Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security. Show all posts
Vulnerability
CyberCrime Cyberhackers Cybersecurity CyberThreat Internet of Things Password Privacy Security Security Risk Vulnerability

Default Password Creates Major Security Risk for Apartment Complexes

 


Under research conducted by security researchers, it was discovered that a widely used door access control system includes an inherently insecure default password. Thousands of buildings across the country have insecure default passwords that can be accessed easily and remotely by anyone. It was discovered by Eric Daigle that there is still a lot of residential and commercial properties in North America that have not yet modified the default passwords for their access control systems, many of them are not even aware that this is a good idea.   

When security researcher Eric Daigle examined an apartment building’s access control panel, he inadvertently discovered one of the most concerning security issues in recent years while inspecting the access control panel. Initially, a routine observation while waiting for a ferry led to the discovery of a critical security flaw affecting hundreds of residential buildings across the country, which caused a widespread financial loss for thousands of people.

In late last year, Eric Daigle became interested in the system when he noticed an unusual access control panel on his normal daily activities. He conducted a short online search for “MESH by Viscount” and found a sales page for its remote access capability, followed by the discovery of a PDF installation guide available for download. It is typical for access control systems to be configured with a default password, which administrators are supposed to change to match their credentials. 

However, Daigle observed that the installation manual did not provide clear instructions regarding how these credentials were to be modified. It was later revealed, after further investigation into the user interface's login page title, that multiple publicly accessible login portals are available for this product. Alarmingly, as a result of this research, he was able to access the first one with default credentials, which highlights a critical security vulnerability. 

The Enterphone MESH door access system is currently owned by Hirsch, and Hirsch has announced that to address this security vulnerability, a software patch will be released shortly that will require users to change their default password, as soon as possible. An internet-connected device will often have a default password, which is often included in the product manual to facilitate the initial setup process. 

There is, however, a significant security risk in requiring end users to manually update these credentials, since if they fail to do so, their systems can be vulnerable to unauthorized access. Hirsch’s door access solutions are not prompted to customers when they are installed, nor are they required to modify the default passwords, leaving many systems at risk of unauthorized access. This vulnerability had been discovered by security researcher Eric Daigle, based on the findings he made, according to his findings. 

The vulnerability has been designated as CVE-2025-26793 as a result of his findings. Modern building security systems have become increasingly integrated with the Internet of Things (IoT) technology, especially in apartment complexes seeking a more advanced alternative to traditional phone-line-based access control systems. Among these key fob systems, Hirsch Mesh features a web-based portal that enables the use of key fobs throughout a large building to be tracked and logged, as well as allowing remote access to various entry points also within the building to be controlled remotely. 

The accessibility of the system's default login credentials, however, raises a crucial security concern because they are openly published in the installation manual, which is easily accessible via an online search, as the installer provides a list of the default login credentials. While waiting at a bus stop for his bus, Eric Daigle made a quick internet search based on the name of the product displayed on the security terminal of the apartment complex across the street. He located the manual in just a few minutes, which identified a way to circumvent the building's security measures. This highlighted a significant flaw in the system's design, leading to a serious risk of abuse. 

The default password that is set on internet-connected devices has historically posed a significant security threat because unauthorized individuals can gain access under the guise of legitimate users, leading to data breaches or the possibility of malicious actors hijacking these devices to carry out large-scale cyberattacks. In recent years, there have been several governments, including the UK, Germany, the US, and other countries, which have been encouraging technology manufacturers to adopt more robust security measures to avoid the security risks associated with using default credentials that were considered insecure in the first place. 

Having been rated as highly vulnerable by the FBI as a result of its ease of exploit, Hirsch's door entry system has been rated as a high threat as well with a severity rating of 10. Exploiting the flaw involves a minimal amount of effort. There is a public documentation available on Hirsch's website, which contains the installation manual for the system, which can be used to obtain the default password. An affected building is vulnerable to unauthorized access if individuals with these credentials log in to the login window of the building's system through the login portal; this highlights a critical security flaw in the system.
Read more »
tokenization
Banking Biometrics contactless Cyber Security Fintech Fraud mobile wallet Payments Security tokenization

Mastercard to Eliminate 16-Digit Card Numbers by 2030 for Enhanced Security

 

In a strategic move to combat identity theft and fraud, Mastercard has announced plans to remove the traditional 16-digit card number from credit and debit cards by 2030. Instead, the company will implement tokenization and biometric authentication to enhance security.

Mastercard has been integrating biometric authentication into its payment ecosystem since 2022, allowing transactions to be completed with a smile or a hand wave. Now, the next phase involves replacing card numbers with tokens, which transform the 16-digit identifier into a unique digital code stored on devices. This ensures that card details are never exposed during online or contactless transactions.

The initial rollout of these numberless cards will be in collaboration with AMP Bank, with additional financial institutions expected to adopt the technology in the coming year.

Receiving a suspicious transaction alert from the bank can be alarming, and for good reason—payment fraud has been on the rise. In Australia, fraudulent card transactions amounted to A$868 million in 2023-24, up from A$677.5 million the previous year.

Data breaches continue to expose sensitive financial information, with major incidents involving Marriott, Starwood Hotels, and Ticketmaster affecting hundreds of millions of customers worldwide. In Australia, card-not-present fraud—where transactions occur without the physical card—accounts for 92% of all card fraud, increasing by 29% in the last financial year.

Although the Card Verification Value (CVV) was introduced to verify physical card possession, its effectiveness has diminished over time.

By removing the card number, Mastercard aims to reduce unauthorized transactions and minimize risks associated with data breaches. Without stored payment details, compromised databases will no longer expose customers’ financial information.

This move aligns with broader industry concerns about data storage and privacy, highlighted by incidents such as the 2022 Optus data breach, which leaked historical customer data. Eliminating stored card details prevents future attacks from leveraging outdated information.

Challenges in Adopting the New System

While digital banking users may find the transition seamless, concerns arise regarding accessibility. Elderly consumers and individuals with disabilities who rely on traditional banking methods might struggle with the shift to mobile authentication.

Additionally, shifting security reliance from physical cards to mobile devices introduces new risks. SIM swapping and impersonation scams already enable criminals to take over victims' phone accounts, and these tactics could escalate as digital payment systems evolve.

