Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Security. Show all posts
User Security
Data Breach Lawsuit Treasury Department US Citizens User Security

19 US States Sue to Prevent DOGE From Accessing Americans' Private Data

 

In an effort to prevent Elon Musk's Department of Government Efficiency from gaining access to Treasury Department documents that hold private information like Social Security numbers and bank account numbers for millions of Americans, 19 Democratic attorneys general filed a lawsuit against President Donald Trump on Friday last week. 

Filed in federal court in New York City, the lawsuit claims that the Trump administration violated federal law by giving Musk's team access to the Treasury Department's central payment system. 

The payment system manages tax refunds, Social Security payments, veterans' benefits, and much more. It sends out trillions of dollars annually and contains a vast network of financial and personal information about Americans. To identify and cut out what the Trump administration has determined to be unnecessary federal spending, Musk established his Department of federal Efficiency, or DOGE. 

Supporters have applauded the concept of limiting bloated government finances, but critics have expressed wide concern over Musk's growing authority as a result of DOGE's access to Treasury documents and its review of other government agencies. 

The case was filed by the office of New York Attorney General Letitia James, who stated that DOGE's access to the Treasury Department's data presents security issues and the potential for an illegal federal fund freezing. 

“This unelected group, led by the world’s richest man, is not authorized to have this information, and they explicitly sought this unauthorized access to illegally block payments that millions of Americans rely on, payments for health care, child care and other essential programs,” James noted in a video message published by her office. 

James, a Democrat who has been one of Trump's main opponents, stated that the president cannot stop federal payments that Congress has authorised or give out Americans' private information to anybody he wants. Moreover, Arizona, California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maine, Maryland, Massachusetts, Minnesota, Nevada, New Jersey, North Carolina, Oregon, Rhode Island, Vermont, and Wisconsin are parties to the complaint.

The suit claims that DOGE's access to Treasury records may interfere with funding already approved by Congress, which would go beyond the Treasury Department's legislative power. The case further contends that DOGE access violates federal administrative law as well as the separation of powers doctrine of the US Constitution. 

It also accuses Treasury Secretary Scott Bessent of altering the department's long-standing policy of safeguarding sensitive personally identifiable information and financial information in order to grant Musk's DOGE team access to the payment systems. 

The Treasury Department has stated that the review is intended to assess the system's integrity and that no adjustments would be made. According to two people familiar with the situation, Musk's team began exploring ways to block payments made by the US Agency for International Development, which Trump and Musk are aiming to abolish. The two persons spoke to The Associated Press on the condition of anonymity for fear of punishment.
Read more »
User Security
Cyber Fraud phishing QR code Quishing User Security

Quishing On The Rise: Strategies to Avert QR Code Phishing

 

QR codes are already ubiquitous: from restaurant menus to public transportation schedules, everyone wants you to scan theirs. This normalisation of scanning random QR codes is being exploited, resulting in a new cybersecurity threat known as Quishing. 

What is Quishing? 

Quishing (QR code phishing) is the process of placing a malicious URL into a QR code. Rather than linking to a legitimate website, the code will load a page that attempts to steal information, infect your device with malware, or execute another malicious act.

It's a goofy name, but it poses a serious threat. While we're all aware that you shouldn't browse suspicious websites or download unfamiliar files, the nature of QR codes makes it impossible to tell what's on the other side. With a scan and a tap, you're whisked away to a website that may contain material you don't want to see, or routed to a malware download. 

It's also possible to be duped into scanning a QR code: many businesses build their QR codes using third-party services and URL shorteners, which means that the embedded links may not always redirect to their actual websites. This makes it challenging to determine whether a QR code has been tampered by someone carrying out a quishing assault.

Is quishing a real threat? 

Yes. It is already happening and has proven to be beneficial. QR codes for parking meters, restaurant payments and tip systems, and phoney advertisements are being tampered with all across the world to perpetrate quishing frauds, typically by simply sticking a sticker with a bogus QR over an already existing official code.

These trick codes then lead to false login pages and payment sites, where you can either pay the scammer directly or give them your information (which can be used to steal your money later or push further scams). 

Safety tips 

There are a few efficient strategies to safeguard yourself from quishing: 

  • Make use of your device's built-in QR code scanner. App shops' QR scanners have a bad reputation for security and privacy.
  • Avoid clicking on links that employ URL shorteners and make sure the destination a QR code is attempting to direct you to is genuine before clicking on the link. 
  • Avoid paying with QR codes whenever you can, especially if the payment link takes you to an unidentified address. 
  • Additionally, be aware that phoney websites often use names that sound similar to legitimate ones, so double-check your spelling.
Read more »
User Security
Cyber Attacks Malicious Campaign Mishing PDF Files User Security

Cybercriminals Exploit PDFs in Novel Mishing Campaign

 

In a recently uncovered phishing campaign, threat actors are employing malicious PDF files to target mobile device users in potentially more than fifty nations.

Dubbed as the "PDF Mishing Attack," the effort exposes new vulnerabilities in mobile platforms by taking advantage of the general belief that PDFs are a secure file format. 

The phishing campaign poses as the United States Postal Service (USPS) to earn consumers' trust and trick them into downloading infected PDFs. Once opened, the hidden links take victims to phishing pages designed to steal credentials.

"PDFs are used extensively for contracts, reports, manuals, invoices, and other critical business communications," said the zLabs team at Zimperium, who uncovered the campaign. “Their ability to incorporate text, images, hyperlinks, and digital signatures while maintaining integrity makes them ideal for enterprises prioritizing professionalism and compliance.” 

Hidden in plain sight 

Threat analysts at zLabs have been keeping a close eye on the phishing campaign, which targets only mobile devices and poses as the US Postal Service (USPS). It has discovered 630 phishing pages and over 20 malicious PDF files.

