Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Digital Security. Show all posts
Password Manager
Credentials cyber attack Cybersecurity Digital Security Hacking Infostealer malware MFA Password Manager

Cybercriminals Intensify Attacks on Password Managers

 

Cybercriminals are increasingly setting their sights on password managers as a way to infiltrate critical digital accounts.

According to Picus Security’s Red Report 2025, which analyzed over a million malware samples from the past year, a quarter (25%) of all malware now targets credentials stored in password managers. Researchers noted that this marks a threefold surge compared to the previous year.

“For the first time ever, stealing credentials from password stores is in the top 10 techniques listed in the MITRE ATT&CK Framework,” they said. “The report reveals that these top 10 techniques accounted for 9Beyond the growing frequency of attacks, hackers are also deploying more advanced techniques. 3% of all malicious actions in 2024.”

Advanced Hacking Techniques

Dr. Suleyman Ozarslan, co-founder and VP of Picus Labs, revealed that cybercriminals use sophisticated methods like memory scraping, registry harvesting, and breaching both local and cloud-based password stores to extract credentials.

To counter this rising threat, Ozarslan emphasized the importance of using password managers alongside multi-factor authentication (MFA). He also warned against password reuse, particularly for password.

Beyond the growing frequency of attacks, hackers are also deploying more advanced techniques. Picus Security highlighted that modern cybercriminals are now favoring long-term, multi-stage attacks that leverage a new generation of malware. These advanced infostealers are designed for stealth, persistence, and automation.

Researchers compared this evolution in cyber threats to “the perfect heist,” noting that most malware samples execute over a dozen malicious actions to bypass security defenses, escalate privileges, and exfiltrate data.

A password manager is a cybersecurity tool that securely stores, generates, and auto-fills strong passwords across websites and apps. By eliminating the need to remember multiple passwords, it strengthens security and reduces the risk of breaches. Experts consider it an essential component of cybersecurity best practices.
Read more »
Perception Point
Artificial Intelligence Cyber Security Digital Security Fortinet Perception Point

Fortinet Acquires Perception Point to Enhance AI-Driven Cybersecurity

 


Fortinet, a global leader in cybersecurity with a market valuation of approximately $75 billion, has acquired Israeli company Perception Point to bolster its email and collaboration security capabilities. While the financial terms of the deal remain undisclosed, this acquisition is set to expand Fortinet's AI-driven cybersecurity solutions.

Expanding Protections for Modern Workspaces

Perception Point's advanced technology secures vital business tools such as email platforms like Microsoft Outlook and Slack, as well as cloud storage services. It also extends protection to web browsers and social media platforms, recognizing their increasing vulnerability to cyberattacks.

With businesses shifting to hybrid and cloud-first strategies, the need for robust protection across these platforms has grown significantly. Fortinet has integrated Perception Point's technology into its Security Fabric platform, enhancing protection against sophisticated cyber threats while simplifying security management for organizations.

About Perception Point

Founded in 2015 by Michael Aminov and Shlomi Levin, alumni of Israel’s Intelligence Corps technology unit, Perception Point has become a recognized leader in cybersecurity innovation. The company is currently led by Yoram Salinger, a veteran tech executive and former CEO of RedBand. Over the years, Perception Point has secured $74 million in funding from major investors, including Nokia Growth Partners, Pitango, and SOMV.

The company's expertise extends to browser-based security, which was highlighted by its acquisition of Hysolate. This strategic move demonstrates Perception Point's commitment to innovation and growth in the cybersecurity landscape.

Fortinet's Continued Investment in Israeli Cybersecurity

Fortinet’s acquisition of Perception Point follows its 2019 purchase of Israeli company EnSilo, which specializes in threat detection. These investments underscore Fortinet’s recognition of Israel as a global hub for cutting-edge cybersecurity technologies and innovation.

Addressing the Rise in Cyberattacks

As cyber threats become increasingly sophisticated, companies like Fortinet are proactively strengthening digital security measures. Perception Point’s AI-powered solutions will enable Fortinet to address emerging risks targeting email systems and collaboration tools, ensuring that modern businesses can operate securely in today’s digital-first environment.

Conclusion

Fortinet’s acquisition of Perception Point represents a significant step in its mission to provide comprehensive cybersecurity solutions. By integrating advanced AI technologies, Fortinet is poised to deliver enhanced protection for modern workspaces, meeting the growing demand for secure, seamless operations across industries.

Read more »
Social Security Number
Data Breach Digital Security Passwords Sensitive data Social Security Number

Why Ignoring Data Breaches Can Be Costly




Data breaches are now more rampant than ever, exposing passwords and payment details to hackers. You could be getting breach alerts that pop up every so often, warning you that your data has been exposed. It's a wake-up call on how rampant the breaches are.

A Persistent Problem 

Data breaches have become part of our online lives. From credit card numbers to social security information, hackers never cease their attempts to access sensitive data. In fact, many breaches are financially driven, and about 95% of cyberattacks aim for money or valuable information. Still, despite all the news every day, companies often do not realise they have been breached until almost six months pass. The average time to discovery is 194 days according to Varonis. Therefore, the attackers have sufficient time to use the information before the companies can even initiate their response.

Rise of Breach Blindness

Over time, exposure to breach after breach has created "breach blindness," as if these alerts do not matter anymore. Since most of the time, nothing immediate happens, it is easy to scroll past breach notifications without thinking twice. This apathy is dangerous. Such a lack of care could mean stolen identities, financial fraud, and no one holding the companies accountable for their inability to protect the data.

When companies lose money as a result of these breaches, the consumer pays for it in the form of higher fees or costs. IBM reports that the worldwide average cost of a data breach is nearly $5 million, a 10% increase from last year. Such a high cost is a burden shared between the consumer and the economy at large.

How to Protect Your Data

Although companies are liable for securing data, there are various measures that can be undertaken personally. The first and most obvious measure is that your account should have a very strong and unique password. Hackers rely on frequently used, weakly protected passwords to bypass most accounts. Changing them with complexity makes it even more challenging for attackers to bypass and get to compromising your data.

It is much important to stay vigilant nowadays with data breaches being as common as a part and parcel of the internet. This breach, little by little, erodes privacy online and security. Stop pretending not to know those prompts; take them as warnings to check on your web security and work on strengthening it if needed. The one thing to do with all this is to keep apprised so as to not be taken in on the hook.