Biometric authentication presents another challenge—unlike credit card details, biometric data is immutable. If compromised, it cannot be changed, increasing the stakes of potential identity theft. Previous breaches, such as the BioStar 2 security lapse and Australia’s Outabox facial recognition exposure, highlight the risks of biometric data leaks.

As contactless payments continue to grow, physical cards may soon become unnecessary. In 2023, mobile wallet transactions in Australia surged 58%, reaching $146.9 billion. By October 2024, nearly 44% of transactions were conducted via mobile devices.

Retail innovations like Amazon’s Just Walk Out technology are accelerating this trend. Currently deployed across 70 Amazon-owned stores and 85 third-party locations, the system uses AI-powered cameras and weight sensors to enable checkout-free shopping. Companies like Trigo, Cognizant, and Grabango are also developing similar smart retail solutions, with trials underway in major supermarket chains like Tesco and ALDI.

However, even in frictionless shopping experiences, consumers must initially enter card details into payment apps. To eliminate the need for cards and numbers entirely, biometric payments—such as facial recognition transactions—are gaining traction as the next frontier in secure digital commerce.
Read more »
WireGuard
IPsec Security VPN Vulnerabilities and Exploits WireGuard

Critical Flaws in VPN Protocols Leave Millions Vulnerable

 


Virtual Private Networks (VPNs) are widely trusted for protecting online privacy, bypassing regional restrictions, and securing sensitive data. However, new research has uncovered serious flaws in some VPN protocols, exposing millions of systems to potential cyberattacks.

A study by Top10VPN, conducted in collaboration with cybersecurity expert Mathy Vanhoef, highlights these alarming issues. The research, set to be presented at the USENIX 2025 Conference, reveals vulnerabilities in VPN tunnelling protocols affecting over 4 million systems worldwide. Impacted systems include:

  • VPN servers
  • Home routers
  • Mobile networks
  • Corporate systems used by companies such as Meta and Tencent

The Problem with VPN Tunneling Protocols

Tunneling protocols are essential mechanisms that encrypt and protect data as it travels between a user and a VPN server. However, the study identified critical weaknesses in specific protocols, including:

  • IP6IP6
  • GRE6
  • 4in6
  • 6in4

These vulnerabilities allow attackers to bypass security measures by sending manipulated data packets through the affected protocols, enabling unauthorized access and a range of malicious activities, such as:

  • Denial-of-Service (DoS) attacks disrupting systems
  • Stealing sensitive information by breaching private networks
  • Undetected repeated infiltrations

Advanced encryption tools like IPsec and WireGuard play a crucial role in safeguarding data. These technologies provide strong end-to-end encryption, ensuring data is decoded only by the intended server. This added security layer prevents hackers from exploiting weak points in VPN systems.

The vulnerabilities are not confined to specific regions. They predominantly affect servers and services in the following countries:

  • United States
  • Brazil
  • China
  • France
  • Japan

Both individual users and large organizations are impacted, emphasizing the need for vigilance and regular updates.

How to Stay Protected

To enhance VPN security, consider these steps:

  1. Choose a VPN with strong encryption protocols: Look for services that utilize tools like IPsec or WireGuard.
  2. Regularly update your VPN software: Updates often include patches for fixing vulnerabilities.
  3. Research your VPN provider: Opt for reputable services with a proven track record in cybersecurity.

This research serves as a critical reminder: while VPNs are designed to protect privacy, they are not immune to flaws. Users must remain proactive, prioritize robust security features, and stay informed about emerging vulnerabilities.

By taking these precautions, both individuals and organizations can significantly reduce the risks associated with these newly discovered VPN flaws. Remember, no tool is entirely foolproof — staying informed is the key to online safety.

Read more »
US
China Cyber Security National Security Security States US

US Imposes Ban on Chinese and Russian Tech in Passenger Cars Over Security Risks

 

The United States has introduced a new regulation barring the use of Chinese and Russian technology in passenger vehicles sold domestically, citing national security risks. According to AFP, the ban covers both hardware and software from these countries, forming part of a broader effort to reduce China's influence in critical industries.

Outgoing President Joe Biden initiated the rule after a prolonged regulatory process aimed at tightening controls on foreign-linked technologies. This follows recent debates over restricting drones and other equipment from adversarial nations. Commerce Secretary Gina Raimondo highlighted the growing reliance of modern cars on advanced technology like cameras, microphones, GPS systems, and internet connectivity, which could pose risks if developed using foreign components.

"This is a targeted approach to keep Chinese and Russian-manufactured tech off American roads," said Raimondo.

The rule initially applies to passenger vehicles under 10,001 pounds, with plans to extend it to commercial vehicles, such as buses and trucks, in the future. It prohibits manufacturers with significant ties to China or Russia from selling cars equipped with foreign-made hardware or software for internet connectivity or autonomous driving.

Implementation will occur in two stages:

  • Software ban: Effective from the 2027 model year.
  • Hardware ban: Beginning with the 2030 model year.Imports of such technology from China and Russia will also face restrictions.

The regulation could affect companies like BYD, a Chinese electric vehicle manufacturer operating a facility in California that produces buses and other vehicles. US officials have raised concerns that connected vehicles equipped with foreign technology could be exploited to misuse sensitive data or interfere with critical systems.

National Economic Advisor Lael Brainard warned, "China is attempting to dominate the future of the auto industry," underscoring the need to shield American vehicles from foreign influence.

The new rule aligns with a broader strategy to bolster domestic industries and reduce dependence on foreign technologies. On the same day, President Biden signed an executive order to fast-track the development of AI infrastructure in the US.

"We will not let America fall behind in building the technology that will define the future," Biden stated.

As Biden prepares to leave office, these measures will transition to the administration of President-elect Donald Trump, who takes office next Monday. While it remains uncertain how Trump will handle these policies, significant shifts in strategy are anticipated.
Read more »
VoIP number
Business Cyber Security Security Subscription VoIP number

Fixed VoIP Numbers: Major Benefits and Disadvantages for Businesses

 





One other consideration a business would use to evaluate communications solutions would be the choice between a fixed VoIP number and non-fixed VoIP number. The former costs more money and is associated with complexities in the setting up process. It still possesses some benefits that an organisation needs to operate, however.

