Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label News. Show all posts
Supply-Chain Attack
Breach attack cyberattacks trending news Data Breach News Supply-Chain Attack

Hackers Breach Cyberhaven’s Chrome Extension in Supply-Chain Attack, Exfiltrating Sensitive Data

Hackers compromised Cyberhaven’s Chrome extension in a suspected supply-chain attack, publishing a malicious update capable of stealing customer passwords and session tokens. The attack raised serious concerns about the security of widely-used browser extensions. Cyberhaven, a data-loss prevention startup, confirmed the incident but withheld specific technical details about the breach.

According to an email sent to affected customers and later shared by security researcher Matt Johansen, the attack occurred during the early hours of December 25. Hackers reportedly gained access to a company account and used it to push a malicious update (version 24.10.4) to unsuspecting users. This update potentially allowed attackers to exfiltrate sensitive information, such as authenticated session tokens, cookies, and customer credentials.

The breach was detected later that day by Cyberhaven's internal security team, who immediately removed the compromised extension from the Chrome Web Store. A secure version (24.10.5) was released shortly afterward to mitigate the impact and restore user confidence. However, the rapid timeline of the attack highlights the challenges companies face in responding to supply-chain breaches.

Impact on Corporate Users

Cyberhaven’s products are widely used by over 400,000 corporate customers to monitor for data exfiltration and cyber threats. Affected organizations include a mix of prominent enterprises and technology leaders, such as:

  • Snowflake: Cloud data platform provider
  • Canon: Imaging and optical solutions company
  • Motorola: Telecommunications and consumer electronics firm
  • Reddit: Social media and online forum giant
  • AmeriHealth: Healthcare insurance provider
  • Cooley: International law firm
  • IVP: Investment management company
  • DBS: Leading banking group in Asia
  • Kirkland & Ellis: Prestigious global law firm
  • Upstart: AI-powered lending platform

Although Cyberhaven has refrained from disclosing the exact number of customers impacted, the company strongly advised all users to take immediate precautionary steps. These included revoking and rotating passwords, regenerating API tokens, and thoroughly reviewing system logs for any signs of malicious activity.

Security Weaknesses Exploited

The attack shed light on a critical security lapse. Cyberhaven disclosed that the compromised account was the sole administrator for the Google Chrome Store, granting attackers full control over extension updates. However, the exact method used to breach this account remains unclear. The incident has prompted the company to launch a comprehensive security review, with plans to implement stricter safeguards for its account management and extension distribution processes.

To aid in the investigation, Cyberhaven has engaged Mandiant, a leading incident response firm, and is collaborating with federal law enforcement agencies. Early findings suggest the breach was part of a broader campaign targeting multiple Chrome extension developers, affecting extensions with tens of thousands of users.

Insights from Experts

Jaime Blasco, CTO of Nudge Security, emphasized that the attack appeared opportunistic rather than targeted specifically at Cyberhaven. "It seems it wasn’t targeted against Cyberhaven, but rather opportunistically targeting extension developers. I think they went after the extensions that they could based on the developers’ credentials that they had," Blasco explained.

Cyberhaven echoed this assessment, pointing to public reports that suggest the attack extended across multiple organizations. While the full scope of the campaign and the identity of the perpetrators remains unclear, the incident underscores the importance of securing developer credentials and implementing rigorous monitoring processes for software supply chains.

As supply-chain attacks continue to evolve, this breach serves as a stark reminder for organizations to remain vigilant and proactive in securing their digital ecosystems.

Read more »
trending cybersecurity news
Data threats malware News Palo Alto Networks' Unit 42 research Phising Attacks Social Media threats trending cybersecurity news

Cybercriminals Leverage LLMs to Generate 10,000 Malicious Code Variants

Cybersecurity researchers are raising alarms over the misuse of large language models (LLMs) by cybercriminals to create new variants of malicious JavaScript at scale. A report from Palo Alto Networks Unit 42 highlights how LLMs, while not adept at generating malware from scratch, can effectively rewrite or obfuscate existing malicious code.

This capability has enabled the creation of up to 10,000 novel JavaScript variants, significantly complicating detection efforts.

Malware Detection Challenges

The natural-looking transformations produced by LLMs allow malicious scripts to evade detection by traditional analyzers. Researchers found that these restructured scripts often change classification results from malicious to benign.

In one case, 88% of the modified scripts successfully bypassed malware classifiers.

Despite increased efforts by LLM providers to impose stricter guardrails, underground tools like WormGPT continue to facilitate malicious activities, such as phishing email creation and malware scripting.

OpenAI reported in October 2024 that it had blocked over 20 attempts to misuse its platform for reconnaissance, scripting, and debugging purposes.

Unit 42 emphasized that while LLMs pose significant risks, they also present opportunities to strengthen defenses. Techniques used to generate malicious JavaScript variants could be repurposed to create robust datasets for improving malware detection systems.

