, including regular credential audits, an identity access management system that is robust, continuous monitoring, and secure integration practices for third-party vendors. In his opinion, likely, Spectos GmbH did not have adequate monitoring mechanisms in place to identify anomalous activity that might have been linked to the compromised credentials, as indicated by Heath Renfrow, Co-Founder and Chief Information Security Officer of Fenix24. 

Many organizations emphasize detecting external threats and suspicious behaviours when conducting risk assessments, but they often underestimate the risks associated with valid credentials that have been silently compromised, according to him. When credentials are associated with routine or administrative operations, such as service monitoring or quality management, unauthorized access can blend in with the expected activity and can be difficult to detect, since it blends in with what is expected. It was pointed out by Renfrow that cybercriminals are often extremely patient and may even delay taking action until conditions are optimal. 

It might be necessary to observe the network for changes in structure, evidence privileges over time, or even identify opportune moments—such as during broader security incidents—in which their actions are most likely to be noticed or will be of maximum impact. The Samsung Germany support services are warning its customers to take extra care when receiving unsolicited messages, particularly if they have previously interacted with Samsung Germany's customer service. 

Generally, security professionals recommend avoiding unfamiliar links, monitoring users' accounts for unusual activity, and following best practices to make sure their online safety is enhanced. These include using strong, unique passwords and enabling two-factor authentication. This incident highlights a persistent weakness in cybersecurity strategy, which is not properly managing and rotating login credentials. In his remarks, Hudson Rock founder Alone Gal highlighted that organizations can avoid attacks of this kind when they follow a strong credential hygiene policy and monitor access to their systems continuously. 

“Infostealers do not have to break down the doors,” Gal stated. According to reports from the cybersecurity community, artificial intelligence could lead to an accelerated process of exploiting such breaches due to its potential to speed up the process. There are some tools which can be integrated into AI-driven systems that can be used to identify valuable data within leaked records, prioritize targets at high risk, and launch follow-up attacks more rapidly and accurately than ever before. This breach has over the last few weeks also brought the threat of freely circulating sensitive data being weaponized in a very short period, amplifying the threat for Samsung and its affected customers.
Read more »
Vulnerabilities and Exploits
Cyberattacks CyberCrime Cyberhackers CyberThreat Cyersecurity Qualcomm Vulnerabilities and Exploits

Qualcomm Identifies and Patches Critical Security Issues in Latest Update

 


Several vulnerabilities were identified in Qualcomm's latest security update for March 2025 that impacted many products, including automotive systems, mobile chipsets, and networking devices. There are several critical security issues in this security bulletin, including memory corruption risks and input validation flaws that could pose a significant security risk if exploited to compromise the system. 

The Qualcomm Security Updates are intended to improve the security of Qualcomm's technology ecosystem as well as strengthen its protection against possible cyber threats. There had been multiple security vulnerabilities identified and resolved by Qualcomm and MediaTek over the last few weeks, some of which had already been addressed by their respective Android updates, which were deployed in the previous weeks. 

Qualcomm released the March 2025 Security Bulletin, which outlined 14 vulnerabilities, all of which were addressed via upstream updates to its proprietary software, highlighting the serious potential risks associated with these security vulnerabilities. These security flaws are most of the time classified as critical or high severity, highlighting the seriousness of the threat they pose to users. Several of the vulnerabilities identified by Qualcomm include memory corruption, affecting Qualcomm's automotive software platform based on the QNX operating system.

Qualcomm has also released patches to resolve five high-severity vulnerabilities, which could result in information disclosures, denial-of-service (DoS) attacks, and memory corruption as a result. Furthermore, two moderate-severity flaws have been addressed as part of the latest security updates launched by the semiconductor manufacturer. 

The semiconductor manufacturer has also resolved seven high-severity defects and six medium-severe defects within open-source components launched by the manufacturer. As a result of these security patches, Qualcomm emphasized that OEMs (original equipment manufacturers) are being actively notified of the updates and urged them to implement the fixes on deployed devices as soon as possible. 