Advantages of Fixed VoIP Number


1. Trustworthiness

Tied to a physical address, the fixed VoIP number adds more credence to the business. As compared to the non-fixed VoIP numbers mainly targeted by scammers, fixed numbers are useful in the promotion of greater customer checks on the authenticity of the company, especially for those firms handling regulated sectors like finance, wherein building trust with customers can be very hard.


2. Security 

Fixed VoIP numbers guarantee security because they connect directly to a registered address. Non-fixed numbers are accessed from any internet connection; therefore, the chance of being misused rises. When dealing with sensitive information companies, the fixed VoIP number extra layer security is an added guarantee against such attacks as data breaches.


3. Easier Compliance with Regulations

As in other heavily regulated industries, including finance and healthcare, emergency response also relies on location data accuracy. Fixed VoIP numbers help businesses easily comply with all the requirements, making the cost of compliance low and administrative burdens low.


4. Business Professional Image

With a fixed VoIP number, it is easier to present a stable and established impression. A fixed number helps companies look less like a temporary operation. This can be particularly important for small businesses looking to establish authority and trust in their market.


5. Greater Control for Administrators

Fixed VoIP numbers can guarantee better control over caller IDs and databases over caller names to enable businesses to ensure that their identity is consistent on all calls. The need for maintaining a professional brand image and having precise control over how the business presents itself to clients and partners is very important.


6. Support for Emergency Services

Exact location is a must-have in emergencies. Fixed VoIP numbers provide accurate location information, and this makes it possible to have a quicker response time in cases of crises. This is missing for non-fixed numbers; therefore, fixed VoIP is very useful for industries whose data on location can be termed as a matter of life or death.


Drawbacks of Fixed VoIP Numbers


1. More Costly

Fixed VoIP numbers also require relatively high setup and subscription fees in addition to the expense of address verification for higher-security access. For companies catering to overseas clients, fixed VoIP numbers frequently translate to costlier long-distance calls-however, non-fixed numbers represent a saving grace.


2. Complex Porting Procedure

The transfer of a fixed VoIP number from one place to another can be quite hectic, especially for growing businesses and those changing locations. This is because the porting process is very slow, leaving behind the inflexibility required by the businesses in such cases.


3. Slower Setup

It takes more time to set up a fixed VoIP number as against the prompt setting up for non-fixed numbers. Verification of the physical address and more regulatory compliance requirements extend the time taken to set up, making it inconvenient for businesses that need to access immediately.


4. Geographic Limitations

The fixed VoIP numbers are directly associated with a specific location, hence quite limiting to access the business market. Some clients might be sceptical about communicating with a company that they view as "not local," which may hinder outreach and expansion in areas beyond the business's core location.


Selection Between Fixed and Non-Fixed VoIP Numbers


Depending on the priorities of the business, a fixed VoIP number can be selected. Organisations that require greater security, credibility, and adherence to regulations can invest in fixed VoIP numbers. When cost efficiency and flexibility top the list, then non-fixed numbers are a better option for them.


Read more »
Security
AI Business Cyber Security India Mallox RansomHub Ransomware Security

India Faces Rising Ransomware Threat Amid Digital Growth

 


India, with rapid digital growth and reliance on technology, is in the hit list of cybercriminals. As one of the world's biggest economies, the country poses a distinct digital threat that cyber-crooks might exploit due to security holes in businesses, institutions, and personal users.

India recently saw a 51 percent surge in ransomware attacks in 2023 according to the Indian Computer Emergency Response Team, or CERT-In. Small and medium-sized businesses have been an especially vulnerable target, with more than 300 small banks being forced to close briefly in July after falling prey to a ransomware attack. For millions of Indians using digital banking for daily purchases and payments, such glitches underscore the need for further improvement in cybersecurity measures. A report from Kaspersky shows that 53% of SMBs operating in India have experienced the incidents of ransomware up till now this year, with more than 559 million cases being reported over just two months, starting from April and May this year.

Cyber Thugs are not only locking computers in businesses but extending attacks to individuals, even if it is personal electronic gadgets, stealing sensitive and highly confidential information. A well-organised group of attacks in the wave includes Mallox, RansomHub, LockBit, Kill Security, and ARCrypter. Such entities take advantage of Indian infrastructure weaknesses and focus on ransomware-as-a-service platforms that support Microsoft SQL databases. Recovery costs for affected organisations usually exceeded ₹11 crore and averaged ₹40 crore per incident in India, according to estimates for 2023. The financial sector, in particular the National Payment Corporation of India (NPCI), has been attacked very dearly, and it is crystal clear that there is an imperative need to strengthen the digital financial framework of India.

Cyber Defence Through AI

Indian organisations are now employing AI to fortify their digital defence. AI-based tools process enormous data in real time and report anomalies much more speedily than any manual system. From financial to healthcare sectors, high-security risks make AI become more integral in cybersecurity strategies in the sector. Lenovo's recent AI-enabled security initiatives exemplify how the technology has become mainstream with 71% of retailers in India adopting or planning to adopt AI-powered security.

As India pushes forward on its digital agenda, the threat of ransomware cannot be taken lightly. It will require intimate collaboration between government and private entities, investment in education in AI and cybersecurity, as well as creating safer environments for digital existence. For this, the government Cyber Commando initiative promises forward movement, but collective endeavours will be crucial to safeguarding India's burgeoning digital economy.


Read more »
Windows
Antivirus Memory Integrity Microsoft performance Protection Ransomware Security system Technology Virtualization Windows

How to Enhance Your Windows Security with Memory Integrity

 

Windows Security, the antivirus program built into Microsoft’s operating system, is generally sufficient for most users. It provides a decent level of protection against various threats, but a few important features, like Memory Integrity, remain turned off by default. This setting is crucial as it protects your system’s memory from malicious software that attempts to exploit Windows drivers, potentially taking control of your PC.

When you enable Memory Integrity, it activates Virtualization Based Security (VBS). This feature separates the code verification process from the operating system, creating a secure environment and adding an additional layer of protection. Essentially, VBS ensures that any code executed on your system is thoroughly checked, preventing malicious programs from sneaking through Windows’ defenses.

