Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Information Security. Show all posts
Privacy
AI governance AI Security Corporate Data Breach Cybersecurity Data protection Digital Risk ethical AI Information Security Privacy

Unsecured Corporate Data Found Freely Accessible Through Simple Searches

 


An era when artificial intelligence (AI) is rapidly becoming the backbone of modern business innovation is presenting a striking gap between awareness and action in a way that has been largely overlooked. In a recent study conducted by Sapio Research, it has been reported that while most organisations in Europe acknowledge the growing risks associated with AI adoption, only a small number have taken concrete steps towards reducing them.

Based on insights from 800 consumers and 375 finance decision-makers across the UK, Germany, France, and the Netherlands, the Finance Pulse 2024 report highlights a surprising paradox: 93 per cent of companies are aware that artificial intelligence poses a risk, yet only half have developed formal policies to regulate its responsible use. 

There was a significant number of respondents who expressed concern about data security (43%), followed closely by a concern about accountability, transparency, and the lack specialised skills to ensure a safe implementation (both of which reached 29%). In spite of this increased awareness, only 46% of companies currently maintain formal guidelines for the use of artificial intelligence in the workplace, and even fewer—48%—impose restrictions on the type of data that employees are permitted to feed into the systems. 

It has also been noted that just 38% of companies have implemented strict access controls to safeguard sensitive information. Speaking on the findings of this study, Andrew White, CEO and Co-Founder of Sapio Research, commented that even though artificial intelligence remains a high priority for investment across Europe, its rapid integration has left many employers confused about the use of this technology internally and ill-equipped to put in place the necessary governance frameworks.

It was found, in a recent investigation by cybersecurity consulting firm PromptArmor, that there had been a troubling lapse in digital security practices linked to the use of artificial intelligence-powered platforms. According to the firm's researchers, 22 widely used artificial intelligence applications—including Claude, Perplexity, and Vercel V0-had been examined by the firm's researchers, and highly confidential corporate information had been exposed on the internet by way of chatbot interfaces. 

There was an interesting collection of data found in the report, including access tokens for Amazon Web Services (AWS), internal court documents, Oracle salary reports that were explicitly marked as confidential, as well as a memo describing a venture capital firm's investment objectives. As detailed by PCMag, these researchers confirmed that anyone could easily access such sensitive material by entering a simple search query - "site:claude.ai + internal use only" - into any standard search engine, underscoring the fact that the use of unprotected AI integrations in the workplace is becoming a dangerous and unpredictable source of corporate data theft. 

A number of security researchers have long been investigating the vulnerabilities in popular AI chatbots. Recent findings have further strengthened the fragility of the technology's security posture. A vulnerability in ChatGPT has been resolved by OpenAI since August, which could have allowed threat actors to exploit a weakness in ChatGPT that could have allowed them to extract the users' email addresses through manipulation. 

In the same vein, experts at the Black Hat cybersecurity conference demonstrated how hackers could create malicious prompts within Google Calendar invitations by leveraging Google Gemini. Although Google resolved the issue before the conference, similar weaknesses were later found to exist in other AI platforms, such as Microsoft’s Copilot and Salesforce’s Einstein, even though they had been fixed by Google before the conference began.

Microsoft and Salesforce both issued patches in the middle of September, months after researchers reported the flaws in June. It is particularly noteworthy that these discoveries were made by ethical researchers rather than malicious hackers, which underscores the importance of responsible disclosure in safeguarding the integrity of artificial intelligence ecosystems. 

It is evident that, in addition to the security flaws of artificial intelligence, its operational shortcomings have begun to negatively impact organisations financially and reputationally. "AI hallucinations," or the phenomenon in which generative systems produce false or fabricated information with convincing accuracy, is one of the most concerning aspects of artificial intelligence. This type of incident has already had significant consequences for the lawyer involved, who was penalised for submitting a legal brief that was filled with over 20 fictitious court references produced by an artificial intelligence program. 

Deloitte also had to refund the Australian government six figures after submitting an artificial intelligence-assisted report that contained fabricated sources and inaccurate data. This highlighted the dangers of unchecked reliance on artificial intelligence for content generation and highlighted the risk associated with that. As a result of these issues, Stanford University’s Social Media Lab has coined the term “workslop” to describe AI-generated content that appears polished yet is lacking in substance. 

In the United States, 40% of full-time office employees reported that they encountered such material regularly, according to a study conducted. In my opinion, this trend demonstrates a growing disconnect between the supposed benefits of automation and the real efficiency can bring. When employees are spending hours correcting, rewriting, and verifying AI-generated material, the alleged benefits quickly fade away. 

Although what may begin as a convenience may turn out to be a liability, it can reduce production quality, drain resources, and in severe cases, expose companies to compliance violations and regulatory scrutiny. It is a fact that, as artificial intelligence continues to grow and integrate deeply into the digital and corporate ecosystems, it is bringing along with it a multitude of ethical and privacy challenges. 

In the wake of increasing reliance on AI-driven systems, long-standing concerns about unauthorised data collection, opaque processing practices, and algorithmic bias have been magnified, which has contributed to eroding public trust in technology. There is still the threat of unauthorised data usage on the part of many AI platforms, as they quietly collect and analyse user information without explicit consent or full transparency. Consequently, the threat of unauthorised data usage remains a serious concern. 

It is very common for individuals to be manipulated, profiled, and, in severe cases, to become the victims of identity theft as a result of this covert information extraction. Experts emphasise organisations must strengthen regulatory compliance by creating clear opt-in mechanisms, comprehensive deletion protocols, and transparent privacy disclosures that enable users to regain control of their personal information. 

In addition to these alarming concerns, biometric data has also been identified as a very important component of personal security, as it is the most intimate and immutable form of information a person has. Once compromised, biometric identifiers are unable to be replaced, making them prime targets for cybercriminals to exploit once they have been compromised. 

If such information is misused, whether through unauthorised surveillance or large-scale breaches, then it not only poses a greater risk of identity fraud but also raises profound questions regarding ethical and human rights issues. As a consequence of biometric leaks from public databases, citizens have been left vulnerable to long-term consequences that go beyond financial damage, because these systems remain fragile. 

There is also the issue of covert data collection methods embedded in AI systems, which allow them to harvest user information quietly without adequate disclosure, such as browser fingerprinting, behaviour tracking, and hidden cookies. utilising silent surveillance, companies risk losing user trust and being subject to potential regulatory penalties if they fail to comply with tightening data protection laws, such as GDPR. Microsoft and Salesforce both issued patches in the middle of September, months after researchers reported the flaws in June. 

It is particularly noteworthy that these discoveries were made by ethical researchers rather than malicious hackers, which underscores the importance of responsible disclosure in safeguarding the integrity of artificial intelligence ecosystems. It is evident that, in addition to the security flaws of artificial intelligence, its operational shortcomings have begun to negatively impact organisations financially and reputationally. 

"AI hallucinations," or the phenomenon in which generative systems produce false or fabricated information with convincing accuracy, is one of the most concerning aspects of artificial intelligence. This type of incident has already had significant consequences for the lawyer involved, who was penalised for submitting a legal brief that was filled with over 20 fictitious court references produced by an artificial intelligence program.

Deloitte also had to refund the Australian government six figures after submitting an artificial intelligence-assisted report that contained fabricated sources and inaccurate data. This highlighted the dangers of unchecked reliance on artificial intelligence for content generation, highlighted the risk associated with that. As a result of these issues, Stanford University’s Social Media Lab has coined the term “workslop” to describe AI-generated content that appears polished yet is lacking in substance. 