“This campaign employs sophisticated social engineering tactics and a never-before-seen means of obfuscation to deliver malicious PDF files designed to steal credentials and compromise sensitive data,” the researchers noted. 

Advanced evasion techniques hide clickable malicious URLs within PDF documents, easily bypassing traditional endpoint security solutions. This assault is primarily aimed at mobile device users, capitalising on the limited accessibility that mobile platforms provide while previewing file contents. Unlike desktop platforms, where PDFs are often used with security overlays, mobile devices lack the same safeguards, leaving users vulnerable to covert attacks. 

On threat detection 

This latest attack highlights the need for enhanced mobile threat defenses. PDFs have long been thought to be safe for sharing and storing information, however this is not the case. 

According to an HP Wolf Security report, PDF threats are on the rise. While online criminals used to primarily use PDF lures to steal credentials and financial data via phishing, there has been a shift and an increase in malware distribution via PDFs, including strains such as WikiLoader, Ursnif, and Darkgate. 

Zimperium emphasises the value of on-device threat detection to find and eliminate these scourges before they can do any damage because traditional endpoint security systems, which are sometimes made with desktop settings in mind, may not be able to detect sophisticated attacks on mobile platforms.
Read more »
User Security
Banshee Stealer Infostealer macOS malware User Security

New Version of Banshee Malware Targets macOS Users

 

According to the latest study published this week, a new variant of the info-stealing malware known as "Banshee" has been targeting macOS users' passwords, cryptocurrency wallets, browser credentials, and other data for at least the past four months.

Check Point researchers discovered that the latest version targets anyone using a Mac and can be downloaded mostly through malicious GitHub uploads, but also through other websites (GitHub's policies prohibit malware, but this does not mean there is no malware on GitHub). 

This latest Banshee malware often disguises itself as the Telegram messaging app or the Google Chrome browser, two popular apps that other malware attackers use to trick users. This version first surfaced in September last year and attempts to evade detection by using Apple's proprietary string encryption algorithm, XProtect.

This malware targets your browsing activities in Chrome, Brave, Edge, or Vivaldi. It also attempts to steal your cryptocurrency if you have any crypto wallet browser extensions installed, and it may show macOS victims fake login pages in an attempt to steal their usernames and passwords, which it then uses to steal accounts and funds. It will target your Coinbase, Ronin, Slope, TONNE, MetaMask, and other cryptocurrency wallet extensions if you have them. 

The source code for Banshee was leaked online in November. This could have helped antivirus companies ensure their software catches the sneakier version in the months since. Prior versions of this malware were marketed as "stealer-as-a-service" malware on cybercriminal channels, including attacker-controlled Telegram channels, for $3,000 per "license.” 

To stay protected from info-stealer malware, it's a good idea to consider getting a crypto hardware wallet like one from Ledger or Trezor if you have over $1,000 in crypto. In general, it's also a good practice to avoid storing more than $1,000 in any browser extension-based crypto wallet (you can also store funds with an exchange like Coinbase, Robinhood, or Kraken). 

Additionally, passwords should never be kept in an unsecured digital document on your computer (no Google Docs). Instead, think about keeping your crypto seed phrases on paper in a closed box or safe at home.
Read more »
User Security
Data Breach Data Leak Russian State Silent Crow User Security

Silent Crow Claims Hack of Russia’s Rosreestr, Leaks Citizens’ Personal Data

 



The hacking group Silent Crow has claimed responsibility for breaching Russia's Federal Service for State Registration, Cadastre, and Cartography (Rosreestr), releasing what it describes as a fragment of the agency’s database. The leak reportedly includes sensitive personal information of Russian citizens, raising significant cybersecurity and privacy concerns.

According to the Telegram channel Information Leaks, which first reported the incident, the exposed data set contains nearly 82,000 records. These records reportedly include:
  • Full Names
  • Birth Dates
  • Residential Addresses
  • Phone Numbers and Email Addresses
  • SNILS Numbers: Russian equivalents of Social Security numbers
  • Rosreestr IDs
Silent Crow shared details of the breach via its anonymous Telegram channel on January 6, 2025, claiming the leaked data includes approximately 90,000 entries from Russia's Unified State Register of Real Estate.

Journalist Andrey Zakharov examined 15 randomly selected entries from the leaked data and confirmed their authenticity. In several cases, the leaked property addresses matched individuals' known residences. However, the dataset notably omits cadastral numbers, which could directly link properties to their owners. Zakharov suggested this omission may have been intentional to conceal the full extent of the breach.

Rosreestr has not officially acknowledged the breach, stating only that "additional checks" are underway regarding the circulating reports on Telegram. No formal confirmation or denial has been issued as of now.

Rosreestr’s Role in Investigations

Rosreestr’s real estate data has historically been instrumental for journalists and independent investigators uncovering corruption. Investigations led by the late Alexey Navalny’s Anti-Corruption Foundation (FBK) frequently utilized Rosreestr records to expose properties owned by government officials, often purchased far beyond their declared incomes.

In response to these investigations, the Russian government restricted access to property ownership data. In March 2023, Rosreestr implemented stricter privacy controls under a personal data law passed in July 2022, allowing property owner information to be disclosed only with the owner's consent.

The Rosreestr breach highlights severe vulnerabilities in the cybersecurity infrastructure of large state agencies. Silent Crow’s statement emphasized this, stating, “Rosreestr has become a vivid example of how large state structures can fall in just a few days.” The leak raises serious concerns about the protection of sensitive government data and the potential misuse of this information.

As cybersecurity threats escalate globally, this incident underscores the urgent need for robust security measures within government databases to safeguard citizen data against malicious actors.
Read more »
User Security
14C Cyber Crime Digital Fraud Indian Government User Security

India Launches 'Report and Check Suspect' Feature to Combat Cybercrime

 

India’s National Cyber Crime Reporting Portal now features a ‘Report and Check Suspect’ tool, allowing users to verify UPI IDs, phone numbers, emails, and social media handles against a database of known cyber fraudsters.