AI Hardware and Framework Vulnerabilities

In a separate discovery, researchers from North Carolina State University revealed a side-channel attack known as TPUXtract, which can steal AI model hyperparameters from Google Edge Tensor Processing Units (TPUs) with 99.91% accuracy.

The attack exploits electromagnetic signals emitted during neural network inferences to extract critical model details. Although it requires physical access and specialized equipment, TPUXtract highlights vulnerabilities in AI hardware that determined adversaries could exploit.

Study author Aydin Aysu explained that by extracting architecture and layer configurations, the researchers were able to recreate a close surrogate of the target AI model, potentially enabling intellectual property theft or further cyberattacks.

Exploiting AI Frameworks

Morphisec researchers disclosed another AI-targeted threat involving the Exploit Prediction Scoring System (EPSS), a framework used to evaluate the likelihood of software vulnerabilities being exploited.

By artificially boosting social media mentions and creating GitHub repositories with placeholder exploits, attackers manipulated EPSS outputs.

This resulted in the exploitation likelihood for certain vulnerabilities increasing from 0.1 to 0.14 and shifting their percentile ranking from the 41st to the 51st percentile.

Ido Ikar from Morphisec warned that such manipulation misguides organizations relying on EPSS for vulnerability management, enabling adversaries to distort vulnerability assessments and mislead defenders.

The Double-Edged Sword of Generative AI

While generative AI offers significant potential for bolstering cybersecurity defenses, its misuse by cybercriminals presents a formidable threat.

Organizations must:

  • Invest in advanced AI-driven detection systems capable of identifying obfuscated threats;
  • Implement robust physical security measures to protect AI hardware from side-channel attacks;
  • Continuously monitor and validate AI framework outputs to mitigate manipulation risks.

As adversaries innovate, businesses and researchers must push their operations to stay ahead, leveraging the same AI advancements to fortify their defenses.

Read more »
USA
Cyber Security cyberattacks trending news foreign cyber espionage News USA

U.S. Officials Sound Alarm Over Salt Typhoon Hack as Cybersecurity Becomes Political Flashpoint

 

U.S. Officials Urge Encryption Adoption Amid "Salt Typhoon" Cyberattack In an unprecedented response to the "Salt Typhoon" cyber intrusion, top cybersecurity and law enforcement officials in the U.S. are urging citizens to adopt encrypted messaging platforms. The attack, attributed to Chinese government-linked hackers, has infiltrated critical U.S. telecom systems, enabling monitoring of metadata and communications in Washington, D.C. Scope of the Salt Typhoon Attack Described as "the worst hack in our nation’s history" by Sen. Mark Warner of Virginia, the Salt Typhoon cyberattack has compromised various U.S. systems. Key details include:
  • The breach targeted telecom infrastructure, including systems handling court-ordered wiretaps.
  • While access to classified data remains unconfirmed, the intrusion has caused widespread alarm.
  • Hackers accessed metadata such as call times and locations, though encrypted platforms like Signal and Apple’s iMessage reportedly remained secure.
Global Advisory from Five Eyes Alliance In response, the Five Eyes intelligence alliance—which includes the U.S., UK, Canada, Australia, and New Zealand—has issued a joint advisory. Recommendations include:
  • Strengthening system defenses to mitigate similar threats.
  • Encouraging widespread adoption of encrypted communication platforms.
Political Context Complicates Encryption Discussions Domestically, political developments are influencing the discourse on encryption:
  • Former President Donald Trump is set to return to office in January 2025.
  • Concerns have emerged over potential misuse of federal surveillance tools.
  • Trump's nomination of Kash Patel to head the FBI has amplified fears due to Patel’s controversial statements about targeting political adversaries.
These dynamics have heightened calls for encrypted communication as a safeguard against both foreign and domestic surveillance. 
 
Historically, the FBI has opposed widespread encryption, citing its impact on investigations. However:
  • The FBI now advocates for "responsibly managed encryption," signaling a shift in approach.
  • The Salt Typhoon breach has underscored the vulnerabilities of unencrypted systems.
  • Even intercepted encrypted data is rendered unusable, highlighting encryption’s critical role in security.
The Growing Need for Encryption Salt Typhoon’s success in breaching non-encrypted communication systems serves as a wake-up call:
  • Hackers struggled with encrypted platforms, showcasing their effectiveness in protecting data.
  • Experts warn of more frequent and sophisticated cyberattacks amid rising geopolitical tensions.
For individuals, adopting encryption for personal communications has become indispensable. 

