Pavel Durov Would "Rather Die" Than Reveal Telegram Messages

"I'd rather die — no third party has access to private messages on Telegram," the Russian-born entrepreneur wrote in response to a comment that suggested he gave French authorities "backdoor" access to Telegram data.

Pavel Durov became a symbol of the struggle over user data privacy between social media companies and national governments after he was arrested by French authorities one year ago, in August 2024.

The CEO was detained for four days and accused of being complicit in allowing criminal activity to occur on Telegram. He has denied all the criminal charges laid against him.

Durov shared a four-part thread about the ongoing case on X last 24 August, the anniversary of his arrest.

"One year ago, the French police detained me for 4 days because some people I'd never heard of used Telegram to coordinate crimes," Durov wrote in the thread.

"Arresting a CEO of a major platform over the actions of its users was not only unprecedented — it was legally and logically absurd," he said.

French prosecutors charged Durov in late August 2024 with six crimes, including "complicity" in the distribution of child sexual abuse material and drug trafficking, arguing that he allowed illegal activity to flourish on Telegram while refusing to cooperate with authorities.

Durov said on X that the investigation against him "is still struggling to find anything that I or Telegram did wrong."

Telegram's moderation practices align with industry standards, and it has "always responded to every legally binding request from France," he added.

"The only outcome of my arrest so far has been massive damage to France's image as a free country," Durov said.

In his posts on Sunday, Durov said he does not have an appeal date and has to return to France every 14 days.

Durov set up Telegram in 2013. Before that, he founded the Russian social media network VKontakte, known as VK. He sold his stake in VK and fled Russia in 2014 after rejecting Kremlin pressure to turn over the data of Ukrainian protest leaders.

Telegram has about 1 billion active users globally. The influential messaging platform has grown to be a primary source of information in the war in Ukraine and Russia. It has been called out by critics and researchers for refusing to remove graphic, misleading, and sometimes criminal content.

Read More

Male Revenge App Became Popular And Very Vulnerable

There were two online apps that claim to help users date safely by sharing information about abusive or dishonest ex-partners and it has rocketed to the top of Apple's U.S. app store rankings.

However, as it turns out, both apps suffered from serious security flaws that exposed thousands of users' personal data to the internet.

Tea, which became the number one most downloaded app on iPhone in July after going viral, lets women anonymously review men they've dated and bills itself as "the safest place to spill tea".

A few days ago, it was joined at the top of the charts by TeaOnHer, a copycat app that offers to "help men date safe" with "verified reports" about "red flags, safety concerns, and positive experiences".

As of the time of publishing, TeaOnHer was the second most downloaded free app on the U.S. iPhone App Store, while Tea was the third.

Now both apps are facing potential class action lawsuits after hackers and tech journalists discovered that they were spilling a different kind of tea: leaking users' ID documents, selfies, and in some cases emails and private messages.

Tea rapidly took action to close the breach — but not before numerous angry (and seemingly mostly male) internet users gleefully downloaded and shared photos and ID documents from women who had used the app, according to 404 Media.

Meanwhile, one week after TeaOnHer's breach was discovered by TechCrunch, the issue finally appears to have been fixed. But the company behind it has offered no public comment, nor any indication that it has notified users about their drivers’ licenses being leaked.

The company behind TeaOnHer also appears to have little web presence, and questions from The Independent to its only publicly accessible email address resulted in an automated bounceback.

"It turns out that the kind of people who write and launch an app in less than two weeks are not the kind of people who feel the need to implement secure coding practices and strong privacy protections for the sensitive user data they ask you to upload," said Eva Galperin, director of cybersecurity at the privacy-focused Electronic Frontier Foundation, on Bluesky.

The breaches shine a light not only on the dysfunctions of modern dating — and people's hunger for a solution — but also on the ethical quandaries of naming and shaming individual exes online.

Tea was first launched in 2023, apparently inspired by "Are We Dating the Same Guy" Facebook groups, which serve as an informal (and sometimes controversial) whisper networks about shady and abusive behavior. "Founder Sean Cook launched Tea after witnessing his mother’s terrifying experience with online dating — not only being catfished but unknowingly engaging with men who had criminal records," the app's about page reads.

TeaOnHer’s security was very lax. According to TechCrunch, it took less than ten minutes and only "trivial" effort to access driver’s licenses and email addresses, with no password or credentials required.

The app requires all users to submit government ID verification, but its App Store page falsely claims not to collect any data from users.

Apple's rules say that app makers must identify all the data they collect on their App Store page, unless it meets certain exception criteria.