However, Microsoft disables Memory Integrity by default to maintain smoother app performance. Some applications may not function properly with this feature on, as the extra layer of security can interfere with the way certain programs execute code. For users who prioritize app performance over security, this trade-off may seem appealing.

But for those concerned about malicious attacks, enabling Memory Integrity is a smart choice. It prevents malware from bypassing the usual system checks, providing peace of mind when dealing with potential security threats. On older PCs, though, you might notice a slight reduction in performance once Memory Integrity is activated.

Curious to see how your system handles this extra protection? Enabling and disabling Memory Integrity is a simple process. First, type “Windows Security” into the search bar or Start menu. Under Device Security, you may see a notification if Memory Integrity is off. Click Core Isolation, then toggle Memory Integrity on. To deactivate it, return to the same settings and flip the switch off.

It’s not just Memory Integrity that comes disabled by default in Windows. Microsoft leaves certain protections off to strike a balance between security and user experience. Another useful feature you can enable is ransomware protection, which safeguards specific folders and prevents unauthorized apps from locking you out of your data. Similarly, you can turn on advanced app screening to block potentially harmful programs.

While leaving Memory Integrity and other protections off can offer a smoother computing experience, activating them significantly strengthens your system’s defenses against cyber threats. It’s a choice between performance and security, but for those prioritizing protection, flipping these settings on is an easy step towards a safer PC.
Read more »
TOR
anonymization Browser Cyber Security Darknet Encryption Network Online Privacy Security servers TOR

Exploring the Tor Network: A Comprehensive Look at Online Anonymity and Privacy

 

The Tor network, originally developed in the early 2000s by the U.S. Naval Research Laboratory, has been operated since 2006 by the independent non-profit organization, The Tor Project. The project's primary goal is to offer a free method for anonymizing internet traffic. Approximately 85% of The Tor Project’s funding comes from U.S. government entities, while the remaining 15% is sourced from private donations and NGOs.

Tor, which stands for "The Onion Router," functions by routing a user's connection through three randomly selected servers (nodes), layering encryption like the layers of an onion. The destination site only detects the IP address of the final node, called the exit server, masking the user's original address. The system refreshes the connection route every 10 minutes, though the access node remains stable for two to three months.

Data transferred within the Tor network is encrypted until it reaches the exit server. However, users must still encrypt any sensitive information entered on websites, as data exiting the network can be read if it's not further encrypted. To access Tor, users need a specialized browser—like the Tor browser, based on Mozilla Firefox and configured for secure browsing.

With about 6,500 servers currently active worldwide, individuals, companies, and organizations operate these nodes. Any internet user with a DSL connection can set up a Tor node. However, the network's openness can be a vulnerability; if an exit node operator is not vigilant, unencrypted data can be intercepted. Additionally, sophisticated entities, such as intelligence agencies, could potentially track Tor users by analyzing traffic patterns or compromising nodes.

Despite these risks, Tor remains the most secure method of maintaining anonymity online. Around two million people, particularly those in heavily monitored states, use the Tor network daily. The darknet, a collection of hidden websites, also depends on Tor's anonymization for access.
Read more »
TrickMo
Banking Security Banking Trojan C2 servers Cyberattack Data Breach device access malware Mobile Threats Security TrickMo

TrickMo Banking Trojan Unveils Advanced Threat Capabilities in Latest Variant

Malware Analyst at Zimperium, Aazim Yaswant, has released an in-depth report on the most recent TrickMo samples, highlighting worrisome new functionalities of this banking trojan. Initially reported by Cleafy in September, this new version of TrickMo employs various techniques to avoid detection and scrutiny, such as obfuscation and manipulating zip files. 

Yaswant’s team discovered 40 variants of TrickMo, consisting of 16 droppers and 22 active Command and Control (C2) servers, many of which remain hidden from the broader cybersecurity community.

Although TrickMo primarily focuses on stealing banking credentials, Yaswant's analysis has exposed more sophisticated abilities. "These features allow the malware to access virtually any data on the device," Yaswant stated. TrickMo is capable of intercepting OTPs, recording screens, remotely controlling the device, extracting data, and misusing accessibility services to gain permissions and perform actions without the user’s approval. Additionally, it can display misleading overlays designed to capture login credentials, enabling unauthorized financial transactions.

A particularly concerning discovery in Yaswant's findings is TrickMo’s ability to steal the device’s unlock pattern or PIN. This enables attackers to bypass security measures and access the device while it is locked. The malware achieves this by mimicking the legitimate unlock screen. “Once the user enters their unlock pattern or PIN, the page transmits the captured data, along with a unique device identifier,” Yaswant explained.

Zimperium’s researchers managed to gain entry to several C2 servers, identifying approximately 13,000 unique IP addresses linked to malware victims. The analysis revealed that TrickMo primarily targets regions such as Canada, the UAE, Turkey, and Germany. Yaswant’s investigation also uncovered millions of compromised records, with the stolen data including not only banking credentials but also access to corporate VPNs and internal websites, posing significant risks to organizations by potentially exposing them to larger-scale cyberattacks.
Read more »
Theft Prevention
Android Google Security Technology Theft Prevention

Google’s Latest Theft Protection for Android Devices

 




Google is introducing new high-level theft protection features for Android 10 and above devices across Google Play services. The new technologies were announced at the I/O 2024 event, with the main idea being to protect users' data and make possible recovery of the device in case it has been stolen. Read the breakdown of these new tools and how they work.

How to Get Theft Protection on Android

Features can be turned on in the Settings app by using the phrase "Theft protection" or in the "Personal & device safety" section, found under the "All services" tab of the new Google services page. These three Theft Protection built-ins, writes the Theft Protection webpage, safeguard personal data if one's device is stolen.

Theft Detection Lock

The first one identifies unusual movement through the combination of sensors, Wi-Fi and smart device connectivity. If some person grabs an unlocked phone and runs away, Theft Detection Lock will automatically lock the screen so that no one can thereafter access private information.

