Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Technology. Show all posts
Technology
Apple computer security Atomic macOS Stealer fake macOS hacked Mac apps MacBook malware Technology

Hackers Targeting MacBooks with Atomic macOS Stealer Malware Through Fake Apps

 

Hackers are once again setting their sights on MacBooks and other Apple computers, deploying sophisticated malware capable of stealing passwords, files, browser data, and much more.

According to Infosecurity Magazine, cybersecurity firm Trend Micro has identified a new Atomic macOS Stealer campaign. Attackers are spreading malware by tricking users into downloading pirated or “cracked” versions of popular macOS applications. In cases where this fails, cybercriminals rely on fake CAPTCHA prompts to compromise unsuspecting victims.

While many assume Macs are safer than Windows laptops, the reality is different. Apple devices are now prime targets, as hackers see premium Mac users as lucrative victims.

Trend Micro’s report explains that the attack begins when a user downloads what appears to be a cracked app. Once installed, this Trojanized software secretly delivers the Atomic macOS Stealer onto the system.

Cybercriminals distribute these fake apps through forums, malicious ads, or even social media messages. Victims are typically redirected to fraudulent websites with buttons like “Download for macOS.”

In one case, users who attempted to download a cracked version of CleanMyMac ended up installing the Atomic macOS Stealer. Although the site looked legitimate at first, clicking “Download Now” redirected them to a hacker-controlled landing page.

In other scenarios, victims are asked to run commands in Apple Terminal, triggering a malicious installation script. This script creates a binary file, enabling persistence and data theft on the infected Mac.

Once installed, the malware collects and transmits sensitive information to a hacker-controlled server, including:
  • System profile details
  • Usernames and password
  • Browser data (cookies, web history, login credentials)
  • Cryptocurrency wallet info
  • Telegram data
  • OpenVPN profiles
  • Keychain and Apple Notes data
  • Files from local folders
This stolen data can be exploited directly in future attacks or sold on the dark web to other cybercriminals.

How to Stay Safe

To reduce risk, experts stress the importance of downloading apps only from the Apple App Store or directly from trusted developer websites. Be cautious of URLs with typos, poor grammar, or suspicious ads at the top of search results.

Avoid cracked or pirated apps altogether—beyond harming developers, they often serve as malware carriers. Even if the app functions, hidden malicious code may still steal your data or compromise your system.

Although macOS includes Gatekeeper and XProtect for built-in protection, using reputable third-party Mac antivirus software is strongly recommended. Many premium antivirus tools also include VPNs and password managers for added security.

Despite the outdated belief that “Macs don’t get viruses,” hackers continue to exploit complacency. Staying vigilant online—especially when downloading apps—is the best defense.
Read more »
Website
Advertising AI Cloud Cookie Data Internet Technology Website

The Cookie Problem. Should you Accept or Reject?


It is impossible for a user today to surf the internet without cookies, to reject or accept. A pop-up shows in our browser that asks to either “accept all” or “reject all.” In a few cases, a third option allows you to ‘manage preferences’.

The pop-ups can be annoying, and your first reaction is to remove them immediately, and you hit that “accept all” button. But is there anything else you can do?

About cookies

Cookies are small files that are saved by web pages, and they have information for personalizing user experience, particularly for the most visited websites. The cookies may remember your login details, preferred news items, or your shopping preferences based on your browsing history. Cookies also help advertisers target your browsing behaviour via targeted ads. 

Types of cookies

Session cookies: These are for temporary use, like tracking items in your shopping cart. When a browser session is inactive, the cookies are automatically deleted.

Persistent cookies: As the name suggests, these cookies are used for longer periods. For example, saving logging details for accessing emails faster. They can expire from days to years. 

About cookie options

When you are on a website, pop-ups inform you about the “essential cookies” that you can’t opt out of because if you do, you may not be able to use the website's online features, like shopping carts wouldn’t work. But in the settings, you can opt out of “non-essential cookies.”

Three types of non-essential cookies

  1. Functional cookies- Based on browsing experience. (for instance, region or language selection)
  2. Advertising cookies- Third-party cookies, which are used to track user browsing activities. These cookies can be shared with third parties and across domains and platforms that you did not visit.
  3. Analytics cookies- They give details about metrics, such as how visitors use the website

Read more »
Technology
AI training threat Artists&Clients hack LunaLock ransomware Ransomware attack stolen artwork Technology

Ransomware Group Uses AI Training Threats in Artists & Clients Cyberattack

 

Cybercriminals behind ransomware attacks are adopting new intimidation methods to push victims into paying up. In a recent case, the LunaLock ransomware gang has escalated tactics by threatening to sell stolen artwork for AI training datasets.

The popular platform Artists&Clients, which connects artists with clients for commissioned projects, was hacked around August 30. According to reports, a ransom note appeared on the site’s homepage stating: “All files have been encrypted and the site has been breached.” The attackers demanded at least $50,000 in Bitcoin or Monero, promising to delete stolen data and restore access once payment was made.

What sets this attack apart is the warning that stolen artwork could be handed over to “AI companies” to train large language models. This is especially alarming as Artists&Clients explicitly prohibits AI involvement on its platform. Security researcher Tammy Harper highlighted, “this is the first known instance of a ransomware group explicitly using AI training as a threat to extort victims.”

If the ransom is not paid, LunaLock claims it will leak sensitive information including personal data, commissions, and payment records—potentially triggering GDPR violations in Europe. While the group did not clarify how they would provide the artwork to AI firms, experts suggest they might simply publish an open database accessible to AI crawlers.

Currently, the Artists&Clients website is offline, leaving users anxious about compromised messages, transactions, and commissioned work. No official statement has been released by the platform. Harper emphasized that this tactic may hit creators especially hard, as many strongly oppose their work being exploited for AI training without consent or compensation.
Read more »
Technology
AI budget constraints AI data readiness AI security risks enterprise AI challenges generative AI adoption Technology

Generative AI Adoption Stalls as Enterprises Face Data Gaps, Security Risks, and Budget Constraints

 

Many enterprises are hitting roadblocks in deploying generative AI despite a surge in vendor investments. The primary challenge lies in fragmented and unstructured data, which is slowing down large-scale adoption. While technology providers continue to ramp up funding, organizations are cautious due to security risks, budget concerns, and a shortage of skilled AI talent.

“Enterprise data wasn’t up to the challenge,” Gartner Distinguished VP Analyst John-David Lovelock told CIO Dive earlier this year. Gartner projects that vendor spending will fuel a 76% increase in generative AI investments in 2025.