Read More

A New Email Phishing Scam Is On The Rise

An email hits your inbox from an unknown sender that includes a picture of your house and address, followed by this threat: "Don’t even try to hide from this. You have no idea what I’m capable of ... I’ve got footage of you doing embarrassing things in your house (nice setup, by the way)."

Sounds like a scene out of a horror film, right? Instead, it’s one of the latest phishing scams.

Like many other email and text scams, this particular extortion scheme uses specific personal information to deceive people into sending money. The email convinces people the hacker knows more about them and that they must exchange payment or Bitcoin in order to keep their information safe.

"I received a PDF over email that included my address and photo of the address and made outrageous claims about my private behavior, and claimed to have video documentation captured from spyware on my computer," Jamie Beckland, a chief product officer at the tech company APIContext, told HuffPost. "The scammer threatened to release the video if I didn’t pay them via Bitcoin."

If you get a similar email, here are the steps you can take to figure out if it’s a scam so you protect yourself:

1. Confirm the house and street imagery on Google Maps
   Many phishing emails are often riddled with grammatical errors and poor formatting, which make them easier to identify. However, this scam, which includes images of people’s homes, is a newer, darker twist.
   You might be asking yourself, how exactly was the scammer able to identify your house address? According to Al Iverson, a cyber expert and industry research and community engagement lead at the software company Valimail, the sender likely found your address from a prior data breach that leaked personal data, and then used a Google Maps photo to put together an email.
2. Examine the email address and check for legitimacy
   Iverson recommended checking the email address’ legitimacy whenever you receive any correspondence from unknown users.
   "Check whether the sender’s email domain matches the official organization’s website," he said as one example.
   "Also, if using Gmail, look for ‘show original message’ and review SPF, DKIM, and DMARC results." These are essentially methods that verify the emailer’s domain to prevent spam, phishing attacks and other email security risks. To do this, click on the three-dot hamburger menu at the top right of your email and click "Show Original."
3. Don’t click unfamiliar links, especially related to payments
   If an email seems legitimate, you might accidentally click on the links it contains for more information. Zarik Megerdichian, founder of Loop8, a company that protects personal data and privacy from data breaches and hackers, strongly cautions against this.
   "Exercise caution any time you’re asked to click on a link in an email," Megerdichian said. "Bitcoin transactions are irreversible, as are many other common payment methods including Cash App and Zelle."
   Further, scams that demand remuneration should be reported to the Federal Trade Commission by filing a report online or via phone. Megerdichian also noted that if a hacker has obtained details about your financials, monitor your bank accounts closely and dispute fraudulent charges with your bank, cancel your cards and preventatively stop future charges.
4. Update your password
   It’s also highly advisable when confronted with an elaborate scam to change all of your passwords.
   According to Yashin Manraj, CEO of Pvotal Technologies, a company that creates secure tech infrastructures for businesses, it’s important to protect your data right away if you suspect it’s been compromised.
   "Use a new email address if possible and move critical financial or utilities to it, and then start reporting the case to the local police, the FBI and making sure your family is aware of the potential threat of a public shaming in the unlikely event that they did manage to steal some compromising data," Manraj said.

Read More

Clorox Claimed Cognizant 'Easily' Gave Passwords To Hackers

Bleach maker Clorox announced last 22 July that it has sued information technology provider Cognizant over a devastating 2023 cyberattack, alleging that the hackers pulled off the intrusion simply by asking the tech company's staff for employees' passwords.

Clorox was one of several major companies hit in August 2023 by the hacking group dubbed Scattered Spider, which specializes in tricking IT help desks into handing over credentials and then using that access to lock them up for ransom.

The group is often described as unusually sophisticated and persistent, but in a case filed in California state court last 22 July, Clorox said one of Scattered Spider's hackers was able to repeatedly steal employees' passwords simply by asking for them.

"Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques," according to a copy of the lawsuit reviewed by Reuters. "The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over."

Cognizant did not immediately return messages seeking comment on the suit, which was not immediately visible on the public docket of the Superior Court of Alameda County. Clorox provided Reuters with a receipt for the lawsuit from the court.

Three partial transcripts included in the lawsuit allegedly show conversations between the hacker and Cognizant support staff in which the intruder asks to have passwords reset and the support staff complies without verifying who they are talking to, for example by quizzing them on their employee identification number or their manager's name.

"I don't have a password, so I can't connect," the hacker says in one call. The agent replies, "Oh, OK. OK. So let me provide the password to you OK?"

The apparent ease with which the hackers got what they wanted wasn't necessarily an indication that they weren't skilled, said Maxie Reynolds, a security expert who has specialized in social engineering and isn't a party to the case.

"They just tried what typically works," she said.