In the United States, 40% of full-time office employees reported that they encountered such material regularly, according to a study conducted. In my opinion, this trend demonstrates a growing disconnect between the supposed benefits of automation and the real efficiency it can bring. 

When employees are spending hours correcting, rewriting, and verifying AI-generated material, the alleged benefits quickly fade away. Although what may begin as a convenience may turn out to be a liability, it can reduce production quality, drain resources, and in severe cases, expose companies to compliance violations and regulatory scrutiny. 

It is a fact that, as artificial intelligence continues to grow and integrate deeply into the digital and corporate ecosystems, it is bringing along with it a multitude of ethical and privacy challenges. In the wake of increasing reliance on AI-driven systems, long-standing concerns about unauthorised data collection, opaque processing practices, and algorithmic bias have been magnified, which has contributed to eroding public trust in technology. 

There is still the threat of unauthorised data usage on the part of many AI platforms, as they quietly collect and analyse user information without explicit consent or full transparency. Consequently, the threat of unauthorised data usage remains a serious concern. It is very common for individuals to be manipulated, profiled, and, in severe cases, to become the victims of identity theft as a result of this covert information extraction. 

Experts emphasise that thatorganisationss must strengthen regulatory compliance by creating clear opt-in mechanisms, comprehensive deletion protocols, and transparent privacy disclosures that enable users to regain control of their personal information. In addition to these alarming concerns, biometric data has also been identified as a very important component of personal security, as it is the most intimate and immutable form of information a person has. 

Once compromised, biometric identifiers are unable to be replaced, making them prime targets for cybercriminals to exploit once they have been compromised. If such information is misused, whether through unauthorised surveillance or large-scale breaches, then it not oonly posesa greater risk of identity fraud but also raises profound questions regarding ethical and human rights issues. 

As a consequence of biometric leaks from public databases, citizens have been left vulnerable to long-term consequences that go beyond financial damage, because these systems remain fragile. There is also the issue of covert data collection methods embedded in AI systems, which allow them to harvest user information quietly without adequate disclosure, such as browser fingerprinting behaviourr tracking, and hidden cookies. 
By 
utilising silent surveillance, companies risk losing user trust and being subject to potential regulatory penalties if they fail to comply with tightening data protection laws, such as GDPR. Furthermore, the challenges extend further than privacy, further exposing the vulnerability of AI itself to ethical abuse. Algorithmic bias is becoming one of the most significant obstacles to fairness and accountability, with numerous examples having been shown to, be in f ,act contributing to discrimination, no matter how skewed the dataset. 

There are many examples of these biases in the real world - from hiring tools that unintentionally favour certain demographics to predictive policing systems which target marginalised communities disproportionately. In order to address these issues, we must maintain an ethical approach to AI development that is anchored in transparency, accountability, and inclusive governance to ensure technology enhances human progress while not compromising fundamental freedoms. 

In the age of artificial intelligence, it is imperative tthat hatorganisationss strike a balance between innovation and responsibility, as AI redefines the digital frontier. As we move forward, not only will we need to strengthen technical infrastructure, but we will also need to shift the culture toward ethics, transparency, and continual oversight to achieve this.

Investing in a secure AI infrastructure, educating employees about responsible usage, and adopting frameworks that emphasise privacy and accountability are all important for businesses to succeed in today's market. As an enterprise, if security and ethics are incorporated into the foundation of AI strategies rather than treated as a side note, today's vulnerabilities can be turned into tomorrow's competitive advantage – driving intelligent and trustworthy advancement.
Read more »
protecting sensitive data
Banking Data Critical security flaw Cyber Security Data Exposure Government of India. Income Tax Department Information Security protecting sensitive data

Indian Tax Department Fixes Major Security Flaw That Exposed Sensitive Taxpayer Data

 

The Indian government has patched a critical vulnerability in its income tax e-filing portal that had been exposing sensitive taxpayer data to unauthorized users. The flaw, discovered by security researchers Akshay CS and “Viral” in September, allowed logged-in users to access personal and financial details of other taxpayers simply by manipulating network requests. The issue has since been resolved, the researchers confirmed to TechCrunch, which first reported the incident. 

According to the report, the vulnerability exposed a wide range of sensitive data, including taxpayers’ full names, home addresses, email IDs, dates of birth, phone numbers, and even bank account details. It also revealed Aadhaar numbers, a unique government-issued identifier used for identity verification and accessing public services. TechCrunch verified the issue by granting permission for the researchers to look up a test account before confirming the flaw’s resolution on October 2. 

The vulnerability stemmed from an insecure direct object reference (IDOR) — a common but serious web flaw where back-end systems fail to verify user permissions before granting data access. In this case, users could retrieve another taxpayer’s data by simply replacing their Permanent Account Number (PAN) with another PAN in the network request. This could be executed using simple, publicly available tools such as Postman or a browser’s developer console. 

“This is an extremely low-hanging thing, but one that has a very severe consequence,” the researchers told TechCrunch. They further noted that the flaw was not limited to individual taxpayers but also exposed financial data belonging to registered companies. Even those who had not yet filed their returns this year were vulnerable, as their information could still be accessed through the same exploit. 

Following the discovery, the researchers immediately alerted India’s Computer Emergency Response Team (CERT-In), which acknowledged the issue and confirmed that the Income Tax Department was working to fix it. The flaw was officially patched in early October. However, officials have not disclosed how long the vulnerability had existed or whether it had been exploited by malicious actors before discovery. 

The Ministry of Finance and the Income Tax Department did not respond to multiple requests for comment on the breach’s potential scope. According to public data available on the tax portal, over 135 million users are registered, with more than 76 million having filed returns in the financial year 2024–25. While the fix has been implemented, the incident highlights the critical importance of secure coding practices and stronger access validation mechanisms in government-run digital platforms, where the sensitivity of stored data demands the highest level of protection.
Read more »
Third-Party Vendor Risk
Cyber Threats Cybersecurity Incident Digital Identity Theft Discord DataBreach Government ID Leak Information Security Privacy Ransomware attack SLH Third-Party Vendor Risk

Thousands of Government IDs at Risk Following Breach Involving Discord’s Verification Partner


Currently, one of the threats associated with digital identity verification can often be found in the form of cyberattacks targeting third-party service providers linked to Discord, with the result that sensitive personal data belonging to nearly 70,000 users may have been exposed. 

There has been a growing concern over the growing vulnerabilities surrounding databases created in compliance with online safety laws, which aim to protect minors, following the incident which affected a company responsible for managing customer support and mandatory age verification on behalf of the popular chat platform. 

A number of cybersecurity experts claim that this incident is part of a larger surge in attacks exploiting these newly developed compliance-driven data repositories that have been discovered in recent years. The company has confirmed that Discord's infrastructure and systems are secure. 

However, the compromised data is said to include government-issued ID documents like passports and driver's licenses, as well as names, email addresses, and limited credit card information, among others. While the company maintains that no payment information or account passwords have been accessed, some customer support communications have been exposed as well. 

During the past several months, a major cybersecurity breach has revealed a lack of trust on the part of third-party providers who are assigned the responsibility of protecting identity data -- a dependencies that continue to become a critical point of failure in today's interconnected digital ecosystems. 

In addition to government ID images, a further investigation into the breach has revealed that the attackers may have been able to access much more personal data beyond the images of government IDs, including the names of users, emails, contact information, IP addresses, and even correspondence with Discord's customer service representatives, among other things. 