The pilot phase of AI revealed a significant mismatch between organizational ambitions and data maturity. Pluralsight’s March report, led by Chief Product and Technology Officer Chris McClellen, found that over 50% of companies lacked the readiness to meet AI’s technical and operational demands. Six months later, progress remains limited.

A Ponemon Institute survey showed that more than half of respondents still rank AI as a top priority. However, nearly one in three IT and security leaders cited budgetary constraints as a barrier.

“AI is mission-critical, but most organizations aren’t ready to support it,” said Shannon Bell, Chief Digital Officer at OpenText. “Without trusted, well-governed information, AI can’t deliver on its promise.”

The dual nature of AI poses both opportunities and risks for enterprises. Over 50% of organizations struggle to mitigate AI-related security and compliance risks, with 25% pointing to poor alignment between AI strategies and IT or security functions.

Despite this, AI is increasingly being integrated into cybersecurity strategies. Half of organizations already use AI in their security stack, and 39% report that generative AI enhances threat detection and alert analysis. Banking, in particular, is leveraging the technology—KPMG’s April survey of 200 executives found that one-third of banks are piloting generative AI-powered fraud detection and anomaly detection systems.
Read more »
Technology
Android sideloading apps Android vs iOS developer verification Android Google Play Store security Technology

Android’s App Freedom Shrinks As Google Tightens Rules

 

For years, the Android vs. iOS debate has centered around one key argument: freedom of choice. Nothing highlighted this more than sideloading apps.

"But iOS is a walled garden. Apple controls what you can and can't install on your hardware." That’s the go-to line Android users have thrown around whenever the mobile platform wars heat up. Yet, one of the final distinctions between Android and iOS is slowly fading, with Google now aligning more closely with Apple’s strategy.

The feature in question is sideloading—installing apps from sources outside the Google Play Store. Historically, Google defended this as user freedom, but now the company is emphasizing security, echoing Apple’s long-held stance.

"Following recent attacks, including those targeting people's financial data on their phones, we've worked to increase developer accountability to prevent abuse," said Suzanne Frey, VP of Product, Trust and Growth for Android.

She added: "We've seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: Our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play."

To counter this, Google is rolling out developer verification.

"Think of it like an ID check at the airport, which confirms a traveler's identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from," Frey explained.

This new policy will apply to all Android-certified devices starting next year. The rollout will begin in select regions where fraudulent app scams are most widespread.

Additionally, Google is creating a new Android Developer Console for those distributing apps outside of Google Play. Separate consoles will also be introduced for students and hobbyist developers.

In practical terms, this means sideloading isn’t disappearing—but only apps signed with a valid developer certificate will work. If a developer is caught distributing harmful software, their certificate will be revoked, rendering all their apps unusable.

This also spells the end for controversial apps like Revanced, which enables YouTube Premium features for free through sideloading.

For everyday users, this change might not matter much. Most Android owners rarely sideload apps, and Google’s claim of “50 times more malware from internet-sideloaded sources” reinforces why. Like custom ROMs and iPhone jailbreaking, sideloading is becoming a niche activity rather than a mainstream feature.
Read more »
Technology
Conti Healthcare Hospital Monti Ransomware Technology

Hospital Notifies victims of a one-year old data breach, personal details stolen

Hospital Notifies victims of a one-year old data breach, personal details stolen

Hospital informs victims about data breach after a year

Wayne Memorial Hospital in the US has informed its 163,440 people about a year old data breach in May 2024 that exposed details such as: names, social security numbers, user IDs, and passwords, financial account numbers, credit and debit card numbers, expiration dates, and CVV codes, medical history, diagnoses, treatments, prescriptions, lab test results and images, health insurance, Medicare, and Medicaid numbers, healthcare provider numbers, state-issued ID numbers, and dates of birth. 

Initially, the hospital informed only 2,500 people about the attack in August 2024. Ransomware group Monti took responsibility for the attack and warned that it would leak the data by July 8, 2024.

Ransom and payment

Wayne Memorial Hospital, however, has not confirmed Monti’s claim. As of now, it is not known if the hospital paid a ransom, what amount Monti demanded, or why the hospital took more than a year to inform victims, or how the threat actors compromised the hospital infrastructure. 

According to the notice sent to victims, “On June 3, 2024, WMH detected a ransomware event, whereby an unauthorized third party gained access to WMH’s network, encrypted some of WMH’s data, and left a ransom note on WMH’s network.” The forensic investigation by WMH found evidence of unauthorized access to a few WMH systems between “May 30, 2024, and June 3, 2024.”

The hospital has offered victims a one-year free credit monitoring and fraud assistance via CyberScout. The deadline to apply is three months from the date of the notice letter.

What is the Monti group?

Monti is a ransomware gang that shares similarities with the Conti group. It was responsible for the first breach in February 2023. The group, however, has been working since June 2022. Monti is infamous for abusing software bugs like Log4Shell. Monti encrypts target systems and steals data as well. This pushes victims to pay ransom money in exchange for deleting stolen data and restoring the systems.

To date, Monti has claimed responsibility for 16 attacks. Out of these, two attacks hit healthcare providers. 

Monti attacks on health care providers

In April 2023, Avezzano Sulmona L’Aquila (Italy) reported a ransomware attack that resulted in large-scale disruption for a month. Monti asked for $3 million ransom for the 500 GB of stolen data. ASL denies payment of the ransom. 

Excelsior Othopedics informed 394,752 people about a June 2024 data compromise

Read more »
Technology
Artificial Intelligence Chatbots data security images Prompt Injection Technology

AI Image Attacks: How Hidden Commands Threaten Chatbots and Data Security

 



As artificial intelligence becomes part of daily workflows, attackers are exploring new ways to exploit its weaknesses. Recent research has revealed a method where seemingly harmless images uploaded to AI systems can conceal hidden instructions, tricking chatbots into performing actions without the user’s awareness.


How hidden commands emerge

The risk lies in how AI platforms process images. To reduce computing costs, most systems shrink images before analysis, a step known as downscaling. During this resizing, certain pixel patterns, deliberately placed by an attacker can form shapes or text that the model interprets as user input. While the original image looks ordinary to the human eye, the downscaled version quietly delivers instructions to the system.

This technique is not entirely new. Academic studies as early as 2020 suggested that scaling algorithms such as bicubic or bilinear resampling could be manipulated to reveal invisible content. What is new is the demonstration of this tactic against modern AI interfaces, proving that such attacks are practical rather than theoretical.