Read more »
training
Awareness Cyber Attacks Cyberattacks Cybersecurity Data protection Digital Security Education human error legislation malware training

Addressing Human Error in Cybersecurity: The Unseen Weak Link

 

Despite significant progress in cybersecurity, human error remains the most significant vulnerability in the system. Research consistently shows that the vast majority of successful cyberattacks stem from human mistakes, with recent data suggesting it accounts for 68% of breaches.

No matter how advanced cybersecurity technology becomes, the human factor continues to be the weakest link. This issue affects all digital device users, yet current cyber education initiatives and emerging regulations fail to effectively target this problem.

In cybersecurity, human errors fall into two categories. The first is skills-based errors, which happen during routine tasks, often when someone's attention is divided. For instance, you might forget to back up your data because of distractions, leaving you vulnerable in the event of an attack.

The second type involves knowledge-based errors, where less experienced users make mistakes due to a lack of knowledge or not following specific security protocols. A common example is clicking on a suspicious link, leading to malware infection and data loss.

Despite heavy investment in cybersecurity training, results have been mixed. These initiatives often adopt a one-size-fits-all, technology-driven approach, focusing on technical skills like password management or multi-factor authentication. However, they fail to address the psychological and behavioral factors behind human actions.

Changing behavior is far more complex than simply providing information. Public health campaigns, like Australia’s successful “Slip, Slop, Slap” sun safety campaign, demonstrate that sustained efforts can lead to behavioral change. The same principle should apply to cybersecurity education, as simply knowing best practices doesn’t always lead to their consistent application.

Australia’s proposed cybersecurity legislation includes measures to combat ransomware, enhance data protection, and set minimum standards for smart devices. While these are important, they mainly focus on technical and procedural solutions. Meanwhile, the U.S. is taking a more human-centric approach, with its Federal Cybersecurity Research Plan placing human factors at the forefront of system design and security.

Three Key Strategies for Human-Centric Cybersecurity

  • Simplify Practices: Cybersecurity processes should be intuitive and easily integrated into daily workflows to reduce cognitive load.
  • Promote Positive Behavior: Education should highlight the benefits of good cybersecurity practices rather than relying on fear tactics.
  • Adopt a Long-term Approach: Changing behavior is an ongoing effort. Cybersecurity training must be continually updated to address new threats.
A truly secure digital environment demands a blend of strong technology, effective policies, and a well-educated, security-conscious public. By better understanding human error, we can design more effective cybersecurity strategies that align with human behavior.
Read more »
VPN
Digital Security Online Activity Technology Torrent VPN

Can VPN Conceal Torrenting? Is it Safe to Torrent With a VPN?

 

Nowadays, keeping your internet behaviour private can seem impossible, especially if you torrent. This type of file sharing is strongly discouraged by both ISPs, which may throttle your internet connections if you are detected, and government organisations, which are looking out for copyright offences. 

So, what's the solution if you still want to torrent? A VPN (virtual private network). A VPN not only hides your traffic inside a private tunnel, preventing prying eyes from tracking you, but it also encrypts your data for further security. Below, I'll explain how torrents operate, if a VPN truly covers your torrent activity, and whether using a VPN to torrent is good for you. 

What is torrenting? 

Torrenting is a method of sharing files across a decentralised, peer-to-peer (P2P) network. Rather than downloading a full file from a single source, a torrent file is divided into "packets" that are downloaded/uploaded from multiple sources on the network simultaneously. This strategy minimises network load and accelerates the download process.

Torrenting is an excellent method for efficiently sharing and downloading files. However, decentralisation might have consequences. Torrenting is typically prohibited by internet service providers (ISPs) because it is frequently used to share pirated content, creating a liability for the ISP; and torrenting can consume a significant amount of bandwidth on the ISP's network. 

Furthermore, downloading and sharing data from many sources via torrents puts you at increased risk of malware and infections. When torrenting, you should use both a reliable VPN and efficient antivirus software to help mitigate these threats. 

Role of VPN

When you use your regular home internet connection, your ISP can monitor everything you do online. As previously stated, ISPs dislike torrenting (regardless of the content), and if you torrent regularly, your internet connection may be throttled. If you download something you shouldn't, your ISP can see it and may report your conduct to government officials, potentially resulting in a DMCA violation email and a significant penalty.

It just goes to explain how closely this type of conduct is being monitored. By employing a VPN, all of your traffic is diverted through the VPN's private servers rather than your ISP's, ensuring that your ISP cannot snoop on your online activities while connected. 

The VPN encrypts data to create a private tunnel. Most VPNs employ military-grade AES-256 encryption technology or something similar for all data that passes through their servers. This makes it unreadable to outside organisations, providing an additional layer of protection, especially when downloading torrent files. 

Finally, because your traffic is routed through VPN servers, the IP address allocated to your computer by your ISP is changed to that of the VPN's servers, ensuring that your activity cannot be traced back to your house. 

Furthermore, if your VPN has a certified no-logs policy, as it should, no record of your activities will ever be gathered or retained for further review. This is significant because law enforcement's most common data sharing request to VPN providers is for information on DMCA violations.
Read more »
Trend Micro
Cyber Attacks data security data theft Trend Mirco Digital Infrastructure Digital Security ransomware attacks Trend Micro

Rise in Ransomware Attacks in Southeast Asia Driven by Rapid Digitalization and Security Gaps

 

A wave of ransomware attacks across Southeast Asia during the first half of this year marks just the beginning of a larger trend. Companies and government agencies, particularly in countries like Thailand, Japan, South Korea, Singapore, Taiwan, and Indonesia, have experienced a dramatic rise in cyberattacks, outpacing the rate of ransomware growth in Europe, as shown by data from Trend Micro. 

With incidents like the June attack by the ransomware group Brain Cipher, which disrupted more than 160 Indonesian government agencies, the frequency of such attacks is expected to increase as the region’s economies expand. Many organizations in Southeast Asia are rapidly digitizing their infrastructure, often prioritizing speed over security. Ryan Flores, a senior manager at Trend Micro, points out that the rush to launch digital services often sidelines security measures. 