Focusing on Digital Arrest Scams

The system targets scams where fraudsters impersonate officials to extort money under the pretense of “digital arrests.” Users can search the database at cybercrime.gov.in to identify potential threats.

Integrated Cybersecurity Measures

The tool complements other initiatives like blocking 669,000 fake SIM cards and implementing enhanced KYC protocols for digital lending. Major tech firms, including Google and Facebook, are collaborating with the Indian Cyber Crime Coordination Centre (I4C) to share threat intelligence and curb misuse of platforms like Google Firebase and Android banking malware.

The Ministry of Home Affairs has also established a Cyber Volunteer Framework, enabling citizens to report illegal online content and promote cyber hygiene. Additionally, the Citizen Financial Cyber Frauds Reporting and Management System (CFCFRMS) expedites action against financial frauds.

These initiatives align with India’s broader efforts to secure digital transactions, including mandating multi-factor authentication for government services by 2025.

Read more »
User Security
Brushing Scam Cyber Fraud Fake Reviews Online fraud User Security

Security Experts Warn of Brushing Scam Involving Unsolicited Packages

 

Online shopping is something that we all love. It is time-efficient, convenient, and frequently results in the best offers and savings. However, since many people are busy with online shopping, con artists are also trying to find ways to trick consumers for their own benefit. You see, the majority of us base our decisions on whether or not to purchase anything from an online retailer on product reviews and ratings. 

According to reports, scammers are using popularity and review manipulation to create phoney sales in a new scheme known as the "Brushing Scam.” 

Modus operandi 

The brushing scam is a fraudulent online practice when con artists deliver fake products to victims and then write reviews online using their identities. Chinese e-commerce tactics known as "brushing" are where sellers fabricate orders and reviews to boost their product ratings.

In this fraudulent campaign, random e-commerce site consumers receive unsolicited deliveries from vendors. These parcels frequently include low-quality, inexpensive products like seeds, tiny devices, or costume jewellery. After the delivery is delivered, the con artists use the recipient's name to write five-star reviews on the product page, which increases the product's visibility and creates a false sense of popularity on websites like Amazon and AliExpress. 

Targeting unsuspecting users

This scam, according to the McAfee investigation, aims to manipulate sales data and give the impression that there is a demand for and quality of products on e-commerce platforms. 

This method is misleading to genuine customers, who are therefore influenced to buy products based on phoney reviews rather than real customer reviews. How dangerous can it be, though, if users are receiving free goods? Through this scam, con artists are taking advantage of your personal data, and if you don't take any safeguards, they may even steal your money. 

As previously stated, scammers increase the popularity of products by sending unwanted deliveries using the identities and addresses of naïve e-commerce users. And they can get this information through data breaches or illegal purchases of private data. Receiving such a package could mean that your personal information has been stolen, presenting serious concerns such as identity theft and other privacy crimes. 

Beside from identity theft and misleading reviews, ABC Action News reports that many unwanted parcels now include QR codes inviting recipients to scan them. Scammers send tempting deals such as, "Scan this QR code to leave a review and win a $500 gift card." Scanning these QR codes may lead to fraudulent websites that attempt to steal sensitive information or install malware on your device. The stolen personal information can subsequently be exploited for financial theft or phishing attempts.
Read more »
User Security
Clickjacking Cyber Fraud Fake Captcha Malicious Campaign User Security

New “Double-Clickjacking” Threat Revealed: Security Settings at Risk

 

Cybersecurity experts are raising alarms about a new twist on the classic clickjacking attack technique. Paulos Yibelo, a security engineer at Amazon, has uncovered a variant called “double-clickjacking,” capable of disabling security settings, deleting accounts, or even taking over existing ones. This novel approach reignites concerns over online safety, urging users to be cautious when interacting with websites.

Clickjacking is a malicious tactic where hackers manipulate user clicks on one website to trigger unintended actions on another. For instance, a user might think they are clicking a button to navigate a site but inadvertently perform an action, such as making a purchase, on an entirely different platform.

Double-clickjacking takes this concept further by introducing an additional click. This adaptation helps attackers bypass modern browser protections that no longer deliver cross-site cookies. According to Yibelo, this seemingly minor tweak “opens the door to new UI manipulation attacks that bypass all known clickjacking protections.”

In documented cases, hackers lure victims to phishing websites, often disguised with a standard CAPTCHA verification process. Instead of typing text or identifying objects in images, users are prompted to double-click a button to prove they are human.

Here’s where the attack takes place:

  • First Click: The user closes the top window, seemingly completing the CAPTCHA process.
  • Second Click: This click is redirected to a sensitive page, such as an OAuth authorization or account settings page. The victim unknowingly confirms permissions, disables security features, or performs other critical actions.

Yibelo explains that this subtle manipulation is effective against many popular websites, allowing attackers to gain OAuth and API authorizations. The attack can also facilitate one-click account modifications, including disabling security settings, deleting accounts, authorizing money transfers, and verifying sensitive transactions. Even browser extensions are not immune to this method.

The Implications for Online Security

The resurgence of clickjacking attacks, now enhanced by the double-click variant, poses significant risks to both individual and organizational security. By exploiting common website interfaces and leveraging seemingly harmless CAPTCHA verifications, attackers can easily gain unauthorized access to sensitive information and functionalities.

Yibelo’s findings serve as a stark reminder of the evolving nature of cybersecurity threats. Websites must remain vigilant, regularly updating their defenses to counter these new manipulation techniques.

