FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Wednesday, April 30, 2025

Cyber Attack on British Co-Operative Group

The Co-Operative Group, commonly known as Co-Op, has issued an official statement confirming that some of its systems were recently targeted in a cyber attack. The retailer, which operates in a variety of sectors including food retail, funeral services, and insurance, stated that while the attack was serious, it appeared to be contained to a limited number of servers and was not as large-scale as the recent cyber assault on Marks & Spencer.

According to preliminary investigations, the breach occurred earlier last week and was detected promptly. Fortunately, Co-Op’s automated security systems swiftly neutralized the threat, minimizing any significant consequences. The retailer assured customers and partners that there is no indication that sensitive customer data was compromised during the attack.

Cyber Attack on Marks & Spencer: A Larger Scale Threat

In a related incident, Marks & Spencer, one of the UK’s leading retailers, revealed last Wednesday that it had fallen victim to a ransomware attack. On April 30, 2025, the company confirmed that it had been targeted by a sophisticated cybercrime group, believed to be either Scattered Spider or DragonForce, both of whom are notorious for launching double-extortion ransomware attacks.

In these types of attacks, hackers first encrypt critical data and then demand a ransom in exchange for the decryption key. This approach has become increasingly common in the cybercrime world, as it guarantees cybercriminals a payout—particularly when organizations are under pressure to recover from the financial and operational damage caused by data encryption.

The Growing Threat of Ransomware: What Businesses Should Know

The rise of ransomware attacks has made it a top priority for businesses to reassess their cybersecurity strategies. Ransomware groups exploit weaknesses in corporate networks to paralyze systems, demanding a ransom in exchange for restoring access to essential data. The attack on Marks & Spencer highlights a broader, troubling trend where cybercriminals use the threat of data loss to extract substantial sums from large organizations.

While many companies opt to meet the cybercriminals’ demands in hopes of avoiding prolonged downtime, law enforcement agencies like the National Crime Agency (NCA), FBI, and Europol strongly advise against paying the ransom. Paying criminals only fuels the cycle of cybercrime and does not guarantee that the attackers will honor their promise to release the encrypted data. More importantly, recovery from encryption can be nearly impossible without the decryption keys.

However, when ransomware attacks are reported to authorities, agencies often collaborate with specialized security teams to help businesses recover their data. These professional teams may be able to provide decryption tools, but the process is time-consuming and often results in significant operational losses due to system downtime.

Proactive Measures: How Businesses Can Better Protect Themselves

One of the most effective ways to combat ransomware threats is for businesses to adopt a comprehensive business continuity plan that includes a ransomware protection strategy. This plan should be proactive, aiming to prevent attacks before they occur, rather than simply reacting when an attack happens.

A robust data continuity plan ensures that critical business data can be restored quickly from secure backups, reducing the potential damage from an attack. Having such measures in place effectively shifts the balance of power back toward the business, enabling it to recover without succumbing to the ransom demands.

Additionally, businesses should regularly update their systems, educate employees on identifying phishing scams (which are a common entry point for ransomware), and invest in the latest cybersecurity technologies to create a layered defense against cyber attacks.

In Conclusion

The recent cyber incidents involving Co-Op and Marks & Spencer underscore the growing threat of ransomware and the need for businesses to be prepared. By implementing strong cybersecurity measures and having a well-structured disaster recovery plan in place, organizations can significantly reduce the risk of falling victim to cybercriminals. While law enforcement can assist in some cases, the best defense is always proactive preparation.

The post Cyber Attack on British Co-Operative Group first appeared on Cybersecurity Insiders.

The post Cyber Attack on British Co-Operative Group appeared first on Cybersecurity Insiders.


May 01, 2025 at 10:34AM

NetApp Enhances Data Storage Security with 99.9% Cyber Protection for Unmatched Resilience

NetApp, a trailblazer in the data storage industry, has announced a major upgrade to its product offerings: all future storage appliances will come equipped with 99.9% cybersecurity protection, effectively achieving 100% cyber resiliency. This marks a significant milestone in the company’s ongoing commitment to securing its customers’ data in an increasingly volatile cyber landscape.

For organizations seeking the highest level of data security at the storage layer, NetApp’s appliances offer a robust solution designed to elevate their overall storage posture. These new appliances integrate advanced cyber protection technologies, providing peace of mind for customers, partners, and regulatory bodies. Let’s dive into the core capabilities that make NetApp’s storage solutions stand out:

Post-Quantum Cryptography: Future-Proofing Your Data Security

One of the most prominent features of NetApp’s new storage appliances is the inclusion of Post Quantum Cryptography (PQC). As the digital world braces for the arrival of quantum computing, which could potentially break existing encryption methods, NetApp is taking proactive steps to secure data against these future threats. PQC uses encryption algorithms that are resistant to attacks from quantum computers, ensuring that both file and block-level workloads are safeguarded well into the future. These appliances leverage NIST-certified encryption algorithms, offering top-tier protection for data both at rest and in transit. This advanced encryption not only assures customers of the integrity of their data but also builds trust with partners and regulators who are increasingly concerned with data privacy.

BlueXP Ransomware Protection: Combatting Evolving Malware Threats

In addition to quantum-proof encryption, all NetApp storage appliances come with BlueXP Ransomware Protection, a cutting-edge software designed to mitigate the risk of file-encrypting malware. Ransomware attacks have become one of the most common and damaging cybersecurity threats, and NetApp’s solution proactively shields data from this growing menace. BlueXP effectively detects, isolates, and neutralizes ransomware attacks, ensuring that critical data remains intact and accessible in the face of sophisticated cyber threats.

3-2-1 Data Protection with ONTAP: Ensuring Seamless Recovery

NetApp’s native data storage operating system, ONTAP, continues to be a cornerstone of its security and data management offerings. ONTAP provides an intuitive and secure environment for data recovery through a 3-2-1 backup strategy, a widely recognized best practice for disaster recovery. This strategy involves creating three copies of your data, storing them on two different types of media, and keeping one copy offsite. This multi-layered approach ensures that data can be quickly restored in the event of a breach, disaster, or system failure. Furthermore, ONTAP supports critical enterprise applications such as Microsoft SQL Server, VMware, and Kubernetes, ensuring that organizations can back up and recover diverse workloads with ease.

Tailored Corporate Security and Professional Services

In addition to the built-in security features of its appliances, NetApp is also offering corporate-level security services for businesses looking to evaluate and strengthen their security posture. These professional services are designed to help organizations assess their current security landscape, identify vulnerabilities, and implement strategies to bolster their defenses. Whether you’re looking to audit your existing infrastructure or need advice on how to stay ahead of emerging threats, NetApp’s expert security services can provide invaluable support.

A Layered Approach to Cyber Defense

While no system can be considered entirely immune to cyberattacks, NetApp’s storage appliances add multiple layers of defense to protect against today’s and tomorrow’s cyber threats. With a combination of advanced encryption, ransomware protection, and data recovery solutions, NetApp’s offerings are designed to mitigate the risks associated with modern cyber threats. As businesses face an ever-evolving landscape of potential cyberattacks, NetApp’s appliances provide a fortified foundation for safeguarding critical data assets.

Conclusion: A Future-Proof Solution for Cybersecurity

As cyber threats continue to grow in both scale and sophistication, organizations must adapt by implementing solutions that not only address current vulnerabilities but also anticipate future risks. NetApp’s new storage appliances, with their 99.9% cybersecurity protection and commitment to 100% cyber resiliency, represent a forward-thinking solution to this challenge. By adopting NetApp’s appliances, organizations can ensure their data is protected at every layer, from quantum-proof encryption to ransomware defenses, all while ensuring quick and reliable data recovery.

In a world where cyber threats are an ever-present danger, NetApp’s innovative approach offers businesses the confidence that their data is secure—now and in the future.

The post NetApp Enhances Data Storage Security with 99.9% Cyber Protection for Unmatched Resilience first appeared on Cybersecurity Insiders.

The post NetApp Enhances Data Storage Security with 99.9% Cyber Protection for Unmatched Resilience appeared first on Cybersecurity Insiders.