This rush, combined with a lack of stringent cybersecurity practices, makes organizations in Asia prime targets for cybercriminals. Recent incidents, such as the ransomware attack on a major Vietnamese brokerage in March and malicious code injections in Japan, indicate that cyber attackers are increasingly focusing on this region. Although North America and Europe remain the primary targets for ransomware, the Asia-Pacific region is experiencing a significant surge in attacks. In 2023, ransomware incidents in Asia grew by 85%, according to cybersecurity firm Comparitech. 

Countries like India and Singapore have become major targets, ranking among the top six countries affected by ransomware, based on Sophos’ “State of Ransomware 2024” report. Ransomware groups are especially targeting critical sectors in the Asia-Pacific region. Manufacturing saw the highest number of attacks, followed by government and healthcare sectors. Rebecca Moody of Comparitech suggests that the absence of strict breach notification laws in many Asian countries contributes to underreporting, which in turn reduces the focus on cybersecurity. While ransomware attacks in Asia are increasing, experts like Trend Micro’s Flores believe this rise is not due to targeted efforts but rather the sheer number of potential victims as companies in the region adopt digital tools without adequately upgrading their security. 

Cybercriminals are opportunistic, targeting any vulnerable infrastructure, regardless of its location. National governments in Asia are beginning to take steps to enhance their cybersecurity regulations. For instance, Singapore updated its Cybersecurity Act in May, and Malaysia introduced new legislation requiring cybersecurity service providers to be licensed. However, experts stress that organizations must prioritize basic security practices, such as regular software patching, strong password policies, and multifactor authentication, to mitigate risks effectively.
Read more »
Social media identity theft
Costa Rica cybercrime Cyber Fraud Cybercrime Prevention Digital Security identity theft protection Online fraud Social media identity theft

Costa Rican Authorities Issue Warning as Social Media Identity Theft Cases Double

 

With the rapid evolution of technology, there has been a concerning rise in cybercrime, particularly in the realm of identity theft on social media platforms. The Cybercrime Unit of the Public Prosecutor's Office has observed a significant surge in such cases, prompting heightened attention to this growing threat.

Esteban Aguilar, the lead prosecutor of the Cybercrime Unit, shed light on the methods employed by cybercriminals to carry out identity theft. He explained that these crimes often target individuals, corporations, and even trademarks, using social networks, websites, or other digital platforms as their primary vehicles. Aguilar highlighted the severity of this issue, noting that identity theft has become the second most rapidly increasing form of cybercrime in the country, trailing only behind cyber fraud in its expansion.

The prosecutor emphasized the gravity of the situation by discussing the legal repercussions associated with identity theft. According to Aguilar, the Cybercrime Unit frequently receives reports of false profiles on social networks, which can lead to serious legal consequences, including imprisonment for up to three years. He stressed the importance of educating young people, who are the most active users of social media, on the legal and ethical responsibilities they must uphold online. Aguilar warned that any involvement in such illicit activities could result in severe penalties.

Statistical data from the Public Prosecutor's Office further underscore the growing concern. Since 2019, the number of identity theft cases has nearly doubled, rising from 449 reported incidents that year to 950 cases in 2023. This sharp increase reflects the escalating nature of cyber threats and the need for stronger measures to combat them.

The Costa Rican Penal Code specifically addresses the crime of identity theft, prescribing imprisonment ranging from one to three years for offenders. The law is clear: anyone who impersonates the identity of a natural person, legal entity, or trademark on any social network, website, or digital platform will face serious legal consequences.

The impact of identity theft has not been limited to individuals. Businesses, too, have been affected, with several high-profile companies falling victim to this crime. For instance, Pozuelo, a well-known cookie brand, has issued warnings to the public about fraudulent schemes where criminals have misappropriated the company's identity. Similarly, financial institutions, including banks, have alerted their customers to various scams designed to exploit their trust.

In a particularly alarming development, the country recently reported its first case of identity theft involving social networks. The case involves a man accused of accessing his ex-girlfriend's social media accounts and business profiles without her permission. According to the Prosecutor's Office, the accused had knowledge of her passwords and used them to infiltrate her personal and business accounts, raising serious concerns about privacy and the misuse of personal information.

This case serves as a stark reminder of the far-reaching consequences of cybercrime, particularly identity theft, and the urgent need for vigilance, both online and offline. As technology continues to advance, so too must the efforts to protect individuals and businesses from the growing threat of cybercriminals.

Read more »
Software
Antivirus Cyber Security Digital Security Hardware Ransomware Software

Understanding Hardware and Software in Cybersecurity


 

When it comes to cybersecurity, both hardware and software play crucial roles in keeping your devices safe. Here's a simple breakdown of what each one does and how they work together to protect your information.

Hardware: The Physical Parts

Hardware includes the physical components of a computer, like the processor, hard drives, RAM, and motherboard. These are the parts you can actually touch. In cybersecurity, hardware security involves devices like biometric scanners (such as fingerprint and iris scanners) and Trusted Platform Modules (TPMs), which securely store sensitive information like passwords. Ensuring physical security, such as keeping servers in a locked room, is also important to prevent unauthorised access.

Software: The Programs and Applications

Software consists of the programs and instructions that run on the hardware. This includes operating systems, applications, and stored data. Software security involves tools like firewalls, antivirus programs, encryption software, and intrusion detection systems. These tools help protect against cyber threats like malware, phishing attacks, and ransomware. Regular updates are necessary to keep these tools effective against new and continuously growing threats.

How They Work Together in Cybersecurity

Both hardware and software are essential for a strong cybersecurity defence. Hardware provides a foundation for physical security. For example, biometric scanners verify the identity of users, and TPMs store critical data securely. 

Software actively defends against online threats. Firewalls block unauthorised access to networks, antivirus programs detect and remove malicious software, and encryption software protects data by making it unreadable to unauthorised users. Intrusion detection systems monitor network activity and respond to suspicious behaviour.

Building a Strong Cybersecurity Strategy

To create a comprehensive cybersecurity strategy, you need to combine both hardware and software measures. Hardware ensures that your devices are physically secure, while software protects against digital threats. Together, they form a defence system that protects your information from being stolen, damaged, or accessed without permission.

Maintaining both physical and digital security is key. This means regularly updating your software and ensuring the physical safety of your hardware. By doing this, you can build a robust cybersecurity strategy that adapts to new threats and keeps your devices and data safe.

We need to be up to date with the roles of hardware and software in cybersecurity to develop effective strategies to protect against various threats. Both are vital in safeguarding your digital life, providing a layered defence that ensures the security and integrity of your data and systems.