How to Stay Safe

Cybersecurity professionals recommend the following precautions to minimize the risk of falling victim to double-clickjacking:

  • Verify Websites: Always ensure you are on a legitimate website before interacting with any CAPTCHA or button.
  • Update Software: Keep browsers and extensions up-to-date with the latest security patches to reduce vulnerabilities.
  • Use Anti-Phishing Tools: Enable browser settings or software designed to detect and block phishing sites.
  • Be Skeptical: Avoid double-clicking buttons on unfamiliar sites, especially if prompted during unexpected verifications.

As cyber threats continue to evolve, user awareness remains a critical line of defense. The discovery of double-clickjacking highlights the importance of staying informed and cautious while navigating the digital world. By adopting secure browsing habits and staying vigilant, individuals and organizations can protect themselves against this emerging attack vector.

Read more »
User Security
Cyber Scam Home Ministry Social Media Cyber Crime User Security

WhatsApp Emerges as the Most Exploited Platform in Cyber Frauds

 

WhatsApp, Instagram, and Telegram have once again become the favorite tools for hackers, as per a report released by India's Home Ministry (MHA). 

According to the report, WhatsApp is still the most commonly utilized medium for cybercrime. Several examples of digital fraud were reported this year, with cybercriminals exploiting WhatsApp video calls to dupe people out of millions of rupees. 

In the first quarter of 2024, 43,797 cybercrime complaints were received, with 22,680 attributed to WhatsApp, making it the most widely used platform for fraudulent activity. Telegram ranked second with 19,800 complaints. According to the MHA's Annual Report 2023-24, scammers rely extensively on Google services, particularly Google Ads, to carry out targeted scams, which expands the reach and impact of these frauds. 

Additionally, Investment frauds continue to dominate, targeting individuals across the globe. Other common cybercrimes include money laundering frauds and digital fraud. Online criminals have also used Facebook ads in a systematic method to deliver fake landing apps to users' devices, worsening the situation.

I4C, the cybersecurity division of the Home Ministry, is working diligently to combat the rising tide of cybercrimes. Recently, the authorities blocked thousands of WhatsApp accounts. Cybercriminals exploited these accounts to carry out digital frauds against Indian individuals, and they were linked to international numbers. 

WhatsApp is the world's most popular instant messaging platform, with more than 2.95 billion active users. Its popularity is unparalleled in India, with millions of daily active users. Its large user base makes it an appealing target for cybercriminals.While WhatsApp is a popular method of communication, users must be attentive and implement strong digital security measures to safeguard themselves from potential scams.
Read more »
User Security
Cyber Fraud Email scam Fraudulent Scheme Milwaukee User Security

Milwaukee Residents Warned of Parking Ticket Scam

 

A fraudulent text message claiming to notify residents about an overdue City of Milwaukee parking penalty has been flagged as a scam and should be deleted, city authorities announced earlier this week.

According to Ald. Lamont Westmoreland, the scam operates by sending recipients a text message stating that a parking ticket must be resolved to avoid late charges. The message urges recipients to click on a link.

Westmoreland warned that clicking the link could expose the user’s phone to malware or ransomware. He also advised anyone who has shared credit or debit card information through the scam to contact their financial institution immediately to ensure their accounts are secure.

The fraudulent text message includes the city’s logo and seal, along with a URL containing “milwaukee.com,” according to a screenshot shared by Westmoreland. These elements make the message appear legitimate, increasing the likelihood of deception.

City's Official Statement

The Department of Public Works clarified that the city does not issue parking penalties via text message. Official tickets are delivered either by registered mail or by being physically placed on the vehicle.

The department urged residents not to click on links or share personal information in response to such messages. Victims of the scam are encouraged to report the incident to the Milwaukee Police Department.

If you have questions about parking tickets, you can contact the city directly at 414-344-0840. Ald. Westmoreland expressed disappointment over the scam, stating: “It’s really sad that scammers are resorting to using what appears to be a legit city source to run a scam like this, but it is not surprising.”

Read more »
User Security
Cyber Crime Email scam Indian Citizens Threat Landscape User Security

Threat Actors Are Sending Fraudulent Legal Notices to Target Indians

 

The Indian authorities have issued an urgent warning to residents over the widespread circulation of counterfeit emails impersonating Rajesh Kumar, CEO of the Indian Cyber Crime Coordination Centre (I4C). 

These fraudulent emails, with misleading subject lines like "Urgent Notification!" and "Court Notification," falsely accuse recipients of cybercrime and pressure them to respond. The PIB Fact Check team has identified these emails as fraudulent, emphasising that they were sent with malicious purpose to trick recipients and exploit their fears. 

Fake email threat

The bogus emails exploit the logos of prominent Indian institutions, such as the Indian Cyber Crime Coordination Centre (I4C), Intelligence Bureau (IB), and Delhi Police, as proof of legitimacy. They also represent themselves by using the names and contact information of senior officials to deceive recipients. These fake emails have been sent to government offices, people, and organisations, posing as official correspondence. 

In a tweet from its official handle, @PIBFactCheck, the bureau clarified that these emails are absolutely fraudulent and deceitful. "It is vital to note that neither the undersigned nor this unit originated such emails. Furthermore, no permission has been obtained for the creation or distribution of such content," the release noted. 

Cybercrime impact in India 

Concern over the rise in cybercrime in India is growing. Avinash Mohanty, the commissioner of police for Cyberabad, claims that cybercrime makes up more than 30% of the commissionerate's cognisable offences and that it may soon reach 50%. It is alarming to learn that every minute, Indian residents lose between 1.3 and 1.5 lakh rupees to hackers. This startling statistic emphasises the importance of raising awareness and vigilance against online fraud and scams. 

The recovery rate for cybercrime damages in the nation remains dismally low, averaging less than 20%. This increases the financial and emotional toll on sufferers. The increase in cybercrime impacts not only individuals and businesses, but also government institutions, which have been targeted in cases of espionage and data breaches.