Individuals familiar with the matter have reported that the perpetrators attempted to extort the company and demanded a ransom in exchange for the information they had stolen. Discord has confirmed that no credit card information or account passwords were compromised as a result of the incident.

In spite of the fact that the breach was initially disclosed last week, new information released on Wednesday suggests that up to 70,000 photo ID documents may have been exposed as a result. In a recent interview with a spokesperson for the Information Commissioner’s Office (ICO), the UK’s independent regulator responsible for handling data protection and privacy issues, it was confirmed that it had received a report from Discord and that they are currently reviewing the information provided. 

There has been an increase in the number of compromised photographs as a result of users submitting their identity to Discord's contracted customer service provider during age verification and account recovery appeals. These appeals are designed to ensure compliance with regulations restricting access to online services to individuals under the age of 18. 

As a result of the incident, we are reminded how extensive the consequences can be when consumer-facing digital platforms are compromised. A once-exclusive platform for gaming communities, Discord has now grown into one of the biggest communication platforms with over 200 million users daily, including businesses that use it to maintain customer relationships and community engagement, as well as manage customer interactions and engagement with customers. 

Originally named Scattered Lapsu$ Hunters (SLH), the group responsible for this attack originally identified itself as a group that was allegedly connected to several notorious cybercrime networks. Even though BleepingComputer reported that SLH had revised its account, directing suspicion towards another group with whom it is allegedly collaborating, after confirming the claim. 

It has been noted by experts that this type of overlapping affiliation is quite common among cybercriminal networks since they tend to share techniques, switch alliances, and interchangeable members in ways that blur attribution efforts. As Rescancharacterised it, SLH is a coalition that draws its tactics from Scattered Spider, Lapsu$, Sand hiHiny Hunters, well known for launching attacks on third parties, exploiting social engineering as a method of attacking vendors rather than deploying conventional malware. 

In almost two weeks, Discord released the news about the breach after revoking access to its support partner's systems and engaging the services of an external cybersecurity expert. The company has since notified affected users, emphasised that all official communication regarding the incident will be issued solely through its verified address, noreply@discord.com, reiterating that it will never contact users via phone calls or unsolicited messages. 

SLH (Scattered Lapsu$ Hunters) were reportedly responsible for the infiltration of the Zendesk instance on Discord starting on September 20, 2025, allegedly maintaining unauthorised access for roughly 58 hours. According to the hackers, the intrusion was triggered by a compromised account belonging to an outsourced business process provider's support agent—an incident that highlights the continuing threats that exist in third-party systems that have weak or stolen credentials. 

In the course of the attack, it has been reported that around 1.6 terabytes of data were stolen, including customer support tickets, partial payment records, and images used to verify identity. While the attacker initially demanded a ransom of $5 million, it was later dropped to $3.5 million, a negotiation tactic commonly used when victims refuse to comply with the attacker's demands. 

According to cybersecurity analysts, the breach demonstrates organisations can be exposed to significant vulnerabilities inadvertently by third-party vendors even if they maintain robust internal security defences. In many cases, attacks target external supply chains and support partners as their security protocols may differ from those of the primary organisation, so attackers often take advantage of those weaknesses. 

According to experts, the compromised dataset in this case contains sensitive identifiers, billing information, and private message exchanges - data that users normally regard as highly confidential. Experts have emphasised that this isn't the only incident associated with Discord in recent years. As a result of another support agent's credentials being compromised, the platform disclosed a similar breach in March 2023, exposing emails and attachments submitted by customers through support tickets. 

The recurrence of such events has prompted stronger vendor management policies to be established, as well as multifactor authentication for all contractor accounts, as well as stricter scrutiny on the access of sensitive information by third parties. Even a well-established platform like Discord remains vulnerable to cyberattacks if trust is extended beyond its digital walls. This is the lesson that has been learned from the Discord breach. 

A cybersecurity expert emphasised that the urgent need for companies to review their reliance on external vendors to handle sensitive verification data is becoming increasingly apparent as the investigation continues. To safeguard user privacy, it has become essential to strengthen contractual security obligations, implement strict credential management, and conduct periodic third-party audits. These steps are now seen as non-negotiable steps. 

As a result of this incident, individuals are reminded how crucial it is to take proactive measures such as enabling multi-factor authentication, verifying the authenticity of official communications, and monitoring their financial and identity activities for potential irregularities. With cyberattacks becoming more sophisticated and opportunistic, it is becoming increasingly crucial to use both vigilance on the part of individuals as well as corporate responsibility to prevent them. 

Ultimately, the Discord case illustrates a broader truth about the current digital landscape-security is no longer restricted to the company's own systems, but extends to all partners, platforms, and processes that are connected to them. The organisations must continue to balance compliance, convenience, and consumer trust, but the strength of the entire chain will ultimately depend on how well they can secure the weakest link.
Read more »
National Security
Access Controls Cybersecurity Data Breach DHS Information Security Intelligence Sharing National Security

Sensitive Intelligence Exposed in DHS Data Hub Security Lapse


 

There has been a serious concern about the integrity of federal data security in the wake of a critical vulnerability in a central data hub of the Department of Homeland Security (DHS). This vulnerability is thought to have exposed highly sensitive data to a broad range of unauthorized users, raising serious questions about the integrity of federal data security. 

An investigation by Wired revealed that a compromised system, intended to serve as a secure repository to consolidate intelligence and law enforcement data from multiple agencies, was compromised because access controls were incorrect. Instead of restricting access to classified material to properly cleared personnel, the flaw provided unauthorized entities, including adversarial actors, with an open door into classified data. 

Not only does the incident undermine the core purpose of the hub, which was designed to streamline and safeguard the intelligence-sharing process, but it also highlights the increasing risks and vulnerabilities that arise from the growing reliance of the federal government on vast, interconnected computer networks. 

Currently, it is estimated that 5,000 unauthorized individuals may have been able to access restricted data in some form or another. Despite this, officials at DHS have tried to minimize concerns by stressing that only a small number of interactions were flagged as potentially malicious after internal audits. 

However, given the scope of the exposure, the entire national security community is very concerned about the implications, especially since the compromised files contained operational intelligence which had been linked to ongoing investigations. There are many instances where such lapses have occurred before, including the breach that occurred in 2018 in which over 247,000 records pertaining to DHS employees were stolen from a secure database, and the phishing attack that occurred on Oregon DHS in 2019 that exposed 350,000 protected health information. 

Nevertheless, investigators in this case emphasize that the risk does not lie in stolen identities, but in the inadvertent visibility of intelligence information that adversaries might exploit to disrupt or undermine the government's operations, as happened here. The DHS Cyber Safety Review Board, along with federal investigators, have been investigating the incident since the incident. 

In their investigation, federal investigators cited systemic weaknesses within the department's IT infrastructure, particularly the reliance on outdated systems that are not integrated with modern cloud technology. An investigation revealed that the breach had been caused by an identity and access management (IAM) flaw in the DHS data hub framework. 

As a result, the platform used by the DHS data hub relied on a third-party vendor platform that went unpatched for over a year prior to the breach. By exploiting weak session tokens, unauthorized users were able to circumvent authentication protocols and gain read-only access to sensitive information. 

In light of these findings, there has been renewed criticism regarding vendor accountability and the persistent disconnect between federal cybersecurity policies and how they are being implemented on the ground. It has been determined that a DHS internal memorandum, which Wired obtained via a Freedom of Information Act (FOIA) request, indicates that the exposure continued from March to May 2023. 