April 30, 2025 at 08:29PM

Link11 brings three brands together on one platform with new branding

Frankfurt am Main, Germany, April 30th, 2025, CyberNewsWire

Link11 has fully integrated DOSarrest and Reblaze to become one of Europe’s leading providers of network security, web application security, and application performance

Link11, DOSarrest, and Reblaze have combined their strengths into a single, integrated platform with a new brand identity. The result: a consistent user experience, maximum efficiency, and seamless security. As a European provider, Link11 addresses the current business risks associated with geopolitical uncertainties and growing compliance requirements. At the same time, the company secures business-critical processes worldwide through the synergies created.

With the acquisitions of DOSarrest in 2021 and Reblaze Technologies in 2024, Link11 has expanded its market position. The new Link11 WAAP (Web Application and API Protection) SaaS platform combines comprehensive DDoS protection against web attacks with ML-based adaptive security and API protection. The result is an unmatched combination of adaptive real-time traffic filtering, AI-powered bot detection, and a next-gen web application firewall for secure and encrypted interactions in a single suite.

At the end of 2023, Link11 secured an investment of €26.5 million from Pride Capital Partners. This financing will support the company’s planned product developments and international go-to-market strategy.

Maximum security through proprietary, sovereign cloud infrastructure and artificial intelligence

Link11 is setting new standards in protection against DDoS attacks by using its own AI-based technology. The patented DDoS filter secures all traffic within the Link11 cloud – faster and more efficiently than conventional solutions. The advantages over competitors lie in users’ full control over scaling and intelligent real-time analysis of traffic, as well as continuous learning from attacks.

While other providers rely on third-party infrastructures such as AWS or Google, Link11 controls its own cloud infrastructure. This allows protection mechanisms to work in real time – without delays that can have critical consequences in a DDoS attack. As one of Europe’s leading IT security providers, Link11 enables platform-independent protection, even in multi-cloud environments.

Technological independence as a security factor

The solution is designed for workloads in any cloud environment. Link11’s network was developed specifically for modern cybersecurity requirements and sovereignty. It strengthens security at the network edge, accelerates global content delivery, and provides resilience and data sovereignty.

Jens-Philipp Jung, founder and CEO of Link11: “Cybersecurity today means resilience against threats and outages. European companies that set global standards in data protection should also insist on independence when it comes to their cyber resilience. Especially in times of geopolitical uncertainty, sovereign, powerful and trustworthy IT solutions are needed. With Link11, we are demonstrating what European cutting-edge technology can achieve: maximum resilience, top performance and uncompromising compliance – independently and confidently”.

European companies should rely on an EU-based DDoS protection provider

Recent surveys of cybersecurity managers show that, given the option, independent and trustworthy security solutions from Europe will be used more in the future. Link11 has been successfully providing its services to companies such as financial institutions, media companies, retail and logistics companies, and the public sector for many years. With a strong brand and a multi-layered security approach, Link11 helps its customers reduce their dependence on cybersecurity. The goal is to make security architectures more resilient – technologically, functionally, and geopolitically. 

YouTube link: Link11 – Always at your side

About Link11

Link11 is a specialized European IT security provider that protects global infrastructures and web applications from cyberattacks. Its cloud-based IT security solutions help companies worldwide strengthen the cyber resilience of their networks and critical applications and avoid business interruptions. Link11 is a BSI-qualified provider of DDoS protection for critical infrastructure. With ISO 27001 certification, it meets the highest standards in data security.  

Contact

Lisa Froehlich
Link11 GmbH
l.froehlich@link11.com

The post Link11 brings three brands together on one platform with new branding first appeared on Cybersecurity Insiders.

The post Link11 brings three brands together on one platform with new branding appeared first on Cybersecurity Insiders.


April 30, 2025 at 02:00PM

Cloud Security Challenges in Hybrid Environments: Navigating the Complexities of the Cloud

As businesses continue to embrace digital transformation, hybrid cloud environments—comprising a combination of on-premises infrastructure and public/private cloud resources—have become increasingly popular. The flexibility, scalability, and cost-efficiency offered by the cloud are undeniable, but they also introduce a unique set of security challenges that organizations must navigate.

While hybrid environments enable businesses to leverage the best of both worlds, they come with an added complexity that requires a more sophisticated approach to cloud security. In this article, we’ll explore the most common security challenges observed in hybrid cloud environments and how organizations can mitigate these risks.

1. Complex Visibility and Control

One of the foremost challenges in hybrid cloud environments is maintaining comprehensive visibility and control over both on-premises and cloud-based systems. With workloads and data dispersed across various platforms—private data centers, public cloud providers (like AWS, Microsoft Azure, or Google Cloud), and possibly even multiple clouds—ensuring complete monitoring and governance can be an arduous task.

Why it’s a challenge:

•    The use of different cloud providers introduces varying tools, security standards, and governance protocols, making it difficult to implement a uniform security policy across all environments.

•    Traditional security tools and frameworks designed for on-premises systems often struggle to adapt to the elastic nature of cloud-based services, leading to potential gaps in visibility.

Mitigation strategies:

•    Adopt a centralized cloud security platform that integrates multiple cloud environments and on-premises systems.

•    Use cloud-native security tools from providers that offer unified management interfaces, such as AWS Security Hub or Azure Security Center, to get a consolidated view of security alerts, configurations, and monitoring.

2. Data Security and Compliance Concerns

Data is often considered the lifeblood of organizations, and hybrid cloud environments create significant concerns about data security, privacy, and compliance. Storing sensitive information both on-premises and in the cloud increases the attack surface, making it harder to enforce consistent protection across all data assets.

Why it’s a challenge:

•    Ensuring data is encrypted both in transit and at rest is a constant challenge in hybrid environments, where different security controls may apply depending on where the data resides.

•    Regulatory requirements such as GDPR, HIPAA, and PCI-DSS can become more difficult to comply with when data is spread across various systems, potentially across different geographic regions.

Mitigation strategies:

•    Implement end-to-end encryption for data, regardless of whether it’s stored on-premises or in the cloud.

•    Leverage cloud services that provide built-in compliance certifications and features, such as data residency controls and audit logging.

•    Use Data Loss Prevention (DLP) tools to monitor, detect, and prevent unauthorized access to sensitive data.

3. Identity and Access Management (IAM)

Effective identity and access management is critical for protecting resources in any IT environment, but in hybrid environments, it becomes especially complex. In a hybrid model, employees, contractors, and services may access both on-premises systems and cloud services, requiring tight coordination between multiple IAM systems.

Why it’s a challenge:

•    Managing multiple identity providers (e.g., Active Directory, cloud IAM) increases the risk of inconsistent policies, which can lead to unauthorized access or privilege escalation.

•    The complexity of federating identities between on-premises and cloud systems without proper synchronization can create gaps in security.

Mitigation strategies:

•    Implement a unified identity and access management solution that can manage both on-premises and cloud-based access controls from a single interface.

•    Use tools such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA) to strengthen authentication and ensure only authorized users can access critical systems and data.

•    Regularly audit and review access permissions to ensure that employees have the minimum necessary privileges, especially in cloud-based systems.

4. Insecure APIs and Integrations

In hybrid cloud environments, APIs play a central role in enabling communication between on-premises systems and cloud services. However, unsecured or poorly managed APIs can be a significant vulnerability, as they are often targeted by attackers to exploit weaknesses in the system.

Why it’s a challenge:

•    The sheer number of APIs used to connect disparate cloud and on-premises systems makes it difficult to track and secure them all.

•    If APIs are not properly secured, they can serve as entry points for attackers to exploit vulnerabilities in applications or data.

Mitigation strategies:

•    Implement secure API gateways that can monitor, authenticate, and control access to APIs.

•    Regularly perform vulnerability assessments and penetration testing on APIs to identify and fix weaknesses before they can be exploited.

•    Enforce API security best practices, such as using HTTPS, OAuth, and API rate limiting, to reduce the likelihood of exploitation.

5. Security Misconfigurations

Misconfigurations are one of the leading causes of security breaches in the cloud. Given the dynamic nature of hybrid environments, where systems are constantly being provisioned and decommissioned, ensuring that every cloud resource is configured securely can be a difficult task.

Why it’s a challenge:

•    Cloud providers offer a vast array of configurations, each with its own set of options and security implications, which can easily be misconfigured, leaving systems vulnerable.

•    Overly permissive default settings or insufficiently restrictive access policies can inadvertently expose sensitive resources to unauthorized users.