In recent years, India has had a number of high-profile data breaches, the most significant of which involved Aadhaar, the country's unique citizen identification system. This breach affected over a billion Indians' personal information, including bank account numbers, addresses, and fingerprints. In 2024, the cost of data breaches in India would exceed two million US dollars, illustrating the increasing sophistication of cyberattacks and their devastating consequences.
Read more »
Voice Cloning
AI Impersonation Cyber Fraud Deepfake User Security Voice Cloning

AI Impersonations: Revealing the New Frontier of Scamming

 

In the age of rapidly evolving artificial intelligence (AI), a new breed of frauds has emerged, posing enormous risks to companies and their clients. AI-powered impersonations, capable of generating highly realistic voice and visual content, have become a major threat that CISOs must address.

This article explores the multifaceted risks of AI-generated impersonations, including their financial and security impacts. It also provides insights into risk mitigation and a look ahead at combating AI-driven scams.

AI-generated impersonations have ushered in a new era of scam threats. Fraudsters now use AI to create unexpectedly trustworthy audio and visual content, such as vocal cloning and deepfake technology. These enhanced impersonations make it harder for targets to distinguish between genuine and fraudulent content, leaving them vulnerable to various types of fraud.

The rise of AI-generated impersonations has significantly escalated risks for companies and clients in several ways:

  • Enhanced realism: AI tools generate highly realistic audio and visuals, making it difficult to differentiate between authentic and fraudulent content. This increased realism boosts the success rate of scams.
  • Scalability and accessibility: AI-powered impersonation techniques can be automated and scaled, allowing fraudsters to target multiple individuals quickly, expanding their reach and impact.
  • Deepfake threats: AI-driven deepfake technology lets scammers create misleading images or videos, which can destroy reputations, spread fake news, or manipulate video evidence.
  • Voice cloning: AI-enabled voice cloning allows fraudsters to replicate a person’s voice and speech patterns, enabling phone-based impersonations and fraudulent actions by impersonating trusted figures.

Prevention tips: As AI technology evolves, so do the risks of AI-generated impersonations. Organizations need a multifaceted approach to mitigate these threats. Using sophisticated detection systems powered by AI can help identify impersonations, while rigorous employee training and awareness initiatives are essential. CISOs, AI researchers, and industry professionals must collaborate to build proactive defenses against these scams.

Read more »
User Security
Data Theft Infostealer malware Python Package User Security

Fortinet Researchers Discover Two Malicious Python Packages

 

A new research published earlier this week by Fortinet Inc.'s FortiGuard Labs warns of two newly found malicious Python packages that indicate a major threat of credential theft, data exfiltration, and unauthorised system access.

The first flaw, Zebo-0.1.0, was discovered to exhibit sophisticated malware behaviour, including obfuscation tactics to hide its functionality and make it difficult for security tools to detect as malicious. The malware supports keylogging, screen capture, and the exfiltration of critical data to remote servers, posing a serious threat to user privacy and system integrity.

Zebo-0.1.0 makes use of libraries like pynput for keylogging and ImageGrab to take screenshots. This enables the malware to record every keystroke and regularly capture screenshots of the user's desktop, possibly exposing passwords, bank information, and other sensitive data. The malware stores the data locally before sending it to a Firebase database via obfuscated HTTP calls, allowing attackers to retrieve the stolen information undetected.

The malware also has a persistence technique to ensure that it is re-executed each time the infected system boots up. It accomplishes this by creating scripts and batch files in the Windows starting directory. They allow it to remain on the system without the user's knowledge, making it difficult to delete and enabling long-term data theft.

The second flaw, Cometlogger-0.1, includes a variety of malicious functionalities that target system credentials and user data. The virus dynamically injects webhooks into code during execution, allowing it to relay sensitive data, such as passwords and tokens, to remote attacker-controlled servers. 

Cometlogger-0.1 was also discovered to have features meant to evade discovery and disrupt analysis. One function, anti-virtual machine detection, looks for traces of sandbox environments, which are frequently employed by security researchers, and if it finds VM indicators, the malware stops running, allowing it to evade analysis and go unnoticed in live environments.

Though both types of malware have been flagged as dangerous, FortiGuard Lab experts state Cometlogger-0.1 takes things a step further by stealing a wide range of user data, including session cookies, saved passwords, and browsing history. It can also target data from services like Discord, X, and Steam, potentially leading to account hijacking and impersonation.

“The script (Cometlogger-0.1) exhibits several hallmarks of malicious intent, including dynamic file manipulation, webhook injection, steal information, ANTI-VM,” the researchers explained. “While some features could be part of a legitimate tool, the lack of transparency and suspicious functionality make it unsafe to execute.” 

The researchers believe that the most effective strategy to avoid infection is to always examine third-party scripts and executables before launching them. Organisations should also set up firewalls and intrusion detection systems to detect strange network activity, and personnel should be trained to recognise phishing attempts and avoid running unverified scripts.
Read more »
User Security
Cyber Attacks Data Leak Private Data Rhode Island User Security

Rhode Island Residents Warned of Cyberattack Targeting State Government

 

Rhode Island officials have issued an urgent advisory for residents to take immediate precautions following a significant cyberattack on the state government. Authorities are warning that private data, including Social Security and bank account details, may soon be exposed due to the breach.

Governor Dan McKee and other state officials held a press conference earlier this week to address the situation and provide guidance. “We know this situation is alarming, and it’s stressful,” McKee stated. He encouraged residents to bookmark the official website where updates on the incident will be posted.

Details of the Cyberattack

The breach occurred on December 5, when officials discovered that an international cybercriminal gang might have hacked into RIBridges, the state system previously known as UHIP. This platform supports various health and benefits programs. Concerns escalated after hackers shared a screenshot of file folders from RIBridges, suggesting that malware had been installed on the system.