While this was going on, the Office of Intelligence and Analysis (I&A) at the Department of Homeland Security (DHS) was incorrectly configured of an online platform that was intended to facilitate restricted information exchange as well as investigation leads by DHS. It was found that the system that serves as part of the Homeland Security Information Network’s intelligence section, called HSIN-Intel, was incorrectly configured to allow access to “everyone” rather than just authorized members of the intelligence community. 

Due to this, hundreds of thousands of people with HSIN accounts across the country, including some without a connection to intelligence or law enforcement, were inadvertently granted access to restricted information, even if they were not connected to intelligence or law enforcement. There were unintentional accesses of federal employees who were working in unrelated fields like disaster response, private contractors, and even foreign government representatives who were allowed to use the HSIN platform for other purposes. 

In light of the revelations, civil liberties advocates have been sharply critical, with Spencer Reynolds, a lawyer at the Brennan Center for Justice, who obtained the internal memo through a Freedom of Information Act request and shared it with Wired, stating that it raises serious concerns over the department’s commitment to safeguarding the department’s most confidential information. According to Reynolds, DHS advertises HSIN as secure and claims the information it contains is highly sensitive, crucial to national security. 

However, this incident raises serious concerns about the company's dedication to information security. Thousands and thousands of users have had access to information that they weren't supposed to receive. In addition to the trove of classified documents that were compromised, HSIN-Intel's holdings include investigative leads and investigative tips that range from reports on foreign hacking campaigns, disinformation operations, and analyses of domestic protest movements as well as snippets of articles from international publications.

A media report related to demonstrations against the Atlanta Public Safety Training Center, commonly referred to as the "Stop Cop City" protests, cited one example in which media coverage was positive toward confrontational police tactics. In addition to the 1,525 improper access to 439 intelligence products, the DHS inquiry also found that 518 people from the private sector and 46 foreigners had improperly accessed the products. 

There were nearly 40 percent of compromised materials that were associated with cybersecurity threats such as state-sponsored hacking groups targeting government IT infrastructure and cyber security threats. According to officials, some of the unauthorized US users who viewed the data had qualified for access through formal channels but never got the proper approval. In light of the incident, technology professionals in both government and industry should take heed of the warnings that precede rapid digital transformation when safeguards are often lagging behind in keeping up with the process. 

It has already been stated that there are similarities between this incident and the Johnson Controls malware attack of 2023, which, it is reported by SecurityAffairs, may have exposed DHS data through supply-chain vulnerabilities, highlighting similar systemic weaknesses as the misconfigurations that have been at the core of this incident. 

DHS has responded to this problem by engaging external cybersecurity firms to audit its platforms in an effort to make sure that a comprehensive review is being conducted. In addition, the DHS has been monitoring its platforms continuously in order to detect irregular access patterns in real time. In spite of this, Wired noted that long-term consequences may not be visible for years to come, underscoring the delicate balance federal agencies must strike between allowing data access for operational efficiency while safeguarding intelligence vital to national security at the same time. 

It is not only a single security lapse that has been committed by the Department of Homeland Security, but it is a reflection of a broader issue confronting modern governance as it becomes increasingly dependent on technology. The growing dependence on interconnected networks among federal agencies to coordinate intelligence operations and streamline operations has made even minor oversights in configurations or vendor management more likely to create national security vulnerabilities as the interconnected world continues to expand. 

There has been a consensus that to address such risks, more than just technological solutions, such as stronger encryption, automated monitoring and patch management, but cultural shifts within federal agencies will also be required, which should make cybersecurity a priority rather than just a compliance issue within the organization. 

In order to strengthen resilience and rebuild public trust in systems designed to safeguard national interests, better disclosure of breach information, tighter oversight of third-party vendors, and improved training for federal employees could all help strengthen public confidence and build resilience. At the same time, governments, companies, and international partners should collaborate more closely, as adversaries increasingly exploit cross-border digital ecosystems with greater sophistication as they work together to combat future threats. 

As the ten-year anniversary of the DHS breach draws closer, it may be seen as one of those moments of historical significance-an occasion when we should remember that secure information-sharing is a frontline defense for democratic institutions, not simply an administrative function.
Read more »
Malware Threat
Browser Credential Theft Cyber Attacks CyberThreat Data Theft Information Security Infostealer Infostealer Malware Malicious Browsers Malware Attack Malware Threat

Shuyal Malware Targets 19 Browsers with Advanced Data Theft and Evasion Capabilities

 

A newly discovered infostealing malware named “Shuyal” has entered the cyber threat landscape, posing a serious risk to users by targeting a wide range of web browsers and deploying sophisticated evasion methods. Identified by researchers at Hybrid Analysis, Shuyal is capable of stealing credentials and sensitive information from 19 different browsers, including lesser-known privacy-focused options like Tor and Brave. 

The malware is named after identifiers found in its code path and represents a new generation of data stealers with expanded surveillance capabilities. Unlike traditional malware that only focuses on login credentials, Shuyal goes deeper—harvesting system-level information, capturing screenshots, monitoring clipboard activity, and sending all of it to cybercriminals using a Telegram bot-controlled infrastructure. 

In his analysis, Vlad Pasca from Hybrid Analysis highlighted that Shuyal performs extensive system reconnaissance. Once it infects a device, it disables the Windows Task Manager to prevent users from detecting or ending the malware’s process. It also hides its tracks by removing evidence of its activities through self-deleting mechanisms, including batch scripts that erase runtime files once the data has been exfiltrated. 

Among the browsers targeted by Shuyal are mainstream options such as Chrome and Edge, but it also compromises more obscure browsers like Waterfox, OperaGx, Comodo, Falko, and others often marketed as safer alternatives. This wide reach makes it particularly concerning for users who believe they are using secure platforms. 

Shuyal collects technical details about the system, including hard drive specifications, connected input devices like keyboards and mice, and display configurations. It compresses all collected data using PowerShell into a temporary folder before transmitting it to the attackers. This organized method of data collection and transfer demonstrates the malware’s highly stealthy design. 

The malware also ensures it remains active on compromised machines by copying itself into the Startup folder, allowing it to launch each time the system is rebooted. 

Although researchers have not yet pinpointed the exact methods attackers use to distribute Shuyal, common delivery vectors for similar malware include phishing emails, malicious social media posts, and deceptive captcha pages. Experts caution that infostealers like Shuyal often serve as precursors to more serious threats, including ransomware attacks and business email compromises. 

Hybrid Analysis encourages cybersecurity professionals to study the published indicators of compromise (IOCs) associated with Shuyal to strengthen their defense strategies. As cyber threats evolve, early detection and proactive protection remain essential.
Read more »
protecting sensitive data
Army British Army Data Breach Data Leak Data protection data security Information Security protecting sensitive data

UK Army Probes Leak of Special Forces Identities in Grenadier Guards Publication

 

The British Army has initiated an urgent investigation following the public exposure of sensitive information identifying members of the UK Special Forces. General Sir Roly Walker, Chief of the General Staff, has directed a comprehensive review into how classified data was shared, after it was found that a regimental newsletter had published names and postings of elite soldiers over a period of more than ten years. 

The internal publication, created by the Grenadier Guards Regimental Association, is believed to have revealed the identities and current assignments of high-ranking officers serving in confidential roles. Several names were reportedly accompanied by the abbreviation “MAB,” a known military code linked to Special Forces. Security experts have expressed concern that such identifiers could be easily deciphered by hostile actors, significantly raising the risk to those individuals. 

The revelation has triggered backlash within the Ministry of Defence, with Defence Secretary John Healey reportedly outraged by the breach. The Ministry had already issued warnings about this very issue, yet the publication remained online until it was finally edited last week. The breach adds to growing concern over operational security lapses in elite British military units.  