Why this matters

Multimodal systems, which handle both text and images, are increasingly connected to calendars, messaging apps, and workplace tools. A hidden prompt inside an uploaded image could, in theory, request access to private information or trigger actions without explicit permission. One test case showed that calendar data could be forwarded externally, illustrating the potential for identity theft or information leaks.

The real concern is scale. As organizations integrate AI assistants into daily operations, even one overlooked vulnerability could compromise sensitive communications or financial data. Because the manipulation happens inside the preprocessing stage, traditional defenses such as firewalls or antivirus tools are unlikely to detect it.


Building safer AI systems

Defending against this form of “prompt injection” requires layered strategies. For users, simple precautions include checking how an image looks after resizing and confirming any unusual system requests. For developers, stronger measures are necessary: restricting image dimensions, sanitizing inputs before models interpret them, requiring explicit confirmation for sensitive actions, and testing models against adversarial image samples.

Researchers stress that piecemeal fixes will not be enough. Only systematic design changes such as enforcing secure defaults and monitoring for hidden instructions can meaningfully reduce the risks.

Images are no longer guaranteed to be safe when processed by AI systems. As attackers learn to hide commands where only machines can read them, users and developers alike must treat every upload with caution. By prioritizing proactive defenses, the industry can limit these threats before they escalate into real-world breaches.



Read more »
Technology
AGI AI vs humans Artificial General Intelligence Artificial Intelligence Google DeepMind Jeff Dean Technology

Google DeepMind’s Jeff Dean Says AI Models Already Outperform Humans in Most Tasks

 

With artificial intelligence evolving rapidly, the biggest debate in the AI community is whether advanced models will soon outperform humans in most tasks—or even reach Artificial General Intelligence (AGI). 

Google DeepMind’s Chief Scientist Jeff Dean, while avoiding the term AGI, shared that today’s AI systems may already be surpassing humans in many everyday activities, though with some limitations.

Speaking on the Moonshot Podcast, Dean remarked that current models are "better than the average person at most tasks" that don’t involve physical actions.

"Most people are not that good at a random task if you ask them to do that they've never done before, and you know some of the models we have today are actually pretty reasonable at most things," he explained.

However, Dean also cautioned that these systems are far from flawless. "You know, they will fail at a lot of things; they're not human expert level in some things, so that's a very different definition and being better than the world expert at every single task," he said.

When asked about AI’s ability to make breakthroughs faster than humans, Dean responded: "We're actually probably already you know close to that in some domains, and I think we're going to broaden out that set of domains." He emphasized that automation will play a crucial role in accelerating "scientific progress, engineering progress," and advancing human capabilities over the next "five, 10, 15, 20 years."
Read more »
Technology
Biometric data Courtroom Evidence Privacy and Encryption Smartwatch data Technology

Smartwatch on the Stand: How Wearable Data Is Turning Into Courtroom Evidence

 

Fitness trackers and smartwatches are increasingly becoming digital witnesses in legal proceedings, with biometric data from Apple Watch, Fitbit, and similar devices now regularly used as evidence in murder, injury, and insurance cases across the country. 

Wearables transform into legal liabilities 

Your smartwatch creates minute-by-minute digital testimony that prosecutors, personal injury lawyers, and insurance companies can subpoena. The granular biometric and location data automatically syncing to manufacturer clouds transforms wearable devices into potential witnesses that users never intended to create. 

Criminal cases demonstrate how powerful this evidence can be. In the Dabate murder case, a suspect's alibi collapsed when his wife's Fitbit showed her moving well after he claimed she was killed. Similarly, an Apple Watch in Australia pinpointed a victim's exact death window, directly contradicting the suspect's testimony.

These devices record GPS coordinates, movement patterns, heart rate spikes, and sleep disruption with forensic precision, creating evidence more detailed than browsing history. Unlike deleted texts, this data automatically syncs to manufacturer servers where companies retain it for extended periods under their data policies. 

Federal courts approve smartwatch data requests using the "narrow, proportional, and relevant" standard when evaluating discovery requests. Personal injury lawsuits increasingly subpoena activity logs to prove or disprove disability claims, where step counts either support or destroy injury narratives. 

Traffic accident cases utilize GPS data to establish whether individuals were walking, driving, or stationary during critical moments. Major manufacturers like Apple and Garmin explicitly state in privacy policies that they'll comply with lawful requests regardless of user preferences. The third-party doctrine means data shared with cloud providers enjoys weaker privacy protections than information stored on locked phones. 

Protection strategies 

Users can limit legal exposure through strategic privacy settings without eliminating functionality. Key recommendations include reviewing companion app privacy settings to minimize cloud syncing, enabling device-level encryption and strong authentication, and treating smartwatch data like financial records that could face future legal scrutiny. 

Additional protective measures involve limiting third-party app permissions and understanding manufacturer data retention policies before information becomes discoverable evidence. With over 34% of adults now wearing fitness trackers daily, the judicial system's reliance on wearable data will only intensify.
Read more »
Technology
data localization data sovereignty enterprise IT resilience generative AI governance hybrid multicloud Technology

Data Sovereignty in the Age of Geopolitical Uncertainty

 

From the ongoing war in Ukraine, to instability in the Middle East, and rising tensions in the South China Sea, global conflicts are proving that digital systems are deeply exposed to geopolitical risks. Speaking at London Tech Week, UK Prime Minister Keir Starmer highlighted how warfare has evolved, noting that it “has changed profoundly,” and emphasizing that technology and AI are now “hard wired” into national defense. His remarks underscored a critical point—IT infrastructure and data management must be approached with security at the forefront.

But achieving this is no easy task. New research from Civo reveals that 83% of UK IT leaders believe geopolitical pressures threaten their ability to control data, while 61% identify sovereignty as a strategic priority. Yet, only 35% know exactly where their data is located. This isn’t just a compliance concern—it signals a disconnect between infrastructure, policy, and long-term strategy.

Once seen as a policy or legal issue, data sovereignty is now a live operational necessity. With regulatory fragmentation, mounting cyber threats, and increasingly complex data ecosystems, organizations must actively manage sovereignty. Whether it’s controlling access to AI training data or meeting residency rules in healthcare, sovereignty dictates what businesses can and cannot do.

Legislative frameworks such as the EU Data Act, the UK’s evolving stance post-Brexit, and stricter critical infrastructure policies are shaping enterprise resilience. As Lord Ricketts stated in the House of Lords, “the safe and effective exchange of data underpins our trade and economic links with the EU and co-operation between our law-enforcement bodies.” Building trust now depends on robust and enforceable data governance.