The dual threats of foreign cyber espionage and potential domestic overreach have aligned cybersecurity officials and privacy advocates on the importance of encryption. As the U.S. navigates these challenges, securing digital communications is essential for both national security and personal privacy.
Read more »
News
Andromeda APAC cyberattacks trending news malware News

Andromeda Malware Resurfaces: Targeting APAC Manufacturing and Logistics Industries

In a fresh revelation by the Cybereason Security Services Team, a new wave of attacks linked to the notorious Andromeda malware has been uncovered, focusing on manufacturing and logistics sectors in the Asia-Pacific (APAC) region. This decades-old malware, first detected in 2011, continues to evolve, proving itself as a relentless tool in the cybercriminal arsenal. 

Known for its modular nature, Andromeda has long been a favorite for hackers due to its versatility. Historically spread through malicious email attachments, infected USB drives, and secondary payloads, the malware is now leveraging more sophisticated techniques to wreak havoc. Once installed, Andromeda’s capabilities include stealing sensitive data, such as passwords, creating backdoor access, and downloading additional malware, making it a multipurpose threat for industrial espionage. 

One of its standout features is its use of “USB drop attacks.” Compromised USB drives can execute malicious files automatically, infecting systems upon connection. The malware’s disguise game is strong—DLLs with inconspicuous names like “~$W*.USBDrv” and “~$W*.FAT32” are loaded using rundll32.exe to fly under the radar. 

Additionally, “desktop.ini” files, typically seen as harmless system files, are being weaponized to trigger the malware’s activities. A critical part of Andromeda’s resurgence lies in its advanced command-and-control (C2) infrastructure. During Cybereason’s investigation, one such C2 domain, suckmycocklameavindustry[.]in, demonstrated agility by resolving to multiple IP addresses, ensuring constant communication between infected systems and the threat operators. 

The attackers also use WebDAV exploitation to download these malicious payloads. Their tactics highlight the ongoing evolution of Andromeda, as it adapts to modern cybersecurity challenges. Cybereason’s investigation suggests that this campaign may be tied to the infamous Turla group, also known as UNC4210. It also indicates that an older Andromeda sample may have been hijacked and repurposed by the group, further complicating attribution. 

The ultimate target of these attacks appears to be industrial espionage. Manufacturing and logistics companies in the APAC region are being infiltrated to steal valuable data, disrupt operations, and potentially execute further malicious actions. The campaign underscores the ongoing risks faced by industries heavily reliant on supply chains and operational technology.
Read more »
Threats from Technology
Britain Cyberattack cyberattacks trending news Data Theft NCSC News Technology Threats from Technology

UK Faces Growing Cyber Threats from Russia and China, Warns NCSC Head

The UK is facing an increasing number of cyberattacks from Russia and China, with serious cases tripling in the past year, according to a new report by the National Cyber Security Centre (NCSC). On Tuesday, Richard Horne, the new NCSC chief, stated that the country is at a critical point in safeguarding its essential systems and services from these threats.

Rising Threats and Attacks

The report reveals a disturbing rise in sophisticated cyber threats targeting Britain’s public services, businesses, and critical infrastructure. Over the past year, the agency responded to 430 cyber incidents, a significant increase from 371 the previous year. Horne highlighted notable incidents such as the ransomware attack on pathology provider Synnovis in June, which disrupted blood supplies, and the October cyberattack on the British Library. These incidents underscore the severe consequences these cyber threats have on the UK.

Challenges and Alliances

Similar challenges are being faced by the UK’s close allies, including the U.S., with whom the country shares intelligence and collaborates on law enforcement. Horne emphasized the UK’s deep reliance on its digital infrastructure, which supports everything from powering homes to running businesses. This dependency has made the UK an appealing target for hostile actors aiming to disrupt operations, steal data, and cause destruction.

“Our critical systems are the backbone of our daily lives—keeping the lights on, the water running, and our businesses growing. But this reliance also creates vulnerabilities that our adversaries are eager to exploit,” Horne stated.

Cybersecurity Challenges from Russia and China

According to the report, Russia and China remain at the forefront of the UK’s cybersecurity challenges. Russian hackers, described as “reckless and capable,” continue to target NATO states, while China’s highly advanced cyber operations aim to extend its influence and steal critical data. Horne called for swift and decisive action, urging both the government and private sector to enhance their defenses.

Recommendations for Strengthening Cybersecurity

Horne emphasized the need for more robust regulations and mandatory reporting of cyber incidents to better prepare for future threats. He stressed that a coordinated effort is necessary to improve the UK’s overall cybersecurity posture and defend against adversaries’ growing capabilities.

Read more »
Vulnerability
CISA Critical Exploits cyberattacks trending news News Vulnerabilities Vulnerability

CISA Warns of Critical Exploits in ProjectSend, Zyxel, and Proself Systems


Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has discovered and added three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, impacting North Grid Proself, ProjectSend, and Zyxel firewalls, are being actively exploited, posing serious risks of data breaches and operational disruptions to unpatched systems. At the time of publishing, Zyxel acknowledged the issue and advised users to update their firmware promptly and strengthen admin credentials.

