Showing posts with label #CyberSecurity. Show all posts
Showing posts with label #CyberSecurity. Show all posts

Thursday, July 24, 2025

Hey, Security. Talk to the hand...

Anviz innovative biometric Palm Vein Access Control Reader.  Seamless and touch-less access.
Key features and Advantages comparing to biometric of fingerprint and Face.

Accuracy
Palm vein recognition is one the most accurate biometric technologies, primarily due to its internal, unique, and stable biological characteristics.
FAR is typically around 0.00008% (or 1 in 1.25 million), FRR is 0.01%

Stability 
Palm vein patterns remain stable throughout a person’s life, make it suitable for long-term us 
Secure
Because palm veins are not visible to the naked eyes, also liveness detection requires active blood flow, adding a natural anti-spoofing layer. It is very hard to be duplicated.
Privacy
Unlike fingerprint or facial recognition that may be captured without user’s permission, palm vein can not be captured secretly as the vein patterns are inside the body, which makes almost impossible to collect or clone without the user’s participation.
Hygienic
Non-contact enrollment and identification surfaces. more

Cautionary Tale: Weak Password Sinks a 158-Year-Old Company

KNP Logistics, a 158-year-old transportation firm, collapsed after falling victim to a ransomware attack that locked them out of their own systems.

One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work.

In KNP's case, it's thought the hackers managed to gain entry to the computer system by guessing an employee's password, after which they encrypted the company's data and locked its internal systems. more
No. Adding another ! to your password isn't the answer.

FutureWatch: Spy-Grade Storage Drive

...self-destructs on demand just like in the movies!

It's not every day that you come across a product where the standout feature is its ability to go kaput at a moment's notice. 

That's exactly what the Team Group P250Q SSD (solid state drive) is all about. This industrial storage drive for computers and servers can physically destroy itself at the push of a button, so your secrets go up in smoke before they fall into the wrong hands...

The nuclear option involves a patented independent destruction circuit that overloads the flash memory chip, melting it in the process.  more  video

Saturday, July 19, 2025

Data Leak Exposes IDs of UK Spies

Cover is also blown for thousands of Afghan allies as UK government scrambles to respond.


A major data breach has blown the cover off more than 100 British officials—including MI6 agents and Special Air Service members—while also exposing thousands of Afghan allies to potential Taliban reprisals. 

The breach, which occurred in February 2022 but was only discovered more than a year later, spilled personal details from a sensitive database meant to help Afghans who supported the UK during its 20-year campaign in Afghanistan, per the BBC. more

Wednesday, July 9, 2025

AI Voice Clones are the Hot New Spy Tool

According to the WashingtonPost, in mid-June 2025, attackers successfully contacted five high-level officials using an AI-generated voice clone of Marco Rubio over Signal to try accessing sensitive information. 

They were:
  • A U.S. governor. 
  • A member of Congress. 
  • And THREE foreign ministers. 
…and the perpetrators needed only 15-20 seconds of publicly available audio to create the fake...

Here's what keeps security experts up at night: Voice cloning now costs as little as $1-5 per month and requires only 3 seconds of audio. Testing shows 80% of AI tools successfully clone political voices despite supposed safeguards.

...important question is this: do you have a catch phrase and/or signal to use with your loved ones to confirm it’s them? If you don’t, you should. The question isn't whether AI voice cloning will be used against you—it's when, and whether you'll be ready. more

Monday, July 7, 2025

Travel Security - Hotel Safes & Spybuster Tips

Hotel safes typically have a default master code that can be used to open them, especially if the user code is forgotten or the safe is locked upon arrival.
These default codes are often 0000, 9999, or variations like 000000 or 111111. 

Hotel staff should reset this code upon installation, but it's wise to check if it's been changed or to try the default codes before using the safe, especially if you plan on storing valuables.

Check for default codes: 
Common default master codes include 0000, 9999, 1234, 1111, 000000, 111111, and 999999. Some safes require entering # # or * * before entering the master code.

• The hotel is responsible for ensuring the safe is secure and the master code is reset to prevent unauthorized access.
• If the master code is not reset, anyone with knowledge of the default code can potentially access the safe. 
• Some hotels may charge a fee to reset the safe code to a custom PIN number.
For more proof of hotel safe insecurity check here, or view one of the many YouTube videos on the subject.