Public cloud adoption has given many businesses the illusion of flexibility, but moving quickly isn’t the same as moving securely. Data localization, jurisdictional controls, and aligned security policies must be central to enterprise strategy. This demands a shift: design IT systems for agility with control, or risk disruption when regulations inevitably change.

Sovereignty-aware infrastructure is not about isolation, but about visibility, governance, and adaptability. Organizations must know where data is stored, who can access it, how it travels, and which policies apply at each stage. A hybrid multicloud approach offers the flexibility to scale, while keeping sovereignty and governance intact. For instance, financial firms may need to keep sensitive transaction data within the UK but still run analytics in the cloud—an architecture that enables agility without sacrificing compliance.

Generative AI further complicates sovereignty. Training models with private datasets, deploying inference at the edge, or simply exchanging prompts across jurisdictions introduces new risks. Many businesses have embraced AI without aligning deployments with residency or compliance requirements. Sovereignty now extends beyond storage—it covers compute, access patterns, and third-party model interactions.

Building sovereignty into design requires collaboration between IT, legal, and compliance teams, as well as infrastructure that supports location-aware policies from day one. Research from Nutanix shows the urgency: 94% of public sector bodies are using generative AI tools, yet 92% admit their security isn’t sufficient, and 81% say their infrastructure falls short of sovereignty needs.

Customers and partners are increasingly demanding transparency—knowing where data resides, how it is used, and whether governance is enforced. Regulators are also raising expectations beyond “checkbox compliance.” In sectors like healthcare, education, finance, and government, sovereignty is now synonymous with trust and continuity.

The path forward starts with clarity. Organizations must know where their data lives, what laws apply, and whether their infrastructure can support hybrid deployment, location controls, and detailed audits. They must also plan for generative AI workloads with sovereignty in mind, ensuring scale does not come at the expense of compliance.

Ultimately, sovereignty should be treated not as a restriction, but as a design principle. Businesses that do this will not only remain compliant but will also build resilience, transparency, and long-term trust. In an environment where data moves faster than regulation, maintaining control is no longer optional—it is fundamental to good governance and sound business strategy.
Read more »
Technology
MAX messaging app Online Privacy Russia Technology

Russia’s New MAX Messaging App Sparks Spying Fears

 

From first September, Russia’s new state-backed messaging app MAX will come pre-installed on every smartphone and tablet sold in the country, igniting strong concerns over data privacy and state monitoring. Built by VK, the company behind Mail.ru and VKnote, the platform launched in March 2025 and has already drawn 18 million users, according to Interfax. Much like China’s WeChat, MAX blends private messaging with access to official government services.

Concerns Over Security 

Independent analyses commissioned by Forbes reveal that MAX includes aggressive tracking functions, weak security protections, and no end-to-end encryption, a combination that could leave conversations exposed to real-time monitoring. Researchers argue this places Russian users at greater risk than those relying on WhatsApp or Telegram. 

Digital rights advocates at Roskomsvoboda acknowledged that MAX requests fewer device permissions than its rivals, but warned that all communications are routed through state-controlled servers, making surveillance far easier. 

“MAX has enormous surveillance potential, as every piece of data within it can be accessed instantly by intelligence agencies,” said Ilya Perevalov, technical expert at Roskomsvoboda and RKS Global. 

He also cautioned that integrating payment systems could heighten risks of data breaches and fraud. 

WhatsApp Faces Crackdown 

At present, WhatsApp remains the most widely used messaging service in Russia, but its days may be numbered. Authorities have confirmed plans to block the app, and by mid-August, restrictions were already applied to voice calls on both Telegram and WhatsApp, citing counterterrorism concerns. The push comes alongside new laws punishing online searches for “extremist content” and imposing harsher penalties on VPN use, reducing citizens’ ability to bypass government restrictions. 

Privacy Under Pressure

Officials insist MAX collects less personal information than foreign competitors. Yet analysts argue the real issue is not the number of permissions but the direct pipeline of data to state agencies. With WhatsApp on the verge of a ban and VPN access under growing pressure, Russian users may soon be left with MAX as their only reliable option, a development critics warn could tighten government control over digital freedoms and reshape the country’s online communications landscape.
Read more »
Technology
AI Anthropic ChatGPT Claude Cloud Internet Technology

Antrhopic to use your chats with Claude to train its AI


Antrhopic to use your chats with Claude to train its AI

Anthropic announced last week that it will update its terms of service and privacy policy to allow the use of chats for training its AI model “Claude.” Users of all subscription levels- Claude Free, Max, Pro, and Code subscribers- will be impacted by this new update. Anthropic’s new Consumer Terms and Privacy Policy will take effect from September 28, 2025. 

But users who use Claude under licenses such as Work, Team, and Enterprise plans, Claude Education, and Claude Gov will be exempted. Besides this, third-party users who use the Claude API through Google Cloud’s Vertex AI and Amazon Bedrock will also not be affected by the new policy.

If you are a Claude user, you can delay accepting the new policy by choosing ‘not now’, however, after September 28, your user account will be opted in by default to share your chat transcript for training the AI model. 

Why the new policies?

The new policy has come after the genAI boom, thanks to the massive data that has prompted various tech companies to rethink their update policies (although quietly) and update their terms of service. With this, these companies can use your data to train their AI models or give it out to other companies to improve their AI bots. 

"By participating, you’ll help us improve model safety, making our systems for detecting harmful content more accurate and less likely to flag harmless conversations. You’ll also help future Claude models improve at skills like coding, analysis, and reasoning, ultimately leading to better models for all users," Anthropic said.

Concerns around user safety

Earlier this year, in July, Wetransfer, a famous file-sharing platform, fell into controversy when it changed its terms of service agreement, facing immediate backlash from its users and online community. WeTransfer wanted the files uploaded on its platform could be used for improving machine learning models. After the incident, the platform has been trying to fix things by removing “any mention of AI and machine learning from the document,” according to the Indian Express. 

With rising concerns over the use of personal data for training AI models that compromise user privacy, companies are now offering users the option to opt out of data training for AI models.

Read more »
trending news
Browser Browser news news and trends Technology trending news

Beyond Google: The Rise of Privacy-Focused Search Engines

 

For years, the search engine market has been viewed as a two-player arena dominated by Google, with Microsoft’s Bing as the backup. But a quieter movement is reshaping how people explore the web: privacy-first search engines that promise not to turn users into products. 