This latest disclosure follows closely on the heels of another incident in which the identities of Special Forces soldiers involved in missions in Afghanistan were exposed through a separate data leak. That earlier breach had been shielded by a legal order for nearly two years, emphasizing the persistent nature of such security vulnerabilities. 

The protection of Special Forces members’ identities is a critical requirement due to the covert and high-risk nature of their work. Publicly exposing their names can not only endanger lives but also jeopardize ongoing intelligence missions and international collaborations. The leaked material is also said to have included information about officers working within the Cabinet Office’s National Security Secretariat—an agency that advises the Prime Minister on national defence—and even a soldier assigned to General Walker’s own operational staff. 

While the Grenadier Guards’ publication has now removed the sensitive content, another regiment had briefly published similar details before promptly deleting them. Still, the extended availability of the Grenadier data has raised questions about oversight and accountability in how military associations manage sensitive information.  

General Walker, a former commander of the Grenadier Guards, announced that he has mandated an immediate review of all information-sharing practices between the army and regimental associations. His directive aims to ensure that stronger protocols are in place to prevent such incidents in the future, while still supporting the positive role these associations play for veterans and serving members alike. 

The Defence Ministry has not released details on whether those named in the leak will be relocated or reassigned. However, security analysts say the long-term consequences of the breach could be serious, including potential threats to the personnel involved and operational risks to future Special Forces missions. As investigations continue, the British Army is now under pressure to tighten internal controls and better protect its most confidential information from digital exposure.
Read more »
Sensitive Data Leak
cyber attack Cyber Warfare Cybersecurity Data Breach Data Theft Hacker attack Information Security Personal Data Breach Sensitive Data Leak

Jammu Municipal Corporation Targeted in Major Cyberattack, Sensitive Data Allegedly Stolen

 

In a significant breach of digital infrastructure, the Jammu Municipal Corporation (JMC) has fallen victim to a cyberattack believed to have resulted in the loss of vast amounts of sensitive data. According to high-level intelligence sources, the attackers managed to compromise the website, gaining access to critical records and databases that may include personally identifiable information such as Aadhaar numbers, property ownership documents, tax filings, infrastructure blueprints, and internal administrative communications.  

The breach, which occurred on Friday, has prompted an immediate investigation and system lockdown as cybersecurity teams race to contain the damage and begin recovery operations. Officials involved in the incident response have confirmed that website functionality has been suspended as data restoration processes are initiated. Top intelligence sources indicate that the attack bears hallmarks of Pakistan-sponsored cyber operations aimed at undermining India’s administrative framework. “These tactics are consistent with state-backed cyber warfare efforts targeting strategic and sensitive zones like Jammu and Kashmir,” said a senior intelligence official.

“The objective is often to destabilize public services and spread fear among the populace.” The JMC’s website is a key platform used to manage municipal services, property taxes, and local development projects. Its compromise has raised concerns about the broader implications for civic governance and the potential misuse of the stolen data.  

This latest breach follows a series of unsuccessful but alarming hacking attempts by groups linked to Pakistan. Just a day before the JMC attack, hacker collectives such as ‘Cyber Group HOAX1337’ and ‘National Cyber Crew’ reportedly targeted several Indian websites. Cybersecurity teams were able to detect and neutralize these threats before they could cause any major disruption. Among the recent targets were the websites of Army Public School Nagrota and Army Public School Sunjuwan. These were reportedly subjected to defacement attempts featuring inflammatory messages referencing the victims of the Pahalgam terror attack. 

In another incident, a portal catering to the healthcare needs of retired armed forces personnel was compromised and vandalized. Cybersecurity experts warn that such attacks often aim to disrupt not only public trust but also national morale. The recurring pattern of targeting vulnerable groups—such as schoolchildren and elderly veterans—further emphasizes the psychological warfare tactics employed by these groups. 

As recovery efforts continue, the Indian government is likely to review its cybersecurity protocols across public sector systems, especially in high-risk regions. Enhanced defense measures and greater inter-agency coordination are expected to follow. The investigation remains ongoing, and further updates are expected in the coming days.
Read more »
Mobile Cyber Attacks
Cyber Attacks Data Safety User Data data security Information Security Malware Attack Malwares Mobile Cyber Attacks

SK Telecom Malware Attack Exposes USIM Data in South Korea

 

SK Telecom, South Korea’s top mobile carrier, has disclosed a security incident involving a malware infection that exposed sensitive information tied to users’ Universal Subscriber Identity Modules (USIMs). The breach was detected on the night of April 19, 2025, during the weekend when many companies operate with reduced cybersecurity staffing. 

With nearly half of South Korea’s mobile market share and around 34 million subscribers, SK Telecom holds a crucial position in the country’s telecommunications sector. In an official statement, the company explained that malware had infiltrated parts of its network, prompting immediate action to contain the threat. 

The affected systems were isolated swiftly, and the malicious software was removed. So far, SK Telecom has stated there is no confirmed misuse of customer data linked to this breach. This was reported to the Korea Internet & Security Agency (KISA) on April 20, and to the Personal Information Protection Commission. 
Investigations are ongoing to determine how the attackers gained access and the extent of the data exposed. USIM cards store essential data such as International Mobile Subscriber Identity (IMSI) numbers, phone numbers (MSISDN), encryption keys for network authentication, and sometimes even stored contacts or text messages. Unauthorized access to this information could enable cybercriminals to conduct targeted surveillance, track users’ locations, or perform SIM-swapping attacks that could compromise online accounts and digital assets. 

In response, SK Telecom has strengthened security around USIM card management, increasing checks on SIM card replacement activities and monitoring authentication processes for suspicious behavior. Accounts showing irregular activities could face automatic suspension to prevent potential fraud. Additionally, the carrier is advising customers to activate their USIM protection service, a preventive measure that restricts unauthorized SIM swaps, adding extra protection to user accounts. 

A hacking group is yet to claim responsibility for the breach. SK Telecom emphasized that while the malware was neutralized quickly, they remain vigilant and are working closely with cybersecurity authorities to uncover more details about the intrusion and enhance future protections. 

This breach highlights ongoing risks faced by large mobile operators, especially during periods when cyber defenses might be less robust. It also underscores the critical need for mobile carriers to adopt continuous security monitoring and proactive measures to protect customer data from emerging threats. 

As investigations continue, SK Telecom has committed to updating customers and regulators about any new findings or developments related to the incident.
Read more »
Personal Information
data security device protection Device Security Information Security Mobile Security Password Privacy Personal Information

How to Protect Your Smartphone During US Border Crossings

 

Crossing into the United States has become riskier since the start of Trump’s second administration. Foreign visitors and US visa holders are increasingly being detained, questioned, or deported. As uncertainty grows, travel demand from Canada and Europe has dropped sharply. Regardless of why you are traveling, US Customs and Border Protection (CBP) has the authority to search phones and other electronic devices at the border. 

While other countries also inspect devices, the volatile US policies have led travelers and companies to reconsider what they carry. Canada has issued travel warnings, and journalists are advised to prepare for device searches. At the border, CBP can demand PINs or biometrics to unlock devices. US citizens and green card holders can refuse without being denied entry, although this may trigger additional questioning or device seizure. Visa holders and visitors, however, face detention or deportation if they refuse a search. Travelers must assess their own risk based on legal status, nationality, profession, and online activity. 