Reynolds said the full transcripts were needed to offer a fair evaluation of what happened in 2023 but said that, "if all they had to do was call and ask straight out, that’s not social engineering and it is negligence/non-fulfillment of duty."

The 2023 hack at Clorox caused US$ 380 million in damages, the suit said, about US$ 50 million of which was tied to remedial costs and the rest attributable to Clorox's inability to ship products to retailers in the wake of the hack.

Read More

Elmo's X Account Got Hacked

Hackers has broken into the X account of Sesame Street character Elmo and posted several antisemitic and racist messages, the makers of the children's TV show said last 14 July.

The posts, which have been deleted, called for violence against Jews, insulted President Donald Trump and demanded the release of government files on accused sex trafficker Jeffrey Epstein and his alleged clientele.

Elmo, a cheerful red Muppet, has more than 650,000 followers on X.

"Elmo's X account was briefly compromised by an unknown hacker who posted disgusting messages, including antisemitic and racist posts," Sesame Workshop said in a statement, adding the account has since been secured.

X came under scrutiny last week when the account of the Grok chatbot developed by billionaire Elon Musk's company xAI produced content with antisemitic tropes. The posts were subsequently removed and called "inappropriate" by Grok's X account.

Since Musk bought what was then known as Twitter in 2022, he has cut back on moderation. Extremist content has increased, causing some advertisers to pull away from the platform.

Read More

About 16 B Passwords Were Compromised

There were about 16 billion passwords to Apple, Facebook, Google, and other social media accounts, as well as government services, that were leaked in what researchers are calling the largest data breach ever, according to reports.

The leak exposed 16 billion login credentials and passwords, prompting both Google to tell billions of users to change their passwords and the FBI to warn Americans against opening suspicious links in SMS messages, according to a report published a few days ago in Forbes.

Researchers at Cybernews, who have been investigating the leak, found "30 exposed datasets containing from tens of millions to over 3.5 billion records each."

All but one of these datasets have not been previously reported as being exposed, so the data impacted is all considered new.

"This is not just a leak – it’s a blueprint for mass exploitation," the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. "These aren’t just old breaches being recycled," they warned, "this is fresh, weaponizable intelligence at scale."

Most of that intelligence was in the format of a URL, followed by logins and passwords. That information then allowed access to "pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services."

While worrisome, the researchers found that the datasets were exposed very briefly – with enough time for them to be discovered, but not long enough for researchers to figure out who was controlling the data.

Read More

Several Journalists' Email Accounts May Be Compromised

The Washington Post is investigating a cyberattack on email accounts of some of its journalists, a source familiar with the matter told Reuters last 15 June.

There has been a possible unauthorized targeted intrusion affecting a few journalists, the source said. The Wall Street Journal, which first reported the breach, said it was potentially the work of a foreign government.

According to the report, staffers at The Washington Post were told the intrusions compromised journalists' Microsoft accounts and could have granted the intruder access to work emails.

The reporters whose emails were targeted included members of the national security and economic policy teams, including some who write about China, the report added.

Matt Murray, The Washington Post's executive editor, said in an internal memo that the investigation was initiated after the breach was discovered a few days earlier, the WSJ reported.

In 2022, News Corp, which publishes the WSJ, was breached by digital intruders. The email accounts and data of an unspecified number of journalists were compromised in that incident.

Read More

Starlink Wifi Suspended In United Airlines Flights

United Airlines (UA) has announced that it temporarily paused Starlink Wi-Fi on its regional Embraer E175 jets due to radio interference issues. The decision affects flights departing from major hubs like Chicago O’Hare (ORD), where many of these aircraft are based.

The airline has confirmed that nearly two dozen aircraft equipped with SpaceX’s Starlink technology are now flying without internet, citing concerns related to communication system disruptions.

United Airlines (UA), in partnership with Starlink, has outfitted 20+ Embraer E175 regional jets with satellite-based high-speed Wi-Fi.

However, shortly after the rollout, the carrier identified a technical problem involving static interference affecting VHF radios, a system pilots rely on to communicate with air traffic control.

As exclusively reported by TPG, pilots experienced static immediately following their radio transmissions on aircraft fitted with the new Starlink antennas.

Although the airline has stated there is no risk to flight safety, it acted out of caution by disabling the Wi-Fi systems fleet-wide while a fix is applied.

This issue is not unprecedented. United previously encountered similar interference while integrating Viasat on its mainline aircraft, a complication that was swiftly resolved.

Similarly, United and Starlink have now pinpointed the source of the interference and developed a solution currently being implemented across affected aircraft.

Read More

MLB Players Observed Increasing Online Threats

Threats on professional athletes were observed to be increasing through the years and players from from MLB agree that online abuse has gotten progressively worse in recent years. Milwaukee’s Christian Yelich, a 13-year MLB veteran and the 2018 NL MVP, said receiving online abuse is "a nightly thing" for most players.