Preliminary investigations indicate that the hackers may have accessed sensitive information from hundreds of thousands of residents who have used state programs over the past eight years. Impacted individuals will receive a notification letter from the state.

Affected State Programs

The affected programs include:

  • Medicaid
  • Supplemental Nutrition Assistance Program (SNAP)
  • Temporary Assistance for Needy Families (TANF)
  • Child Care Assistance Program (CCAP)
  • HealthSource RI health insurance
  • Rhode Island Works
  • Long-Term Services and Supports (LTSS)
  • General Public Assistance (GPA)
  • AT HOME cost-sharing

As a precaution, these programs will transition to paper applications starting next week, as the HealthyRhode online portal remains offline during the investigation.

Matt Weldon, director of the Rhode Island Department of Labor and Training, assured residents that the state’s separate system for unemployment insurance and other out-of-work benefits has not been affected by the cyberattack.

Steps for Residents to Protect Themselves

Michael Tetreault, a cybersecurity advisor with the U.S. Department of Homeland Security, provided the following recommendations for Rhode Islanders who believe they may be impacted:

  • Strengthen your passwords and avoid using the same password across multiple accounts.
  • Enable multi-factor authentication (MFA) on all online accounts.
  • Contact the three major credit-monitoring bureaus to freeze your credit as a precaution.

While the investigation continues, officials are urging residents to remain vigilant and take necessary measures to safeguard their personal information. Regular updates will be provided on the state’s official website, ensuring transparency and assistance for affected individuals.

Read more »
User Security
Data Privacy Mobile Security Threat Landscape User Security

Turn Your Phone Off Daily for Five Minutes to Prevent Hacking

 

There are numerous ways in which critical data on your phone can be compromised. These range from subscription-based apps that covertly transmit private user data to social media platforms like Facebook, to fraudulent accounts that trick your friends into investing in fake cryptocurrency schemes. This issue goes beyond being a mere nuisance; it represents a significant threat to individual privacy, democratic processes, and global human rights.

Experts and advocates have called for stricter regulations and safeguards to address the growing risks posed by spyware and data exploitation. However, the implementation of such measures often lags behind the rapid pace of technological advancements. This delay leaves a critical gap in protections, exacerbating the risks for individuals and organizations alike.

Ronan Farrow, a Pulitzer Prize-winning investigative journalist, offers a surprisingly simple yet effective tip for reducing the chances of phone hacking: turn your phone off more frequently. During an appearance on The Daily Show to discuss his new documentary, Surveilled, Farrow highlighted the pressing need for more robust government regulations to curb spyware technology. He warned that unchecked use of such technology could push societies toward an "Orwellian surveillance state," affecting everyone who uses digital devices, not just political activists or dissidents.

Farrow explained that rebooting your phone daily can disrupt many forms of modern spyware, as these tools often lose their hold during a restart. This simple act not only safeguards privacy but also prevents apps from tracking user activity or gathering sensitive data. Even for individuals who are not high-profile targets, such as journalists or political figures, this practice adds a layer of protection against cyber threats. It also makes it more challenging for hackers to infiltrate devices and steal information.

Beyond cybersecurity, rebooting your phone regularly has additional benefits. It can help optimize device performance by clearing temporary files and resolving minor glitches. This maintenance step ensures smoother operation and prolongs the lifespan of your device. Essentially, the tried-and-true advice to "turn it off and on again" remains a relevant and practical solution for both privacy protection and device health.

Spyware and other forms of cyber threats pose a growing challenge in today’s interconnected world. From Pegasus-like software that targets high-profile individuals to less sophisticated malware that exploits everyday users, the spectrum of risks is wide and pervasive. Governments and technology companies are increasingly being pressured to develop and enforce regulations that prioritize user security. However, until such measures are in place, individuals can take proactive steps like regular phone reboots, minimizing app permissions, and avoiding suspicious downloads to reduce their vulnerability.

Ultimately, as technology continues to evolve, so too must our awareness and protective measures. While systemic changes are necessary to address the larger issues, small habits like rebooting your phone can offer immediate, tangible benefits. In the face of sophisticated cyber threats, a simple daily restart serves as a reminder that sometimes the most basic solutions are the most effective.

Read more »
User Security
Data Breach Data Leak Data Privacy Data Theft National Public Data User Security

Over 600,000 People Impacted In a Major Data Leak

 

Over 600,000 persons were impacted by a data leak that took place at another background check company. Compared to the 2.9 billion persons impacted by the National Public Data theft, this is a minor breach, but it's still concerning. SL Data Services, the company in question, was discovered online. It was neither encrypted or password-protected and was available to the public.

Jeremiah Fowler, a cybersecurity researcher, uncovered the breach (or lack of protection on the files). Full names, residences, email addresses, employment data, social media accounts, phone numbers, court records, property ownership data, car records, and criminal records were all leaked.

Everything was stored in PDF files, the majority of which were labelled "background check." The database had a total of 713.1GB of files. Fortunately, the content is no longer publicly available, however it took some time to be properly secured. After receiving the responsible disclosure warning, SL Data Services took a week to make it unavailable. 

A week is a long time to have 600,000 people's information stored in publicly accessible files. Unfortunately, those with data in the breach might not even know their information was included. Since background checks are typically handled by someone else, and the person being checked rarely knows whose background check company was utilised, this might become even more complicated. 

While social security numbers and financial details are not included in the incident, because so much information about the people affected is publicly available, scammers can use it to deceive unsuspecting victims using social engineering.