To minimize risk, disable facial recognition or fingerprint unlock before traveling and use only a PIN. Update your phone’s software to make it harder to crack. Carry a paper boarding pass and keep your phone off or out of sight when approaching agents. One strategy is to travel with a separate device, either by wiping an old phone or buying a new one. Build a limited digital footprint on the travel phone—use separate emails, social media accounts, and encrypted messaging apps like Signal. 

However, the device should not appear suspiciously clean; normal usage should be simulated to avoid drawing attention. Another option is to clean your primary phone before traveling by backing up and deleting sensitive data and unnecessary apps. After returning, you can restore your phone from backup. However, mistakes in this process can leave traces of personal information vulnerable during inspection. Even if you don’t make major changes, basic steps like deleting old apps, updating software, limiting social media use, and keeping important documents printed can protect your privacy. 

Experts warn that travelers should assume border agents may scrutinize online presence and past posts. As device searches become more common at US borders, preparing ahead of travel has become critical for safeguarding personal information.
Read more »
Malware attacks
AI generated Deepfake AI tools Cyber Attacks data security Data Theft Fake Apps Information Security Malware attacks

Meeten Malware Targets Web3 Workers with Crypto-Stealing Tactics

 


Cybercriminals have launched an advanced campaign targeting Web3 professionals by distributing fake video conferencing software. The malware, known as Meeten, infects both Windows and macOS systems, stealing sensitive data, including cryptocurrency, banking details, browser-stored information, and Keychain credentials. Active since September 2024, Meeten masquerades as legitimate software while compromising users' systems. 
 
The campaign, uncovered by Cado Security Labs, represents an evolving strategy among threat actors. Frequently rebranded to appear authentic, fake meeting platforms have been renamed as Clusee, Cuesee, and Meetone. These platforms are supported by highly convincing websites and AI-generated social media profiles. 
 
How Victims Are Targeted:
  • Phishing schemes and social engineering tactics are the primary methods.
  • Attackers impersonate trusted contacts on platforms like Telegram.
  • Victims are directed to download the fraudulent Meeten app, often accompanied by fake company-specific presentations.

Key behaviors include:
  • Escalates privileges by prompting users for their system password via legitimate macOS tools.
  • Displays a decoy error message while stealing sensitive data in the background.
  • Collects and exfiltrates data such as Telegram credentials, banking details, Keychain data, and browser-stored information.
The stolen data is compressed and sent to remote servers, giving attackers access to victims’ sensitive information. 
 
Technical Details: Malware Behavior on Windows 

On Windows, the malware is delivered as an NSIS file named MeetenApp.exe, featuring a stolen digital certificate for added legitimacy. Key behaviors include:
  • Employs an Electron app to connect to remote servers and download additional malware payloads.
  • Steals system information, browser data, and cryptocurrency wallet credentials, targeting hardware wallets like Ledger and Trezor.
  • Achieves persistence by modifying the Windows registry.
Impact on Web3 Professionals 
 
Web3 professionals are particularly vulnerable as the malware leverages social engineering tactics to exploit trust. By targeting those engaged in cryptocurrency and blockchain technologies, attackers aim to gain access to valuable digital assets. Protective Measures:
  1. Verify Software Legitimacy: Always confirm the authenticity of downloaded software.
  2. Use Malware Scanning Tools: Scan files with services like VirusTotal before installation.
  3. Avoid Untrusted Sources: Download software only from verified sources.
  4. Stay Vigilant: Be cautious of unsolicited meeting invitations or unexpected file-sharing requests.
As social engineering tactics grow increasingly sophisticated, vigilance and proactive security measures are critical in safeguarding sensitive data and cryptocurrency assets. The Meeten campaign underscores the importance of staying informed and adopting robust cybersecurity practices in the Web3 landscape.
Read more »
Ransomwares
ALPHV ALPHV Blackcat Ransomware Change Healthcare Cyber Attacks cybersecurity in healthcare Information Security Ransomware attack Ransomwares

Change Healthcare Restores Clearinghouse Services After Nine-Month Recovery From Ransomware Attack

 

Change Healthcare has announced the restoration of its clearinghouse services, marking a significant milestone in its recovery from a debilitating ransomware attack by the ALPHV/Blackcat group in February. 

The attack caused unprecedented disruption to one of the U.S.’s most critical healthcare transaction systems, which processes over 15 billion transactions annually and supports payments and communications for hospitals, healthcare providers, and patients. The breach led to widespread financial and operational issues, with the American Hospital Association (AHA) reporting that 94% of U.S. hospitals relying on Change Healthcare were affected. Many hospitals experienced severe cash flow challenges, with nearly 60% reporting daily revenue losses of $1 million or more. These difficulties persisted for months as Change Healthcare scrambled to restore its services and mitigate the attack’s impact. 

In response to the financial strain on healthcare providers, UnitedHealth-owned Optum launched a Temporary Funding Assistance Program in March. This initiative provided over $6 billion in interest-free loans to healthcare providers to address cash flow shortages. As of October, $3.2 billion of the funds had been repaid, reflecting progress in stabilizing the industry. However, some services, such as Clinical Exchange, MedRX, and the Payer Print Communication System, are still undergoing restoration, leaving providers to navigate ongoing challenges. 

The breach also exposed sensitive information of approximately 100 million individuals, making it one of the most significant healthcare data breaches in history. Victims’ full names, email addresses, banking details, and medical claims records were among the data compromised. Change Healthcare’s parent company, UnitedHealth, confirmed that the attackers gained access through stolen credentials used to log into a Citrix portal that lacked multi-factor authentication (MFA). UnitedHealth CEO Andrew Witty testified before Congress, admitting to authorizing a $22 million ransom payment to the attackers. He described the decision as one of the hardest he had ever made, emphasizing the urgent need to minimize further harm to the healthcare system. 

Cybersecurity experts have criticized Change Healthcare for failing to implement basic security protocols, including MFA and robust network segmentation, prior to the attack. The attack’s aftermath has been costly, with remediation expenses exceeding $2 billion as of the most recent UnitedHealth earnings report. Critics have described the company’s lack of preventive measures as “egregious negligence.” Tom Kellermann, SVP of cyber strategy at Contrast Security, highlighted that the company failed to conduct adequate threat hunting or prepare for potential vulnerabilities, despite its critical role in the healthcare ecosystem. 

Beyond the immediate financial impact, the incident has raised broader concerns about the resilience of U.S. healthcare infrastructure to cyberattacks. Experts warn that the sector must adopt stronger cybersecurity measures, including advanced threat detection and incident response planning, to prevent similar disruptions in the future. The restoration of Change Healthcare’s clearinghouse services represents a major step forward, but it also serves as a reminder of the severe consequences of insufficient cybersecurity measures in an increasingly digital healthcare landscape. 

The attack has underscored the urgent need for organizations to prioritize data security, invest in robust safeguards, and build resilience against evolving cyber threats.
Read more »
Security Issues
CISO CVE vulnerability CVEs Cyber Security Hacking News Information Security IT Security Security Issues

Cisco Fixes Critical CVE-2024-20418 Vulnerability in Industrial Wireless Access Points

 

Cisco recently disclosed a critical security vulnerability, tracked as CVE-2024-20418, that affects specific Ultra-Reliable Wireless Backhaul (URWB) access points used in industrial settings. These URWB access points are essential for maintaining robust wireless networks in environments like manufacturing plants, transportation systems, and other infrastructure-intensive industries. The vulnerability allows remote, unauthenticated attackers to perform command injection attacks with root privileges by exploiting the device’s web-based management interface. 