Mitigation strategies:

•    Leverage automated security configuration management tools (e.g., Terraform, AWS Config, or Azure Policy) to enforce compliance and prevent misconfigurations.

•    Adopt a “least privilege” access model to minimize unnecessary permissions and ensure that only the necessary users and services can access cloud resources.

•    Conduct regular configuration audits and vulnerability scans to identify and rectify any misconfigurations before they can lead to a breach

6. Lack of Skilled Security Professionals

Hybrid environments often require a highly specialized set of skills, especially when it comes to managing the security of both on-premises and cloud systems. The rapid adoption of cloud technologies has created a significant demand for skilled professionals who can manage hybrid environments securely, but the cybersecurity talent pool remains limited.

Why it’s a challenge:

•    As hybrid environments become more complex, organizations face difficulties in hiring and retaining cybersecurity professionals with expertise in both on-premises infrastructure and cloud platforms.

•    The growing volume of security alerts, complex threat landscapes, and continuous patch management require expertise that many in-house teams may lack.

Mitigation strategies:

•    Invest in training and upskilling your IT and security staff to bridge the knowledge gap between on-premises and cloud security best practices.

•    Consider leveraging managed security service providers (MSSPs) to augment your internal security team, providing expertise in hybrid cloud security without the need for additional full-time hires.

•    Adopt a shared responsibility model with cloud providers to understand what aspects of security are managed by the provider and what falls under your organization’s responsibility.

7. Insider Threats

In hybrid environments, where employees may access both on-premises and cloud resources from various locations and devices, insider threats—whether malicious or accidental—become a major security concern. Employees, contractors, or third-party vendors with privileged access can cause significant damage, whether intentionally or by error.

Why it’s a challenge:

•    Hybrid cloud environments often lack a consistent approach to monitoring and controlling insider access, particularly as users work across multiple environments.

•    The rise of remote work and Bring Your Own Device (BYOD) policies adds additional layers of complexity, increasing the chances of unintentional data exposure.

Mitigation strategies:

•    Implement strict access controls, including Zero Trust principles, where every request for access is continuously verified, regardless of the user’s location or device.

•    Deploy user and entity behavior analytics (UEBA) to detect anomalous activities that could indicate insider threats.

•    Regularly educate employees on the risks of insider threats, data handling policies, and how to identify and report suspicious activities.

Conclusion

While hybrid cloud environments offer significant advantages in terms of flexibility and scalability, they also introduce a unique set of security challenges that organizations must address to maintain a robust cybersecurity posture. From complex visibility and control issues to the risks associated with data security, APIs, and insider threats, organizations must adopt a proactive and multi-layered approach to cloud security.

By implementing best practices such as unified IAM systems, automated configuration management, secure APIs, and constant monitoring, businesses can mitigate the risks associated with hybrid cloud environments. As the hybrid cloud model continues to grow in popularity, staying ahead of these security challenges will be critical to maintaining the trust of customers, partners, and regulatory bodies alike.

The post Cloud Security Challenges in Hybrid Environments: Navigating the Complexities of the Cloud first appeared on Cybersecurity Insiders.

The post Cloud Security Challenges in Hybrid Environments: Navigating the Complexities of the Cloud appeared first on Cybersecurity Insiders.


April 30, 2025 at 11:04AM

Tuesday, April 29, 2025

DragonForce Ransomware behind Mark and Spencer digital outage

Almost a week ago, renowned UK-based retailer Marks & Spencer (M&S) became the victim of a devastating cyber attack that left the company in full-blown disruption mode. The retailer, known for its wide range of quality clothing, food, and household goods, now faces the aftermath of a sophisticated and well-executed cyber assault. Recent reports indicate that the attack is likely the work of a highly organized crime group, known as DragonForce, who deployed a powerful ransomware variant that could have caused lasting damage to the company’s IT infrastructure for days.

As the attack unfolded, M&S’s IT teams have been working around the clock to restore the company’s systems and resume normal operations. However, customers have reported ongoing issues, particularly with online bookings and technical glitches on the retailer’s website. The company’s internal networks were clearly disrupted, resulting in a series of cascading problems for both employees and customers trying to access M&S’s digital services.

The DragonForce Group and Its Methods

The group responsible for this cyber attack, DragonForce, is no stranger to high-profile ransomware incidents. Known for their “double extortion” tactics, they employ a two-pronged approach to cybercrime. First, DragonForce infiltrates the targeted organization’s systems and extracts sensitive data. Once they’ve secured the data, they encrypt it, effectively locking the company out of its own information until a ransom is paid. This ransom is typically demanded in cryptocurrency, making it difficult to trace the payments. The encryption locks the company’s access to its critical data, potentially crippling business operations for an extended period.

But the extortion doesn’t end there. Even after the ransom is paid, there is no guarantee that the attackers will provide the decryption key. The criminals often choose to sell the stolen data on the dark web, leaving the victimized company with not just the potential for business disruption but also the looming threat of data breaches and identity theft.

M&S’s Silence on the Attack

As of now, Marks & Spencer has refrained from making an official statement about the involvement of DragonForce or the specifics of the attack. The company has chosen to handle the situation discreetly, focusing on recovery efforts and planning to disclose the full details at a later time. While this level of confidentiality is understandable from a corporate standpoint, it leaves customers and the general public in the dark about the scope and severity of the breach.

However, the lack of an official update does raise questions about how deep the attack may have penetrated into the company’s systems. If the malware was as sophisticated as reports suggest, the recovery process could take much longer than initially anticipated.

The Ripple Effect of Cyber Attacks

Cyber-attacks of this magnitude bring significant consequences to the victimized companies. Apart from the immediate disruption to business operations, such attacks often tarnish the brand’s reputation. Consumers, especially those entrusting personal data to online services, tend to view a company’s inability to safeguard their information with skepticism. In M&S’s case, this could undermine years of consumer trust and loyalty.

Additionally, law enforcement agencies such as the FBI and Europol strongly advise against paying the ransom in situations like this. The primary reason being that paying the ransom not only funds criminal enterprises but also doesn’t guarantee the attackers will release the decryption key. In some cases, companies that comply with ransom demands find themselves targeted again, as cybercriminals perceive them as easy marks.

The Threat of Data Theft and Its Aftermath

In the case of “double extortion” ransomware attacks, the immediate concern isn’t just the disruption of business systems but the theft and sale of sensitive company data. DragonForce, like other ransomware groups, is known to sell this data on the dark web, where it can be used for a range of malicious purposes. This could include identity theft, fraud, and social engineering attacks targeting both the company’s customers and employees.

For businesses like M&S, the threat of customer data being sold on the dark web presents a long-term risk to their reputation and the safety of their clientele. Consumers who have their personal information exposed may face a variety of security risks, including financial fraud and phishing scams. This makes the impact of a cyberattack extend far beyond the immediate disruption, leaving companies to clean up the mess for months, or even years.

What Should Companies Do in Response?

The best course of action for any company facing a cyber attack is to refrain from paying the ransom. Instead, businesses should report the incident to the appropriate law enforcement authorities. Agencies like the FBI and Europol are equipped to track stolen data and monitor its potential sale on the dark web. By involving law enforcement early, companies can ensure that there are efforts to mitigate the risks of further data breaches and limit the damage caused by the attack.

Moreover, organizations should adopt proactive cybersecurity measures to help prevent future breaches. This includes regularly updating software and security patches, using strong encryption practices, training staff on phishing awareness, and investing in a robust backup system to ensure data can be recovered quickly in the event of an attack.

The Growing Threat of Cybercrime

The M&S incident underscores a broader trend in the growing sophistication of cybercriminal groups. As more businesses move online and digitize their operations, they become prime targets for ransomware attacks. The rise of ransomware-as-a-service has also made it easier for even less technically skilled criminals to launch such attacks. With the increasing frequency and severity of these incidents, it is more important than ever for organizations to take cyber threats seriously and adopt a comprehensive approach to cybersecurity.

In conclusion, while the immediate impact of the DragonForce attack on M&S is still unfolding, it serves as a stark reminder of the growing risks businesses face in the digital age. Proactive planning, strong cybersecurity defenses, and cooperation with law enforcement are essential to mitigate the damage caused by cybercriminals and protect the interests of both companies and their customers.