Thankfully, there is no evidence that malicious actors accessed the open database or obtained sensitive information, but there is no certainty that they did not. Only time will tell—if we observe an increase in abrupt social engineering attacks, we know something has happened.
Read more »
User Security
Cyber Security Data Privacy Insider Threat Threat Landscape User Security

Internal Threats Loom Large as Businesses Deal With External Threats

 

Most people have likely been forced by their employer to undergo hour-long courses on how to prevent cyberattacks such as phishing, malware, and ransomware. Companies compel their staff to do this since cybercrime can be quite costly. According to FBI and IMF estimates, the cost is predicted to rise from $8.4 trillion in 2022 to $23 trillion by 2027. There are preventative methods available, such as multifactor authentication. 

The fact is, all of these threats are external. As companies develop the ability to handle these concerns, leadership's attention will move to an even more important concern: risks emanating from within the organisation. Being on "the inside" generally entails having access to highly sensitive and confidential information required to perform their duties. 

This can include financial performance statistics, product launch timelines, and source code. While this seems reasonable at first look, allowing access to this information also poses a significant risk to organizations—from top-secret government agencies to Fortune 500 companies and small businesses—if employees leak it.

Unfortunately, insider disclosures are becoming increasingly common. Since 2019, the number of insider occurrences reported by organisations has increased from 66% to an astounding 76%. Furthermore, these insider leaks are costly. In 2023, organisations spent an average of $16.2 million on resolving insider threats, with North American companies incurring the greatest overall cost of $19.09 million. 

There are several recent examples. Someone has leaked Israeli documents regarding an attack on Iran. An Apple employee leaked information about the iPhone 16. Examples abound throughout history. For example, in 1971, the Pentagon Papers altered public perception of the Vietnam War. However, the widespread use of internet media has made these risks simpler to propagate and more difficult to detect. 

Prevention tips 

Tech help: Monitoring for suspicious behaviour with software and AI is one technique to prevent leaks. Behaviour modelling technology, particularly AI-powered ones, can be quite effective at generating statistical conclusions using predictive analytics to, well, forecast outcomes and raise red flags. 

These solutions can provide an alarm, for example, if someone in HR, who would ordinarily not handle product design files, suddenly downloads a large number of product design files. Or if an employee has saved a large amount of information to a USB drive. Companies can use this information to conduct investigations, adjust access levels, or notify them that they need to pay more attention. 

Shut down broad access: Restricting employee access to specific data and files or eliminating certain files completely are two other strategies to stop internal leaks. This can mitigate the chance of leakage in the short term, but at what cost? Information exchange can inspire creativity and foster a culture of trust and innovation. 

Individualize data and files: Steganography, or the act of concealing information in plain sight, dates back to Ancient Greece and is a promising field for preventing leaks. It employs forensic watermarks to change a piece of content (an email, file, photo, or presentation) in imperceptible ways that identify the content so that sharing can be traced back to a single person. 

In recent times, the film industry was the first to employ steganography to combat piracy and theft of vital content. Movies and shows streamed on Hulu or Netflix are often protected with digital rights management (DRM), which includes audio and video watermarking to ensure that each copy is unique. Consider applying this technology to a company's daily operations, where terabytes of digital communications including potentially sensitive information—emails, presentations, photos, customer data—could be personalised for each individual. 

One thing is certain, regardless of the approach a business takes: it needs to have a strategy in place for dealing with the escalating issue of internal leaks. The danger is genuine, and the expenses are excessive. Since most employees are good, it only takes one bad actor to leak information and bring significant damage to their organisation.
Read more »
User Security
Cyber Security Data Leak Data Privacy Threat Landscape User Security

Five Common Cybersecurity Errors and How to Avoid Them

 

In the cultural mishmash of modern tech-savvy consumers, the blue screen of death looms large. The screen serves as a simple reminder informing the user that the device is unable to resolve the issue on its own. A computer crash can indicate that your CPU is degrading after years of use, but a cybersecurity compromise can also cause hardware to malfunction or operate unexpectedly. 

A significant portion of the total amount of theft and illegal conduct that impacts people today is carried out by cybercriminals. According to the FBI's 2023 Internet Crime Report, cybercrime complaints resulted in losses above $12.5 billion. The numbers showed a 10% increase in complaints and a 22% increase in financial losses.

As defenders, we must constantly look for what we have missed and how we can get better. Five common cybersecurity errors are listed below, along with tips on how to prevent them: 

Using simple password:  Employing strong passwords to safeguard your sensitive data is a vital part of any effective cybersecurity plan. Strong passwords can make it difficult for hackers to access your credentials. These passwords must include capital letters, symbols, and broken words, if any. Nearly everyone is aware of this aspect of internet use, and many online systems require users to include these security features in their profiles. However, 44% of users hardly ever change their passwords (though over a third of internet users participate in monthly refreshes), and 13% of Americans use the same password for every online account they create. 

Underestimating the human element: This is a fatal error because you would be overlooking a significant contributor to 74% of data breaches. According to the Ponemon Cost of a Data Breach 2022 Report, the top attack vector last year was stolen or compromised credentials; it appears that many of us are falling for scams and disclosing critical information. That's why black hats keep coming back: we provide a consistent, predictable source of funds. To tighten those reigns, implement an employee Security Awareness Training (SAT) program and follow the principle of least privilege. 

Invincible thinking:  Small firms frequently fall into this attitude, believing they have nothing of value to an outside attacker. If all attackers were pursuing billions of money and governmental secrets, this could be accurate. But they aren't. There are innumerable black hats who profit from "small" payments, compounded dividends, and the sale of credential lists. Any company having users and logins can find what they're looking for. This same approach can and should be applied to organisations of all sizes. Combat the "it can't happen to me" mentality with regular risk assessments, pen tests, SAT training, and red teaming to prepare your organisation; because it can. 

Not caring enough:   This is exactly where fraudsters want you: clueless and "I don't care." This can happen all too easily when SOCs become overwhelmed by the 1,000-plus daily notifications they receive, let alone attempting to stay ahead of the game with proactive preventive measures (or even strategy). Threat actors take advantage of teams that are overburdened. If your resources are stretched thin, the correct investment in the right area might alleviate some of the stress, allowing you to do more with less. 