Read more »
Virtual Private Network
Cyber Security Data Digital Security Quantum computing Virtual Private Network

Debunking Common Myths About VPNs






Virtual Private Networks (VPNs) are important tools for online privacy, but they’re often misunderstood. Here, we clear up the top five myths to help you understand what VPNs can and can’t do for your digital security.

Myth 1: All VPNs Steal Your Data

Many people worry that VPNs are just a cover for collecting data. While some free VPNs do sell user data to advertisers, many trustworthy VPNs don't. These reputable VPNs are regularly audited by independent firms like KPMG or Deloitte to prove they don’t keep logs of your activity. For example, Private Internet Access has defended its no-log policy in court. Always choose VPNs that have passed these audits to ensure your data is safe.

Myth 2: Government Surveillance Makes VPNs Useless

Some think that because the government monitors internet traffic, using a VPN is pointless. While governments do have surveillance capabilities, VPNs still add a strong layer of protection. They encrypt your data, making it much harder for anyone, including government agencies, to intercept or read it without a warrant. Despite efforts to crack encryption, modern protocols like OpenVPN, WireGuard, and IKEv2 are still secure. Therefore, VPNs are essential for maintaining privacy even in the face of government surveillance.

Myth 3: Quantum Computing Will Break VPNs Soon

There’s a fear that quantum computers will soon break all encryption, making VPNs useless. While quantum computing is a future threat, practical quantum computers are still many years away. Researchers are already working on new types of encryption that can resist quantum attacks. Even though there’s a risk that stored encrypted data could be decrypted in the future, the vast amount of data on the internet makes it impractical for anyone to capture everything. Using a VPN with future-proof protocols can help protect your data against these risks.

Myth 4: VPNs Make You Completely Anonymous Online

VPNs do a great job of hiding your IP address, but they don’t make you completely anonymous. If you share personal information on social media or allow tracking cookies, your identity can still be exposed. For full privacy, use VPNs along with other tools like script blockers, ad blockers, and services that delete your data from marketing databases. By combining these tools and being careful online, you can greatly reduce your digital footprint.

Myth 5: Tor Is Better Than a VPN

The Tor Browser offers high privacy by routing your traffic through multiple servers, but this also slows down your internet speed. Tor’s known exit nodes can be blocked by websites. In contrast, good VPNs invest in high-quality servers, providing faster speeds and reliable access to content that’s blocked in your region. While Tor is great for absolute privacy, VPNs are better for everyday use, where speed and reliability are important.

Misunderstandings about VPNs often come from unreliable services giving the whole industry a bad name. By choosing well-reviewed and audited VPNs, you can significantly boost your online privacy and security. VPNs protect you from hackers, marketers, and surveillance, making your internet experience safer and more private. Clearing up these myths helps you make better decisions about using digital privacy tools.

Read more »
Ransomware
cyber attack Cyber Attacks Digital Security Finland NATO Ransomware

NoName Ransomware Group Allegedly Targets Denmark and Finland Over NATO Support


 

The ransomware group NoName has reportedly launched cyberattacks against key institutions in Denmark and Finland, citing their support for NATO as the provocation. The alleged attacks targeted Denmark’s digital identification system MitID, the Finland Chamber of Commerce, and Finland’s largest financial services provider, OP Financial Group.

On a dark web forum, NoName announced these attacks, positioning them as a reaction to Denmark and Finland's recent military and infrastructural actions favouring NATO. The group specifically called out Denmark for training Ukrainian specialists in F-16 fighter jet maintenance:

"Denmark has trained the first 50 Ukrainian specialists in servicing F-16 fighter jets. Most of the specialists have already returned to Ukraine to prepare for the reception of F-16s at local air bases. The training of the first group of Ukrainian pilots continues in Denmark.”

They also criticised Finland for infrastructure upgrades intended to support NATO troops:

“Finland has begun repairing roads and bridges in Lapland to prepare for the deployment of NATO troops on its territory. ERR.EE reports on its change of stance on NATO forces and planned infrastructure work.”

NoName concluded their message with a warning, suggesting that Denmark and Finland's governments had not learned from past mistakes and threatened further actions.

Potential Impact on Targeted Entities

MitID: Denmark's MitID is a crucial component of the country's digital infrastructure, enabling secure access to various public and private services. An attack on this system could disrupt numerous services and damage public trust in digital security.

Finland Chamber of Commerce: The Chamber plays a vital role in supporting Finnish businesses, promoting economic growth, and facilitating international trade. A cyberattack could destabilise economic activities and harm business confidence.

OP Financial Group: As the largest financial services group in Finland, OP Financial Group provides a range of services from banking to insurance. A successful cyberattack could affect millions of customers, disrupt financial transactions, and cause significant economic damage.

Despite the claims, the official websites of MitID, the Finland Chamber of Commerce, and OP Financial Group showed no immediate signs of being compromised. The Cyber Express Team has reached out to these institutions for confirmation but has not received any official responses as of the time of writing, leaving the allegations unconfirmed.

The timing of these alleged cyberattacks aligns with recent military and infrastructural developments in Denmark and Finland. Denmark's initiative to train Ukrainian specialists in F-16 maintenance is a significant support measure for Ukraine amidst its ongoing conflict with Russia. Similarly, Finland's infrastructure enhancements in Lapland for NATO troops reflect its strategic alignment with NATO standards following its membership.

The NoName ransomware group's alleged cyberattacks on Danish and Finnish institutions highlight the increasing use of cyber warfare for political and military leverage. These attacks aim to disrupt critical infrastructure and send a strong message of deterrence and retaliation. The situation remains under close scrutiny, with further updates expected as more information or official responses become available.


Read more »
Transaction Security
Banco Santander Banking Cyberattacks CyberCrime Data Breach Digital Security Malicious Incident Transaction Security

Banco Santander Reports Data Breach, Reaffirms Transaction Security

 


There was a malicious incident reported by Bank Santander that involved an individual who had accessed the data of one of its service providers. The malicious incident resulted in a data breach, which affected the bank's customers and posed a threat to their digital identities. One of the biggest banking institutions in the world, Banco Santander, recently reported that it was accessed by an unauthorized party in a database that contained highly sensitive customer information from Chile, Spain, and Uruguay, resulting in a significant cybersecurity incident. 