Vulnerabilities Identified in North Grid Proself, ProjectSend, and Zyxel Firewalls

North Grid Proself Vulnerability (CVE-2023-45727): A severe XML processing vulnerability in North Grid Proself has been identified, allowing attackers to bypass restrictions and access sensitive server data. Systems running versions older than 5.62, 1.65, and 1.08 are vulnerable to exploitation through maliciously crafted XML requests, which can extract sensitive account information.

ProjectSend Vulnerability (CVE-2024-11680): A critical authentication flaw in ProjectSend, an open-source file-sharing platform, has been flagged with a CVSS severity score of 9.8. Versions prior to r1720 are susceptible to attacks where malicious actors manipulate the options.php file using crafted HTTP requests. This enables them to create unauthorized accounts, upload webshells, and inject harmful JavaScript code. Security researchers from VulnCheck report that attackers are leveraging automated tools such as Nuclei and Metasploit to exploit this vulnerability.

Notably, exploitation attempts are marked by altered server configurations, including random strings in landing page titles—a trend observed since September 2024. Despite a patch being released in May 2023, over 4,000 exposed instances remain vulnerable.

Zyxel Firewall Vulnerability (CVE-2024-11667): Zyxel firewalls running firmware versions between V5.00 and V5.38 are vulnerable to a directory traversal attack. This flaw allows attackers to upload or download files via manipulated URLs within the web management interface, potentially compromising system integrity.

Exploitation Attempts and Mitigation Strategies

ProjectSend instances have been the primary focus of attackers. Public-facing systems have seen unauthorized user registrations—a setting not enabled by default—facilitating access for malicious actors. Webshells uploaded during these attacks are often stored in predictable directories, with filenames tied to timestamps and user data. Organizations are urged to review server logs to identify and address suspicious activities.

Under Binding Operational Directive (BOD) 22-01, federal agencies must prioritize these vulnerabilities, while CISA has recommended that private organizations take immediate action to mitigate the risks. Updating software, reviewing server configurations, and enhancing log analysis are critical steps to safeguard systems from exploitation.

Read more »
Technology
AI cyberattacks trending news cyberspace concerns News space cyber attacks Technology

Orbit Under Siege: The Cybersecurity Challenges of Space Missions


The integration of emerging technologies is reshaping industries worldwide, and the space sector is no exception. Artificial intelligence (AI), now a core component in many industries, has significantly transformed space missions. However, this progress also introduces new cybersecurity risks. 

In recent years, spacecraft, satellites, and space-based systems have increasingly become targets for malicious actors, including nation-sponsored hacker groups, raising serious concerns about mission safety and national security. According to a 2024 Deloitte report, the number of active satellites in orbit is approaching 10,000 and is expected to double every 18 months. This rapid growth increases the risk of cyberattacks on satellites, ground stations, and communication links.   

Potential Risks and Consequences  


These vulnerabilities could have far-reaching consequences, from disrupting critical infrastructure and compromising national security to negatively impacting the economy and environment. William Russell, Director of Contracting and National Security Acquisitions at the U.S. Government Accountability Office, highlighted the challenges during an interview with CNBC:   > "Space systems face unique challenges where physical access for repairs is impossible post-launch. A cyber breach could lead to mission failures, data loss, or even hostile control of space vehicles."  

The escalating space race between global powers such as the U.S. and China further amplifies cybersecurity concerns. Notable incidents include a cyberattack on Japan’s space agency JAXA and breaches targeting SpaceX’s Starlink satellites.   

Collaborative Efforts to Enhance Security 


In response to these threats, leading technology companies are collaborating with governments to strengthen space cybersecurity. For instance:   

  • Microsoft partners with the U.S. Space Force, providing Azure cloud infrastructure and cybersecurity tools. 
  • Nvidia enhances satellite data analysis with advanced GPUs. 
  • Google and Amazon Web Services (AWS) offer secure cloud solutions to support space missions. 

Despite these efforts, overreliance on automated systems presents additional risks. Wayne Lonstein, co-founder and CEO at VFT Solutions and co-author of Cyber-Human Systems, Space Technologies, and Threats warned: > "High dependency on automated systems could lead to catastrophic failures if those systems malfunction." 

A Secure-By-Design Approach 


To mitigate these risks, the Deloitte report emphasizes the importance of adopting a "secure-by-design" approach, embedding cybersecurity measures throughout the design and development phases of space systems. Key recommendations include:   

1. Enhancing real-time threat detection and response capabilities. 
2. Promoting collaboration among industry stakeholders to share critical information. 
3. Establishing robust cybersecurity protocols across the supply chain.   

By taking a proactive approach, the space industry can better safeguard its operations and minimize the potential impact of cyber incidents on vital systems, both in orbit and on Earth.
Read more »
RECOPE
Costa Rica cybercrime cyber attack Cyber Attacks Cyberattacks cyberattacks trending news News RECOPE

Costa Rica Faces Another Cyberattack, RECOPE Operations Shift to Manual Mode

 

Costa Rica’s state-owned oil company, RECOPE, suffered a ransomware attack on November 27, disrupting its digital operations and forcing a shift to manual procedures to maintain uninterrupted fuel distribution. 