"I think over the last few years it’s definitely increased," he said. "It's increased to the point that you’re just: 'All right, here we go.' It doesn’t even really register on your radar anymore. I don't know if that's a good or a bad thing. You're just so used to that on a day-to-day, night-to-night basis. It’s not just me. It's everybody in here, based on performance."

And many players believe it’s directly linked to the rise in legalized sports betting.

"You get a lot of DMs or stuff like that about you ruining someone’s bet or something ridiculous like that," veteran Red Sox reliever Justin Wilson said. "I guess they should make better bets."

Liam Hendriks, a 36-year-old Boston reliever who previously battled non-Hodgkin lymphoma, said on Instagram that he and his wife received death threats after a loss to the Mets. He added that people left comments saying that they wished he would have died from cancer among other abusive comments.

He later discussed the issue and his decision to speak out about it.

"Enough is enough," he said. "Like at some point, everyone just like sucking up and dealing with it isn't accomplishing anything. And we pass along to security. We pass along to whoever we need to, but nothing ends up happening. And it happens again the next night. And so, at some point, someone has to make a stand. And it’s one of those things where the more eyes we get on it, the more voices we get talking about it. Hopefully it can push it in the right direction."

Both the Astros and the Red Sox are working with MLB security to take action against social media users who direct threats toward players and their families. Red Sox spokesperson Abby Murphy added that they’ve taken steps in recent years to make sure player’ families are safe during games. That includes security staff and Boston police stationed in the family section at home and dedicated security in the traveling party to monitor the family section on the road.

Murphy said identifying those who make anonymous threats online is difficult, but: "both the Red Sox and MLB have cyber programs and analysts dedicated to identifying and removing these accounts."

The Astros have uniformed police officers stationed in the family section, a practice that was implemented well before the threats to McCullers and his family.

For some players, online abuse has gotten so bad that they’ve abandoned social media. Detroit All-Star outfielder Riley Greene is one of them, saying he got off because he received so many messages from people blaming him for failed bets.

"I deleted it," he said of Instagram. "I'm off it. It sucks, but it’s the world we live in, and we can't do anything about it. People would DM me and say nasty things, tell me how bad of a player I am, and say nasty stuff that we don't want to hear."

While most players have dealt with some level of online abuse in their careers, no one has a good idea of how to stop it.

"I’m thankful I’m not in a position where I have to find a solution to this," Tigers' pitcher Tyler Holton said. "But as a person who is involved in this, I wish this wasn’t a topic of conversation."

White Sox outfielder Mike Tauchman is disheartened at how bad player abuse has gotten. While it’s mostly online, he added that he’s had teammates that have had racist and homophobic things yelled at them during games.

Read More

FBI Investigates "764", An Online Predator Platform

FBI officials are warning the public about a loose network of violent predators who befriend teenagers through popular online platforms and then coerce them into escalating sexual and violent behavior -- pushing victims to create graphic pornography, harm family pets, cut themselves with sharp objects, or even die by suicide.

The online predators, part of the network known as "764," demand victims send them photos and videos of it all, so the shocking content can be shared with fellow 764 followers or used to extort victims for more. Some of the predators even host "watch parties" for others to watch them torment victims live online, according to authorities.

"We see a lot of bad things, but this is one of the most disturbing things we're seeing," said FBI Assistant Director David Scott, the head of the FBI's Counterterrorism Division, which is now leading many of the U.S. government's investigations tied to 764.

The FBI has more than 250 such investigations currently underway, with every single one of its 55 field offices across the country handling a 764-related case, Scott told ABC News in an exclusive interview.

He said the FBI has seen some victims as young as nine, and federal authorities have indicated there could be thousands of victims around the world.

"[It's] very scary and frightening," the Connecticut mother of a teen girl caught up in 764 told ABC News.

"It was very difficult to process, because we didn't raise her to engage in that kind of activity," said the mother, speaking on the condition that ABC News not name her or her daughter.

Last year, in classic New England town of Vernon, Connecticut, local police arrested the girl -- a former honor roll student -- for conspiring with a 764 devotee overseas to direct bomb threats at her own community. When police searched her devices, they found pornographic photos of her, photos depicting self-mutilation, and photos of her paying homage to 764.

As Scott described it, one of the main goals of 764 and similar networks is to "sow chaos" and "bring down society."

That's why the FBI's Counterterrorism Division and the Justice Department's National Security Division are now looking at 764 and its offshoots as a potential form of domestic terrorism, even coining a new term to characterize the most heinous actors: "nihilistic violent extremists."