The post DragonForce Ransomware behind Mark and Spencer digital outage first appeared on Cybersecurity Insiders.

The post DragonForce Ransomware behind Mark and Spencer digital outage appeared first on Cybersecurity Insiders.


April 30, 2025 at 10:54AM

Insider Threat alert as Cybersecurity firm CEO plants malware into hospital network

Imagine the unthinkable: a CEO of a cybersecurity company intentionally infecting a hospital’s network with malware. This shocking scenario became a reality in the United States when Jefferey Bowie, the CEO of Veritaco, was arrested for criminal acts involving cyberattacks on Saint Anthony Hospital in Oklahoma City.

The Incident

On April 14, 2025, Jefferey Bowie was taken into custody and charged with two counts of violating the Oklahoma Computer Crimes Act. The criminal activities in question took place on August 6, 2024, when Bowie allegedly planted malware into the hospital’s computer network, compromising sensitive systems and potentially jeopardizing patient care.

The most alarming detail in this case is that Jefferey Bowie, the CEO of a company in the cybersecurity industry, was directly involved in the cyberattack. Surveillance footage from the hospital’s security cameras is reported to provide crucial evidence linking Bowie to the crime. While the exact motive behind the attack remains unclear, it seems to suggest one of two possible intentions: either financial gain or personal vengeance.

How Did the CEO Gain Access?

The circumstances surrounding how Bowie was granted access to the hospital’s systems are still under investigation. According to court documents, Bowie allegedly convinced hospital officials that he needed access to the hospital’s network to review medical investigation reports related to a relative undergoing treatment at Saint Anthony Hospital. The fact that the hospital provided this access raises significant concerns about the internal security protocols in place, especially given Bowie’s high-level position in a cybersecurity company.

Potential Legal Consequences

If convicted, Jefferey Bowie could face serious legal repercussions, including criminal imprisonment. Additionally, he may be subject to a financial penalty ranging from $50,000 to $100,000, or possibly both, depending on the specific circumstances and severity of the breach. This case highlights the risks associated with insider threats and the potential damage caused by individuals with access to critical systems and sensitive data.

The Growing Threat of Insider Attacks in Healthcare

This incident serves as a stark reminder of the growing threat posed by insider attacks in the healthcare sector. Hospitals, healthcare providers, and related organizations must be vigilant in protecting their networks from malicious actors, both external and internal. Insider threats often arise from disgruntled employees, business competitors, or even trusted partners with access to sensitive systems.

Healthcare institutions must take proactive measures to mitigate these risks, including rigorous background checks for staff and contractors, enhanced network monitoring, and continuous employee training on cybersecurity best practices. Additionally, implementing robust access control policies and real-time network surveillance can help detect and prevent unauthorized activities before they cause significant harm.

Conclusion

The arrest of Jefferey Bowie underscores the importance of safeguarding healthcare systems from internal and external cybersecurity threats. As we continue to rely more on technology in the healthcare sector, it is critical for organizations to stay one step ahead of cybercriminals and to prioritize the security of their networks, particularly when dealing with highly sensitive data like medical records. With insider threats on the rise, now is the time for hospitals and healthcare firms to reassess their cybersecurity strategies to ensure the safety and privacy of their patients.

The post Insider Threat alert as Cybersecurity firm CEO plants malware into hospital network first appeared on Cybersecurity Insiders.

The post Insider Threat alert as Cybersecurity firm CEO plants malware into hospital network appeared first on Cybersecurity Insiders.


April 29, 2025 at 08:42PM

Behavioural economics of enterprise password management

When someone asks how you start a typical weekday, your answer likely includes the usual suspects, be it waking up, brewing coffee, or maybe even a quick scroll through the news. But almost inevitably, in the post-pandemic world where remote work has become commonplace, it also includes logging in to work.

Buried in this mundane act is a timeless truth we often overlook. It’s part of a modern ritual that every hybrid worker performs quietly, instinctively, like it’s muscle memory—a ritual that organizations everywhere rely on, day in and day out, to protect their business integrity. 

It’s not glamorous. It’s rarely questioned. But it defines the frontline of enterprise security: It’s the password routine.

While the password routine is something that is of importance to organizations, for employees, it is simply a part of the daily grind, an afterthought tucked between calendar invites and coffee refills, driven more by habit than by a conscious understanding of its security implications. 

 The subtle art of choosing a password 

So this is how it goes, right? 

When you join an organization, you are added to their corporate network. Immediately, you are instructed to choose a password that you will use to log in to work, remotely or otherwise. 

Now let’s be honest, at this particular juncture, how many of us put the security of the organization over our everyday convenience?

Yes, there are organizational policies that demand that you choose complex passwords. But let’s face it, most of us still choose the nearest mental shortcut—the very same password we’ve used for years in other places, tweaked just enough to meet the bare minimum requirements, likely written down somewhere.

Alright, let’s say we do this for organizational routines where forgetting a password is a hassle, because there are compliance policies to navigate, reset procedures to follow, and IT support to involve. In a bureaucratic work setting like that, reusing an easy-to-remember password makes a certain kind of sense. We, however, carry the same behavior into our personal lives too, where support is limited and the consequences of a breach can be far more personal, yet we often choose convenience over security.  

We know password reuse is bad. So, why do we still do it? 

Organizations tend to overlook this underlying behavioral pattern and instead respond by piling on layers of compliance training and rigid security protocols over already burdensome password routines. This is because they often choose to treat password misbehavior by their workforce as a knowledge problem. They assume that if employees knew better, they’d practice better password hygiene. 

That’s just not it. This behaviour is due to deeply hard-coded cognitive biases that drive us towards making decisions that express our wariness towards anything that falls beyond the boundaries of the familiar. 

Bounded rationality

Just enough is good enough.

The concept suggests that when people are bounded by limits such as time, information, and cognitive resources, they don’t seek to make the perfect decision, but rather choose to settle with a satisfactory one.

We aren’t trying to get security wrong. We are simply trying to get our job done. Managing passwords is mentally exhausting, so we settle for shortcuts like browser autofill or reused passwords. It is not laziness. It’s simply an efficient trade-off in our mental cost benefit calculation.

Availability heuristic

If I remember it, it must be right.

This cognitive bias suggests that people verify the integrity or truth of something based on how easily they can recall an example or piece of information to justify it. The more recent or personal it is, the more integral or secure people feel regardless of actual evidence. 

We manage passwords the same way we manage memories: by leaning on what’s easiest to recall. So, we stick with variations of the same password or reuse ones from other accounts. We don’t choose these passwords because they are secure, which they aren’t, but because they are cognitively available. We equate memorability with safety, even when that makes us more vulnerable.

Loss aversion

I’d rather not lose access than make it more secure.

This cognitive principle refers to the fact that people feel the pain of loss more vividly than they feel the pleasure of potential gains.

For many users, the fear of being locked out feels more immediate than the risk of a cyberattack. This anxiety drives habits like writing passwords down, reusing passwords from personal accounts, or using system defaults. It is not that people do not understand the risks. It is that the need for uninterrupted access often outweighs the promise of long-term protection.

Expecting perfect decisions from a workforce in imperfect circumstances often proves futile. If secure behaviour feels like a burden, it means the system wasn’t built with people in mind. While security practices could be inculcated with a training video, the buck does not stop there. 

Bridging the gap between the familiar and the secure 

To truly support secure behaviour at scale, organizations must take the burden of password management out of employees’ hands. Organizations need to reduce the likelihood of human error and bypass the biases that lead to password fatigue, reuse, or insecure storage. The best way to prevent risky password behaviour is to remove the need for passwords altogether.

Adoption of authentication tools that allow the use of passkeys, SSO, and magic links remove the friction points where users typically falter. 

Passkeys are a shift in default behaviour. Instead of forcing users to recall or manage credentials, passkeys use device-bound cryptographic keys that sync securely across devices. In places where passkeys can’t be applied, SSO can be enabled for cross-organzational access. SSO streamlines access across platforms with a single credential or authentication touchpoint. By centralizing login, users aren’t juggling dozens of entry points. 

To further eliminate the biases that interfere with password management, organizations can take advantage of the use of passkey-enabled vaults that take away the need for password management by the individual. Once these systems are in place, organizations can then, with training that enables value-based engagement, show employees how these systems make security go hand-in-hand with productivity.