It is noteworthy that Google's March 2025 Android security update addressed three of the identified vulnerabilities: CVE-2024-43051, CVE-2025-53011, and CVE-2024-53025. It has been revealed that MediaTek has discovered ten security vulnerabilities that impact multiple chipsets. As part of the release of the company's fixes, three high-severity issues have been found, including a memory corruption flaw in modems, which can lead to DoS attacks, as well as an out-of-bounds write vulnerability in KeyInstall and WLAN, which can lead to escalation of privileges. 

This security bulletin from Qualcomm not only addresses vulnerabilities identified in proprietary software, but also vulnerabilities in open-source components that Qualcomm's products are integrated with. There are several security flaws affecting Android operating systems, camera drivers, and multimedia frameworks, among others. Qualcomm intends to mitigate the potential risks of these vulnerabilities by informing its customers and partners and strongly urging that patches be deployed as soon as possible to mitigate these risks. 

Users of Qualcomm-powered devices should check with their device manufacturers to learn about the availability of security updates and patches for those devices. During the last few months, Qualcomm has released a series of security updates demonstrating its commitment to increasing cybersecurity across all its product lines. By addressing critical vulnerabilities and working closely with original equipment manufacturers (OEMs) to facilitate timely patch deployments, the company aims to decrease security risks and enhance the integrity of its systems. 

As the threat of cyber-attacks continues to evolve, maintaining robust security measures through regular updates is imperative. According to Qualcomm, their users are encouraged to stay informed about security developments and to ensure they get the latest patches installed on their devices to prevent any possible exploitation of the vulnerabilities. In addition, organizations that are utilizing Snapdragon-powered systems are also encouraged to make sure that these updates are implemented promptly as a means of ensuring that their technology infrastructure is secure and reliable.
Read more »
Technology
Artificial Intelligence ChatGPT CyberCrime CyberThreat Cyersecurity GitHub Shadow AI Technology

Ensuring Governance and Control Over Shadow AI

 


AI has become almost ubiquitous in software development, as a GitHub survey shows, 92 per cent of developers in the United States use artificial intelligence as part of their everyday coding. This has led many individuals to participate in what is termed “shadow AI,” which involves leveraging the technology without the knowledge or approval of their organization’s Information Technology department and/or Chief Information Security Officer (CISO). 

This has increased their productivity. In light of this, it should not come as a surprise to learn that motivated employees will seek out the technology that can maximize their value potential as well as minimize repetitive tasks that interfere with more creative, challenging endeavours. It is not uncommon for companies to be curious about new technologies, especially those that can be used to make work easier and more efficient, such as artificial intelligence (AI) and automation tools. 

Despite the increasing amount of ingenuity, some companies remain reluctant to adopt technology at their first, or even second, glances. Nevertheless, resisting change does not necessarily mean employees will stop secretly using AI in a non-technical way, especially since tools such as Microsoft Copilot, ChatGPT, and Claude make these technologies more accessible to non-technical employees.

Known as shadow AI, shadow AI is a growing phenomenon that has gained popularity across many different sectors. There is a concept known as shadow AI, which is the use of artificial intelligence tools or systems without the official approval or oversight of the organization's information technology or security department. These tools are often adopted to solve immediate problems or boost efficiency within an organization. 

If these tools are not properly governed, they can lead to data breaches, legal violations, or regulatory non-compliance, which could pose significant risks to businesses. When Shadow AI is not properly managed, it can introduce vulnerabilities into users' infrastructure that can lead to unauthorized access to sensitive data. In a world where artificial intelligence is becoming increasingly ubiquitous, organizations should take proactive measures to make sure their operations are protected. 

Shadow generative AI poses specific and substantial risks to an organization's integrity and security, and poses significant threats to both of them. A non-regulated use of artificial intelligence can lead to decisions and actions that could undermine regulatory and corporate compliance. Particularly in industries with very strict data handling protocols, such as finance and healthcare, where strict data handling protocols are essential. 