"The more gore, the more violence ... that raises their stature within the groups," Scott said. "So it's sort of a badge of honor within some of these groups to actually do the most harm to victims."

According to an ABC News review of cases across the country, over the past few years, state and federal authorities have arrested at least 15 people on child pornography or weapons-related charges, and accused them in court of being associated with 764.

Read More

Growing Online Trafficking Of Endangered Species

Researchers from the University of Miami has sifted through thousands of online listings and found some of them are enabling the trafficking of endangered species. In their recent study, they identified 546 listings for endangered or trade-restricted animals representing 83 species.

The researchers developed a tool that automatically collects data across 148 English-text online marketplaces to analyze online sales of threatened animal species, according to their writeup published by Phys.org.

The tool was used to search for online sales of 13,267 animal species classified as at risk of global extinction by the International Union for Conservation of Nature and 706 animal species listed in Appendix I of the Convention on International Trade in Endangered Species. The search was conducted over a period of 15 weeks in 2018.

Their study revealed that the shortfin mako is one of the most targeted threatened species in online wildlife trafficking. The endangered shark species is exploited for its jaws and other body parts, which are sold on hundreds of social media sites and open markets.

The researchers also identified other threatened shark species through their study, including the longfin mako, scalloped hammerhead, sandbar, and pelagic thresher. Sharks represented nine of the 10 most threatened species identified in this study.

According to the World Wildlife Fund (WWF), not all wildlife trade is illegal, but it becomes a serious problem when it overexploits species and threatens their survival in the wild. Efforts to crack down on wildlife trafficking have been implemented, but online trafficking is hard to address.

Professor Jennifer Jacquet, one of the authors of the study, explained that online platforms typically aren't held legally responsible for sales since they're considered marketplaces where buyers and sellers can connect for transactions.

Wildlife trafficking poses a threat not only to the endangered species but also to humans. Illegally traded species may become invasive when introduced to unfamiliar environments. Some species may carry zoonotic diseases that could transfer to humans and threaten global health.

Trafficking can also negatively impact biodiversity. According to the WWF, species and organisms in the wild work together to maintain balance in ecosystems, where we get food and clean water.

"Society has underestimated the threat posed by the trade in wildlife," Jacquet warned, per Phys.org.

Read More

U.S. Extends Support To Protect Cyber Vulnerabilities

The U.S. government will extend support for 11 months for a database of cyber weaknesses that plays a critical role in fighting bugs and hacks, a spokesperson said last 16 April, just as the funding was due to run out.

The expected cut-off of payments for the non-profit MITRE Corp's Common Vulnerabilities and Exposures database had spread alarm across the cybersecurity community.

The U.S.-backed database acts as a catalog for cyber weaknesses and allows IT administrators to quickly flag and triage the different bugs and hacks discovered daily.

The last-minute change of plan after the importance of the service was highlighted publicly is another instance of the confusion across government as U.S. President Donald Trump's administration makes deep cuts to public spending.

Yosry Barsoum, vice president and director at the Center for Securing the Homeland at MITRE, said in a statement that a break in service for the Common Vulnerabilities and Exposures Program and the Common Weakness Enumeration Program had been avoided.

"We appreciate the overwhelming support for these programs that have been expressed by the global cyber community, industry, and government over the last 24 hours," Barsoum said.

The Cybersecurity and Infrastructure Security Agency said in an email the CVE program was invaluable and that it had executed an "option period on the contract to ensure there will be no lapse in critical CVE services."

The government's last-minute change drew "a sigh of relief," said John Hammond, a researcher with the managed security company Huntress who was among the many who opposed the move to stop funding.

"I'm glad someone or something heard the voice of the community loud and clear," Hammond said.

Read More

U.S. Lawmakers Seeking Probe On Nvidia Chips Inside DeepSeek

Several United States lawmakers are looking into how advanced Nvidia chips may have gotten into the hands of the Chinese AI company DeepSeek, which they also accused of spying on Americans on behalf of China.

House Representatives released a report on 16 April that they said "reveals that DeepSeek covertly funnels American user data to the Chinese Communist Party, manipulates information to align with CCP propaganda, and was trained using material unlawfully obtained from US AI models."

The lawmakers — Reps. John Moolenaar, a Republican from Michigan, and Raja Krishnamoorthi, a Democrat from Illinois — said it appeared DeepSeek, which released a powerful AI model that made headlines in January, had used 60,000 chips from Nvidia despite US sanctions limiting the ability of the company to sell some of its hardware to China.

Nvidia is already having a tough week. Its stock fell nearly 7 percent on 16 April after the company announced that it had been informed that the Trump administration would require a new license for all accelerated chips shipping to China. The company said it expected a US$ 5.5 billion decrease in earnings due to the Trump administration's tariffs.