Digital security in the banking sector is facing growing challenges as a result of this recent breach, which has been brought to the attention of the Spanish stock market supervisor. Approximately a year ago, Santander announced a data breach that involved a third-party database hosted by a third-party provider. It contained information about Santander's clients in three countries, as well as information regarding all Santander employees. 

People have been assured by the bank that there was no transactional data contained in the compromised database nor that login credentials or passwords could be accessed directly to the bank's banking systems. An attack on a third-party supplier may have compromised the privacy of customers and employees of Santander across Spain, Chile and Uruguay. The bank notified them of the threat. 

According to the Spanish National Securities Market Commission (CNMV), which is the second largest bank in the world by market value, the bank reported on Tuesday that "unauthorized access to a database" caused the incident. Except for German federal government employees, it was reported that this database contained data belonging to "all employees and some former employees of the group". This may mean that as many as 200,000 Santander employees around the world were affected by the exposure. 

Among the largest and most important banks in the world, Banco Santander, whose presence is mainly in Spain, the United Kingdom, Brazil, Mexico, and the United States, has over 140 million customers and is known for offering an extensive array of financial products and services. A data breach incident involving customers and employees of the bank in Spain, Chile, and Uruguay has been announced by the bank in a statement published this week. 

According to the bank, there have been no details provided about the types of data that were exposed, however, it is noted that online banking credentials as well as transaction information were not affected. According to Santander, this incident has not affected its presence in any other markets where it operates and has not affected existing financial products. Although no further details regarding the details of the exposed data have yet been released by the bank, they have assured everyone that the affected dataset does not include transaction data or the passwords for online banking accounts. 

Furthermore, the financial institution went on to inform its customers that none of its other markets were affected by this incident. Further, neither the bank's systems nor its operations in the previously mentioned nations have been affected by this incident. It is because of this that clients will be able to continue to use all services freely and without any concerns. It is the bank's policy on the other hand to contact all its customers and employees in the affected areas immediately after the data breach occurs and seek its assistance from law enforcement agencies in addressing the problem. 

The bank refuses to reveal the identity of the third-party service provider affected, how many of its clients were affected as well as what type of data was exposed. The security breach operators could indeed use the impacted data in other illegal activities, within the countries allegedly compromised by the attack, for example, conducting phishing campaigns. 

As a result, customers and employees within the countries allegedly compromised by the attack should be cautious about their digital presence. There are serious concerns regarding the stability of the financial and banking sectors as an increasing number of cyber threats or the exposure of third-party databases, as was the case with the Santander data breach. Several incidents can erode confidence in the financial system, cause critical services to be disrupted, or have spillover effects on other institutions, as noted in a blog post by the International Monetary Fund last month. 

In March, the European Central Bank issued instructions to banks within the European Union region to be prepared for cyberattacks by taking stronger measures. Earlier, the European Central Bank (ECB) announced its intention to conduct a resilience test on a minimum of 109 of its directly supervised banks in 2024. This initiative arises from heightened concerns about the security of European banking institutions. 

In the previous year, data from Deutsche Bank AG, Commerzbank AG, and ING Group NV were compromised following an exploit by the CL0P ransomware group. This breach exploited a security vulnerability in the MOVEit file transfer tool. The European Central Bank’s official website elaborates that its banking supervisors depend on stress tests to collect vital information and evaluate the banks' ability to withstand, respond to, and recover from cyberattacks, rather than solely focusing on their capability to prevent such attacks. 

These assessments of response and recovery encompass the activation of emergency procedures, the implementation of contingency plans, and the restoration of normal operations. The website further details that the results of these tests will be utilized by supervisors to identify vulnerabilities. These identified weaknesses will then form the basis for discussions with the respective banks, aiming to enhance their overall cybersecurity resilience. The ECB’s proactive approach underscores its commitment to ensuring the robustness and reliability of the European banking sector in the face of evolving cyber threats.
Read more »
password managers
Cyber Security Cybersecurity Digital Security Hackers master passwords password managers

Numerous LastPass Users Fall Victim to Highly Convincing Scam, Losing Master Passwords

 

The hackers now have their eyes set on a crucial target: master passwords. These passwords serve as the gateway to password managers, where users store all their login credentials in one secure location. While these managers provide convenience by eliminating the need to remember numerous passwords, they also pose a significant risk. If hackers obtain the master password, they gain access to all associated accounts, potentially wreaking havoc on users' digital lives.

The latest threat, known as CryptoChameleon, has caught the attention of cybersecurity experts. Unlike many cyberattacks, CryptoChameleon doesn't blanket the internet with its malicious activities. Instead, it selectively targets high-value entities like enterprises. David Richardson, vice president of threat intelligence at Lookout, notes that this focused approach makes sense for attackers aiming to extract maximum value from their efforts. For them, gaining access to a password vault is a goldmine of sensitive information ripe for exploitation.

CryptoChameleon's modus operandi involves a series of sophisticated manoeuvres to deceive its victims. Initially, it appeared as just another phishing kit, targeting individuals and organizations with tailored scams. However, its tactics evolved rapidly, culminating in a highly convincing impersonation of legitimate entities like the Federal Communications Commission (FCC). By mimicking trusted sources, CryptoChameleon managed to lure even security-conscious users into its traps.

One of CryptoChameleon's recent campaigns targeted LastPass users. The attack begins with a phone call from a spoofed number, informing the recipient of unauthorized access to their account. To thwart this breach, victims are instructed to press a specified key, which leads to further interaction with a seemingly helpful customer service representative. These agents, equipped with professional communication skills and elaborate scripts, guide users through a series of steps, including visiting a phishing site disguised as a legitimate support page. Unbeknownst to the victims, they end up divulging their master password, giving the attackers unrestricted access to their LastPass account.

Despite LastPass's efforts to mitigate the attack by shutting down suspicious domains, CryptoChameleon persists, adapting to evade detection. While the exact number of victims remains undisclosed, evidence suggests that the scale of the attack could be larger than initially estimated.