As a result of the bias inherent in the training data, generative AI models can perpetuate these biases, generate outputs that breach copyrights, or generate code that violates licensing agreements. The untested code may cause the software to become unstable or error-prone, which can increase maintenance costs and cause operational disruptions. In addition, such code may contain undetected malicious elements, which increases the risk of data breach and system downtime, as well.

It is important to recognize that the mismanagement of Artificial Intelligence interactions in customer-facing applications can result in regulatory non-compliance, reputational damage, as well as ethical concerns, particularly when the outputs adversely impact the customer experience. Consequently, organization leaders must ensure that their organizations are protected from unintended and adverse consequences when utilizing generative AI by implementing robust governance measures to mitigate these risks. 

In recent years, AI technology, including generative and conversational AI, has seen incredible growth in popularity, leading to widespread grassroots adoption of these technologies. The accessibility of consumer-facing AI tools, which require little to no technical expertise, combined with a lack of formal AI governance, has enabled employees to utilize unvetted AI solutions, The 2025 CX Trends Report highlights a 250% year-over-year increase in shadow AI usage in some industries, exposing organizations to heightened risks related to data security, compliance, and business ethics. 

There are many reasons why employees turn to shadow AI for personal or team productivity enhancement because they are dissatisfied with their existing tools, because of the ease of access, and because they want to enhance the ability to accomplish specific tasks. In the future, this gap will grow as CX Traditionalists delay the development of AI solutions due to limitations in budget, a lack of knowledge, or an inability to get internal support from their teams. 

As a result, CX Trendsetters are taking steps to address this challenge by adopting approved artificial intelligence solutions like AI agents and customer experience automation, as well as ensuring the appropriate oversight and governance are in place. Identifying AI Implementations: CISOs and security teams, must determine who will be introducing AI throughout the software development lifecycle (SDLC), assess their security expertise, and evaluate the steps taken to minimize risks associated with AI deployment. 

In training programs, it is important to raise awareness among developers of the importance and potential of AI-assisted code as well as develop their skills to address these vulnerabilities. To identify vulnerable phases of the software development life cycle, the security team needs to analyze each phase of the SDLC and identify if any are vulnerable to unauthorized uses of AI. 

Fostering a Security-First Culture: By promoting a proactive protection mindset, organizations can reduce the need for reactive fixes by emphasizing the importance of securing their systems from the onset, thereby saving time and money. In addition to encouraging developers to prioritize safety and transparency over convenience, a robust security-first culture, backed by regular training, encourages a commitment to security. 

CISOs are responsible for identifying and managing risks associated with new tools and respecting decisions made based on thorough evaluations. This approach builds trust, ensures tools are properly vetted before deployment, and safeguards the company's reputation. Incentivizing Success: There is great value in having developers who contribute to bringing AI usage into compliance with their organizations. 

For this reason, these individuals should be promoted, challenged, and given measurable benchmarks to demonstrate their security skills and practices. As organizations reward these efforts, they create a culture in which AI deployment is considered a critical, marketable skill that can be acquired and maintained. If these strategies are implemented effectively, a CISO and development teams can collaborate to manage AI risks the right way, ensuring faster, safer, and more effective software production while avoiding the pitfalls caused by shadow AI. 

As an alternative to setting up sensitive alerts to make sure that confidential data isn't accidentally leaked, it is also possible to set up tools using artificial intelligence, for example, to help detect when a model of artificial intelligence incorrectly inputs or processes personal data, financial information, or other proprietary information. 

It is possible to identify and mitigate security breaches in real-time by providing real-time alerts in real-time, and by enabling management to reduce these breaches before they escalate into a full-blown security incident, adding a layer of security protection, in this way. 

When an API strategy is executed well, it is possible to give employees the freedom to use GenAI tools productively while safeguarding the company's data, ensuring that AI usage is aligned with internal policies, and protecting the company from fraud. To increase innovation and productivity, one must strike a balance between securing control and ensuring that security is not compromised.
Read more »
UPI
Advanced Technology Biometric Cash Contactless Payment CyberCrime CyberThreat Cyersecurity Digital Payment Online Payments Privacy UPI

The Future of Payment Authentication: How Biometrics Are Revolutionizing Transactions

 



As business operates at an unprecedented pace, consumers are demanding quick, simple, and secure payment options. The future of payment authentication is here — and it’s centered around biometrics. Biometric payment companies are set to join established players in the credit card industry, revolutionizing the payment process. Biometric technology not only offers advanced security but also enables seamless, rapid transactions.