This attack is the second major cyber incident targeting a government institution in the past month, following a similar assault on the General Directorate of Migration (DGME). 

Impact on Fuel Supply 


Despite the disruption, RECOPE assured citizens that the fuel supply remains unaffected, thanks to sufficient inventories. Manual operations, including extended working hours, have been implemented to meet demand, especially after a surge in fuel sales driven by public concerns. 

The ransomware temporarily disabled RECOPE’s digital payment systems, which are often compromised via phishing emails or malicious downloads. 

Efforts to Restore Systems 


RECOPE is working with Costa Rica’s Ministry of Science, Innovation, Technology, and Telecommunications (MICITT) and U.S. cybersecurity experts to restore the affected systems while ensuring safe operations. However, no timeline for full recovery has been provided. 

In comparison, the DGME attack earlier in November caused significant disruptions to online services, though essential operations like border control and passport issuance continued without interruption. 


Escalating Cyber Threats in Costa Rica 


These incidents highlight the increasing threat to Costa Rica’s public institutions and their digital infrastructure. 

  • 2022 Conti Gang Attack: A notorious attack by the Conti gang paralyzed several government services and prompted Costa Rica to declare a state of emergency. 
  • U.S. Aid: The U.S. provided USD 25 million to help strengthen Costa Rica’s cybersecurity. 

Despite these efforts, the recent breaches expose persistent vulnerabilities in the nation’s rapidly digitizing but under-secured systems.  

Global Implications 


Experts warn that attacks on Costa Rican institutions could serve as testing grounds for cybercriminals, helping refine tactics for larger assaults on critical infrastructure in nations like the United States. 

Ransomware has evolved from a nuisance to a sophisticated criminal enterprise, often leveraging zero-day exploits and ransomware-as-a-service platforms. 

International Response 


Globally, governments are intensifying efforts to combat ransomware. The U.S. has established an international counter-ransomware task force, and there is a growing push to classify ransomware attacks as national security threats. 

These measures aim to curb the escalating threat and protect critical infrastructure from increasingly sophisticated cyberattacks.
Read more »
UEFI Bootkit
Bookitty Data theft extortion Linux Systems malware Malware Attack News trending news UEFI Bootkit

Bootkitty: The Game-Changing Malware Targeting Linux Systems

 

This malware, named Bootkitty, introduces a new method of attacking Linux, which has traditionally been considered safer from such stealthy threats compared to Windows. Bootkits are highly dangerous because they infect a computer’s boot process, loading before the operating system starts. 

This allows them to take deep control of a system while avoiding detection by traditional security tools.   

Bootkitty specifically targets certain versions of Ubuntu Linux by bypassing critical security checks during system boot.   

How Bootkitty Works  


ESET discovered Bootkitty in November 2024 when a suspicious file, bootkit.efi, was uploaded to VirusTotal. The malware uses advanced techniques to bypass kernel signature verification and inject malicious components during the system boot process.   

It relies on a self-signed certificate, meaning it won’t function on systems with Secure Boot enabled.   The malware hooks into UEFI security protocols and GRUB bootloader functions, disabling key security checks and loading malicious modules into the Linux kernel.  Bootkitty also forces a malicious library to load into system processes upon startup.   

However, the malware is not without flaws.  It only works on specific GRUB and kernel versions, which limits its effectiveness.  It can cause system crashes due to compatibility issues.   

During their investigation, researchers also found another suspicious file, BCDropper, likely associated with Bootkitty. BCDropper installs a rootkit named BCObserver, which provides stealthy control by hiding files, processes, and open ports on the infected system.   

Growing Threat to Linux   


Although Bootkitty is not yet fully developed or actively deployed in real-world attacks, its discovery is concerning. It signals that cybercriminals are increasingly targeting Linux as more businesses rely on it for critical operations.  

To help organizations defend against Bootkitty, ESET has published indicators of compromise (IoCs) on GitHub.   

Recommendations for Protection   


  • Enable Secure Boot: Since Bootkitty cannot operate with Secure Boot enabled, this is a crucial defense. 
  • Update Security Tools: Keeping antivirus and other security software up to date can help detect and block new threats.  

This discovery underscores the growing sophistication of Linux-targeted malware and the need for robust security practices to safeguard critical systems.
Read more »
trending news
company data theft corporate cyber attacks cyberattacks trending news malware News trending news

BianLian Ransomware Gang Shifts Tactics: A New Era of Cyber Threats

 

A recent advisory from the FBI, CISA, and Australia’s Cyber Security Centre reveals a tactical shift by the ransomware group BianLian, marking a significant evolution in cyber extortion. The update, issued on November 20, 2024, highlights how the group has abandoned traditional encryption-based attacks in favor of exfiltration-only extortion, a trend gaining momentum across the cybercrime landscape. Previously known for their double-extortion model—encrypting victims' data while threatening to release stolen files—BianLian has moved exclusively to encryption-less attacks since early 2023. 