"DeepSeek isn't just another AI app — it's a weapon in the Chinese Communist Party's arsenal, designed to spy on Americans, steal our technology, and subvert US law," Moolenaar said in a statement, which called DeepSeek a "serious national security threat" to the US.

The lawmakers said Nvidia CEO Jensen Huang directed the design of chips to get around US export controls.

They also sent a letter to Huang requesting lists of customers located in China and Southeast Asia and any communications between Nvidia and DeepSeek.

Nvidia said in a statement to Business Insider that "the US government instructs American business on what they can sell and where — we follow the government's directions to the letter."

The company also said it sells its products to companies worldwide, adding that its reported Singapore revenue indicates the billing addresses of its clients, many of which the company said are subsidiaries of US companies.

Read More

Consumerization of IT in Todays' Business

Shadow IT, or technology informally introduced into an organizational environment, is clearly here to stay. According to recent research undertaken by BT, shadow IT solutions now account for 20 per cent of corporate IT spend in Australia and 25 per cent globally.

IT budgets and technology deployments are failing to keep pace with the capabilities of consumer-focused innovations such as smartphones, tablets and online file-sharing services. The outcome is users are effectively taking many of the technology decisions away from IT departments, compromising the ability of businesses to manage their IT risks.

So how have consumer-led expectations complicated technology's role in the enterprise and subsequently led to the growth of shadow IT?

Employees are consumers, and consumers today are extremely conscious of the 'lifestyle' aspect of the technologies they use.

From sleek form factors to advertisements positioning products as gateways to music, fashion and other desirable consumables, vendors are successfully positioning their products as an indispensable part of the modern, affluent lifestyle.

Failing to match the consumer experience with stylish workplace equipment may prompt some employees to favor the sleek home notebook over the clunky work version.

Lenovo ThinkFWD has an advice for this.

"In worst-case scenarios, business leaders may opt to buy workplace computers for themselves and their teams without asking IT. Poor procurement may have flow-on effects as well. Young, talented people entering the workforce may view outdated computers and clunky, ageing mobile phones as warning signs of a traditional, inflexible workplace.

On the other hand, a modern workplace that offers newer technologies and form factors, and combines them with policies that enable users to access corporate data on preferred devices, can help attract and retain talented people.

The second aspect is user experience. Providing a high-quality user experience is mandatory for technology teams seeking to control the emergence of shadow technology. This means accounting for users’ feelings, motivations and values as much as efficiency, effectiveness and basic satisfaction when procuring technologies and developing applications.

Businesses should apply the same user experience principles to the development of in-house corporate applications as to the development of customer-facing applications and websites.

Failing to take this approach may prompt employees to secretly use better-designed commercial application products without informing IT. It may also compromise the productivity and cost savings anticipated from developing an in-house application as users struggle to come to grips with its clunky, un-intuitive experience.

Connectivity is another crucial issue for businesses. Employees that endure patchy or slow corporate wireless access may be tempted to use other methods, such as smartphones for wireless hotspots or unsecured wireless networks at local cafes or hotels, which do not meet corporate guidelines for information security.

Businesses have to implement fast, highly available and organisation-wide Wi-Fi to deliver the ubiquitous connectivity that employees view as a basic requirement of modern business. For organisations with limited resources, some providers offer Wi-Fi as a service that can deliver on-demand access to wireless connectivity in multiple locations.

Another area where organisations are vulnerable to shadow IT is in the availability of collaboration and file-sharing tools and technologies.

Employees in modern workplaces expect to be able to collaborate easily and effectively to make fast and more informed business decisions. If employers do not provide the right tools and technologies to enable employees to do this, workers are likely to seek out third-party collaboration and file-sharing tools to perform these activities.

However, this may see employers lose control over how sensitive information is shared, and potentially expose this data to theft or leakage.

According to research prepared by Telstra, nine out of 10 IT leaders across Australia, Hong Kong, Singapore, the UK and the US struggle to implement the communications and collaboration IT, ranging from desktop virtualisation to video conferencing, that employees want in the workplace.

So what is the answer for businesses seeking to minimise shadow IT?

Put simply, listen closely to users and let their needs drive relevant IT decision-making. If business teams want more say in IT procurement, make sure that any decision they make is subject to IT policies governing fit-for-purpose, security and governance.

Above all, the IT team should change its role from technology gatekeeper to enabler, so business teams can feel comfortable seeking advice about new technologies from their resident, in-house experts."

Read More

Androxgh0st Botnet Has Evolved And Became Dangerous

Online researchers have recently identified a major evolution in the Androxgh0st botnet, which has grown more dangerous with the integration of the Mozi botnet’s capabilities.