In today’s world, technologies like voice recognition and fingerprint sensors are often viewed as intrusions in the payment ecosystem. However, in the broader context of fintech’s evolution, fingerprint payments represent a significant advancement in payment processing.

Just 70 years ago, plastic credit and debit cards didn’t exist. The introduction of these cards drastically transformed retail shopping behaviors. The earliest credit card lacked a magnetic strip or EMV chip and captured information using carbon copy paper through embossed numbers.

In 1950, Frank McNamara, after repeatedly forgetting his wallet, introduced the first "modern" credit card—the Diners Club Card. McNamara paid off his balance monthly, and at that time, he was one of only three people with a credit card. Security wasn’t a major concern, as credit card fraud wasn’t prevalent. Today, according to the Consumer Financial Protection Bureau’s 2023 credit card report, over 190 million adults in the U.S. own a credit card.

Biometric payment systems identify users and authorize fund deductions based on physical characteristics. Fingerprint payments are a common form of biometric authentication. This typically involves two-factor authentication, where a finger scan replaces the card swipe, and the user enters their personal identification number (PIN) as usual.

Biometric technology verifies identity using biological traits such as facial recognition, fingerprints, or iris scans. These methods enhance two-step authentication, offering heightened security. Airports, hospitals, and law enforcement agencies have widely adopted this technology for identity verification.

Beyond security, biometrics are now integral to unlocking smartphones, laptops, and secure apps. During the authentication process, devices create a secure template of biometric data, such as a fingerprint, for future verification. This data is stored safely on the device, ensuring accurate and private access control.

By 2026, global digital payment transactions are expected to reach $10 trillion, significantly driven by contactless payments, according to Juniper Research. Mobile wallets like Google Pay and Apple Pay are gaining popularity worldwide, with 48% of businesses now accepting mobile wallet payments.

India exemplifies this shift with its Unified Payments Interface (UPI), processing over 8 billion transactions monthly as of 2023. This demonstrates the country’s full embrace of digital payment technologies.

The Role of Governments and Businesses in Cashless Economies

Globally, governments and businesses are collaborating to offer cashless payment options, promoting convenience and interoperability. Initially, biometric applications were limited to high-security areas and law enforcement. Technologies like DNA analysis and fingerprint scanning reduced uncertainties in criminal investigations and helped verify authorized individuals in sensitive environments.

These early applications proved biometrics' precision and security. However, the idea of using biometrics for consumer payments was once limited to futuristic visions due to high costs and slow data processing capabilities.

Technological advancements and improved hardware have transformed the biometrics landscape. Today, biometrics are integrated into everyday devices like smartphones, making the technology more consumer-centric and accessible.

Privacy and Security Concerns

Despite its benefits, the rise of biometric payment systems has sparked privacy and security debates. Fingerprint scanning, traditionally linked to law enforcement, raises concerns about potential misuse of biometric data. Many fear that government agencies might gain unauthorized access to sensitive information.

Biometric payment providers, however, clarify that they do not store actual fingerprints. Instead, they capture precise measurements of a fingerprint's unique features and convert this into encrypted data for identity verification. This ensures that the original fingerprint isn't directly used in the verification process.

Yet, the security of biometric systems ultimately depends on robust databases and secure transaction mechanisms. Like any system handling sensitive data, protecting this information is paramount.

Biometric payment systems are redefining the future of financial transactions by offering unmatched security and convenience. As technology advances and adoption grows, addressing privacy concerns and ensuring data security will be critical for the widespread success of biometric authentication in the payment industry.
Read more »
Vulnerabilities and Exploits
Cyberfrauds CyberThreat Cyercrime Cyersecurity Email Phishing Vulnerabilities and Exploits

Millions of Email Servers Found Vulnerable in Encryption Analysis

 


In a new study published by ShadowServer, it was revealed that 3.3 million POP3 (Post Office Protocol) and IMAP (Internet Message Access Protocol) servers are currently at risk of network sniffing attacks because they are not encrypting their data using TLS. 