Spybuster Tips
Here are some solutions to try:
Portable Travel Safes - Soft or hard lockboxes with steel cable tethers. You hide them elsewhere in the room (e.g., attached to plumbing or heavy furniture). They avoid the hotel supplied safe altogether.
Tamper-Evident Devices - Security tape, zip ties, or door seals placed over the safe seam or keypad can alert you to tampering. They don’t secure, only monitor.
Bluetooth Tracker - Hide a Tile, AirTag, or Chipolo inside the safe. It may notify if the safe is opened, and its location if it has been moved.
Security Cables - Wrap a steel cable lock (not a heavy duty bike or motorcycle cable) through the safe door handle or around the body—but this depends on the safe’s design. These may also be useful for turning your suitcase or backpack into an impromptu security enclosure. 

Q. Why make this information publicly available and teach the bad guys?
A. Unfortunately, this information already appears in multiple YouTube videos, and is a click away in ChatGPT. On a positive note, publicity might force safe manufacturers to create better products, and help protect travelers in the meantime.

Thursday, July 3, 2025

AI Would Rather Let People Die Than Shut Down

Major artificial intelligence platforms like ChatGPT, Gemini, Grok, and Claude could be willing to engage in extreme behaviors including blackmail, corporate espionage, and even letting people die to avoid being shut down. Those were the findings of a recent study from San Francisco AI firm Anthropic...
N.B. Singularity caused the Krell's extinction. (1956)
 










The study found that in some cases, AI would resort to “malicious insider behavior” including blackmail and leaking sensitive information to competitors if that was the only way to avoid being replaced or achieve their goal...

This behavior, according to the study, wasn’t unique to Claude. Other major AI models including those from OpenAI, Google, Meta, xAI, and other developers would resort to blackmail or corporate espionage to pursue their goals. more
FutureWatch: Tag, you're it.

Android 16 Feature Could Stop Hackers from Spying on Your Phone

If your phone connects to a fake or insecure network, it will pop up a warning, letting you know that something’s not right.
It’ll also tell you if the network is trying to pull sensitive details like your phone’s unique ID.

But — and here’s the catch — most current Android phones won’t support this. It needs new hardware. The first phone expected to come with this built-in protection is likely the upcoming Pixel 10, which should launch later this year. more

Thursday, June 19, 2025

CISOs Anticipate Surge in Cyber Attacks Next Three Years

We're All Gonna Die T-Shirt
An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years
as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security.

The report, CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation, names cybersquatting, domain and DNS hijacking, and distributed denial-of-service (DDoS) attacks as the top three global cyber threats in 2024. These risks are only projected to escalate, as cybercriminals leverage new techniques and capabilities from AI and other modern technologies to launch more sophisticated attacks. Looking ahead, cybersquatting, domain-based attacks, and ransomware top the list of cybersecurity concerns for CISOs over the next three years. more

Protecting Electronic Devices When Crossing U.S. Borders

Some general tips:
  • Consider leaving your device behind.
  • Password-protect your electronic devices with strong passwords
  • Back up data before traveling. 
  • Remove sensitive data from a device before traveling.
  • Remember that “deleted” files can be searched. 
  • Log out of cloud accounts 
  • Know your rights and legal status. 
  • Keep emergency contact information (including for an attorney) on paper to make this information available if a device is seized. 
  • If your device is seized, request a receipt (CBP Form 6051D) 
  • After a search, be sure to change your passwords.
Bearing in mind this information can mitigate – but not eliminate – privacy risks that travelers face when crossing the border. more

Wednesday, June 11, 2025

Laptop Microphone Could Be Spying — Through Walls — Even When It’s Off

Your microphone is leaking conversations: 

• Digital microphones in laptops, phones, and smart speakers unintentionally broadcast electromagnetic signals that can be intercepted up to 2 meters away, even through walls.

• The attack is surprisingly accessible: Researchers achieved over 94% accuracy in speech recognition using simple equipment like copper tape antennas, making this vulnerability exploitable by anyone with basic technical knowledge.

• Your “off” microphone might still be listening: Testing revealed that microphones often activate automatically when playing audio or video content, and some remain active even when apps appear muted.  more

OpenAI's New Threat Report is Full of Spies, Scammers, and Spammers

(via theneurondaily.com)
Ever wonder what spies and scammers are doing with ChatGPT?
It’s not just asking for five-paragraph essays, obviously. 