Instead of locking victims out of their systems, the group focuses solely on stealing sensitive data and leveraging it to demand ransoms. This new approach leaves the victims’ systems intact, but their sensitive information becomes the ultimate bargaining chip. “This method allows criminals to exploit multiple avenues for extortion,” the advisory states. “Even when victims pay, stolen data is rarely deleted and often surfaces on the Dark Web.” 

The shift reflects both a response to improved corporate defenses and a focus on operational efficiency. Muhammad Yahya Patel, lead security engineer at Check Point Software, noted that exfiltration-only attacks require fewer resources, making them harder to detect. “This tactic reduces the need for encryption malware, minimizing operational complexity and allowing attackers to stay under the radar,” Patel explained. 

Organizations with robust backup systems can recover from encryption-based attacks, diminishing their effectiveness. Pedro Umbelino, principal research scientist at Bitsight, observed, “Encryption rarely leads to data loss now, but companies still fear the public release of stolen data. Ransomware operators are prioritizing simpler methods to maximize profit.” The trend extends beyond BianLian. Darren Williams, CEO of BlackFog, revealed that 94% of ransomware attacks in 2024 now center on data theft rather than encryption. 

“The value of intellectual property, customer, and personal data has made exfiltration the preferred method for cybercriminals,” Williams noted. 

For organizations, this shift underscores the urgency of adapting cybersecurity defenses. Unlike encryption attacks, data exfiltration is harder to detect and often unnoticed until it’s too late. Investing in advanced monitoring tools, enhancing incident response plans, and fostering a culture of cybersecurity awareness are critical steps in mitigating this emerging threat. The rise of exfiltration-only ransomware is a stark reminder of cybercriminals’ adaptability. Businesses must evolve their defenses to match the growing sophistication of their adversaries.
Read more »
trending news
Game Emulation News online games Technology trending news

Game Emulation: Keeping Classic Games Alive Despite Legal Hurdles

 For retro gaming fans, playing classic video games from decades past is a dream, but it’s tough to do legally. This is where game emulation comes in — a way to recreate old consoles in software, letting people play vintage games on modern devices. Despite opposition from big game companies, emulation developers put in years of work to make these games playable. 

Game emulators work by reading game files, called ROMs, and creating a digital version of the console they were designed for. Riley Testut, creator of the Delta emulator, says it’s like opening an image file: the ROM is the data, and the emulator brings it to life with visuals and sound. 

Testut and his team spent years refining Delta, even adding new features like online multiplayer for Nintendo DS games. Some consoles are easy to emulate, while others are a challenge. Older systems like the Game Boy are simpler, but emulating a PlayStation requires recreating multiple processors and intricate hardware functions. Developers use tools like OpenGL or Vulkan to help with complex 3D graphics, especially on mobile devices. 

Emulators like Emudeck, popular on the Steam Deck, make it easy to access multiple games in one place. For those wanting an even more authentic experience, FPGA hardware emulation mimics old consoles precisely, though it’s costly. While game companies often frown on ROMs, some, like Xbox, use emulation to re-release classic games legally. 

However, legal questions remain, and complex licensing issues keep many games out of reach. Despite these challenges, emulation is thriving, driven by fans and developers who want to preserve gaming history. Though legal issues persist, emulation is vital for keeping classic games alive and accessible to new generations.
Read more »
trending news
AI threats Artifical Inteligence News Techn trending news

Big Tech’s Data-Driven AI: Transparency, Consent, and Your Privacy

In the evolving world of AI, data transparency and user privacy are gaining significant attention as companies rely on massive amounts of information to fuel their AI models. While Big Tech giants need enormous datasets to train their AI systems, legal frameworks increasingly require these firms to clarify what they do with users’ personal data. Today, many major tech players use customer data to train AI models, but the specifics often remain obscure to the average user. 

In some instances, companies operate on an “opt-in” model where data usage requires explicit user consent. In others, it’s “opt-out”—data is used automatically unless the user takes steps to decline, and even this may vary based on regional regulations. For example, Meta’s data-use policies for Facebook and Instagram are “opt-out” only in Europe and Brazil, not the U.S., where laws like California’s Consumer Privacy Act enforce more transparency but allow limited control. 

The industry’s quest for data has led to a “land grab,” as companies race to stockpile information before emerging laws impose stricter guidelines. This data frenzy affects users differently across sectors: consumer platforms like social media often limit users’ choice to restrict data use, while enterprise software clients expect privacy guarantees.  