These upgrades bypass bounded rationality by removing the mental strain of managing access under pressure because the fewer decisions people need to make, the fewer chances they have to settle for whatever gets them through the day. And when there’s nothing to remember, the availability bias has no room to work its illusion. The choice disappears, therefore so does the risk. For users who fear getting locked out more than being breached, this is a shift that matters, because now they get security without sacrificing access.

So, when an organization adopts such controls that take away the dependency on the user’s cognitive biases, they’re not just deploying a security measure. They’re making a behavioural intervention. They’re eliminating the decision points where things go wrong, where people choose what’s easy, not what’s right.

Ensuring policy keeps pace with tech 

The transition to a truly secure enterprise can’t rely on technology alone. It must also be reflected at a policy level. Traditional access sharing when it comes to privileged access to critical systems often leaves gaps. For example, in instances when there are scheduled maintenance tasks to be performed on critical domain endpoints, employees rely on shared credentials or manual approval processes, where cognitive shortcuts lead to over-permissioned accounts and stagnant access rights. 

To counter this, organizations are increasingly turning to passwordless access sharing through privileged access management solutions. These solutions streamline the process by automatically granting, revoking, and auditing access based on predefined policies. PAM solutions ensure that every access is just in time and precisely scoped, removing the need for human intervention. 

Yet even the best technical solutions can’t overcome a misaligned policy.

In this context, artificial intelligence steps in as a crucial enabler at the policy layer. IT administrators who are meant to supervise privileged access are also human and also go through similar cognitive biases, which would allot access based on previous instances. However, sometimes privileged users might have permissions that they have never used, which might slip under the radar, leading to standing privileges. 

When artificial intelligence is introduced at this juncture to suggest dynamic privileged access policies based on real-time risk assessments and to detect anomalous behavior, it tends to these unnecessary cognitive interferences.

Recognising the absurdity in enterprise password management 

In The Myth of Sisyphus, Albert Camus tells an absurd story of a man condemned to push a boulder uphill forever, only to watch it roll back down each time. Camus uses this image to explore how, even in repetitive and seemingly meaningless tasks, we search for purpose.

In many ways, our daily interactions with security protocols, be it passwords, login prompts, phishing drills, and compliance checklists, feel a lot like Sisyphus’ burden. We’re expected to stay alert, follow a growing list of rules, and keep up with our actual work. But people don’t function well under constant pressure. Over time, fatigue kicks in, habits take over, and we look for workarounds, not because we don’t care, but because it’s human nature.

The solution is not to add more complexity; it’s to rethink the system. Tools like passkeys, SSO, PAM, and AI do not just improve security. They’re philosophical corrections. They relieve the individual of this absurdity. In doing so, the boulder vanishes, and what remains is a system designed to reflect the reality of people’s thought processes and cognitive capacities.

__

Author bio

Niresh Swamy is an enterprise evangelist at ManageEngine, the enterprise IT management division of Zoho Corporation. In his current role, he explores the tech, IT, and cybersecurity landscape, unearthing disruptive news about industries and converting his research into thought leadership content. When not at work, Niresh channels his creativity into existential poetry, loses himself in speculative sci-fi novels, and devours everything cinema.

 

The post Behavioural economics of enterprise password management first appeared on Cybersecurity Insiders.

The post Behavioural economics of enterprise password management appeared first on Cybersecurity Insiders.


April 29, 2025 at 11:25AM

Monday, April 28, 2025

Akira Ransomware attack on Hitachi Vantara Servers

Hitachi Vantara, the global technology powerhouse and a subsidiary of Japan-based Hitachi, was targeted by the notorious Akira Ransomware gang last weekend, forcing the company to take drastic measures. In a bid to contain the spread of the malware, Hitachi Vantara was compelled to take several of its servers offline. This cyberattack has prompted the company to engage with cybersecurity experts, who will assist in navigating the complexities of the incident and guide the IT team in recovery efforts.

According to a statement released by the company, the cyberattack began on April 26, 2025, when its servers were compromised by file-encrypting malware. This attack, which disrupted operations to some degree, highlights the growing sophistication of modern cyber threats and underscores the vulnerabilities even the most secure companies face in today’s digital landscape.

About Hitachi Vantara’s Business and Clientele

For context, Hitachi Vantara operates in several critical sectors, providing cutting-edge storage appliances, cloud solutions, and specialized ransomware recovery services. Its client portfolio spans high-profile public and private entities, including global names such as BMW, Telefonica, and T-Mobile. The company’s broad customer base makes it a significant target for cybercriminals, demonstrating the scale and potential impact of such breaches.

Despite its proactive cybersecurity measures, including rigorous defenses designed to protect sensitive data and infrastructure, Hitachi Vantara fell victim to the Akira ransomware group. This breach not only demonstrates the resilience of cybercriminals but also highlights their ability to bypass even the most robust security protocols, giving a glimpse into the increasingly sophisticated tactics employed by these hackers.

The Akira Ransomware Gang: A Growing Threat

The Akira ransomware group has been active in the cybercrime landscape since 2023. Since then, the gang has reportedly targeted nearly 300 organizations worldwide, with their attacks causing significant financial and operational disruptions. According to a recent analysis by the FBI, Akira’s operations have proven to be highly lucrative. In 2024 alone, the gang is believed to have collected over $42 million in ransom payments from victims, further demonstrating the high stakes and financial motivations behind such cyberattacks.

Akira’s modus operandi typically involves encrypting a victim’s data, rendering it inaccessible unless a ransom is paid. In some cases, they also threaten to release sensitive information to the public if the demands are not met. This two-pronged approach—disrupting operations and leveraging fear of data leaks—has made Akira and similar groups a growing concern for organizations across industries.

Ransomware’s Increasing Threat to All Businesses

This latest attack serves as a stark reminder that no business, regardless of its size or the precautions it takes, is entirely immune to the growing threat of ransomware. As cybercriminals become more organized and sophisticated, even the most diligent companies face increasing risks. Experts continue to stress the importance of comprehensive cybersecurity strategies that include multi-layered defenses, continuous monitoring, and prompt response plans to mitigate the impact of any potential breach.

Call to Action: Reporting Cyber Incidents and Avoiding Ransom Payments

In the wake of such incidents, authorities urge businesses to take immediate action if they fall victim to a cyberattack. It is strongly advised that organizations report these attacks to law enforcement agencies within 48 hours. This not only helps in tracking the cybercriminals but also contributes to broader efforts to prevent further crimes.

Furthermore, experts continue to advise against paying ransoms. Although paying the ransom may seem like a quick fix to restore access to encrypted files, it is often ineffective. There is no guarantee that the hackers will provide the decryption keys or honor their promises. Worse, paying ransoms encourages further criminal activity, making businesses more likely to become future targets.

Looking Ahead: Enhancing Cybersecurity Defenses

As the digital threat landscape continues to evolve, businesses of all sizes must stay ahead of the curve by adopting a proactive cybersecurity stance. This includes investing in advanced threat detection technologies, educating employees about phishing and other common attack vectors, and regularly testing incident response plans. By strengthening defenses and fostering a culture of cybersecurity awareness, companies can better shield themselves from the ever-present risk of cybercrime.

 

The post Akira Ransomware attack on Hitachi Vantara Servers first appeared on Cybersecurity Insiders.

The post Akira Ransomware attack on Hitachi Vantara Servers appeared first on Cybersecurity Insiders.


April 29, 2025 at 10:32AM

Power blackouts across Spain, Portugal and France, likely by Cyber Attack

Over the past 2 to 4 hours, several countries, including Spain, Portugal, and parts of France, have been grappling with widespread power outages. While the exact cause remains under investigation, it is speculated that severe weather changes or a potential cyber-attack originating from Russia might be responsible.

As of now, authorities have not officially confirmed any cyber-attack linked to Russia, and investigations are ongoing to determine the root cause of the blackouts. Government sources have indicated that by 4 PM, power was restored in parts of the Iberian Peninsula, including France, but significant outages persist across large areas of Spain and Portugal.

The disruptions have caused chaos at airports and transit stations, where passengers have been left stranded due to technical failures, hindering the smooth flow of travel.

