Latest news with #DarkWeb
Forbes
3 days ago
- Business
- Forbes
Will AI Replace Cybersecurity? Not Quite—But It's Rewriting The Rules
The Real Battle Is Now AI vs. AI Put yourself in the mind of a master cybercriminal. Fun, right? Stay with me. I promise this role play exercise will pay off. Just a few years ago, your illicit schemes were small time. You were content to steal unwitting individuals' personal data, including credit card and social security numbers to buy merchandise on the Dark Web. Your petty exploits paid off—modestly but steadily. But it was a volume game. You had to keep finding more unsuspecting marks to exploit and more creative ways to turn a profit. Then came AI. You quickly learned all about ChatGPT and other forms of generative artificial intelligence. As you did, you thought: why not use this tech to level up—crime-wise? Armed with new tools you evolved from a petty thief. You developed a budding criminal empire capable of exploiting not just singular victims, but enterprise corporations with billion-dollar balance sheets. After all, that's where the real dough is, right? Welcome to the new age of cyberwarfare—courtesy of AI. 'The stakes have never been higher,' says Ed Vasko, COO of High Wire Networks, a leading global provider of managed cybersecurity services. A seasoned veteran with 33 years' experience, we sat down to discuss the elephant in the room. 'The cyber war has shifted. It no longer wages between hackers and IT departments. It's now AI versus AI.' Vasko is not alone in this assessment. Speaking at DefenseScoop's Google Defense Forum Pentagon last year, military insider Jude Sunderbruch of the Defense Department's Cyber Crime Center warned attendees of future 'AI versus AI conflicts' spreading all the way to the international stage. ''I think we're really just at the start,' Sunderbruch said, later adding that the U.S. and its allies will have to get creative and learn how to best use existing AI systems to gain a leg up on competing intelligence giants like China,' according to Defense One. The implications go beyond boardrooms and command centers. To appreciate what may be coming, Vasko paints a chilling scenario for the not-so-distant future. Time for more role playing. Now imagine you're the head of a major retailer. For the last few years you've relied on AI supply chain forecasting. Similar to how fintech increasingly depends on AI—not humans—to handle the complexities of trading, artificial intelligence is core to your business' operations. Without it, you're flying blind. This reality makes things all the more disturbing when the AI supporting your organization begins behaving erratically, wreaking havoc. Orders stop arriving. Inventory goes out of stock. Even your pricing models collapse. These internal problems don't stay contained for long. They proliferate externally—in dire ways. Once loyal customers defect. Revenues drop up. And your stock price plummets. But that's not all… According to Vasko, cyber criminals behind this type of villainy may be thought of as AI buccaneers—digital pirates often paid to instigate corporate espionage and theft. 'Unlike the antiquated variety from centuries past, AI buccaneers know the power of perception—that it's possible to tank a rival company's stock price by spreading lies to disrupt public sentiment.' To this end, the hits keep on coming for your major retailer company. A video surfaces of your CFO making disturbing comments in a shareholder meeting. The remarks are so inflammatory they go viral, driving your already plummeting stock even lower. But here's the thing. That CFO video is actually a deepfake. It was produced by Google's Veo 3, similar to extant bogus news anchor content already proliferating the Internet. True or not, the damage is done. Within hours, your unscrupulous corporate rivals bask in ignoble victory. Short selling your plunging stock, they make out like bandits—along with their AI buccaneer accomplices, benefitting from your demise. As Vasko explains, 'Cyber criminals can even now use AI co-pilots to coordinate attacks on corporations, industries, even governments. They're faster, smarter, and more dangerous than anything we've seen before.' More on that below. AI co-pilots are but one part of a growing criminal toolkit, capable of automating surveillance, coordinating attacks, and orchestrating malfeasance at scale. What's now possible almost defies belief. Example: AI can analyze thousands of profiles across social media, company directories, and public databases to identify weak links for exploitation. 