DuckDuckGo has become the most recognisable name in this space. Its interface looks and feels much like Google, yet it refuses to track users, log searches, or build behavioural profiles. Instead, every query stands alone, delivering neutral results primarily sourced from Bing and other partners. 

While this means fewer personalised suggestions, it also ensures a cleaner, unbiased search experience. Startpage, on the other hand, positions itself as a privacy shield for Google. Acting as a middleman, it fetches Google’s results without passing on users’ IP addresses or histories. 

This gives people access to Google’s powerful index while keeping their identities hidden. For those seeking an extra layer of anonymity, Startpage even offers a built-in proxy to browse sites discreetly. 

Mojeek is one of the rare engines to build its own independent index. By crawling the web directly, it offers results shaped by its own algorithms rather than those of industry giants. While sometimes rougher around the edges, Mojeek’s independence appeals to users tired of mainstream filters and echo chambers. 

SearXNG takes yet another approach. As an open-source meta-search engine, it aggregates results from dozens of sources, from Google and Bing to Wikipedia. Crucially, it does this without sharing personal data. Users can even host their own SearXNG instance, tailoring the sources and ranking systems to their preferences, an unmatched level of control, though the experience varies by setup. Finally, Swisscows distinguishes itself with both privacy and family-friendly results. 

It blocks tracking, filters explicit content, and now runs on a subscription model of around $4.4 per month. While no longer free, its positioning makes it attractive for parents and classrooms seeking a safe and secure search option. 

Taken together, these alternatives highlight that Google is not the only gateway to the internet. From DuckDuckGo’s simplicity to SearXNG’s transparency and Mojeek’s independence, privacy-first search engines prove that it’s possible to browse the web without surrendering personal data.
Read more »
VPN
Agent AI AI Anthropic Anthropic Report Artificial Intelligence Cryptocurrency Crime Cybersecurity Threats FBI IT North Korea Cybercrime Ransomware Technology Vibe Hacking VPN

Misuse of AI Agents Sparks Alarm Over Vibe Hacking


 

Once considered a means of safeguarding digital battlefields, artificial intelligence has now become a double-edged sword —a tool that can not only arm defenders but also the adversaries it was supposed to deter, giving them both a tactical advantage in the digital fight. According to Anthropic's latest Threat Intelligence Report for August 2025, shown below, this evolving reality has been painted in a starkly harsh light. 

It illustrates how cybercriminals are developing AI as a product of choice, no longer using it to support their attacks, but instead executing them as a central instrument of attack orchestration. As a matter of fact, according to the report, malicious actors are now using advanced artificial intelligence in order to automate phishing campaigns on a large scale, circumvent traditional security measures, and obtain sensitive information very efficiently, with very little human oversight needed. As a result of AI's precision and scalability, the threat landscape is escalating in troubling ways. 

By leveraging AI's accuracy and scalability, modern cyberattacks are being accelerated, reaching, and sophistication. A disturbing evolution of cybercrime is being documented by Anthropologic, as it turns out that artificial intelligence is no longer just used to assist with small tasks such as composing phishing emails or generating malicious code fragments, but is also serving as a force multiplier for lone actors, giving them the capacity to carry out operations at scale and with precision that was once reserved for organized criminal syndicates to accomplish. 

Investigators have been able to track down a sweeping extortion campaign back to a single perpetrator in one particular instance. This perpetrator used Claude Code's execution environment as a means of automating key stages of intrusion, such as reconnaissance, credential theft, and network penetration, to carry out the operation. The individual compromised at least 17 organisations, ranging from government agencies to hospitals to financial institutions, and he has made ransom demands that have sometimes exceeded half a million dollars in some instances. 

It was recently revealed that researchers have conceived of a technique called “vibe hacking” in which coding agents can be used not just as tools but as active participants in attacks, marking a profound shift in both cybercriminal activity’s speed and reach. It is believed by many researchers that the concept of “vibe hacking” has emerged as a major evolution in cyberattacks, as instead of exploiting conventional network vulnerabilities, it focuses on the logic and decision-making processes of artificial intelligence systems. 

In the year 2025, Andrej Karpathy started a research initiative called “vibe coding” - an experiment in artificial intelligence-generated problem-solving. Since then, the concept has been co-opted by cybercriminals to manipulate advanced language models and chatbots for unauthorised access, disruption of operations, or the generation of malicious outputs, originating from a research initiative. 

By using AI, as opposed to traditional hacking, in which technical defences are breached, this method exploits the trust and reasoning capabilities of machine learning itself, making detection especially challenging. Furthermore, the tactic is reshaping social engineering as well: attackers can create convincing phishing emails, mimic human speech, build fraudulent websites, create clones of voices, and automate whole scam campaigns at an unprecedented level using large language models that simulate human conversations with uncanny realism. 

With tools such as artificial intelligence-driven vulnerability scanners and deepfake platforms, the threat is amplified even further, creating a new frontier of automated deception, according to experts. In one notable variant of scamming, known as “vibe scamming,” adversaries can launch large-scale fraud operations in which they generate fake portals, manage stolen credentials, and coordinate follow-up communications all from a single dashboard, which is known as "vibe scamming." 

Vibe hacking is one of the most challenging cybersecurity tasks people face right now because it is a combination of automation, realism, and speed. The attackers are not relying on conventional ransomware tactics anymore; they are instead using artificial intelligence systems like Claude to carry out all aspects of an intrusion, from reconnaissance and credential harvesting to network penetration and data extraction.

A significant difference from earlier AI-assisted attacks was that Claude demonstrated "on-keyboard" capability as well, performing tasks such as scanning VPN endpoints, generating custom malware, and analysing stolen datasets to prioritise the victims with the highest payout potential. As soon as the system was installed, it created tailored ransom notes in HTML, containing the specific financial requirements, workforce statistics, and regulatory threats of each organisation, all based on the data that had been collected. 

The amount of payments requested ranged from $75,000 to $500,000 in Bitcoin, which illustrates that with the assistance of artificial intelligence, one individual could control the entire cybercrime network. Additionally, the report emphasises how artificial intelligence and cryptocurrency have increasingly become intertwined. For example, ransom notes include wallet addresses in ransom notes, and dark web forums are exclusively selling AI-generated malware kits in cryptocurrency. 