Defending against CryptoChameleon and similar threats requires heightened awareness and scepticism. Users must recognize the signs of phishing attempts, such as unsolicited calls or emails requesting sensitive information. Additionally, implementing security measures like multifactor authentication can provide an additional layer of defense against such attacks. However, as demonstrated by the experience of even seasoned IT professionals falling victim to these scams, no defense is foolproof. Therefore, remaining vigilant and promptly reporting suspicious activity is paramount in safeguarding against cyber threats.
Read more »
security alerts
Apple Cyber Threats Data Breach Digital Security iPhone mercenary spyware attack remote targeting security alerts

Apple Alerts iPhone Users of 'Mercenary Attack' Threat

 

Apple issued security alerts to individuals in 92 nations on Wednesday, cautioning them that their iPhones had been targeted in a remote spyware attack linked to mercenaries.

The company sent out threat notification emails, informing recipients, "Apple has detected that you are being targeted by a mercenary spyware attack," suggesting that the attack might be aimed at specific individuals based on their identity or activities. 

These types of attacks, termed as "mercenary attacks," are distinct due to their rarity and sophistication, involving substantial financial resources and focusing on a select group of targets. Apple emphasized that this targeting is ongoing and widespread.

The notification warned recipients that if their device falls victim to such an attack, the attacker could potentially access sensitive data, communications, or even control the camera and microphone remotely.

While it was reported that India was among the affected countries, it remained uncertain whether iPhone users in the US were also targeted. Apple refrained from providing further comments beyond the details shared in the notification email.

In response to the threat, Apple advised recipients to seek expert assistance, such as the Digital Security Helpline provided by the nonprofit Access Now, which offers emergency security support around the clock.

Furthermore, Apple referenced Pegasus, a sophisticated spyware created by Israel's NSO Group, in its notification regarding the recent mercenary attack. Apple had previously filed a lawsuit against the NSO Group in November 2021, seeking accountability for the surveillance and targeting of Apple users using Pegasus. This spyware has historically infiltrated victims' devices, including iPhones, without their knowledge. Since 2016, instances have surfaced of Pegasus being employed by various entities to monitor journalists, lawyers, political dissidents, and human rights activists.
Read more »
Human Vulnerability
Cyber Crime cyber espionage Digital Security Family Targeting Human Vulnerability

The Unseen Threat: How Chinese Hackers Target Family Members to Surveil Hard Targets

The Unseen Threat: How Chinese Hackers Target Family Members to Surveil Hard Targets

According to an indictment unsealed by American prosecutors, a Chinese hacking group known as APT 31, which is linked to China’s Ministry of State Security, has been targeting thousands of U.S. and Western politicians, foreign policy experts, academics, journalists, and democracy activists between 2015 and 2024. Their focus extends beyond the primary targets themselves; they also target family members of these individuals.

The Art of Subtle Intrusion

Hackers employ a more subtle and insidious method: targeting family members through carefully crafted emails. These messages don’t contain malicious attachments or overt phishing attempts. Instead, they include harmless tracking links that, when clicked, reveal a treasure trove of information about the recipient.

Imagine a journalist covering sensitive political topics. Her elderly mother receives an email seemingly from a distant relative, sharing family photos. Innocent enough, right? But that seemingly harmless click reveals the journalist’s location, her device details, and even her browsing habits. Armed with this reconnaissance, the hackers can then launch more direct attacks on her devices, infiltrating her digital life.

The Digital Age’s Achilles’ Heel

While this kind of targeting isn’t entirely unheard of, it remains relatively rare. The Chinese government’s efforts to control speech abroad increasingly rely on manipulating family relationships in creative ways. 

For instance, last year, the U.S. Department of Justice indicted over 40 individuals allegedly involved in a scheme by the Chinese Ministry of Public Security. This scheme used thousands of fictitious social media personas to attack and harass Chinese nationals living in the United States who had criticized the Chinese government.

The Family Connection

Why target family members? Because they are the soft underbelly of security. They are less likely to be tech-savvy, less cautious about clicking links, and more trusting of familiar faces. Moreover, family members often share devices, networks, and even passwords. By compromising one family member, the hackers gain a foothold in the entire network.

Consider a diplomat stationed abroad. His teenage daughter receives an email claiming to be from her school. She clicks the link, unknowingly granting access to her father’s encrypted communications. Suddenly, the diplomat’s confidential negotiations are exposed. The hackers have bypassed firewalls, encryption, and secure channels—all through a teenager’s curiosity.

The Broader Implications

This tactic isn’t limited to diplomats and journalists. It extends to academics, foreign policy experts, and even democracy activists. The hackers cast a wide net, ensnaring anyone connected to their primary targets. And it’s not just about surveillance; it’s about control and coercion.

Imagine a human rights activist whose elderly parents receive threatening emails. The message is clear: “Stop your activism, or your family suffers.” Suddenly, the stakes are higher. The activist’s fight for justice becomes a delicate balancing act between principles and protecting loved ones.

Read more »
Technology
AI Cybersecurity Data Breaches Deepfake Technology Digital Security Frank Abagnale online accounts passkey authentication Phishing Scams Social Engineering Technology

Expert Urges iPhone and Android Users to Brace for 'AI Tsunami' Threat to Bank Accounts

 

In an interview with Techopedia, Frank Abagnale, a renowned figure in the field of security, provided invaluable advice for individuals navigating the complexities of cybersecurity in today's digital landscape. Abagnale, whose life inspired the Steven Spielberg film "Catch Me If You Can," emphasized the escalating threat posed by cybercrime, projected to reach a staggering $10.5 trillion by 2025, according to Cybersecurity Ventures.

Addressing the perpetual intersection of technology and crime, Abagnale remarked, "Technology breeds crime. It always has and always will." He highlighted the impending challenges brought forth by artificial intelligence (AI), particularly its potential to fuel a surge in various forms of cybercrimes and scams. Abagnale cautioned against the rising threat of deepfake technology, which enables the fabrication of convincing multimedia content, complicating efforts to discern authenticity online.

Deepfakes, generated by AI algorithms, can produce deceptive images, videos, and audio mimicking real individuals, often exploited by cybercriminals to orchestrate elaborate scams and extortion schemes. Abagnale stressed the indispensability of education in combating social engineering tactics, emphasizing the importance of empowering individuals to recognize and thwart manipulative schemes.

One prevalent form of cybercrime discussed was phishing, a deceitful practice wherein attackers manipulate individuals into divulging sensitive information, such as banking details or passwords. Phishing attempts typically manifest through unsolicited emails or text messages, characterized by suspicious links, urgent appeals, and grammatical errors.