REN, Portugal’s electric grid operator, has pointed to extreme weather conditions and operational issues as possible factors. One theory is that a simultaneous surge in power generation from solar and hydropower grids overwhelmed the system, causing interference with power production from gas and coal plants. This scenario has been further complicated by a shortfall in electricity generation relative to demand, with a loss of around 10 gigawatts of power, primarily due to the failure of renewable energy sources.

Meanwhile, media speculation is running wild, with some outlets suggesting that the blackout may be part of a larger cyber-attack aimed at pressuring the European Union to withdraw support for Ukraine. Other reports have hinted at a “hybrid” attack, implying that more disruptions could follow.

Regardless of the cause, the situation highlights a troubling trend: While the conflict between Ukraine and Russia shows no signs of abating, it’s important to remember that neither side has the right to inflict harm on innocent civilians in other countries.

If the blackouts were indeed the result of a cyber-attack—and if further attacks are anticipated—it is crucial for governments, especially in developed nations, to devise a strategy to protect against these types of threats.

Failure to act could lead to catastrophic consequences for global stability and security.

The post Power blackouts across Spain, Portugal and France, likely by Cyber Attack first appeared on Cybersecurity Insiders.

The post Power blackouts across Spain, Portugal and France, likely by Cyber Attack appeared first on Cybersecurity Insiders.


April 28, 2025 at 08:18PM

Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy

Toronto, Canada, April 28th, 2025, CyberNewsWire

Dismissal affirms no-logs policy as a valid legal defense, avoiding a chilling effect on privacy infrastructure providers worldwide.

Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an unknown user of the service.

The case centred around a Windscribe-owned server in Finland that was allegedly used to breach a system in Greece. Greek authorities, in cooperation with INTERPOL, traced the IP address to Windscribe’s infrastructure and, unlike standard international procedures, proceeded to initiate criminal proceedings against Sak himself, rather than pursuing information through standard corporate channels.

“This was not just about me,” said Sak. “It was about drawing a hard legal line around the role of privacy infrastructure providers. As we do not log user activity, we cannot hand over what we do not have.”

The charges against Sak were formally dismissed on April 11, 2025. The court did not find sufficient evidence to implicate Sak or Windscribe in any wrongdoing.

A Case with Global Ramifications

The legal proceedings unfolded against the backdrop of increasing pressure on privacy tech companies worldwide. While most law enforcement agencies issue subpoenas to VPN providers when criminal activity is suspected, Windscribe routinely responds that it is unable to comply due to its strict no-logs policy — a response that is almost always accepted without escalation.

This case, however, deviated sharply from that norm. After subpoenaing the data center provider in Finland, which yielded the account holder’s name — Sak — Greek authorities immediately started criminal proceedings. No information was requested from Windscribe, and the first time the company heard of the issue was after the receipt of the legal summons. 

“This sets a concerning precedent for anyone who owns servers that could be used by others,” said Sak. “If upheld, it could have criminalized infrastructure ownership for actions taken by anonymous users.”

Why Windscribe Won’t Keep Logs

Windscribe believes that the internet should be free of censorship, personal data harvesting, targeted advertising, and geographic restrictions. Adherence to this philosophy is taken very seriously — the company does not pay for any advertisements or promoted content; it’s a key tenet of its ethics and philosophy. 

Sak emphasized that Windscribe remains committed to user privacy and operational transparency. “Some say VPNs should be banned because a few people misuse them,” said Sak. “By that logic, we should also ban hammers and cars.”

The case underscored a central challenge for privacy providers: assisting with legal investigations requires collecting user logs — a step that fundamentally compromises the trust and utility of a privacy service. Once stored, these logs can be compelled by courts in jurisdictions where speech itself is criminalized.

“Today it’s hacking. Tomorrow it could be speaking ill of a dictator’s beard,” said Sak. “We’d rather fight in court than betray our users.”

About Windscribe

Founded in 2016, Windscribe is a VPN and privacy tools provider trusted by tens of millions of users worldwide to safeguard online privacy and bypass censorship. With a strict no-logs policy, open-source apps, and a record of fighting for user rights in court, Windscribe remains one of the most transparent and principled providers in the privacy tech space.

To learn more, users can visit https://windscribe.com

Media Contact:

hello@windscribe.com

Contact

Yegor Sak
hello@windscribe.com

The post Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy first appeared on Cybersecurity Insiders.

The post Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy appeared first on Cybersecurity Insiders.


April 28, 2025 at 06:05PM

Sunday, April 27, 2025

Chinese cars can secretly transfer data from charging stations in UK

Chinese products have become a staple in markets around the world. From household items like pens to complex machinery such as cars, China’s manufacturing power is unmatched. The primary reasons for their widespread presence are their affordability, accessibility, and ease of use. As a result, Chinese products are exported globally, flooding markets in the West where they often offer a more budget-friendly alternative to domestically produced goods. This has led to a significant market share for Chinese manufacturers, particularly in industries like electronics, textiles, and, more recently, electric vehicles (EVs).

However, the rise of Chinese goods isn’t without its concerns. In recent years, increasing attention has been paid to the security risks posed by products originating from China. A particular issue has come to light recently, causing alarm within defense circles. According to reports from security experts and defense firms, there are growing concerns over the potential for Chinese-made electric vehicles (EVs) to be used as a means for surveillance by the Chinese government.

The EV Surveillance Scare

Electric vehicles, which have become increasingly popular in Europe and beyond, could potentially be used as a conduit for collecting data on their users. In particular, experts have raised alarms about the possibility that data from smartphones—especially those charging while plugged into the car’s system—could be intercepted or even forwarded to a central database controlled by the Chinese government. The primary concern is that personal data, including sensitive information, could be routed from the smartphone to the car’s dashboard interface and from there to the vehicle’s charging point, potentially bypassing security measures and causing a significant national security threat.

This worry is particularly pressing in the United Kingdom, where defense experts, including those from the Royal United Services Institute (RUSI), have issued warnings about the risks associated with Chinese-made electric vehicles. The fear is that such vehicles might be gathering data without the knowledge or consent of their users, opening up the possibility for extensive surveillance.

The Shift Toward Chinese EV Brands

The growing demand for electric cars in the UK and other Western markets is also being fueled by geopolitical factors. In particular, the ongoing trade and tariff war between the United States and China has contributed to a shift in consumer behavior. Under the Trump administration, tariffs were imposed on a wide range of Chinese imports, leading to higher costs for American-made electric vehicles, including popular brands like Tesla. As a result, many British consumers are increasingly turning to Chinese alternatives, which are not only more affordable but also free from the additional burden of American tariffs.

In fact, sales of Chinese electric vehicles in the UK have surged by 12% since November of last year, and experts predict that this figure could rise even further between June and November of this year. Several Chinese EV manufacturers, including BYD, Ora, Geely, and XPENG, are aggressively targeting the European market, offering substantial discounts in an attempt to capitalize on the ongoing trade tensions. These manufacturers are working to capture a significant portion of the market share in the UK, where consumers are looking for cost-effective and environmentally friendly alternatives to traditional gasoline-powered vehicles.

National Security Warnings from Major UK Defense Players

Given the increasing popularity of Chinese-made EVs, defense companies in the UK, such as Rolls-Royce and BAE Systems, have expressed serious concerns about the security risks posed by these vehicles. They have specifically advised consumers not to charge their smartphones in electric cars via Bluetooth or charging cables due to the potential for data leakage and espionage.

While these warnings are important to consider, it’s worth noting that not all electronics manufactured in China can automatically be accused of spying. China’s manufacturing sector is deeply integrated into the global supply chain, and many products, from smartphones to home appliances, often contain components or spare parts sourced from Chinese factories. This makes it difficult to single out Chinese products as inherently dangerous or prone to espionage. If we were to dismiss all Chinese-made electronics based on security concerns, it would significantly limit our options and potentially isolate us from much of the world’s technological advancements.

Balancing Security and Innovation

While it’s crucial to be cautious and aware of the potential risks associated with Chinese-made products, particularly in the context of national security, it’s equally important not to jump to conclusions or make sweeping generalizations. Chinese manufacturing has undeniably contributed to global innovation, offering affordable and high-quality goods that are widely used across many sectors.

In the case of electric vehicles, as with any technology, transparency, robust security protocols, and international cooperation are essential in addressing concerns about data privacy and security. Rather than outright rejection of Chinese-made products, the focus should be on developing better security standards and ensuring that consumers are fully informed about the risks involved. If we allow paranoia to dictate our purchasing decisions, we may inadvertently stifle technological progress and limit our access to products that offer real value.