An investigation by the FBI has revealed that North Korea is increasingly using artificial intelligence (AI) to evade sanctions, which is used to secure fraudulent positions at Western tech companies by state-backed IT operatives who use it for the fabrication of summaries, passing interviews, debugging software, and managing day-to-day tasks. 

According to officials in the United States, these operations channel hundreds of millions of dollars every year into Pyongyang's technical weapon program, replacing years of training with on-demand artificial intelligence assistance. This reveals a troubling shift: artificial intelligence is not only enabling cybercrime but is also amplifying its speed, scale, and global reach, as evidenced by these revelations. A report published by Anthropological documents how Claude Code has been used not just for breaching systems, but for monetising stolen information at large scales as well. 

As a result of using the software, thousands of records containing sensitive identifiers, financial information, and even medical information were sifted through, and then customised ransom notes and multilayered extortion strategies were generated based on the victim's characteristics. As the company pointed out, so-called "agent AI" tools now provide attackers with both technical expertise and hands-on operational support, which effectively eliminates the need to coordinate teams of human operators, which is an important factor in preventing cyberattackers from taking advantage of these tools. 

Researchers warn that these systems can be dynamically adapted to defensive countermeasures, such as malware detection, in real time, thus making traditional enforcement efforts increasingly difficult. There are a number of cases to illustrate the breadth of abuse that occurs in the workplace, and there is a classifier developed by Anthropic to identify the behaviour. However, a series of case studies indicates this behaviour occurs in a multitude of ways. 

In the North Korean case, Claude was used to fabricate summaries and support fraudulent IT worker schemes. In the U.K., a criminal known as GTG-5004 was selling ransomware variants based on artificial intelligence on darknet forums; Chinese actors utilised artificial intelligence to compromise Vietnamese critical infrastructure; and Russian and Spanish-speaking groups were using the software to create malicious software and steal credit card information. 

In order to facilitate sophisticated fraud campaigns, even low-skilled actors have begun integrating AI into Telegram bots around romance scams as well as false identity services, significantly expanding the number of fraud campaigns available. A new report by Anthropic researchers Alex Moix, Ken Lebedev, and Jacob Klein argues that artificial intelligence, based on the results of their research, is continually lowering the barriers to entry for cybercriminals, enabling fraudsters to create profiles of victims, automate identity theft, and orchestrate operations at a speed and scale that is unimaginable with traditional methods. 

It is a disturbing truth that is highlighted in Anthropic’s report: although artificial intelligence was once hailed as a shield for defenders, it is now increasingly being used as a weapon, putting digital security at risk. Nevertheless, people must not retreat from AI adoption, but instead develop defensive strategies in parallel that are geared toward keeping up with AI adoption. Proactive guardrails must be set up in order to prevent artificial intelligence from being misused, including stricter oversight and transparency by developers, as well as continuous monitoring and real-time detection systems to recognise abnormal AI behaviour before it escalates into a serious problem. 

A company's resilience should go beyond its technical defences, and that means investing in employee training, incident response readiness, and partnerships that enable data sharing across sectors. In addition to this, governments are also under mounting pressure to update their regulatory frameworks in order to keep pace with the evolution of threat actors in terms of policy.

By harnessing artificial intelligence responsibly, people can still make it a powerful ally—automating defensive operations, detecting anomalies, and even predicting threats before they are even visible. In order to ensure that it continues in a manner that favours protection over exploitation, protecting not just individual enterprises, but the overall trust people have in the future of the digital world. 

A significant difference from earlier AI-assisted attacks was that Claude demonstrated "on-keyboard" capability as well, performing tasks such as scanning VPN endpoints, generating custom malware, and analysing stolen datasets in order to prioritise the victims with the highest payout potential. As soon as the system was installed, it created tailored ransom notes in HTML, containing the specific financial requirements, workforce statistics, and regulatory threats of each organisation, all based on the data that had been collected. 

The amount of payments requested ranged from $75,000 to $500,000 in Bitcoin, which illustrates that with the assistance of artificial intelligence, one individual could control the entire cybercrime network. Additionally, the report emphasises how artificial intelligence and cryptocurrency have increasingly become intertwined. 

For example, ransom notes include wallet addresses in ransom notes, and dark web forums are exclusively selling AI-generated malware kits in cryptocurrency. An investigation by the FBI has revealed that North Korea is increasingly using artificial intelligence (AI) to evade sanctions, which is used to secure fraudulent positions at Western tech companies by state-backed IT operatives who use it for the fabrication of summaries, passing interviews, debugging software, and managing day-to-day tasks. 

According to U.S. officials, these operations funnel hundreds of millions of dollars a year into Pyongyang's technical weapons development program, replacing years of training with on-demand AI assistance. All in all, these revelations indicate an alarming trend: artificial intelligence is not simply enabling cybercrime, but amplifying its scale, speed, and global reach. 

According to the report by Anthropic, Claude Code has been weaponised not only to breach systems, but also to monetise stolen data. This particular tool has been used in several instances to sort through thousands of documents containing sensitive information, including identifying information, financial details, and even medical records, before generating customised ransom notes and layering extortion strategies based on each victim's profile. 

The company explained that so-called “agent AI” tools are now providing attackers with both technical expertise and hands-on operational support, effectively eliminating the need for coordinated teams of human operators to perform the same functions. Despite the warnings of researchers, these systems are capable of dynamically adapting to defensive countermeasures like malware detection in real time, making traditional enforcement efforts increasingly difficult, they warned. 

Using a classifier built by Anthropic to identify this type of behaviour, the company has shared technical indicators with trusted partners in an attempt to combat the threat. The breadth of abuse is still evident through a series of case studies: North Korean operatives use Claude to create false summaries and maintain fraud schemes involving IT workers; a UK-based criminal with the name GTG-5004 is selling AI-based ransomware variants on darknet forums. 

Some Chinese actors use artificial intelligence to penetrate Vietnamese critical infrastructure, while Russians and Spanish-speaking groups use Claude to create malware and commit credit card fraud. The use of artificial intelligence in Telegram bots marketed for romance scams or synthetic identity services has even reached the level of low-skilled actors, allowing sophisticated fraud campaigns to become more accessible to the masses. 

A new report by Anthropic researchers Alex Moix, Ken Lebedev, and Jacob Klein argues that artificial intelligence, based on the results of their research, is continually lowering the barriers to entry for cybercriminals, enabling fraudsters to create profiles of victims, automate identity theft, and orchestrate operations at a speed and scale that is unimaginable with traditional methods. In the report published by Anthropic, it appears to be revealed that artificial intelligence is increasingly being used as a weapon to challenge the foundations of digital security, despite being once seen as a shield for defenders. 