Offline Device Lock

The second feature delivers security when there is no internet connection available. When someone attempts to lock tracking by turning off the internet on the device, this lock will have some conditions triggered, because the device was unlocked and in operation. The screen may be locked up to two times a day through this feature, adding protection to users in the case of theft.

Remote Lock via Website 

Remote Lock lets one lock their device from elsewhere using the webpage android.com/lock once a device is stolen. At this point, users are simply required to input a confirmed number and security challenge to lock the phone. It is at this point that Google advises users to use the feature on the device of a trusted person to access the lock screen easily. In many cases, it is said to work faster than "Find My Device".

Limited Testing and Availability

First tested in Brazil in early this year, these theft protection tools have begun rolling out to Android users around the world in lots of different brands including Pixel and Samsung. These features are still found on the beta version of Google Play services (24.40.33) and should reach the stable version soon.

New Theft Protection features from Google mark the advancement of device protection, especially for those whose main fears are stolen devices. As this comes up, users are strongly advised to turn to their settings to help make their devices safer than ever.

In these updates, it becomes clear that Google is doing its best to stay ahead of possible data losses and to minimise the effects brought about by theft incidents in a very digital age.


Read more »
UK
attacks Businesses Cyber Crime CyberCrime global cooperation guidance insurance Ransomware resilience Security UK

Global Effort Unites Against Ransomware: New Guidance to Strengthen Business Defenses

  

Ransomware attacks continue to pose significant challenges for businesses worldwide, with incidents on the rise. 

In response, the UK, along with 38 other nations and international cyber insurance organizations, has collaborated to release updated guidance aimed at supporting victims and enhancing resilience. This guidance advises against making immediate ransom payments, as recovery of data or malware removal is not guaranteed, and paying ransoms often encourages further criminal activity.

Instead, businesses are urged to create a comprehensive response plan, with policies and contingency measures in place. Organizations that fall victim to ransomware should report the incident to law enforcement and consult security professionals for expert guidance.

Ransomware has become a lucrative venture for cybercriminals, causing an estimated $1 billion in losses in 2023. By removing the incentive for criminals, these new policies aim to weaken the ransomware business model and reduce future attacks.

"International cooperation is crucial in fighting ransomware as cybercrime knows no borders," stated Security Minister Dan Jarvis. He emphasized that this collective effort will hit cybercriminals financially and better protect businesses in the UK and beyond.

The UK is taking a leading role, collaborating with three major insurance organizations—the Association of British Insurers, the British Insurance Brokers' Association, and the International Underwriting Association—to issue co-sponsored guidance. Meanwhile, the UK National Crime Agency has taken steps by sanctioning 16 individuals from the 'Evil Corp' cybercrime group, responsible for over $300 million in theft from critical infrastructure, healthcare, and government sectors.

Jonathon Ellison, Director for National Resilience at the NCSC, highlighted the urgency of addressing ransomware threats: "This guidance, backed by both international bodies and cyber insurance organizations, represents a united front in bolstering defenses and increasing cyber readiness."
Read more »
Security
Cyber Attacks Data Data Safety data security perso Safety Security

Cyberattack on Maui's Community Clinic Affects 123,000 Individuals in May

 

The Community Clinic of Maui, also known as Mālama, recently notified over 123,000 individuals that their personal data had been compromised during a cyberattack in May. Hackers gained access to sensitive information between May 4 and May 7, including Social Security numbers, passport details, financial account information (such as CVV codes and expiration dates), and extensive medical records.

In addition to this, hackers obtained routing numbers, bank names, financial account details, and some biometric data. A total of 123,882 people were affected by the breach, which resulted in the clinic taking its servers offline.

Local reports suggested the incident was a ransomware attack, sparking public frustration as Mālama was forced to close for nearly two weeks. Upon reopening at the end of May, the clinic operated with limited services, and nurses had to rely on paper charts due to system-wide computer outages.

Following the attack, Mālama worked with law enforcement and cybersecurity experts to investigate the breach, with the findings confirmed on August 7. 

In a statement on its website, the clinic offered complimentary credit monitoring to those whose Social Security numbers may have been exposed, although a regulatory filing in Maine indicated that identity theft protection services were not provided. The organization has not responded to requests for clarification, and a law firm is reportedly exploring potential lawsuits against Mālama related to the breach.

The ransomware group LockBit, which was taken down by law enforcement earlier this year, claimed responsibility for the attack in June. On Tuesday, Europol and other agencies announced a coordinated effort to target the gang, resulting in four arrests and the seizure of servers critical to LockBit's operations in France, the U.K., and Spain.

In 2024, healthcare providers across the U.S. have been increasingly targeted by cyberattacks, disrupting services and threatening public safety. Notably, McLaren Health Care and Ascension, two major health systems, have faced severe ransomware incidents, and last week, one of the region's only Level 1 trauma centers had to turn away ambulances following a cyberattack.

Read more »
Sensitive data
cyber attack identity Microsoft Security Sensitive data

Microsoft Tightens Cloud Security After Major Breaches

 



In its efforts to better its cloud security, Microsoft has done much to remove any potential vulnerabilities and tightened the process of authenticating individuals. This comes after the tech giant saw several security breaches within the past year. Under the Secure Future Initiative launched in November 2023, Microsoft has so far purged 730,000 unused applications and deactivated 5.75 million inactive tenants in its cloud system. The initiative has been a direct response to cyber intrusions that had resulted in the revelation of sensitive data.

Reducing the Cyber Attack Surface

The firm has sought to minimise its attack surface by identifying dead or idle areas of its cloud infrastructure and is working to eliminate them. Removing hundreds of thousands of applications and millions of unused tenants works at making Microsoft shrink down the possible avenues the hackers may employ to penetrate it. Furthermore, Microsoft has sought to make the software production environment more secure by equipping the software teams with 15,000 locked-down devices. In its other security measure, the company conducted video-based identity verification for 95 percent of its production staff for further security in the identity authentication process. 

Better Identity and Authentication Security

Cybersecurity is one aspect where Microsoft has improved much. For instance, the identity management systems for its Entra ID and Microsoft Account (MSA) platforms have been remarkably enhanced.