Playing a defensive game:   We've all heard that the best defence is a good offence. And that is true. Cybersecurity frequently receives a solely defensive rap, which unfairly underestimates its value. Cybercriminals are continuously catching organisations off guard, and all too often, SOCs on the ground have never dealt with anything like them before. They patched vulnerabilities. They dodged phishing emails. However, an APT, advanced threat, or even a true red-alert cyber incursion might all be new territory. Prepare your digital and people nervous systems for an attack by instilling offensive security techniques such as penetration testing and red teaming in them before day zero.
Read more »
User Security
Artificial Intelligence Dark Patterns Generative AI Technology Threat Landscape User Security

AI-Powered Dark Patterns: What's Up Next?

 

The rapid growth of generative AI (artificial intelligence) highlights how urgent it is to address privacy and ethical issues related to the use of these technologies across a range of sectors. Over the past year, data protection conferences have repeatedly emphasised AI's expanding role in the privacy and data protection domains as well as the pressing necessity for Data Protection Officers (DPOs) to handle the issues it presents for their businesses. 

These issues include the creation of deepfakes and synthetic content that could sway public opinion or threaten specific individuals as well as the public at large, the leakage of sensitive personal information in model outputs, the inherent bias in generative algorithms, and the overestimation of AI capabilities that results in inaccurate output (also known as AI hallucinations), which often refer to real individuals. 

So, what are the AI-driven dark patterns? These are deceptive UI strategies that use AI to influence application users into making decisions that favour the company rather than the user. These designs employ user psychology and behaviour in more sophisticated ways than typical dark patterns. 

Imagine getting a video call from your bank manager (created by a deepfake) informing you of some suspicious activity on your account. The AI customises the call for your individual bank branch, your bank manager's vocal patterns, and even their look, making it quite convincing. This deepfake call could tempt you to disclose sensitive data or click on suspicious links. 

Another alarming example of AI-driven dark patterns may be hostile actors creating highly targeted social media profiles that exploit your child's flaws. The AI can analyse your child's online conduct and create fake friendships or relationships that could trick the child into disclosing personal information or even their location to these people. Thus, the question arises: what can we do now to minimise these ills? How do we prevent future scenarios in which cyber criminals and even ill-intentioned organisations contact us and our loved ones via technologies on which we have come to rely for daily activities? 

Unfortunately, the solution is not simple. Mitigating AI-driven dark patterns necessitates a multifaceted approach that includes consumers, developers, and regulatory organisations. The globally recognised privacy principles of data quality, data collection limitation, purpose specification, use limitation, security, transparency, accountability, and individual participation are universally applicable to all systems that handle personal data, including training algorithms and generative AI. We must now test these principles to discover if they can actually protect us from this new, and often thrilling, technology.

Prevention tips 

First and foremost, we must educate people on AI-driven dark trends and fraudulent techniques. This can be accomplished by public awareness campaigns, educational tools at all levels of the education system, and the incorporation of warnings into user interfaces, particularly on social media platforms popular with young people. Cigarette firms must disclose the risks of their products, as should AI-powered services to which our children are exposed.

We should also look for ways to encourage users, particularly young and vulnerable users, to be critical consumers of information they come across online, especially when dealing with AI systems. In the twenty-first century, our educational systems should train members of society to question (far more) the source and intent of AI-generated content. 

Give the younger generation, and even the older ones, the tools they need to control their data and customise their interactions with AI systems. This might include options that allow users or parents of young users to opt out of AI-powered suggestions or data collection. Governments and regulatory agencies play an important role to establish clear rules and regulations for AI development and use. The European Union plans to propose its first such law this summer. The long-awaited EU AI Act puts many of these data protection and ethical concerns into action. This is a positive start.
Read more »
Voice-Based App
AI Tool Cyber Fraud Scammers User Security Voice-Based App

Meet Daisy, the AI Grandmother Designed to Outwit Scammers

 

The voice-based AI, known as Daisy or "dAIsy," impersonates a senior citizen to engage in meandering conversation with phone scammers.

Despite its flaws, such as urging people to eat deadly mushrooms, AI can sometimes be utilised for good. O2, the UK's largest mobile network operator, has implemented a voice-based AI chatbot to trick phone scammers into long, useless talks. Daisy, often known as "dAIsy," is a chatbot that mimics the voice of an elderly person, the most typical target for phone scammers. 

Daisy's goal is to automate "scambaiting," which is the technique of deliberately wasting phone fraudsters' time in order to keep them away from potential real victims for as long as possible. Scammers employ social engineering to abuse the elderly's naivety, convincing them, for example, that they owe back taxes and would be arrested if they fail to make payments immediately.

When a fraudster gets Daisy on the phone, they're in for a long chat that won't lead anywhere. If they get to the point when the fraudster requests private data, such as bank account information, Daisy will fabricate it. O2 claims that it is able to contact fraudsters in the first place by adding Daisy's phone number to "easy target" lists that scammers use for leads. 

Of course, the risk with a chatbot like Daisy is that the same technology can be used for opposite ends—we've already seen cases where real people, such as CEOs of major companies, had their voices deepfaked in order to deceive others into giving money to a fraudster. Senior citizens are already exposed enough. If they receive a call from someone who sounds like a grandchild, they will very certainly believe it is genuine.

Finally, preventing fraudulent calls and shutting down the groups orchestrating these frauds would be the best answer. Carriers have enhanced their ability to detect and block scammers' phone numbers, but it remains a cat-and-mouse game. Scammers use automated dialling systems, which allow them to phone numbers quickly and only alert them when they receive an answer. An AI bot that frustrates fraudsters by responding and wasting their time is preferable to nothing.
Read more »
Subscribe to: Posts (Atom)