What began as a web server-targeted attack in early 2024 has now expanded, allowing Androxgh0st to exploit vulnerabilities in IoT devices, CloudSEK’s Threat Research team has said.

Its latest report claims the botnet is now equipped with Mozi’s advanced techniques for infecting and spreading across a wide range of networked devices.

Mozi, previously known for infecting IoT devices like Netgear and D-Link routers, was believed to be inactive following a killswitch activation in 2023.

However, CloudSEK has revealed Androxgh0st has integrated Mozi’s propagation capabilities, significantly amplifying its potential to target IoT devices.

By deploying Mozi’s payloads, Androxgh0st now has a unified botnet infrastructure that leverages specialized tactics to infiltrate IoT networks. This fusion enables the botnet to spread more efficiently through vulnerable devices, including routers and other connected technology, making it a more formidable force.

Beyond its integration with Mozi, Androxgh0st has expanded its range of targeted vulnerabilities, exploiting weaknesses in critical systems. CloudSEK’s analysis shows Androxgh0st is now actively attacking major technologies, including Cisco ASA, Atlassian JIRA, and several PHP frameworks.

Read More

"Salt Typhoon" Hackers Infiltrated U.S. Telco

It was reported last 27 December that Chinese hackers called Salt Typhoon have infiltrated a ninth telecommunications firm. It was also alleged by the U.S. cybersecurity officials that these hackers gained access to information about millions of people.

The FBI is investigating the Salt Typhoon attacks, which are spurring new defensive measures, deputy U.S. national security adviser Anne Neuberger told reporters recently.

"As we look at China's compromise of now nine telecom companies, the first step is creating a defensible infrastructure," she said.

The hackers primarily are targeting individuals and organizations involved in political or governmental activities and a significant number of hacking victims are located in the Washington D.C.-Virginia area.

The hackers can geolocate millions of people in the United States, listen to their phone conversations and record them whenever they like, Politico reported.

Among recent victims are President-elect Donald Trump, Vice President-elect JD Vance and several Biden administration officials.

Neuberger did not name the nine telecommunications firms that have been hacked, but said telecommunications firms and others must do more to improve cybersecurity and protect individual customers.

"We wouldn't leave our homes, our offices unlocked," she said. "Yet, the private companies owning and operating our critical infrastructure often do not have the basic cybersecurity practices in place that would make our infrastructure riskier, costlier and harder for countries and criminals to attack."

She said companies need better management of configuration, better vulnerability management of networks and better work across the telecom sector to share information when incidents occur.

"However, we know that voluntary cybersecurity practices are inadequate to protect against China, Russia and Iran hacking our critical infrastructure," Neuberger said.

Australian and British officials already have enacted telecom regulations "because they recognize that the nation's secrets, the nation's economy relies on their telecommunications sector."

Read More

Hacking Competition Revealed TrueNAS Vulnerabilities

At the recent Pwn2Own Ireland 2024 event, security researchers identified vulnerabilities in various high-use devices, including network-attached storage NAS devices, cameras, and other connected products.

TrueNAS was one of the companies whose products were successfully targeted during the event, with vulnerabilities found in its products with default, non-hardened configurations.

Following the competition, TrueNAS have started implementing updates to secure their products against these newly discovered vulnerabilities.

During the competition, multiple teams successfully exploited TrueNAS Mini X devices, demonstrating the potential for attackers to leverage interconnected vulnerabilities between different network devices. Notably, the Viettel Cyber Security team earned US$ 50,000 and 10 Master of Pwn points by chaining SQL injection and authentication bypass vulnerabilities from a QNAP router to the TrueNAS device.

Furthermore, the Computest Sector 7 team also executed a successful attack by exploiting both a QNAP router and a TrueNAS Mini X using four vulnerabilities. The types of vulnerabilities included command injection, SQL injection, authentication bypass, improper certificate validation, and hardcoded cryptographic keys.

TrueNAS responded to the results by releasing an advisory for its users, acknowledging the vulnerabilities and emphasizing the importance of following security recommendations to protect data storage systems against potential exploits.

Read More

China Suspects Cyber Attacks From U.S.

It looks like the cyberwar battle between U.S. and China is going back and forth. This time, it is the turn of China's national internet emergency response centre to report that it had found and dealt with two incidents of U.S. cyber attacks on Chinese tech firms to "steal trade secrets" since May 2023.

The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) said in a statement published on its website that an advanced materials design and research unit and a large-scale high-tech company focused on intelligent energy and digital information were "suspected of being attacked by a U.S. intelligence agency", without naming the agency.