These updates target better generation, storage, and rotation of access token signing keys as means to advance the protection of the public and government cloud environments. This is partly because of an incident in 2023, when hacking group Storm-0558 from China successfully accessed Exchange Online systems and penetrated the private email accounts of dozens of state officials. 

Secure Future Initiative Focus Areas

The SFI project is the most ambitious cybersecurity effort Microsoft has undertaken to date, providing 34,000 engineers dedicated to bulking up the company's defences. It focuses mainly on six critical areas: identity and access control, securing cloud tenants and production systems, strengthening engineering systems, improving network security, enhancing threat detection, and perfecting incident response. By doing all of these broad strokes, the likelihood of any future breach of this scale is reduced.

Mitigating Past Security Mistakes

Analysis by the US Department of Homeland Security's Cyber Safety Review Board had shown that a succession of security lapses at the company allowed these breaches. The inquiry, focused on the Storm-0558 intrusion, had asserted that it was time for Microsoft to strengthen its security posture, which primarily revolved around identity and authentication processes. Based on this, the company has moved very quickly to shore up weaknesses and prevent something similar from happening in the future.

Progress in Key Security Areas

Microsoft says it made strides in several areas in the latest report on SFI.

Unused applications and tenants removed reduce cloud attack surface. In network security, the firm now maintains a central inventory for more than 99% of physical assets, providing greater oversight.

Virtual networks with back-end connectivity are isolated from the corporate networks, which in turn is subjected to even more rigorous security audits. Centralised pipeline templates accounting for 85% of the production builds have been so far a part of the security. Personal access tokens now also have a much shorter life. Proof-of-presence checks are also instituted at the most sensitive points of the software development pipeline. 

Organisational Changes for Better Security

Beyond the technical, there have been organisations which are aimed at ensuring the executives are held responsible for security outcomes. There have been those who tied senior leadership compensation to specific security goals and that the company's threat intelligence team reports directly to the Chief Information Security Officer. This is in the way that it gives the assurance that security is top of the agenda across the organisation.

The Microsoft Secure Future Initiative is a reflection of its attempt to learn from previous failures in the area of security and succeed further in the cloud environment. The company intends to secure itself and, by extension, its customers from future cyber-attacks by enforcing identity verification, reducing attack surfaces, and having a strong network as well as engineering security. Hence, through continuous actions, Microsoft aims to ensure that such instances-where confidential and sensitive data are leaked-would not recur in the future.





Read more »
Security
Brave Browser Cookies phishing Privacy Security

Brave Browser: The Secure and Private Way to Surf the Web

 



Data is more precious in today's digital world than ever. Companies are trying to collect as much as possible to sell it to third-party data brokers. Cybercrime is growing steadily and targeting unsuspecting victims. Addressing both issues is one of the reasons the more mindful browser, Brave, is integrating an array of features to keep data secure and private.

Another feature that differentiates Brave is that it has a built-in use of Brave Shields- the application engaged in blocking harmful elements that may track the behaviour of your browsing. In other types of browsers, users have to install third-party ad blockers. Brave Shields are installed directly in the browser and prevent intrusive ads and trackers from retrieving data regarding the activities you perform online.

It also solves a very common problem with ad blockers, which is that some websites break when the ads are blocked. To solve this issue, Brave replaces tracking codes with privacy-friendly alternatives while ensuring that the integrity of the webpage is maintained and your data is kept secure. As companies continue to devise new ways to hide trackers, Brave is countering this through CNAME uncloaking techniques by uncovering such hidden threats before they manage to collect data from you.

Blocking Cross-Site Cookies

Cookies are small files that download onto your computer, which track your surfing and, more often than not, targeted advertisements will follow you around the web. Cross-site cookies are blocked, by default, on Brave so websites cannot track movements from one site to the other. Brave provides temporary cookies for functionality, though without exposing any private data, for the occasional cookie-dependent website.

Phishing Protection with Google Safe Browsing

Though it puts much emphasis on privacy, Brave remembers security. It uses Google Safe Browsing, which won't enable a user to reach a phishing site or download harmful files. Being built upon Chromium, the same platform that Google Chrome runs on, Brave ensures users protection from known threats to their developers, hence making browsing safer.

While Google Safe Browsing is a service that compromises privacy within Google Chrome, it only serves Brave to block harmful websites without the collection of any personal data from browsing.

A Search Engine Respecting Your Privacy

Most search engines log your search history, accumulating information about the queries you made and selling that information to customise ads or even sell. In contrast, Brave Search does not collect, store, or share search queries when accessed through the browser. This is a completely private browser that does not believe in logging and selling your browsing habits. Additionally, Brave Search serves less biased results because it crawls the web itself rather than prioritising by SEO schemes or the behaviour of prior users.

Another advantage of Brave Search is that it can be utilised independently of the download of the Brave browser – so anyone can have private searches.

Inbuilt VPN and Firewall

It also has a built-in VPN and firewall from Brave, that's available on free trial for seven days, after which you can subscribe to it at $9.99 a month. This will ensure your activity is completely hidden from all the potential threats looking at you, and you won't let any malicious content get inside or leave your network. A VPN encrypts internet traffic so nobody can track your activity online, while the firewall keeps unwanted data from appearing in your system.

It's probably refreshing about Brave, considering it is committed to protecting personal data. Most companies have either policies or strategies that collect and sell a user's data. With Brave, what is striking is the no-sharing policy, full compliance with the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA), and as such, all users' benefit from strong data protection law, irrespective of their region.

For people who place importance on privacy and safety, Brave is a full answer. This is because the provider separates itself from the rest of the browsers by its focus on protecting the user from risks connected with the misuse of data or cybercrime through features like Brave Shields, cross-site cookie blocking, private search options, and built-in VPN and firewall services. These have extended to ensure that your web experience remains secure and private; from stopping trackers, malicious websites, and unwanted ads.


Read more »
Security
Data Breach Data Safety data security Safety Security

Seattle Port Suffers Data Breach, Rhysida Ransomware Suspected

 

The ransomware attack has significantly disrupted the port's operations, highlighting the challenges that critical infrastructure providers face in the immediate aftermath of a cybersecurity breach. While recovery efforts are ongoing, the impact continues for some areas.