There is a solution to this, but it is not in retreating from AI adoption, but by accelerating the parallel development of defensive strategies that are at the same pace as AI adoption. According to experts, proactive guardrails are necessary to ensure that AI deployments are monitored, developers are held more accountable, and there is continuous monitoring and real-time detection systems available that can be used to identify abnormal AI behaviour before it becomes a serious problemOrganisationss must not only focus on technical defences; they must also invest in employee training, incident response readiness, and partnerships that facilitate intelligence sharing between sectors as well.

Governments are also under increasing pressure to update regulatory frameworks to keep pace with the evolving threat actors, in order to ensure that policy is updated at the same pace as they evolve. By harnessing artificial intelligence responsibly, people can still make it a powerful ally—automating defensive operations, detecting anomalies, and even predicting threats before they are even visible. In order to ensure that it continues in a manner that favours protection over exploitation, protecting not just individual enterprises, but the overall trust people have in the future of the digital world.
Read more »
Technology
AI cybercrime AI-powered cyber extortion Anthropic Claude chatbot hack Claude Code misuse hacker uses AI Technology

Hacker Exploits AI Chatbot for Massive Cybercrime Operation, Report Finds

 

A hacker has manipulated a major artificial intelligence chatbot to carry out what experts are calling one of the most extensive and profitable AI-driven cybercrime operations to date. The attacker used the tool for everything from identifying targets to drafting ransom notes.

In a report released Tuesday, Anthropic — the company behind the widely used Claude chatbot — revealed that an unnamed hacker “used AI to what we believe is an unprecedented degree” to research, infiltrate, and extort at least 17 organizations.

Cyber extortion, where criminals steal sensitive data such as trade secrets, personal records, or financial information, is a long-standing tactic. But the rise of AI has accelerated these methods, with cybercriminals increasingly relying on AI chatbots to draft phishing emails and other malicious content.

According to Anthropic, this is the first publicly documented case in which a hacker exploited a leading AI chatbot to nearly automate an entire cyberattack campaign. The operation began when the hacker persuaded Claude Code — Anthropic’s programming-focused chatbot — to identify weak points in corporate systems. Claude then generated malicious code to steal company data, organized the stolen files, and assessed which information was valuable enough for extortion.

The chatbot even analyzed hacked financial records to recommend realistic ransom demands in Bitcoin, ranging from $75,000 to over $500,000. It also drafted extortion messages for the hacker to send.

Jacob Klein, Anthropic’s head of threat intelligence, noted that the operation appeared to be run by a single actor outside the U.S. over a three-month period. “We have robust safeguards and multiple layers of defense for detecting this kind of misuse, but determined actors sometimes attempt to evade our systems through sophisticated techniques,” he said.

Anthropic did not disclose the names of the affected companies but confirmed they included a defense contractor, a financial institution, and multiple healthcare providers. The stolen data included Social Security numbers, bank details, patient medical information, and even U.S. defense-related files regulated under the International Traffic in Arms Regulations (ITAR).

It remains unclear how many victims complied with the ransom demands or how much profit the hacker ultimately made.

The AI sector, still largely unregulated at the federal level, is encouraged to self-regulate. While Anthropic is considered among the more safety-conscious AI firms, the company admitted it is unclear how the hacker was able to manipulate Claude Code to this extent. However, it has since added further safeguards.

“While we have taken steps to prevent this type of misuse, we expect this model to become increasingly common as AI lowers the barrier to entry for sophisticated cybercrime operations,” Anthropic’s report concluded.
Read more »
Technology
AI Cloud Data PromptLock Ransomware Technology

Experts discover first-ever AI-powered ransomware called "PromptLock"

Experts discover first-ever AI-powered ransomware called "PromptLock"

A ransomware attack is an organization’s worst nightmare. Not only does it harm the confidentiality of the organizations and their customers, but it also drains money and causes damage to the reputation. Defenders have been trying to address this serious threat, but threat actors keep developing new tactics to launch attacks. To make things worse, we have a new AI-powered ransomware strain. 

First AI ransomware

Cybersecurity experts have found the first-ever AI-powered ransomware strain. Experts Peter Strycek and Anton Cherepanov from ESET found the strain and have termed it “PromptLock.” "During infection, the AI autonomously decides which files to search, copy, or encrypt — marking a potential turning point in how cybercriminals operate," ESET said.

The malware has not been spotted in any cyberattack as of yet, experts say. Promptlock appears to be in development and is poised for launch. 

Although cyber criminals used GenAI tools to create malware in the past, PromptLock is the first ransomware case that is based on an AI model. According to Cherepanov’s LinkedIn post, Promptlock exploits the gpt-oss:20b model from OpenAI through the Ollama API to make new scripts.

About PromptLock

Cherepanov’s LinkedIn post highlighted that the ransomware script can exfiltrate files and encrypt data, but may destroy files in the future. He said that “while multiple indicators suggest that the sample is a proof-of-concept (PoC) or a work-in-progress rather than an operational threat in the wild, we believe it is crucial to raise awareness within the cybersecurity community about such emerging risks.

AI and ransomware threat

According to Dark Reading’s conversation with ESET experts, the AI-based ransomware is a serious threat to security teams. Strycek and Cherepanov are trying to find out more about PromptLock, but they want to warn the security teams immediately about the ransomware. 

ESET on X noted that "the PromptLock ransomware is written in #Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal."

Threat actors have started using AI tools to launch phishing campaigns by creating fake content and malicious websites, thanks to the rapid adoption across the industry. However, AI-powered ransomware will be a worse challenge for cybersecurity defenders.

Read more »
Technology
Music App Privacy and Security Spotify Technology

Spotify Launches In-App Messaging for Private Music, Podcast, and Audiobook Sharing

 

Spotify has introduced an in-app messaging feature called "Messages," allowing users to share music, podcasts, and audiobooks directly within the app. This new feature aims to make music sharing easier and more social by keeping conversations about content within Spotify's ecosystem. 

Messages enable one-on-one chats where users can send Spotify content along with text and emojis. The feature is available to users aged 16 and older and currently rolled out in select Latin and South American markets, with plans to expand to the US, Canada, Brazil, the EU, the UK, Australia, and New Zealand soon. Both free and premium users can access the messaging service.

To start a chat, users tap their profile photo in the app and select the Messages section. They can message only people they've interacted with previously via collaborative playlists, Jams, Blends, or shared Family and Duo plans. Sharing content is simple—users can tap the share icon in the Now Playing screen, choose a friend, and send tracks, podcasts, or audiobooks directly. 