Using IMAP, users can access their emails from different devices, while keeping messages on the server. With POP3, however, the messages are downloaded to one specific device, which restricts access to that particular device, resulting in IMAP and POP3 being used to access email. Mail servers can be accessed through two different methods: POP3 and IMAP. POP3 is a way to access email through a server. 

A good reason to use IMAP is that it stores users' emails on the server and synchronizes them across all their devices. This allows them to check their inbox across multiple devices, such as laptops and phones. However, POP3 works by downloading emails from the server and making them only accessible from the device from which they were downloaded. Additionally, there is no denying that many hosting companies configure POP3 and IMAP services by default, even though most users do not use them. 

It is important to note that it is very common to have those services configured by default. To ensure that TLS is enabled, and all email users use the latest version of the protocol, the organization advised them to check with their email provider. With the latest versions of Apple, Google, Microsoft, and Mozilla email platforms, users can rest assured that their information is already protected thanks to the TLS encryption protocol. 

To securely exchange and access emails across the Internet using client/server applications, the TLS secure communication protocol helps secure users' information while exchanging and accessing. In the absence of TLS encryption, the messages' content and credentials are sent in clear text, making them susceptible to network sniffing attacks that could eavesdrop on them. In the sense of a security protocol, TLS, or Transport Layer Security, is an Internet-based security protocol used for secure web browsing as well as encrypting emails, file transfers, and messaging messages. It is used to provide end-to-end security between applications over the Internet. 

It is the role of TLS to keep hackers away from sniffing the network, encrypting users' email credentials and message contents instead of sending them as plain text, which helps to prevent hackers from sniffing the network. As an alternative to TLS encryption, it is also possible for anyone to sniff out that information without encryption. To find out 3.3 million hosts that do not support TLS, ShadowServer scanned the internet for POP3 services running on ports 110 and 995. 

As of 2006, there has been widespread use of TLS 1.1 as an improvement over TLS 1.0, which had been introduced to the market in 1999, and TLS 1.0 remained in use until this very day. Having discussed and developed 28 protocol drafts, the Internet Engineering Task Force (IETF) approved TLS 1.3, the next major version of the TLS protocol, in March of 2018, after extensive discussions and development of 28 drafts. 

Without TLS, passwords for mail access could be intercepted, and exposed services could allow a password-guessing attack on the server, and without TLS, passwords could be intercepted, and the server could suffer from password-guessing attacks. Hosts can be eavesdropping on network sniffer attacks if credentials and message content are sent in clear text without encryption. 

It is estimated that about 900,000 of these sites reside in the United States with over 500,000 being in Germany and Poland with 380,000 being in Germany. However according to the researchers, no matter whether TLS is enabled or not, service exposure could result in a password-guessing attack against the server. As part of the coordinated announcement made by Microsoft, Google, Apple, and Mozilla in October 2018 informing the public that insecure TLS 1.0 and TLS 1.1 protocols would be retired in 2020, Microsoft, Google, Apple, and Mozilla announced their intentions. As of August 2020, the latest Windows 10 Insider builds have begun using TLS 1.3 by default. 

The National Security Agency also released a guide in January 2021 detailing how outdated versions of the TLS protocol, configurations, and versions can be identified and replaced with current, secure solutions. As a ShadowServer foundation spokesperson pointed out, “regardless of whether TLS is enabled or not, service exposure may enable password guessing attacks against the server regardless of whether TLS is enabled.” 

Email users are urged to make sure that their email service provider indeed enables TLS and that their email service provider is using the current version of the protocol. Regardless of whether they are using Apple, Google, Microsoft, or Mozilla email platforms, users need not be worried since they all support TLS and use the latest versions of it.
Read more »
Subscribe to: Posts (Atom)