Most affected systems have been restored, but the port's website, internal portals, and the airport's mobile app remain offline. Despite this, officials reported that the majority of flights have adhered to their schedules, and cruise ship operations have remained unaffected.

The port made it clear that it refused to meet the attackers' demands, warning that the hackers may attempt to post stolen data on the dark web. In an update on Friday, the port stated, "The Port of Seattle does not plan to pay the criminals responsible for this cyberattack," said Steve Metruck, the port’s executive director. "Paying them would go against the values of the port and our responsibility to wisely manage taxpayer funds."

Port authorities have confirmed that some data was compromised by the Rhysida group in mid-to-late August. An investigation is ongoing to determine the specific nature of the stolen information, and those affected will be informed as soon as the analysis is complete.

In November 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory regarding the Rhysida group.

Metruck emphasized the port's efforts not only to restore operations but to use the experience to strengthen future security. "We remain committed to building a more resilient port and will share insights from this incident to help safeguard other businesses, critical infrastructure, and the public," he said.
Read more »
Security
Cybersecurity Data Data Breach Data Safety data security Safety Security

Fortinet Confirms Data Breach Involving Limited Number of Customers, Linked to Hacker "Fortibitch"

 

Fortinet has disclosed a data breach impacting a "small number" of its clients after a hacker, using the alias "Fortibitch," leaked 440GB of customer information on BreachForums. The hacker claimed to have accessed the data from an Azure SharePoint site, following the company's refusal to meet a ransom demand. This incident emphasizes the need for companies to secure data stored in third-party cloud services, cybersecurity experts have noted.

In a statement released on September 12, Fortinet reported that the breach involved unauthorized access to files stored on its cloud-based shared file drive. The company did not confirm the exact source of the breach but reassured that the affected data represented less than 0.3% of its over 775,000 customers—approximately 2,300 organizations. Fortinet also stated that no malicious activity had been detected around the compromised data, and no ransomware or data encryption was involved. The company has since implemented protective measures and directly communicated with impacted customers.

Dark Reading noted that the hacker also leaked financial and marketing documents, product information, HR data from India, and some employee records. After unsuccessful attempts to extort the company, the hacker released the data. There was also a mention of Fortinet’s acquisitions of Lacework and NextDLP, as well as references to a Ukrainian threat group, though no direct connections were identified.

This breach highlights the growing risk of cloud data exposure. A recent analysis by Metomic revealed that more than 40% of sensitive files on Google Drive were vulnerable, with many shared publicly or with external email addresses. Experts stress the importance of using multifactor authentication (MFA), limiting employee access, and regularly monitoring cloud environments to detect and mitigate potential security lapses. They also recommend encrypting sensitive data both in transit and at rest, and enforcing zero-trust principles to reduce the risk of unauthorized access.
Read more »
User Safety
Data Breach Leak Personal Data Safety Security User Data User Safety

ICBC London Branch Hit by Ransomware Attack, Hackers Steal 6.6TB of Sensitive Data

 

The London branch of the Industrial and Commercial Bank of China (ICBC) recently fell victim to a ransomware attack, resulting in the theft of sensitive data. According to a report by The Register, which references information posted on the hackers' data leak site, the bank has until September 13 to meet the ransom demand or risk the stolen data being publicly leaked.

The attack was orchestrated by a group called Hunters International, who claim to have exfiltrated 5.2 million files, amounting to 6.6 terabytes of sensitive information. Despite being a relatively new name in the ransomware scene, some experts believe Hunters International is a rebranded version of Hive, a notorious ransomware group that was dismantled by the FBI in July 2022. At that time, the FBI successfully infiltrated the Hive group, seizing decryption keys and halting its operations.

Emerging approximately a year ago, Hunters International has shifted its focus toward data theft rather than system encryption. Some cybersecurity researchers suggest that developing and deploying encryption tools is complex and time-consuming, making data theft alone an equally profitable, yet simpler, approach for the group.

ICBC, the world’s largest bank by total assets and market capitalization, is a state-owned financial institution in China. It provides a variety of banking services, including corporate and personal banking, wealth management, and investment banking. With an extensive global presence, ICBC plays a significant role in funding infrastructure projects both domestically and abroad.

As of now, ICBC has not made any public statements regarding the attack or responded to requests for comment.
Read more »
TfL
cyber attack Cyber Attacks London Ransomware Security TfL

TFL Hit by Cyberattack, Leaving Disabled Riders Stranded


 

Transport for London (TfL) recently confirmed that disabled passengers are the first group to feel the effects of a cyberattack that has hit their systems. This incident has severely impacted the Dial-a-Ride service, a specialised transport service designed for wheelchair users and individuals with long-term disabilities, leaving many unable to book their necessary door-to-door journeys.

TfL, the organisation responsible for managing London’s public transport network, initially acknowledged a cyber incident on September 2. In their first public statement, TfL reassured customers that no personal data had been compromised, and transport services across the network were unaffected. However, in the days following, it became clear that the cyberattack has caused more disruption than initially reported, particularly for disabled passengers who rely heavily on the Dial-a-Ride service.

The Dial-a-Ride service, which offers free transport for disabled passengers, was forced to suspend new bookings due to the ongoing cybersecurity incident. A recent update from TfL confirmed that the system is unable to process any new journey requests, inconveniencing those who depend on this service for mobility. In addition to suspending bookings, TfL also reported that many staff members operating the service have limited access to critical systems, making it difficult for them to respond to user inquiries or manage ongoing services efficiently.

For many disabled residents, Dial-a-Ride is a crucial service for daily travel. Without it, those with limited mobility are left without a reliable option to get around the city, exacerbating the challenges they already face in navigating public transportation.

Ransomware Likely Cause of the Attack

Although the full details of the cyberattack have not yet been disclosed, cybersecurity experts believe it may be a ransomware attack, a type of cybercrime where systems are locked down by hackers who demand payment in exchange for restoring access. The limited system access reported by TfL employees suggests that hackers may have taken control of essential systems, preventing the organisation from operating key services like Dial-a-Ride.