… Here’s the Top 5 Most Interesting Cases…  
OpenAI just dropped a wild new threat report detailing how threat actors from China, Russia, North Korea, and Iran are using its models for everything from cyberattacks to elaborate schemes, and it reads like a new season of Mr. Robot.

The big takeaway: AI is making bad actors more efficient, but it's also making them sloppier. By using ChatGPT, they’re leaving a massive evidence trail that gives OpenAI an unprecedented look inside their playbooks.

1. North Korean-linked actors faked remote job applications. They automated the creation of credible-looking résumés for IT jobs and even used ChatGPT to research how to bypass security in live video interviews using tools like peer-to-peer VPNs and live-feed injectors. 

2. A Chinese operation ran influence campaigns and wrote its own performance reviews. Dubbed “Sneer Review,” this group generated fake comments on TikTok and X to create the illusion of organic debate. The wildest part? They also used ChatGPT to draft their own internal performance reviews, detailing timelines and account maintenance tasks for the operation.

3. A Russian-speaking hacker built malware with a chatbot. In an operation called “ScopeCreep,” an actor used ChatGPT as a coding assistant to iteratively build and debug Windows malware, which was then hidden inside a popular gaming tool.

4. Another Chinese group fueled U.S. political division. “Uncle Spam” generated polarizing content supporting both sides of divisive topics like tariffs. They also used AI image generators to create logos for fake personas, like a “Veterans for Justice” group critical of the current US administration.

5. A Filipino PR firm spammed social media for politicians. “Operation High Five” used AI to generate thousands of pro-government comments on Facebook and TikTok, even creating the nickname “Princess Fiona” to mock a political opponent.

Why this matters: It’s a glimpse into the future of cyber threats and information warfare. AI lowers the barrier to entry, allowing less-skilled actors to create more sophisticated malware and propaganda. A lone wolf can now operate with the efficiency of a small team. This type of information will also likely be used to discredit or outright ban local open-source AI if we’re not careful to defend them (for their positive uses).

Now get this: The very tool these actors use to scale their operations is also their biggest vulnerability. This report shows that monitoring how models are used is one of the most powerful tools we have to fight back. Every prompt, every code snippet they ask for help with, and every error they try to debug is a breadcrumb. They're essentially telling on themselves, giving researchers a real-time feed of their tactics. For now, the spies using AI are also being spied on by AI.

FBI: Home Internet Connected Devices Facilitate Criminal Activity


The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement to warn the public about cyber criminals exploiting Internet of Things (IoT) devices connected to home networks to conduct criminal activity using the BADBOX 2.0 botnet. Cyber criminals gain unauthorized access to home networks through compromised IoT devices, such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products. Most of the infected devices were manufactured in China. Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services known to be used for malicious activity.

WHAT IS BADBOX 2.0 BOTNET

BADBOX 2.0 was discovered after the original BADBOX campaign was disrupted in 2024. BADBOX was identified in 2023, and primarily consisted of Android operating system devices that were compromised with backdoor malware prior to purchase. BADBOX 2.0, in addition to compromising devices prior to purchase, can also infect devices by requiring the download of malicious apps from unofficial marketplaces. The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity.

INDICATORS

The public is urged to evaluate IoT devices in their home for any indications of compromise and consider disconnecting suspicious devices from their networks. more

Friday, June 6, 2025

Book: Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup

Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup


Reader Review: “Cyber for Builders" offers an essential roadmap for navigating the cybersecurity vendor landscape.

Most cybersecurity books are written for hackers, security leaders and practitioners, and a general audience. 

This book is different as it is intended first and foremost for builders - startup founders, security engineers, marketing and sales teams, product managers, VCs, angel investors, software developers, investor relations and analyst relations professionals, and others who are building the future of cybersecurity. 

Cyber for Builders provides an overview of the cybersecurity industry from entrepreneurial lenses, breaks down the role of a variety of industry players, from investors to channel partners and acquirers, and offers insight into the trends shaping the future of security. 

Moreover, the book is packed with mental models, notes, and advice to help early-stage cybersecurity founders get their ideas off the ground and solve problems faced by young companies around problem discovery, hiring, building products, and fundraising, to name some. more

Thursday, May 22, 2025

Find Out if Someone is Spying on Your Facebook Account

Unless you fly strictly under the radar, your Facebook account has valuable data about you—like who you speak with the most and what you talk about. It can also be a treasure trove of other personal details like your family members, close friends, and social plans.


You should be the only one to control your account. To ensure this, periodically verifying that everything’s secure is a wise idea...