Controversy around data use has even caused some firms to change course. Adobe, following backlash over potentially using business customer data for training, pledged not to employ it for AI model development. Similarly, Apple has crafted a privacy-first architecture for its AI, promising on-device processing whenever possible and, when necessary, private cloud storage. Microsoft’s AI, including its Copilot+ features, has faced scrutiny as well. 

Privacy concerns delayed some features, prompting the company to refine how data like screenshots and app usage are managed. OpenAI, a leader in generative AI, offers varied data-use policies for free and paid users, giving businesses greater control over data than typical consumers.
Read more »
Trending Cyberattack news
blockchain breach Breach Incidents Data Breach News Trending Cyberattack news

Researchers Develop Blockchain-Based Federated Learning Model to Boost IoT Security

 

In a groundbreaking development for Internet of Things (IoT) security, a team of researchers led by Wei Wang has introduced a novel distributed federated intrusion detection system. The study, published in Frontiers of Computer Science and co-published by Higher Education Press and Springer Nature, addresses key challenges in protecting IoT networks from sophisticated cyber-attacks. IoT devices have long been vulnerable to cyber intrusions, and traditional, centralized models of training detection algorithms often come with risks, including high communication costs and potential privacy leaks. 

They also struggle to identify new, unknown types of attacks. The research team’s new approach aims to overcome these issues by using federated learning, a decentralized method where data is processed locally rather than on a central server. 
This approach enhances privacy and minimizes communication expenses. To strengthen the security of their detection model, the team integrated a blockchain-based architecture into the federated learning system. 

In this setup, all participating entities conduct model training on their devices and upload only the model parameters to the blockchain. This design creates a secure, distributed environment for collaborative model verification. A proof-of-stake consensus mechanism is implemented, ensuring that only trustworthy entities contribute to the training process, effectively blocking out malicious participants. 

A unique aspect of this method is its ability to detect unknown attack types. Each device in the system uses an end-to-end clustering algorithm that relies on spatial-temporal data differences to identify new types of intrusions. Tests conducted on the AWID dataset showed that this model outperforms previous detection techniques, offering enhanced security and accuracy in identifying novel threats. The research team views this development as a significant step toward more secure IoT networks. 

“The integration of blockchain with federated learning brings a new level of security and adaptability to intrusion detection,” the team noted. 

Looking ahead, the researchers plan to focus on refining the model’s efficiency to support real-time detection needs in IoT systems. This study highlights the potential of blockchain-based federated learning as a robust defense against cyber threats in the expanding IoT ecosystem.
Read more »
trending news
bank scams call scams Data Theft News Phishing Attacks Phising trending news

FakeCall Malware for Android Escalates Threat, Hijacks Outgoing Bank Calls

 

A newly evolved version of the FakeCall malware, a dangerous Android banking trojan, has been discovered hijacking users’ outgoing calls to their financial institutions, redirecting them to phone numbers controlled by attackers. The malware, first identified by Kaspersky in April 2022, focuses on voice phishing (vishing) scams, tricking victims into revealing sensitive banking information. 

The trojan presents a fake call interface that closely mimics Android’s default dialer, convincing victims they are communicating with legitimate bank representatives. 

This makes it challenging for users to discern the deception. When attempting to call their bank, the malware secretly redirects the call to attackers, who impersonate bank officials to steal personal information and money from accounts. A new report from Zimperium reveals that the latest FakeCall variant further enhances its capabilities. 

By tricking users into setting it as the default call handler during installation, the malware gains the ability to intercept both incoming and outgoing calls. In addition, the malware manipulates the Android user interface to show the bank’s actual phone number while connecting the victim to a scammer, deepening the illusion of legitimacy. The updated malware also adds new, though still developing, functionalities. 

It now uses Android’s Accessibility Service to simulate user actions, control the dialer interface, and automatically grant itself permissions. FakeCall’s operators have also introduced a Bluetooth listener and a screen state monitor, indicating ongoing development toward more advanced attack methods. Additional commands integrated into the latest version include capturing live screen content, taking screenshots, and accessing or deleting device images. 

These upgrades demonstrate the malware’s evolving sophistication, as it becomes harder to detect and remove. Security experts recommend avoiding the manual installation of Android apps through APKs, encouraging users to rely on the Google Play Store for app downloads. Though malware can still infiltrate Google Play, the platform’s security measures, such as Google Play Protect, can help identify and remove malicious apps when detected.
Read more »
trending news
Cyber Crime CyberCrime cybercrime news data crime Illicit Payment Gateways Indian Cybercrimes News trending news

India Cracks Down on Cybercrime with Warning Against Illegal Payment Gateways

 

In a sweeping move to combat organized cybercrime, India’s Ministry of Home Affairs (MHA), through the Indian Cybercrime Coordination Center (I4C), has issued a stark warning about illegal payment gateways reportedly run by transnational cyber criminals. These illicit gateways—PeacePay, RTX Pay, PoccoPay, and RPPay—are allegedly being used as conduits for money laundering, utilizing mule bank accounts rented from shell companies and individuals. 