To fortify defenses against social engineering and hacking attempts, Abagnale endorsed the adoption of passkey technology, heralding it as a pivotal advancement poised to supplant conventional username-password authentication methods. Passkeys, embedded digital credentials associated with user accounts and applications, streamline authentication processes, mitigating vulnerabilities associated with passwords.

Abagnale underscored the ubiquity of passkey technology across various devices, envisioning its eventual displacement of traditional login mechanisms. This transition, he asserted, is long overdue and represents a crucial stride towards enhancing digital security.

Additionally, Techopedia shared practical recommendations for safeguarding online accounts, advocating for regular review and pruning of unused or obsolete accounts. They also recommended utilizing tools like "Have I Been Pwned" to assess potential data breaches and adopting a cautious approach towards hyperlinks, assuming every link to be potentially malicious until verified.

Moreover, users are advised to exercise vigilance in verifying the authenticity of sender identities and message content before responding or taking any action, mitigating the risk of falling victim to cyber threats.
Read more »
User Privacy
AI technology API accounts ChatGPT Cyber Threats data security Digital Security Multi-factor authentication OpenAI Technology User Privacy

OpenAI Bolsters Data Security with Multi-Factor Authentication for ChatGPT

 

OpenAI has recently rolled out a new security feature aimed at addressing one of the primary concerns surrounding the use of generative AI models such as ChatGPT: data security. In light of the growing importance of safeguarding sensitive information, OpenAI's latest update introduces an additional layer of protection for ChatGPT and API accounts.

The announcement, made through an official post by OpenAI, introduces users to the option of enabling multi-factor authentication (MFA), commonly referred to as 2FA. This feature is designed to fortify security measures and thwart unauthorized access attempts.

For those unfamiliar with multi-factor authentication, it's essentially a security protocol that requires users to provide two or more forms of verification before gaining access to their accounts. By incorporating this additional step into the authentication process, OpenAI aims to bolster the security posture of its platforms. Users are guided through the process via a user-friendly video tutorial, which demonstrates the steps in a clear and concise manner.

To initiate the setup process, users simply need to navigate to their profile settings by clicking on their name, typically located in the bottom left-hand corner of the screen. From there, it's just a matter of selecting the "Settings" option and toggling on the "Multi-factor authentication" feature.

Upon activation, users may be prompted to re-authenticate their account to confirm the changes or redirected to a dedicated page titled "Secure your Account." Here, they'll find step-by-step instructions on how to proceed with setting up multi-factor authentication.

The next step involves utilizing a smartphone to scan a QR code using a preferred authenticator app, such as Google Authenticator or Microsoft Authenticator. Once the QR code is scanned, users will receive a one-time code that they'll need to input into the designated text box to complete the setup process.

It's worth noting that multi-factor authentication adds an extra layer of security without introducing unnecessary complexity. In fact, many experts argue that it's a highly effective deterrent against unauthorized access attempts. As ZDNet's Ed Bott aptly puts it, "Two-factor authentication will stop most casual attacks dead in their tracks."

Given the simplicity and effectiveness of multi-factor authentication, there's little reason to hesitate in enabling this feature. Moreover, when it comes to safeguarding sensitive data, a proactive approach is always preferable. 
Read more »
vCISO
Cybersecurity Digital Security Online Threat Privacy vCISO

What Is The Virtual Chief Information Security Officer?

 


In our fast-paced digital age, where everything is just a click away, ensuring the safety of our online space has become more important than ever. It's like having a virtual fortress that needs protection from unseen threats. Now, imagine having a friendly digital guardian, the Virtual Chief Information Security Officer (vCISO), to watch over your activities. This isn't about complex tech jargon; it's about making your online world safer, simpler, and smarter.

Understanding the vCISO

The vCISO operates from a remote stance yet assumes a pivotal role in securing your digital assets. Functioning as a vigilant custodian for your crucial data, they meticulously enforce compliance, maintain order, and mitigate potential risks. Essentially, the vCISO serves as a professional guardian, even from a distance, ensuring the integrity and security of your data.


Benefits of Opting for a vCISO

1. Save Costs: Hiring a full-time CISO can be expensive. A vCISO is more budget-friendly, letting you pay for the expertise you need without breaking the bank.

2. Flexibility: The vCISO adapts to your needs, providing support for short-term projects or ongoing guidance, just when you need it.

3. Top-Tier Talent Access: Imagine having a pro on speed dial. The vCISO gives you access to experienced knowledge without the hassle of hiring.

4. Strategic Planning: A vCISO crafts specific security plans that align with your business goals, going beyond mere checkboxes to authentically strengthen the defenses of your digital infrastructure.

5. Independent View: Stepping away from office politics, a vCISO brings a fresh, unbiased perspective focused solely on improving your security.

Meet Lahiru Livera: Your Virtual Cybersecurity Guide

Lahiru Livera serves as a trusted expert in ensuring online safety. He's skilled at spotting and tackling problems early on, setting up strong security measures, and acting quickly when issues arise. Moreover, he shares valuable knowledge with your team, enabling them to navigate the digital world effectively and become protectors against potential online threats.

Whether your team is big or small, consider getting a vCISO. Connect with Lahiru Livera, your online safety guide, and firmly bolster digital existence of your team to withstand any forthcoming challenges.

All in all, the vCISO presents a straightforward and cost-effective method to ensure online safety. Think of it as having a knowledgeable ally, readily available when needed, without straining your budget. Lahiru Livera stands prepared to assist you in identifying potential issues, establishing intelligent protocols, and transforming your team into adept defenders against online threats. 


Read more »
Ransomware
Cyber Attacks Cyber Crime Databases risk Digital Security Ransomware

Cyberattack on Bucks County's Emergency System

 



Bucks County is in a compromising position as a digital ambush has transpired. About a week ago, the computer-aided emergency dispatch system, the backbone of quick and efficient emergency responses, fell victim to a cyberattack. Picture it like the invisible heart of the town, suddenly under attack, causing confusion and chaos.

County officials have been working tirelessly to uncover the culprits behind this digital ambush. They've pointed fingers at a group called "Akira," known for causing trouble since their emergence in March 2023. Think of Akira as digital troublemakers who target different areas, demanding money to fix the mess they create.