As with any major technological shift, it’s important to strike a balance between innovation, convenience, and security. Until more concrete evidence emerges regarding espionage or surveillance concerns, it would be premature to dismiss Chinese products wholesale. However, consumers and governments alike must remain vigilant and demand better transparency and stronger safeguards in the technologies they adopt.

The post Chinese cars can secretly transfer data from charging stations in UK first appeared on Cybersecurity Insiders.

The post Chinese cars can secretly transfer data from charging stations in UK appeared first on Cybersecurity Insiders.


April 28, 2025 at 10:50AM

Saturday, April 26, 2025

A Comprehensive Review of BlackFog’s ADX Platform for Ransomware Defense

The evolving ransomware landscape and the growing threat of data exfiltration. 

Ransomware is more than just a cyberthreat—in recent years it has evolved into a major societal crisis. A single successful attack can disrupt essential services, destabilize local economies, and cause cascading effects across entire communities. A notable example was the 2021 attack on Colonial Pipeline, where a single ransomware incident triggered panic buying, widespread fuel shortages, and a spike in gas prices across the East Coast of the United States. This incident made ransomware mainstream news and, what was once viewed as an IT issue, suddenly became a national emergency—proving that cybercrime can touch every corner of society.

Since that wake-up call, ransomware attacks have not only increased in frequency and scale, but they’ve also become more strategically targeted. Hospitals have been forced to cancel surgeries and redirect ambulances, while school systems have been forced to shut down operations for days or even weeks, leaving parents scrambling for childcare and students without access to education. In some cases, local governments have been unable to issue pay checks, manage utilities, or provide emergency services—putting vulnerable populations at even greater risk. Even supermarket supply chains have been disrupted, leading to shortages of food, medicines, and essential goods.

In 2025, the threat is escalating further with experts predicting a sharp rise in attacks against critical infrastructure, including water treatment facilities, transportation systems, and energy providers. These sectors are not only essential for daily life—they are also historically under-protected and increasingly interconnected, making them prime targets for exploitation. Perhaps the biggest concern is that attackers are no longer simply locking systems and encrypting data—they are now focused on exfiltrating data and using extortion tactics to threaten public exposure, regulatory fines, and reputational ruin. Disturbingly, the rate of data exfiltration in publicized attacks is now 95%. For organisations to address this threat, a shift toward proactive threat prevention, especially around data exfiltration, is critical. 

Introduction to BlackFog’s platform and its pioneering on-device ADX technology

BlackFog takes a revolutionary approach to the problem of ransomware and extortion with its innovative anti data exfiltration (ADX) technology—shifting the focus from perimeter defense to monitoring data movement to ensure no unauthorized data can be removed. Instead of just detecting intrusions, BlackFog’s AI-driven ADX technology prevents cybercriminals from exfiltrating data, effectively neutralizing threats in real-time.

This proactive, AI-based solution provides 24/7 protection without requiring human intervention, unlike most cybersecurity tools today. By blocking unauthorized data transfers, BlackFog ensures that ransomware attacks are stopped before they can cause any damage.

Key Features: A breakdown BlackFog’s standout capabilities in blocking data exfiltration

BlackFog’s multi-layered approach has been meticulously designed to minimize the impact of ransomware. 

  • Proactive Blocking: By preventing unauthorized data loss in real-time, BlackFog stops ransomware attacks as well as communication with C2 servers. 
  • AI-Driven Threat Analysis: Advanced artificial intelligence monitors network behavior for anomalies, intercepting malicious activity before it can escalate into a full-blown attack. Its algorithms have been trained against all existing variants and automatically adapt to new zero day attack techniques. 
  • On-Device Protection: Offers continuous monitoring without reliance on external databases or cloud services.
  • Real-Time Geofencing: Every data packet’s destination is analyzed to detect and block unauthorized transfers outside defined geofence boundaries and lateral movement within the network.
  • Air Gap Protection: A cutting-edge feature that ensures all outgoing data passes through AI-based detection, stopping unauthorized communications entirely.

With these integrated capabilities, BlackFog offers enterprises a robust, proactive defense against ransomware, significantly reducing risks and ensuring business continuity.

Stopping Ransomware at the Source: BlackFog’s preventative approach

BlackFog prevents ransomware and safeguards data through a multi-layered, prevention-first cybersecurity approach that focuses on data exfiltration prevention. BlackFog’s ADX technology filters network traffic in real-time and operates on layer 3 of the OSI stack. Using advanced AI-based algorithms, it stops cyberattacks and prevents the exfiltration of data from a device, protecting trade secrets, personally identifiable information (PII), data theft, and extortion.

Competitive Advantage: How BlackFog’s ADX technology stands out in preventing data loss and extortion

While many cybersecurity solutions focus on detecting and responding to ransomware after an attack has begun, BlackFog takes a fundamentally different, and more effective, approach by stopping attacks at the point of data exfiltration. BlackFog uses behavioral profiling and outbound data monitoring to prevent cybercriminals from extracting data from devices in real-time. This means even if malware bypasses traditional defenses, it cannot achieve its objective—stealing data for ransom and extortion. With multiple layers of defense and zero reliance on cloud processing or third-party data sharing, BlackFog delivers lightweight, privacy-first protection that neutralizes the financial and operational incentives behind ransomware. By cutting off the attacker’s ability to profit, BlackFog effectively renders these threats powerless—a strategic advantage that sets it apart from reactive solutions on the market.

Conclusion: BlackFog delivers comprehensive ransomware defense with ADX and the future of data security

As pioneers of Anti Data Exfiltration (ADX), BlackFog distinguishes itself in the cybersecurity landscape by providing a new paradigm in the fight against ransomware. Rather than focusing on defense like most other cybersecurity products, BlackFog focuses on what really matters; the data itself. BlackFog’s innovative approach challenges the status quo. By focussing on preventing data exfiltration, cybercriminals have nothing to extort you with and nothing they can trade with third parties. 

By using the latest AI based algorithms refined over many years BlackFog prevents more than 99% of all ransomware. More importantly, it protects organizations from the latest AI based attacks, and threats that are yet to be developed based around a zero trust and zero day strategy.

__

About BlackFog

Founded in 2015, BlackFog is a global AI based cybersecurity company that has pioneered on-device anti data exfiltration (ADX) technology to protect organizations from ransomware and data loss. With more than 94% of all attacks involving some form of data exfiltration, preventing this has become critical in the fight against extortion, the loss of customer data and trade secrets.

BlackFog recently won the “Best Threat Intelligence Technology” in the 2024 Teiss Awards, “AI-based Cybersecurity Innovation of the Year” award in the CyberSecurity Breakthrough Awards, as well as the 2024 Fortress Data Protection award for its pioneering ADX technology. BlackFog also won Gold at the Globee awards in 2024 for best Data Loss Prevention and the State of Ransomware report which recognizes outstanding contributions in securing the digital landscape.

Trusted by hundreds of organizations all over the world, BlackFog is redefining modern cybersecurity practices. For more information visit blackfog.com.

The post A Comprehensive Review of BlackFog’s ADX Platform for Ransomware Defense first appeared on Cybersecurity Insiders.

The post A Comprehensive Review of BlackFog’s ADX Platform for Ransomware Defense appeared first on Cybersecurity Insiders.


April 27, 2025 at 10:19AM

Why Managed File Transfer (MFT) Is Essential for Autonomous IT Operations

Technology teams are under more pressure than ever to deliver measurable business success. In practice, this means supporting hybrid computing and fostering robust security controls across the entire infrastructure estate, reducing disruptions and downtime and establishing a backbone for autonomous IT.

The risks of not being protected are real. In 2024, the UK Government Cyber Security Breaches Survey revealed that 50% of UK businesses had suffered a cyberattack or security breach in the previous 12 months.

With the constantly growing need to access and share data, safe and secure data transfer has become essential to enterprise operations. Against this background, managed file transfer (MFT) couldn’t be more important. Yet far from being purely an agent for moving files, MFT plays a key role in enhancing security, supporting compliance, reducing disruptions and paving the way for autonomous IT operations—ultimately helping to keep an organisation’s data more secure.