The hacks led to the theft of "a large amount of trade secrets" in both cases, said CNCERT/CC, which says it is a non-governmental technical centre that serves as China's "national computer emergency response team", with the aim of preventing and detecting cybersecurity threats to the country.

After years of being accused by Western governments of cyberattacks and industrial espionage, in the past two years several Chinese organisations and government organs have accused the United States and its allies of similar behaviour.

The CNCERT/CC statement echoes accusations from the United States and its allies that China engages in state-led campaigns to steal trade secrets. It also comes at a time when China is dealing with a growing number of U.S. export controls targeting its domestic semiconductor and artificial intelligence industries.

In March 2022, CNCERT/CC said China had faced a wave of cyberattacks, mostly traced back to the United States but with a few from other countries such as Germany and the Netherlands.

These attacks took control of computers in China and used them to carry out cyberattacks on Russia, Ukraine and Belarus, it said.

Read More

TP-Link Investigated For Possible Security Risk

United States authorities are currently investigating potential national security risks tied to a telecom company founded in China whose internet routers are used by millions, multiple sources familiar with the matter told CNN.

U.S. officers are reportedly concerned that cheap and ubiquitous routers made by TP-Link could offer a foothold for China-backed hackers into US infrastructure, the sources said.

The Commerce Department has opened a probe into the company that is in its nascent stages. One possible outcome of the probe is a ban on the sale of TP-Link routers in the US, two of the sources, said.

It’s just one of a flurry of actions the Biden administration has taken in its waning days that officials say are aimed at blunting China’s ability to hack the American telecoms sector. The actions will carry into President-elect Donald Trump's administration as it inherits the steep challenge of trying to counter China’s aggressive use of cyber operations to collect intelligence.

The Commerce Department last week also sent a "preliminary finding" as part of a separate inquiry into another company, the US subsidiary of China Telecom, the state-owned telecoms giant, related to national security risks that US officials believe stem from the use of its equipment by American telecom companies, two sources said. It’s the first step in a potential purge of any remaining China Telecom gear from US carriers.

All of it comes as major US telecom carriers are still working to evict Chinese hackers from their networks in a cyber-espionage campaign that targeted senior US political figures, including President-elect Donald Trump.

Read More

Top Celebrity Names Being Used In Scams

All should be aware that these names can put you in a big trouble: Scarlett Johansson, Taylor Swift and Johnny Depp. These are just the celebrities whose identities are most often exploited for online scams.

Computer security company McAfee released its annual list (below) of the top 10 celebrity names with search results that tend to get compromised by hackers trying to rip off unsuspecting fans.

It's the actors’ likenesses that are being used without their permission on fraudulent schemes that peddle movie or song downloads, deals on celebrity-backed products, cryptocurrency investments or tickets to high-demand concerts.

The scammers also sometimes use convincing-looking deepfake videos of the actors to get a fan’s bank account information or to install malware on their devices that could result in identity theft.

Here is the list of the celebrities whose names and likenesses were most frequently fabricated this year for online scams — all without their permission. Also included is the type of fraud the names were used for. The celebrities are more diverse than one might expect, ranging from older male actors to younger female stars to singers with plenty of teenage fans.

1. Scarlett Johansson: "The Black Widow" star’s name and likeness were used for advertisements and endorsements. Johansson has also spoken out against nonconsensual AI-generated content, having threatened legal action against OpenAI for allegedly copying and imitating her voice.
2. Kylie Jenner: The reality star and influencer’s name and likeness were used for social media giveaway scams and fake Kylie Cosmetics products and websites.
3. Taylor Swift: The megastar singer’s name and likeness were used for celebrity endorsements, ticket scams and product giveaway scams, as well as for disinformation (Donald Trump sharing an AI fake suggesting Swift had endorsed him).
4. Anya Taylor-Joy: The Furiosa star’s name and likeness have been used for a giveaway scam, and her Twitter/X account was hacked to spread fake Queen’s Gambit sequel news.
5. Tom Hanks: The Oscar winner’s name and likeness have been used to promote "miracle cures and wonder drugs."
6. Sabrina Carpenter: The "Espresso" singer’s name and likeness have been used in fake ticketing scams and to advertise an app for creating sexually explicit images.
7. Sydney Sweeney: The "Anyone but You" star’s name and likeness have been used for crypto scams.
8. Blake Lively: The "It Ends With Us" actress’ name was used in a weight loss gummy scam.
9. Johnny Depp: "The Pirates of the Caribbean" star’s likeness has been used without permission in giveaway, crypto and fundraising scams.
10. Addison Rae: The "Diet Pepsi" singer’s likeness has been used without permission for fake endorsements, giveaways and crypto scams.

Read More