This vulnerability results from inadequate validation of input data within Cisco’s Unified Industrial Wireless Software, specifically affecting the web management interface of URWB access points. By sending specially crafted HTTP requests, attackers could exploit this flaw to execute arbitrary commands with root-level access, potentially leading to unauthorized control over the device. This level of access could compromise critical network infrastructure, posing serious risks to businesses relying on URWB technology for uninterrupted connectivity. The vulnerability specifically impacts Cisco Catalyst models IW9165D, IW9165E, and IW9167E when URWB mode is enabled. 

For users concerned about their device’s security, Cisco advises checking vulnerability status by using the “show mpls-config” command in the command-line interface (CLI). If the command confirms URWB mode is active, the device may be vulnerable to potential attacks. Cisco’s Product Security Incident Response Team (PSIRT) has stated that it is not aware of any instances of this vulnerability being actively exploited in real-world scenarios. However, given the nature of this vulnerability, Cisco urges users to update their devices promptly to mitigate the risk. Currently, Cisco has not issued workarounds for this issue. 

As a result, companies relying on these models are advised to stay alert for firmware updates or patches that Cisco may release to resolve the vulnerability. The lack of a temporary fix underlines the importance of applying any future updates immediately, especially as remote exploitation could have significant consequences for the affected systems. For organizations using these Cisco models, securing network access and strengthening device-level defenses can be critical in mitigating potential risks. Limiting access to the web-based management interface, monitoring device activity, and conducting frequent security audits are some proactive steps administrators can take. These actions may help limit exposure while waiting for Cisco’s permanent fix. This incident serves as a reminder of the evolving threat landscape in industrial and operational technology environments. 

As organizations adopt more wireless technologies to improve operational efficiencies, the need for robust cybersecurity practices is crucial. Regularly updating network devices and addressing vulnerabilities promptly are fundamental to protecting systems from cyber threats. Cisco’s disclosure of CVE-2024-20418 underscores the vulnerabilities that even the most reliable industrial-grade devices can exhibit. It also highlights the critical importance of proactive device management and security measures in preventing unauthorized access. Industrial environments should consider this a timely reminder to prioritize cybersecurity protocols across all network-connected devices.
Read more »
SMB
BlueKeep Botnet Botnet attack CVSS 4.0 Cyber Security Information Security RDP SMB

Prometei Botnet: The Persistent Threat Targeting Global Systems

 

The Prometei botnet, active since at least 2016, continues to pose a persistent threat worldwide by exploiting unpatched software vulnerabilities. First identified in 2020, Prometei has since infected over 10,000 systems across diverse regions, including Brazil, Indonesia, Turkey, and Germany. Its resilience stems from its focus on widely used software gaps, particularly in systems with weak configurations, unmonitored security measures, or outdated patches. The Federal Office for Information Security in Germany has labeled it a medium-impact threat, given its extensive reach and ability to bypass security protocols. Prometei operates by exploiting vulnerabilities in widely used software, spreading particularly through unpatched or poorly configured Exchange servers. 

Critical Start’s Callie Guenther highlights Prometei’s strategy of leveraging regions with inadequate cybersecurity, making it highly effective in targeting various systems regardless of location. One notable aspect is its ability to spread through legacy vulnerabilities, such as the BlueKeep flaw in Remote Desktop Protocol (RDP), which has a critical CVSS score of 9.8. By targeting these known issues, Prometei can quickly access poorly maintained systems that remain unprotected. A Prometei attack often starts with a series of network login attempts, typically originating from locations associated with known botnet infrastructure. Once access is secured, the malware tests various system weaknesses, particularly outdated vulnerabilities like BlueKeep and EternalBlue. If successful, it can propagate through Server Message Block (SMB) systems or use ProxyLogon flaws to exploit Windows environments further. 

Prometei’s use of outdated exploits could be seen as less sophisticated; however, its approach is strategic, focusing on identifying vulnerable, under-maintained systems rather than tackling those with robust security protocols. Once established in a target system, Prometei employs several techniques to maintain control and evade detection. For example, it uses a domain generation algorithm (DGA) to enhance its command-and-control (C2) system, allowing continuous operation even if some domains are blocked. It further manipulates firewall settings to ensure its traffic is not obstructed, enabling it to persist even after system reboots. Among its advanced methods is the use of the WDigest protocol, which stores plaintext passwords in memory. 

Prometei forces systems to store passwords in plaintext, then exfiltrates them while bypassing detection by configuring Windows Defender to ignore specific files. The primary goal of Prometei appears to be cryptojacking, as it harnesses infected systems to mine the Monero cryptocurrency without the owners’ knowledge. Additionally, it installs an Apache web server as a web shell, creating a backdoor for attackers to upload more malicious files or execute commands. Prometei’s presence, according to Trend Micro’s Stephen Hilt, often signals deeper security concerns, as it can coexist with other malicious software, highlighting vulnerabilities that attackers may leverage for various purposes. Interestingly, Prometei avoids certain regions, specifically targeting systems outside former Soviet countries. Its command-and-control servers bypass exit nodes within these nations, avoiding accounts tagged as “Guest” or “Other user” in Russian.

Older versions of Prometei also included Russian-language settings, hinting at a potential connection to Russian-speaking developers. The botnet’s name, “Prometei,” references the Greek titan Prometheus, symbolizing a persistence that echoes the botnet’s own sustained presence in global cyber threats. Prometei exemplifies the persistent and evolving nature of modern botnets. Its success in exploiting well-known but unpatched vulnerabilities underscores the importance of maintaining updated security systems. For organizations worldwide, especially those with legacy systems or lax monitoring, Prometei serves as a critical reminder to reinforce defenses against cyber threats, as outdated security leaves systems vulnerable to malicious actors seeking to exploit any gap available.
Read more »
unauthorized software
ChatGPT risks Cybersecurity Data Leaks Data protection Digital Assets Information Security privacy laws server vulnerabilities Shadow IT Technology unauthorized software

Mitigating the Risks of Shadow IT: Safeguarding Information Security in the Age of Technology

 

In today’s world, technology is integral to the operations of every organization, making the adoption of innovative tools essential for growth and staying competitive. However, with this reliance on technology comes a significant threat—Shadow IT.  

Shadow IT refers to the unauthorized use of software, tools, or cloud services by employees without the knowledge or approval of the IT department. Essentially, it occurs when employees seek quick solutions to problems without fully understanding the potential risks to the organization’s security and compliance.

Once a rare occurrence, Shadow IT now poses serious security challenges, particularly in terms of data leaks and breaches. A recent amendment to Israel’s Privacy Protection Act, passed by the Knesset, introduces tougher regulations. Among the changes, the law expands the definition of private information, aligning it with European standards and imposing heavy penalties on companies that violate data privacy and security guidelines.

The rise of Shadow IT, coupled with these stricter regulations, underscores the need for organizations to prioritize the control and management of their information systems. Failure to do so could result in costly legal and financial consequences.

One technology that has gained widespread usage within organizations is ChatGPT, which enables employees to perform tasks like coding or content creation without seeking formal approval. While the use of ChatGPT itself isn’t inherently risky, the lack of oversight by IT departments can expose the organization to significant security vulnerabilities.

Another example of Shadow IT includes “dormant” servers—systems connected to the network but not actively maintained. These neglected servers create weak spots that cybercriminals can exploit, opening doors for attacks.

Additionally, when employees install software without the IT department’s consent, it can cause disruptions, invite cyberattacks, or compromise sensitive information. The core risks in these scenarios are data leaks and compromised information security. For instance, when employees use ChatGPT for coding or data analysis, they might unknowingly input sensitive data, such as customer details or financial information. If these tools lack sufficient protection, the data becomes vulnerable to unauthorized access and leaks.