However, as CISOs wear many hats in their role, staying abreast of data transfer strategies can be a challenge. For those with homegrown, open-source and outdated file transfer methods, this can lead to costly implications and potential non-compliance.

The Biggest Challenges for Organisations to Store and Share Data Securely

When it comes to data exchanges, the primary challenges are data security and compliance. While many organisations are legally required to safeguard their data to comply with Payment Card Industry (PCI-DSS) and General Data Protection Act (GDPR) regulations, others grasp the need to mitigate the risks associated with data transfer activities and implement measures to enhance their security strategy for protecting sensitive data.

With ever-changing risks and regulatory factors, vendor management as it relates to managed file transfer solutions is vital for data exchange activities to meet the requirements of the organisation. More countries and states are mandating data security measures to help protect personal information. And the consequences of non-compliance are costly—both financially and reputationally.

Aggregating needs for encryption, user access controls and integrating compliance-driven logging and reporting requirements can seem like complex tasks. In addition, CISOs must navigate file transfer complexities across cloud environments and microservices—IT architectures that continue to evolve as they search for that “perfect balance” of flexibility, scalability, cost efficiency and data sovereignty. A mix of on-premises and cloud infrastructure systems and edge devices has become the norm.

Without the right defences, disruptions to business continuity are almost inevitable. Both minor errors and major outages can harm relationships with customers, partners and the public.

The Essential Role MFT Plays in the Move to Autonomous IT Operations

Today, progressive IT leaders are looking for solutions beyond basic task automation; they are seeking file transfer orchestration to handle more complex scenarios without human intervention.

As tech leaders faced an increasing complexity of data transfers and security and compliance requirements, the vendor marketplace responded to the needs of organisations by introducing automation and cloud offerings. By leveraging managed file transfer automation capabilities, such as workflow automation and automatic file transfers along with cloud deployment options, organisations can now extend their digital transformation initiatives to their file transfer activities. Managed file transfer is essential for protecting an organisation’s data in IT transformation.

Self-sufficient workflows are vital for enterprises aiming to achieve new levels of operational efficiency. Automating manual processes, including file transfers, has been a function of MFT solutions for years. However, by building advanced, logic-based workflows, MFT solutions can respond to real-time triggers, maintain timely delivery and notify teams about transfer status and outcomes, enabling enterprises to embrace increasingly autonomous IT operations.

The Benefits of MFT

By simplifying file transfer automation, CIOs can reduce operational overhead and improve IT efficiency. Benefits include reducing disruption and outages, harnessing hybrid computing, elevating security posture and supporting compliance.

To mitigate the risk of disruptions, more enterprises will invest in redundancy for mission-critical workflows. Automated failover, disaster recovery and high availability/web farm deployments are essential to reduce single points of failure, allowing for more resilient file transfer operations.

MFT serves as the connective tissue in an enterprise’s ecosystem of disparate systems. With the rising popularity of hybrid cloud strategies, it is critical for organisations to be able to transfer files to internal and external stakeholders, irrespective of the platform stakeholders are using and through various desktop, mobile and web applications. 

Depending on the environments involved, files could traverse Windows endpoints, Linux-based servers or mainframes running in their data centres or private and public cloud endpoints in AWS, Azure or Google cloud environments. Each organisation is unique and this complexity must be considered for file transfer workflows across departments and businesses.

For global enterprises or businesses handling personal health information (PHI), personal financial and other sensitive information, the security of data before, during and after an exchange can be bolstered with the right file transfer solution. MFT’s strong authentication, encryption and access controls align with zero-trust security models and compliance standards.

As organisations continue to bolster their data governance frameworks, there is likely to be a significant rise in the importance of audit trails and reporting capabilities. This could lead to more rigorous limitations on data storage practices, ultimately phasing out non-archive systems for sensitive data management.

Key Considerations for Choosing an Effective MFT Solution

There are some key features of an MFT solution that enable CISOs to prioritise their optimisation of data security and workflow efficiency:

  • Security and compliance: To enhance security, tech pros should look for a solution that has 256-bit AES encryption, two-factor authentication and software that can help their business comply with regulations like PCI and GDPR. Automatic data retention policies, detailed audit trails and user access controls are also important for companies that need to maintain compliance.
  • Ease of use: The secure file transfer solution should be intuitive and easy to implement, with minimal training required for administrators and management. Simple to use drag-and-drop interfaces, pre-built connectors for existing systems and access to 24/7 support are also important.
  • Scalability: It’s important to choose a platform that can grow with the business. This means one that offers scalable storage options that can accommodate increasing transaction volumes. The ability to create separate accounts, user groups and permissions for various departments is also key for larger organisations.
  • Advanced features: For enhanced functionality, it’s best to look for features like audit trails, reporting dashboards, automation/scheduling tools and API integrations with other business software, such as CRM or ERP systems. Some solutions offer add-on modules for electronic data interchange (EDI), ad-hoc file sharing and business-to-business workflows.

The post Why Managed File Transfer (MFT) Is Essential for Autonomous IT Operations first appeared on Cybersecurity Insiders.

The post Why Managed File Transfer (MFT) Is Essential for Autonomous IT Operations appeared first on Cybersecurity Insiders.


April 27, 2025 at 08:44AM

Friday, April 25, 2025

Blue Shield of California Faces Data Breach Amid Misconfigured Access to Google Ads Platform

Blue Shield of California, a nonprofit health insurance provider, is making headlines this week after revealing that its members’ personal data was compromised in a breach that may have been caused by a misconfiguration or insider threat. Over 4.7 million members are affected, with sensitive data fraudulently accessed by the Google Ads platform.

According to records obtained by Cybersecurity Insiders, Blue Shield was originally meant to share only anonymized data with Google Analytics for research and development purposes. This arrangement was designed to help the company gain insights into its services and improve user experience. However, an unexpected error—whether from a technical misconfiguration or an insider threat—resulted in Google’s advertising platform gaining unauthorized access to private member data. This could have allowed the internet giant to target affected individuals with highly specific, personalized ads.

The breach exposed a range of sensitive information, but fortunately, the situation could have been much worse. Initial investigations by Blue Shield confirm that while some personal data was accessed, critical personal identifiable information (PII), such as social security numbers, driver’s license details, banking information, and credit card numbers, were not compromised. This is because these types of data were securely stored on a separate server and were not part of the breach.

However, the data that was accessed still contains enough sensitive details to raise concerns. The compromised information includes:

A.) Insurance details, such as insurance numbers and types of coverage,

 B.) Demographic data, including the member’s city, zip code, and family size,

C.) Medical history, which could be used for profiling or even discriminatory purposes.

These details, while not as dangerous as full PII data, can still be used in ways that violate the privacy of Blue Shield’s members. The organization has since warned members to stay vigilant against possible identity theft attempts and to be cautious of phishing schemes or fraud that may arise from this breach.

Interestingly, this is not the first time Blue Shield has faced a major cybersecurity incident. Exactly one year ago, the company was targeted by a BlackSuit Ransomware attack, which was linked to Connexure (formerly Young Consulting), a company that provides software and services to healthcare providers, including Blue Shield. The nature of the attacks—along with the similarity in timing—raises questions about whether these events are part of a larger, coordinated effort to exploit vulnerabilities in the healthcare sector.

Despite the severity of the breach and the potential risks for its members, Blue Shield has yet to offer any identity theft protection services to those affected. This decision has drawn criticism from privacy advocates, as such protection is often considered a necessary measure following data breaches of this scale.

For now, Blue Shield is urging its members to remain alert and to monitor their financial accounts and healthcare records for any signs of misuse. However, the company has yet to explain why it has chosen not to extend further protective measures, leaving many members to question the adequacy of its response.

As cybersecurity incidents continue to rise across various industries, this breach serves as a stark reminder of the importance of safeguarding sensitive data, particularly in the highly regulated healthcare space. With the growing reliance on cloud services, analytics, and advertising platforms, organizations like Blue Shield must invest in robust security measures to ensure their data handling practices are both secure and compliant.

The post Blue Shield of California Faces Data Breach Amid Misconfigured Access to Google Ads Platform first appeared on Cybersecurity Insiders.

The post Blue Shield of California Faces Data Breach Amid Misconfigured Access to Google Ads Platform appeared first on Cybersecurity Insiders.


April 25, 2025 at 08:45PM