Mark Robertson, an expert from Acumen Cyber, noted that the involvement of Dial-a-Ride indicates the attack may be more serious than originally thought. He emphasised that being locked out of key systems is a common effect of ransomware, further hinting at the nature of the incident. However, he commended TfL for its incident response efforts, which have helped to manage the crisis and minimise further damage.

Despite the disruption, there has been some good news for Dial-a-Ride users. Following internal recovery measures, TfL announced that essential booking requests are now being accepted once again. Though services remain limited, there is optimism that the situation will continue to improve as the day progresses. 

As TfL continues to address the issue, it serves as a reminder that cyberattacks can have far-reaching impacts, particularly on vulnerable populations such as disabled individuals who rely on services like Dial-a-Ride for their daily mobility needs. TfL’s handling of this situation will likely set an example for other organisations on how to manage similar incidents in the future. 

There is a pressing need for both strong cyber defences and detailed response plans to minimise the fallout from these types of attacks.


Read more »
Security
cyber attack Cyber Attacks FBI IT Industry Passwords Ransomware Security

IT Manager Faces Charges for Locking Computers to Demand Money


 

A recent case has highlighted that ransomware threats can sometimes come from within an organisation. Daniel Rhyne, a 57-year-old IT administrator from Kansas City, Missouri, has been accused of holding his own company hostage by locking down their systems and demanding a ransom to restore access.

The incident occurred in November last year when Rhyne was employed at an industrial company based in Somerset County, New Jersey. According to the Federal Bureau of Investigation (FBI), Rhyne allegedly took control of the company’s network by resetting the passwords of network administrator accounts as well as those of hundreds of employees. He then proceeded to delete critical backups and locked out both servers and workstations, crippling the organisation’s operations.

An hour after initiating the attack, Rhyne allegedly sent an email to the company's employees informing them of the situation and demanding a ransom in exchange for unlocking the systems. The FBI claims this was an attempt at extortion, with Rhyne threatening further damage if his demands were not met.

Rhyne’s actions were investigated by the FBI, and he has been charged with multiple counts, including extortion, intentional damage to a protected computer, and wire fraud. Should he be convicted of all charges, he faces up to 35 years in prison and a $500,000 fine, as reported by The Register.

Several pieces of evidence were gathered by the FBI to support their case against Rhyne. For instance, he allegedly used a tool known as PsPasswd, a Windows Sysinternals utility, to reset user passwords. The new password set for the accounts was "TheFr0zenCrew!", a telling detail that investigators believe connects him directly to the attack. Rhyne also reportedly kept a hidden virtual machine (VM) on his company-issued laptop, allowing him to maintain remote access to the network's administrative controls.

Adding to the case, the FBI noted that Rhyne's digital activities prior to the attack were suspicious. He allegedly used his work laptop to search for ways to alter administrator passwords via command-line tools, which are often used by IT professionals to manage networks remotely. Investigators claim that on the day of the attack, Rhyne was seen logging into his work laptop, conducting these searches, and reviewing company password spreadsheets while also accessing the hidden VM.

The fact that he used his company-issued laptop to perform these actions leaves a strong digital trail linking him to the crime. The FBI’s detailed investigation paints a clear picture of how the attack was executed, utilising common IT tools to gain unauthorised control over the company’s systems.

If Rhyne is found guilty, his actions could serve as a warning to organisations about the potential for internal threats. It highlights the need for companies to have strong security protocols in place, not just to defend against external hackers but also to safeguard against malicious insiders who have privileged access to sensitive systems.

This case illustrates how cyberattacks are evolving and how attackers, even those within the organisation, can exploit their knowledge and access to launch devastating attacks. Organisations must remain vigilant and continually monitor for suspicious behaviour, no matter the source, to protect their critical digital infrastructure.


Read more »
Toronto
Data Breach Ransomware Security Sensitive data Toronto

Cyberattack on TDSB Exposes Student Data, Sparks Parental Concerns


 

In June 2024, the Toronto District School Board (TDSB), Canada's largest school board, suffered a ransomware attack that compromised the personal information of its students. The incident was first disclosed to the public on June 12, when the TDSB announced that an unauthorised party had accessed one of their technology testing servers. This server, utilised by the board’s IT technicians to test new software, contained sensitive student data from the 2023/2024 academic year.

What Data Was Compromised?

According to an email sent to parents on Thursday, the compromised server held a range of student information. The data accessed during the attack included students' names, school names, grades, TDSB email addresses, student numbers, and dates of birth. While this information was stored in a testing environment rather than a primary database, its exposure is nonetheless concerning, given the potential risks associated with data breaches.

Assessing the Risk

In response to the breach, TDSB officials have been working closely with their cyber security teams and external security partners to assess the situation. As of now, these teams have determined that the risk to students remains low. They have not observed any public disclosure of the compromised data, including on the dark web or other online platforms known for illicit activities. The board has also notified the Privacy Commissioner of Ontario about the potential breach as a precautionary measure.

The news of the cyberattack has sparked concerns among parents, with some feeling that the TDSB’s communication downplayed the seriousness of the incident. Anne Borden, a mother of TDSB students, expressed her dissatisfaction, noting that the board’s response did not instil confidence in their ability to safeguard student information in the future. Borden emphasised the need for the TDSB to prioritise student data security, questioning why crucial resources are allocated to other areas while cybersecurity seemingly takes a backseat.

Ransomware attacks have become an increasing concern for institutions across Toronto, including public organisations. This type of cyberattack involves malicious actors holding data or computer systems hostage until a ransom is paid. Over recent years, several prominent organisations in Toronto, such as the Toronto Public Library, SickKids Hospital, the Toronto Zoo, and the Toronto Transit Commission (TTC), have fallen victim to similar attacks.

The TDSB incident highlights the growing importance of robust cybersecurity measures within educational institutions. As schools increasingly rely on digital tools and platforms, the need to protect sensitive information becomes even more critical. Parents and the community at large are urging the TDSB to take immediate steps to enhance its security protocols and ensure that the personal data of students remains protected.

While the TDSB has stated that the risk to students is currently low, the vulnerability of school systems to cyber threats needs to be kept in check. Moving forward, it is crucial for the TDSB to rebuild trust by implementing stronger security measures and prioritising the safety of student information above all else.



Read more »
Subscribe to: Posts (Atom)