Now, let's dive into the heart of the issue – the emergency dispatch system. It's the town's lifeline during emergencies, like a superhero hotline connecting those in need with help. Dispatchers, call-takers, and 911 operators use this system to coordinate responses swiftly. But with the attack, it's as if the superhero hotline went silent, leaving the town vulnerable.

Despite this attack, county officials reassure the public that 911 phone and radio systems remain operational. It's like saying, "Hey, we're still here to help," as they investigate the incident. However, the impact of the compromised system is significant. Automated services powered by computer-aided dispatch (CAD) are offline. It's like losing essential town services that people rely on daily.

Law enforcement officials are facing challenges too. They can't access crucial databases like the Commonwealth Law Enforcement Assistance Network and the National Crime Information Center. Imagine them trying to solve a puzzle without all the pieces – it's tough.

Cooperation is key in times like these. County officials have been collaborating with local, state, and federal partners, sharing information about the Akira ransomware involvement. It's like the town rallying together to face a common threat. The Department of Homeland Security is in the loop, and a joint investigation is underway with help from state and federal agencies.

Bucks County's IT department is in overdrive, working to restore the affected systems. However, as of now, there's no clear timeline for when these critical services might bounce back. This incident is a wake-up call, emphasising the need to strengthen cybersecurity measures to protect essential services.

In the midst of uncertainty, the county urges residents to keep an eye out, emphasising that 911 services remain functional despite the ongoing investigation. It's like saying, "We're still here for you." This situation highlights the vulnerabilities in our interconnected digital world, reminding everyone to stay particularly caregivers against cyber threats that can disrupt our everyday lives.

Read more »
machine learning risks
2024 predictions AI Security AI threats Cyber Security trends cybersecurity landscape data protection challenges Digital Security machine learning risks

Security Trends to Monitor in 2024

 

As the new year unfolds, the business landscape finds itself on the brink of a dynamic era, rich with possibilities, challenges, and transformative trends. In the realm of enterprise security, 2024 is poised to usher in a series of significant shifts, demanding careful attention from organizations worldwide.

Automation Takes Center Stage: In recent years, the integration of Artificial Intelligence (AI) and Machine Learning (ML) technologies has become increasingly evident, setting the stage for a surge in automation within the cybersecurity domain. As the threat landscape evolves, the use of AI and ML algorithms for automated threat detection is gaining prominence. This involves the analysis of vast datasets to identify anomalies and predict potential cyber attacks before they materialize.

Endpoint protection is experiencing heightened sophistication, with AI playing a pivotal role in proactively identifying and responding to real-time threats. Notably, Apple's introduction of declarative device management underscores the industry's shift towards automation, where AI integration enables endpoints to autonomously troubleshoot and resolve issues. This marks a significant step forward in reducing equipment downtime and achieving substantial cost savings.

Navigating the Dark Side of Generative AI: In 2024, the risks associated with the rapid adoption of generative AI technologies are coming to the forefront. The use of AI coding bots for code generation gained substantial traction in 2023, reaching a point where companies, including tech giant Samsung, had to impose bans on certain models like ChatGPT due to their role in writing code within office environments.

Despite the prevalence of large language models (LLMs) for code generation, concerns are rising about the integrity of the generated code. Companies, in their pursuit of agility, may deploy AI-generated code without thorough scrutiny for potential security flaws, posing a tangible risk of data breaches with severe consequences. Additionally, the year 2024 is anticipated to witness a surge in AI-driven cyber attacks, with attackers leveraging the technology to craft hyper-realistic phishing scams and automate social engineering endeavours.

Passwordless Authentication- Paradigm Shift: The persistent discourse around moving beyond traditional passwords is expected to materialize in a significant way in 2024. Biometric authentication, including fingerprint and face unlock technologies, is gaining familiarity as a promising candidate for a more secure and user-friendly authentication system.

The integration of passkeys, combining biometrics with other factors, offers several advantages, eliminating the need for users to remember passwords. This approach provides a secure and versatile user verification method across various devices and accounts. Major tech players like Google and Apple are actively introducing their own passkey solutions, signalling a collective industry push toward a password-less future. The developments in biometric authentication and the adoption of passkeys suggest that 2024 could be a pivotal year, marking a widespread shift towards more secure and user-friendly authentication methods.

Overall, the landscape of enterprise security beckons with immense potential, fueled by advancements in automation, the challenges of generative AI, and the imminent shift towards passwordless authentication. Businesses are urged to stay vigilant, adapt to these transformative trends, and navigate the evolving cybersecurity landscape for a secure and resilient future.

Read more »
Digital Security
Chief Information Security Office CISO CISO role Cyber Defence Cyber Privacy Cyber Security Digital Security

Why T-POT Honeypot is the Premier Choice for Organizations

 

In the realm of cybersecurity, the selection of the right tools is crucial. T-POT honeypot distinguishes itself as a premier choice for various reasons. Its multifaceted nature, which encompasses over 20 different honeypots, offers a comprehensive security solution unmatched by other tools. This diversity is pivotal for organizations, as it allows them to simulate a wide range of network services and applications, attracting and capturing a broad spectrum of cyber attacks. 
 
Moreover, the integration with the custom code developed by the Cyber Security and Privacy Foundation is a game-changer. This unique feature enables T-POT to send collected malware samples to the Foundation's threat intel servers for in-depth analysis. The results of this analysis are displayed on an intuitive dashboard, providing organizations with critical insights into the nature and behaviour of the threats they face. This capability not only enhances the honeypot's effectiveness but also provides organizations with actionable intelligence to improve their defence strategies. 
 
The ability of T-POT to provide real-time, actionable insights is invaluable in today’s cybersecurity landscape. It helps organizations stay one step ahead of cybercriminals by offering a clear understanding of emerging threats and attack patterns. This information is crucial for developing robust security strategies and for training cybersecurity personnel in recognizing and responding to real-world threats. 
 
In essence, T-POT stands out not only as a tool for deception but also as a platform for learning and improving an organization’s overall cybersecurity posture. Its versatility, combined with the advanced analysis capabilities provided by the integration with the Cyber Security and Privacy Foundation's code, makes it an indispensable tool for any organization serious about its digital security. The honeypot api analyses malware samples and the result of the honeypot can be seen on the backend dashboard. 
 
Written by: Founder, cyber security and privacy foundation.
Read more »
Subscribe to: Posts (Atom)