A common issue is the use of ChatGPT for writing SQL queries or scanning databases. If these queries pass through unprotected external services, they can result in severe data leaks and all the accompanying consequences.

Rather than banning the use of new technologies outright, the solution lies in crafting a flexible policy that permits employees to use advanced tools within a secure, controlled environment.

Organizations should ensure employees are educated about the risks of using external tools without approval and emphasize the importance of maintaining information security. Proactive monitoring of IT systems, combined with advanced technological solutions, is essential to safeguarding against Shadow IT.

A critical step in this process is implementing technologies that enable automated mapping and monitoring of all systems and servers within the organization, including those not directly managed by IT. These tools offer a comprehensive view of the organization’s digital assets, helping to quickly identify unauthorized services and address potential security threats in real time.

By using advanced mapping and monitoring technologies, organizations can ensure that sensitive information is handled in compliance with security policies and regulations. This approach provides full transparency on external tool usage, effectively reducing the risks posed by Shadow IT.
Read more »
USDoD
Data Breach Data Leak DOD Hackers Information Security Sensitive data Social Security Number USA USDoD

Massive Data Breach Exposes Social Security Numbers of 2.9 Billion People

 


A significant data breach has reportedly compromised the personal information of 2.9 billion people, potentially affecting the majority of Americans. A hacking group known as USDoD claims to have stolen this data, which includes highly sensitive information such as Social Security numbers, full names, addresses, dates of birth, and phone numbers. This development has raised alarm due to the vast scope of the breach and the critical nature of the information involved. The breach was first reported by the Los Angeles Times, which revealed that the hacker group is offering the stolen data for sale. 

The breach allegedly stems from National Public Data, a company that collects and stores personal information to facilitate background checks. The company has not formally confirmed the breach but did acknowledge purging its entire database. According to National Public Data, they have deleted all non-public information, although they stopped short of admitting that the data had been compromised. In April, the hacking group USDoD claimed responsibility for the breach, stating that it had obtained the personal information of billions of people. This led to a class-action lawsuit against National Public Data, as victims sought redress for the potential misuse of their sensitive information. 

The lawsuit has intensified scrutiny on the company’s data security practices, particularly given the critical nature of the information it manages. The potential consequences of this breach are severe. The stolen data, which includes Social Security numbers, could be used for a variety of malicious activities, including identity theft, fraud, and other forms of cybercrime. The scale of the breach also highlights the ongoing challenges in safeguarding personal information, particularly when it is collected and stored by third-party companies. As investigations continue, the breach underscores the urgent need for stronger data protection measures. 

Companies that handle sensitive information must ensure that they have robust security protocols in place to prevent such incidents. The breach also raises questions about the transparency and responsibility of organizations when dealing with personal data. In the meantime, consumers and businesses are on high alert, awaiting further developments and the potential fallout from one of the largest data breaches in history. The incident serves as a stark reminder of the risks associated with data storage and the critical importance of cybersecurity.
Read more »
SSNs
Banking Information customer data compromise Data Breach Data Leak IMS Information Security LockBit LockBit ransomware Ransomware attack SSNs

LockBit Ransomware Attack on Infosys McCamish Systems Exposes Sensitive Data of Over Six Million Individuals

 

Infosys McCamish Systems (IMS) recently disclosed that a LockBit ransomware attack earlier this year compromised sensitive information of more than six million individuals. IMS, a multinational corporation specializing in business consulting, IT, and outsourcing services, primarily serves the insurance and financial services industries. The company has a significant presence in the U.S., catering to large financial institutions such as the Bank of America and seven out of the top ten insurers in the country. 

In February 2024, IMS informed the public about the ransomware attack that occurred in November 2023. Initially, the company reported that the personal data of around 57,000 Bank of America customers had been compromised. LockBit, the group responsible for the attack, claimed to have encrypted 2,000 computers within the IMS network. A recent notification to U.S. authorities revealed that the total number of affected individuals now exceeds six million. The notification outlined the steps taken by IMS, including the involvement of third-party eDiscovery experts, to conduct a thorough review of the compromised data. 

This review aimed to identify the personal information accessed and determine the individuals impacted. The compromised data includes a wide range of sensitive information, such as Social Security Numbers (SSNs), dates of birth, medical records, biometric data, email addresses and passwords, usernames and passwords, driver’s license or state ID numbers, financial account information, payment card details, passport numbers, tribal ID numbers, and U.S. military ID numbers. To mitigate the risks associated with this data exposure, IMS is offering affected individuals a free two-year identity protection and credit monitoring service through Kroll. 

The notification letters provided instructions on how to access these services. IMS has not disclosed the full list of impacted clients, but the notification mentioned Oceanview Life and Annuity Company (OLAC), an Arizona-based provider of fixed and fixed-indexed annuities, as one of the affected organizations. The list of impacted data owners may be updated as more customers request to be named in the filing. 

This breach highlights the critical importance of robust cybersecurity measures and the significant impact such attacks can have on both individuals and large financial institutions. The LockBit ransomware attack on IMS serves as a stark reminder of the vulnerabilities within the digital infrastructure of major corporations and the far-reaching consequences of data breaches.
Read more »
Information Security
Businesses Customer Information Cyber Threats Data Breach Data Storage Information Security

The Role of Immutable Data Storage in Strengthening Cybersecurity


 

In today’s rapidly advancing digital world, how organisations store their data is crucial to their cybersecurity strategies. Whether protecting sensitive customer information, securing intellectual property, or ensuring smooth business operations, effective data storage methods can prominently impact an organisation's defence against cyber threats.

Modern businesses are experiencing a massive increase in data generation. This surge is driven by technological innovation, growing customer interactions, and expanding business operations. As data continues to grow at an exponential rate, organisations must find ways to fully utilise this data while also ensuring its security and availability.

Cyberattacks are becoming more frequent and sophisticated, making data protection a top priority for businesses. Ransomware attacks, in particular, are a major concern. These attacks involve cybercriminals encrypting an organisation’s data and demanding a ransom for its release. According to the Verizon 2023 Data Breach Investigations report, ransomware is involved in over 62% of incidents linked to organised crime and 59% of financially motivated incidents. The consequences of such attacks are severe, with businesses taking an average of 9.9 days to return to normal operations after a ransomware incident. Additionally, 1 in 31 companies worldwide faces weekly ransomware attacks, underscoring the urgent need for robust data protection measures.

Immutable data storage has become a key strategy in bolstering cybersecurity defences. Unlike traditional storage methods, which allow data to be modified or deleted, immutable storage ensures that once data is written, it cannot be altered or erased. This feature is crucial for maintaining data integrity and protecting critical information from tampering and unauthorised changes.

By adopting immutable storage solutions, organisations can significantly reduce the risks associated with cyberattacks, particularly ransomware. Even if attackers manage to penetrate the network, the immutable data remains unchanged and intact, rendering ransom demands ineffective. This approach not only protects sensitive information but also helps maintain business continuity during and after an attack.

As businesses continue to face the growing threat of cybercrime, adopting advanced data storage solutions like immutable storage is essential. By ensuring that data cannot be altered or deleted, organisations can better protect themselves from the devastating impacts of cyberattacks, safeguard critical information, and maintain operations without interruption. In an age where data is both a valuable asset and a prime target, robust storage strategies are indispensable to a comprehensive cybersecurity strategy.



Read more »
Subscribe to: Comments (Atom)