On a PC
Meta buries this info in its account center. To go directly there, head to https://accountscenter.facebook.com/password_and_security/login_activity
You can also navigate there manually:
  • Open the Facebook website in your browser
  • Click on your profile icon at the top right of the window
  • Choose Settings & privacy
  • Select Settings
  • Under Accounts Center in the upper left, click on See more in Accounts Center
  • Choose Password and security
  • Under Security checks, click on Where you’re logged in
A pop-up will appear with a box showing your name and the device you’re currently using, plus a small number showing the other devices logged in. more

Wednesday, May 7, 2025

Vatican to Deactivate Mobile Phone Signals

All mobile phone signals will be deactivated in the Vatican today (7) ahead of the highly secretive conclave to elect the next pope, Italian State media reported.

The Vatican also plans to use signal jammers around the Sistine Chapel to prevent electronic surveillance or communication outside the Conclave that will see 133 Cardinals vote on who will succeed Pope Francis and lead the world’s 1.4 billion Catholics, Italian news agency ANSA reported.

Phone signal will be cut off at 3.00 pm local time (9.00 am ET) today, an hour and a half before the Cardinals are scheduled to proceed to the Sistine Chapel to begin the papal conclave, Italian state broadcaster RAI reported on Monday. more
So get down without your phone,
Comfort knowing you're not alone,
Bow your head with great respect,
And disconnect, disconnect, disconnect!

Apple’s iPhone Warning—400 Million Chrome Users Must Now Act

Apple’s video warning for iPhone users to stop using Google Chrome doesn’t mention Google Chrome — it doesn’t need to. It plays on the browser’s reputation for tracking and privacy infractions, which just took another hit. But it also hides a clever message that makes its warning clear. Hundreds of millions of iPhone users need to take note.


Last summer, Google backtracked on its promise to kill tracking cookies for Chrome’s 3 billion users. Don’t worry, it said, it’s temporary. It proposed a one-click “don’t track me” for Chrome with parallels to Apple’s App Tracking Transparency. 

But it has now backtracked again — and this time it’s worse. Cookies are here to stay. “We’ve made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies." more

Wednesday, April 16, 2025

EU Hands Out Burner Phones to US-bound Staff Over Spying Fears

Is today's US-EU alliance truly trusted? Who would have thought that today, nothing better illustrates what "trusted ally" really means than EU officials being handed burner phones before visiting the US to protect themselves from potential "espionage." 
 
The Financial Times reported on Monday that European Commissioners and senior officials travelling to the IMF and World Bank spring meetings next week have been given the new guidance to take basic phones and laptops. "They are worried about the US getting into the commission systems," FT quoted one official as saying. "The transatlantic alliance is over," the report said, quoting another anonymous EU official. more

Friday, April 4, 2025

Threat Actors Allegedly Selling SnowDog RAT Malware With Control Panel on Hacker Forums

A new Remote Access Trojan (RAT) dubbed “SnowDog RAT” is malicious software purportedly marketed for $300 per month. It appears to have been specifically developed for corporate espionage and targeted attacks on business environments.

The malware advertisement, discovered on Thursday, April 3, 2025, describes sophisticated capabilities that could threaten organizations worldwide.

According to a ThreatMon post shared on X, the advertisement claims that SnowDog RAT offers an extensive array of intrusion and persistence features that make it particularly dangerous. more

Lawsuit Alleges Pharmacist Hacked Hundreds of Computers to Watch Women Undress

A recently filed class action lawsuit accuses a former pharmacist at the University of Maryland Medical Center of having hacked into hundreds of computers.

Court documents say Matthew Bathula targeted at least 80 of his coworkers, most of whom are women pharmacists, residents, and other medical professionals.

Bathula allegedly accessed their computers using passwords and usernames extracted from UMMC computers and was able to gain access to their personal email, texts, photo libraries, and "private and sensitive electronically stored information."

He also allegedly downloaded partially nude photographs and recordings, photographs, and recordings depicting the women breastfeeding their children.

The complaint states Bathula activated internet-enabled cameras in patient treatment rooms to watch and record his coworkers he knew to be pumping breast milk at work and accessed home security cameras remotely to spy on the women in their homes, recording all of them in multiple stages of undress, in private family interactions, and having intercourse with their husbands.

Bathula accessed at least 400 computers, per court documents, and the active spying went on for at least a decade. more