'Once inside, these same AI tools can poison an organization's internal data lakes—sabotaging predictive systems and decision-making engines from the inside out,' explains Vasko. This means bad actors needn't limit themselves to stealing personal data. They can expand their scope of attack, going so far as to manipulate market outcomes. Per the above cautionary tale, they can influence how a company performs, how it's perceived, and ultimately, what happens to it long-term. Hundreds of years ago, back when pirates plundered by sea, countries ravaged by buccaneers authorized so-called privateers to fight off the bad guys. Unfortunately, the U.S. government doesn't allow proactive 'hacking back' in the form of AI privateers. Not even in self-defense. This is why High Wire Networks and other cybersecurity firms avoid going on the offensive. Instead, they turn to AI-augmented defense platforms to preemptively determine and intercept threats, shifting reactive security into a proactive shield. In other words, they're fighting AI with AI. 'Hyperautomation' is the term Vasko uses to describe the fusion of machine learning and automated decision-making throughout a security stack. In the old model, a cyber victim might be notified of a data breach. 'Dear so and so,' an email might read. 'We regret to inform you that your credit card was compromised.' That's not so helpful, is it? Hyperautomation, on the other hand, reacts proactively. Here's how it could work with the above individual scenario. Alerted of a breach, AI could stop it, issue a new credit card, and continually monitor a victim's credit card and exposure. Many cybersecurity firms employ similar tech at the organizational level. As Cyber Magazine reports, Varonis leverages artificial intelligence to act autonomously as a counterweight to AI-enabled mischief. The company's 'AI Shield' offers real-time ongoing protection for large organizations. 'By integrating real-time risk analysis, automated risk remediation, behavior-based threat detection, and 24/7 alert response, Varonis' AI Shield empowers enterprises to safely use AI technologies while safeguarding sensitive data.' Looking forward, the more things change, the more they stay the same. Once upon a time, swashbuckling pirates patrolled the high seas, pilfering valuables from individuals, companies, and governments alike. Nowadays, that threat has migrated from the physical theatre to cyberspace as criminals wield code to rob and steal at will. To survive, much less thrive, tomorrow's organizations would do well to wrest back the power of AI. Without it? We're surely sunk.
Forbes
3 days ago
- General
- Forbes
New Attack Steals Your Windows Email, Passwords, 2FA Codes And More
The latest Katz malware version can steal most everything. Infostealers are the new black. When it comes to hacking fashion, malware that steals user credentials has been in vogue for a while now. We've seen the evidence in the 19 billion compromised passwords that are already available online, or the 94 billion browser cookies published to the Dark Web and Telegram channels. Microsoft has been spearheading the fight against the credential-stealing criminals, leading the recent global takedown of large parts of the Lumma Stealer network infrastructure, for example. Yet, the danger still persists; in fact, it is evolving. New research has revealed that a notorious threat to Windows users has emerged in the form of a new variant that can steal most anything and everything. Here's what you need to know about Katz. There is nothing particularly unusual about the way that the Katz Stealer malware is distributed. Victims are targeted through the usual cybercriminal methods, including phishing emails, malicious advertisements, dangerous search results, and dodgy downloads. Once installed, however, Katz looks to see if you are using Google Chrome, Microsoft Edge or the Brave web browser and goes into what is known as headless mode. This is pretty much as it sounds, a browser with no visible interface, running 'headless' in the background but with the body able to render pages and interact with the web as normal. Katz can also bypass Google's app-bound encryption protections for Chrome, according to security researchers, which would aid in the credential-stealing payload. And it's the payload that has us shaking our collective heads in disbelief. A May 23 analysis of the latest Katz Stealer malware, by the Nextron threat research team, has revealed the true extent of this steal-everything threat to Windows users. According to the full analysis, which I would recommend you go and read, after you finish here, of course, the range of Katz when it comes to data that can be stolen is, well, extensive. As well as the usual mitigation advice for consumers to deploy two-factor authentication and passkeys on all accounts where available, apply all operating system and browser security updates as soon as possible and be alert to all the usual phishing tricks, the Nextron threat research team recommended the following for enterprise users: Nextron also suggested watching out for the scanning of Windows registry keys and files associated with popular browsers and wallet applications, as this is indicative of Katz Stealer activity. As Sergeant Phil Esterhaus used to say, if you know you know, 'be careful out there.'