The network is operated by foreign nationals and offers money laundering as a service, allowing criminal organizations to process and disguise illicit funds. Recent nationwide raids by Gujarat (Indian State) and Andhra Pradesh (Indian State) police have uncovered a complex network of digital payment platforms linked to various cybercrimes, the Ministry of Home Affairs announced in a press statement. 

These platforms exploit rented bank accounts—sourced through social media platforms like Telegram and Facebook—that belong to shell entities or individuals. “Current and saving accounts are scouted through social media, primarily from Telegram and Facebook,” the statement said, underlining the role of social media in recruiting mule accounts for illegal activities. 

According to the Cybercrime Coordination Center, these mule accounts are often remotely controlled by overseas operatives who leverage them to process transactions for various fraudulent schemes. These range from fake investment and offshore betting scams to phony stock trading platforms. Once funds are deposited, they are quickly transferred to other accounts, employing bulk payout options provided by banks to obscure the money trail. 

The Coordination Center has urged citizens to avoid renting or selling their bank accounts or company registration documents to these illegal platforms, as involvement with such illicit activities can carry severe legal repercussions, including potential arrest. 

The Center also stressed that banks may enhance their monitoring mechanisms to detect the misuse of bank accounts associated with illegal payment gateways. This crackdown comes as part of India’s broader efforts to secure its digital finance ecosystem amid a rise in cybercrime.
Read more »
Rising Threats
Cybersecurity Google Microsoft News Rising Threats

Microsoft Urges Millions to Upgrade as Windows Support Ends, Security Risks Increase

 

Microsoft Windows users are facing increasing security risks as the end of support for older versions of Windows approaches. Recently, Microsoft warned 50 million users of outdated operating systems such as Windows XP, Vista, 7, and 8.1 that they are no longer receiving essential security updates or technical support. 

While these versions still power millions of PCs globally, Microsoft has advised users to upgrade to newer systems, specifically Windows 11, for better security. As Microsoft stated, “Devices running an unsupported version of Windows will still function,” but they won’t receive “technical support of any issue, software updates, [or, more critically] security updates or fixes.” 

The warning also extends to the 900 million users of Windows 10. Microsoft will cease support for this version in October 2025, leaving users vulnerable to cyberattacks unless they upgrade. Although Windows 10 users have another year before the security updates stop, Microsoft is urging them to consider transitioning to Windows 11. 

However, one of the main hurdles is that many older PCs are not compatible with Windows 11, requiring users to buy new hardware. Microsoft is promoting the purchase of new computers and the use of its cloud service, OneDrive, to facilitate the upgrade to Windows 11. However, many users are resistant to upgrading due to the costs and the lack of a secondary market to sell their outdated PCs. 

As a result, the adoption of Windows 11 has been slow, and there are concerns about how Microsoft will handle the transition when support for Windows 10 ends. The tech giant has made it clear that running an unsupported version of Windows leaves users vulnerable to cyberattacks, viruses, and spyware. 

Despite monthly security alerts and updates for current Windows versions, the risk for users on unsupported systems continues to grow. With Microsoft’s recommendation to upgrade sooner rather than later, millions of users will need to make crucial decisions about their computer systems as the 2025 deadline approaches.
Read more »
trending news
Google News Online Security Technology trending news

Google Begins Testing Verified Checkmarks for Websites in Search Results

 

Google has started testing a new feature in its search results that adds a blue checkmark next to certain websites, aiming to enhance user security while browsing. As of now, this experiment is limited to a small number of users and websites, with the checkmarks appearing next to well-known companies such as Microsoft, Meta, and Apple. The blue checkmark serves as an indicator that the website is verified by Google. 

When users hover over the checkmark, a message explains, “This icon is being shown because Google’s signals suggest that this business is the business that it says it is.” However, Google clarifies that this verification does not guarantee the full reliability of the website, meaning users should still exercise caution. 

This feature resembles Google’s previous initiative, the BIMI (Brand Indicators for Message Identification) system, introduced in Gmail in 2023. BIMI uses blue markers to verify the authenticity of email senders, ensuring that businesses sending emails are legitimate and own the domains and logos they use. 

The goal of BIMI was to combat phishing and other malicious activities by allowing users to quickly identify verified businesses. While the checkmark feature is currently only being tested with a select group of users and websites, it has the potential to be expanded in the future. 

If widely implemented, it could help users easily identify trusted websites directly from search results, offering an extra level of safety when browsing the internet. Although it is unclear when or if Google plans to roll out the feature to all users, a company spokesperson confirmed that the test is underway. 

This new experiment could be a step towards making the internet a safer space, particularly as users grow more concerned about online threats such as phishing and scams. For now, Google is monitoring the test to assess its effectiveness before deciding on a broader launch.
Read more »
Subscribe to: Posts (Atom)