Messaging works on a request-and-approval basis; recipients must accept requests before conversations begin. Users can block contacts and decline requests, ensuring control over their message experience. Once connected, participants can exchange messages, emojis, and content effortlessly. 

Spotify stresses that Messages complements, rather than replaces, sharing via external platforms like Instagram, WhatsApp, Facebook, TikTok, and Snapchat, preserving the option to share content widely while encouraging more focused conversations within Spotify. 

Privacy and safety are priorities, with industry-standard encryption protecting data. Spotify employs detection technologies and human moderators to monitor messages for harmful or illegal content. Users can report inappropriate behavior, with all messaging governed by Spotify’s existing terms and community rules. 

This launch marks a key step in Spotify’s effort to become a more social platform by integrating interactive features directly into the app. The company aims to increase engagement by enabling users to share and discuss music discoveries more seamlessly and privately. As Spotify expands the availability of Messages, it anticipates strengthening community connections and boosting content sharing among friends and families inside the app. 

In summary, Spotify’s Messages feature offers a new, secure way for users to chat and share their favorite music and podcasts without leaving the app, making Spotify a more connected listening experience.
Read more »
Technology
AI Business ChatGPT Cloud Data Data Leak GenAI Technology

CISOs fear material losses amid rising cyberattacks


Chief information security officers (CISOs) are worried about the dangers of a cyberattack, and there is an anxiety due to the material losses of data that organizations have suffered in the past year.

According to a report by Proofpoint, the majority of CISOs fear a material cyberattack in the next 12 months. These concerns highlight the increasing risks and cultural shifts among CISOs.

Changing roles of CISOs

“76% of CISOs anticipate a material cyberattack in the next year, with human risk and GenAI-driven data loss topping their concerns,” Proofpoint said. In this situation, corporate stakeholders are trying to get a better understanding of the risks involved when it comes to tech and whether they are safe or not. 

Experts believe that CISOs are being more open about these attacks, thanks to SEC disclosure rules, strict regulations, board expectations, and enquiries. The report surveyed 1,600 CISOs worldwide; all the organizations had more than 1000 employees. 

Doing business is a concern

The study highlights a rising concern about doing business amid incidents of cyberattacks. Although the majority of CISOs are confident about their cybersecurity culture, six out of 10 CISOs said their organizations are not prepared for a cyberattack. The majority of the CISOs were found in favour of paying ransoms to avoid the leak of sensitive data.

AI: Saviour or danger?

AI has risen both as a top concern as well as a top priority for CISOs. Two-thirds of CISOs believe that enabling GenAI tools is a top priority over the next two years, despite the ongoing risks. In the US, however, 80% CISOs worry about possible data breaches through GenAI platforms. 

With adoption rates rising, organizations have started to move from restriction to governance. “Most are responding with guardrails: 67% have implemented usage guidelines, and 68% are exploring AI-powered defenses, though enthusiasm has cooled from 87% last year. More than half (59%) restrict employee use of GenAI tools altogether,” Proofpoint said.

Read more »
Windows
AI Bitcoin Cloud Crypto Ethereum Internet Technology Windows

Malicous npm package exploit crypto wallets


Experts have found a malicious npm package that consists of stealthy features to deploy malicious code into pc apps targeting crypto wallets such as Exodus and Atomic. 

About the package

Termed as “nodejs-smtp,” the package imitates the genuine email library nodemailer with the same README descriptions, page styling, and tagline, bringing around 347 downloads since it was uploaded to the npm registry earlier this year by a user “nikotimon.” 

It is not available anymore. Socket experts Krill Boychenko said, "On import, the package uses Electron tooling to unpack Atomic Wallet's app.asar, replace a vendor bundle with a malicious payload, repackage the application, and remove traces by deleting its working directory.”

What is the CIS build kit?

The aim is to overwrite the recipient address with hard-coded wallets handled by a cybercriminal. The package delivers by working as an SMTP-based mailer while trying to escape developers’ attention. 

This has surfaced after ReversingLabs found an npm package called "pdf-to-office" that got the same results by releasing the “app.asar” archives linked to Exodus and Atomic wallets and changing the JavaScript file inside them to launch the clipper function. 

According to Boychenko, “this campaign shows how a routine import on a developer workstation can quietly modify a separate desktop application and persist across reboots. He also said that “by using import time execution and Electron packaging, a lookalike mailer becomes a wallet drainer that alters Atomic and Exodus on compromised Windows systems."

What next?

The campaign has exposed how a routine import on a developer's pc can silently change a different desktop application and stay alive in reboots. By exploiting the import time execution and Electron packaging, an identical mailer turns into a wallet drainer. Security teams should be careful of incoming wallet drainers deployed through package registries. 

Read more »
Technology
AI Android Cloud Internet SIM Swapping Technology

Beware of SIM swapping attacks, your phone is at risk


In today’s digital world, most of our digital life is connected to our phone numbers, so keeping them safe becomes a necessity. Sad news: hackers don’t need your phone to access your number. 

What is SIM swapping?

Also known as SIMjacking, SIM swapping is a tactic where a cybercriminal convinces your ISP to port your phone number to their own SIM card. This results in the user losing access to their phone number and service provider, while the cybercriminal gains full access. 

To convince the ISP of a SIM swap, the threat actor has to know about you. They can get the information from data breaches available on the dark web. You might also get tricked by a phishing scam and end up giving your info, or the threat actor may harvest your social media in case you have public information. 

Once the information is received, the threat actor calls the customer support, requesting to move your number to a new SIM card. In most cases, your carrier doesn’t need much convincing. 

Threats concerning SIM swapping

An attacker with your phone number can impersonate you to friends and family, and extort money. Your phone security is also at risk, as most online services ask for your phone number for account recovery. 

SIM swapping is dangerous as SMS based two-factor-authentication is still in use. Many services require us to activate 2FA on our accounts, and sometimes through SMS. 

You can also check your carrier’s website to see if there’s any option to deactivate SIM change requests. This way, you can secure your phone number. 

But when this isn’t available with your carrier, look out for the option to enable a PIN or secret phrase. A few companies allow users to set these, and call you back to confirm about your account.

How to stay safe from SIM swapping?

Avoid using 2FA; use passkeys.

Use a SIM PIN for your phone to lock your SIM card.

Read more »
Subscribe to: Posts (Atom)