Time Business News
23-05-2025
- Business
- Time Business News
Exposed and Exploited: What to Do When Your Identity Hits the Dark Web
Amicus International Consulting Launches Legal Identity Response Program for Victims of Cyber Theft, Fraud, and Dark Web Data Leaks VANCOUVER, B.C. — It begins with a breach — a compromised account, a suspicious login, or a leak you didn't authorize. Before long, your name, address, biometric profile, financial credentials, and Social Security number are for sale to the highest bidder on the dark web. This is no longer a theoretical risk for millions globally — it's a grim reality. But now, Amicus International Consulting offers a way forward: Exposed and Exploited: What to Do When Your Identity Hits the Dark Web — a complete legal and digital recovery program designed for those with nowhere else to turn. This initiative combines deep dark web scanning, lawful identity reconstruction, document replacement, and privacy-based relocation strategies for clients whose identities are no longer safe in the public domain. 'When your identity hits the dark web, it doesn't just disappear — it multiplies, travels, and harms,' said a spokesperson from Amicus. 'Our clients come to us not just for recovery, but for reinvention. We offer a legal exit from exposure.' The Dark Web Reality: Your Life for Sale In 2025, data breaches are more than isolated incidents — they're a global epidemic. Cybercriminals monetize leaked identities across marketplaces, selling complete identity kits including: Full name, date of birth, and address Passport scans and driver's licenses Bank account details, crypto wallets, and tax records Facial scans, fingerprints, and voiceprints Social media logins and private messages Statistics: More than 33 million people had their data listed on dark web forums in the last 12 months had their data listed on dark web forums in the last 12 months Synthetic identity fraud grew by 34% in North America alone alone Biometric data leaks are now linked to immigration fraud, border violations, and financial scams Amicus's 4-Phase Response Plan: From Exposure to Reinvention 1. Identify and Confirm the Breach The first step is detection. Many victims never know they've been compromised until damage is already done. To assess the breach, Amicus performs deep scans across the dark web, paste sites, and black markets. Key Services: Dark web exposure reports Breach source tracing Notification of cloned or stolen data in circulation Customized identity vulnerability risk score Case Study: A cybersecurity researcher in Belgium was stunned to learn his digital ID had been duplicated and used in three countries. Amicus tracked the origin of the breach, flagged compromised credentials, and launched an immediate data takedown campaign. 2. Lock Down and Delete Once a breach is confirmed, containment begins. This involves revoking access, freezing compromised identifiers, and legally demanding data removal. Key Services: Legal cease-and-desist orders Biometric data obfuscation Removal from people search engines and public databases Identity freeze with financial and legal institutions Case Study: A Miami-based attorney suffered a dark web leak exposing her facial scans and driver's license. Amicus helped her secure biometric data cloaking and forced takedowns from multiple dark web forums using legal filings. 3. Replace Critical Credentials After containment, Amicus begins document and identity replacement. For many clients, this includes reissuing compromised documents and legally reestablishing a new identity. Key Services: Passport and ID reissuance Legal name change via court petition New Tax Identification Number (TIN) for financial recovery for financial recovery Digital privacy restructuring for online presence and communications Case Study: An identity fraud victim in Singapore used Amicus services to legally change his name and re-establish financial accounts under a new TIN after scammers used his old credentials to obtain multiple fraudulent loans. 4. Rebuild and Relocate, If Necessary For high-risk clients — including public figures, whistleblowers, executives, and survivors of stalking — Amicus offers secure relocation and identity reinvention strategies. Key Services: Second citizenship through legal programs Privacy-based relocation to low-surveillance jurisdictions Anonymous banking setup and encrypted asset management Separation of online history from new digital identity Case Study: A political activist from Eastern Europe targeted in a cyberattack relocated with Amicus's assistance and now lives under a new legal identity and passport obtained through a Caribbean citizenship-by-investment program. Who Should Act Now? Victims of large-scale data breaches or credential leaks Individuals receiving breach notifications from compromised companies People whose biometric data (facial scans, fingerprints) may be circulating Those facing financial fraud, social engineering, or impersonation Anyone with personal or professional risk tied to public exposure Amicus: Legal Identity Defence, Global Reach Amicus International Consulting provides lawful, globally compliant solutions for individuals facing digital, legal, and privacy threats. With strategic legal partnerships in over 40 countries, the firm's privacy lawyers, cyber experts, and relocation consultants deliver end-to-end identity defence. 'What we offer is not cosmetic,' said an Amicus privacy strategist. 'We build a new legal foundation for clients to stand on — even when everything else has been stolen.' 📞 Contact InformationPhone: +1 (604) 200-5402Email: info@ Website:
Yahoo
17-05-2025
- Yahoo
Chrome patched this bug, but CISA says it's still actively exploited
When you buy through links on our articles, Future and its syndication partners may earn a commission. Google patched a new Chrome bug recently Now, CISA added that vulnerability to KEV, signaling abuse in the wild Federal agencies have three weeks to update Chrome The US Cybersecurity and Infrastructure Security Agency (CISA) added a new Chrome bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling abuse in the wild, and giving Federal Civilian Executive Branch (FCEB) agencies a deadline to patch things up. The flaw is tracked as CVE-2025-4664. It was recently discovered by security researchers Solidlab, and is described as an 'insufficient policy enforcement in Loader in Google Chrome'. On NVD, it was explained that the bug allowed remote threat actors to leak cross-origin data via a crafted HTML page. "Query parameters can contain sensitive data - for example, in OAuth flows, this might lead to an Account Takeover. Developers rarely consider the possibility of stealing query parameters via an image from a 3rd-party resource,' researcher Vsevolod Kokorin, who was attributed with discovering the bug, explained. 60% off for Techradar readers With Aura's parental control software, you can filter, block, and monitor websites and apps, set screen time limits. Parents will also receive breach alerts, Dark Web monitoring, VPN protection, and antivirus. Preferred partner (What does this mean?)View Deal The flaw was first uncovered on May 5, with Google coming back with a patch on May 14. The browser giant did not discuss if the flaw was being exploited in real-life attacks, but it did state that it had a public exploit (which basically means the same thing). Now, with CISA adding the bug to KEV, FCEB agencies have until June 5 to patch their Chrome instances or stop using the browser altogether. The first clean versions are 136.0.7103.113 for Windows/Linux and 136.0.7103.114 for macOS. In many cases, Chrome would deploy the update automatically, so just double-check which version you're running. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned. Indeed, the web browser is one of the most frequently targeted programs, since it handles untrusted data from countless sources around the web. Cybercriminals are always looking for vulnerabilities in browser code, plugins, or poorly secured websites, in an attempt to grab login credentials, or other ways to compromise the wider network. Via BleepingComputer Solar grids could be hijacked and even potentially disabled by these security flaws Take a look at our guide to the best authenticator app We've rounded up the best password managers
Forbes
15-05-2025
- Forbes
Valve Addresses Alleged Steam Hack And Clarifies Situation
A Steam logo of a video game digital distribution service is seen on a smartphone and a pc screen. Over the past day or so, a viral story spread that there was a Steam data breach that could expose account information millions of players. At the very least, it seemed worth changing your password as of course no one wants to get hacked and lose potentially thousands of dollars of a game library. I was even paranoid enough to do that myself. Well, about that. This whole saga started in the Dark Web, a thing that yes, really does exist, where a user reported that they were selling 89 million accounts' data, and word subsequently spread like wildfire. However, Valve has now commented that this was not a breach of Steam systems, but a leak of 'older text messages' that had been sent to Steam users, which include one-time codes and the phone numbers they were sent to. But those codes don't work. And the phone numbers are not able to be linked to specific Steam accounts. You can just read the entire thing here: So no, Valve says this is not a breach that endangers your Steam account and you do not have to do anything as elaborate as change your password or phone number associated with your account. That said, they say any time is a good time to check out your Steam security especially by setting up Two-Factor Authentication. What can I say? I was swept up in the paranoia. But Valve says that wasn't necessary and what was exposed here appears to be useless in going after specific accounts. Follow me on Twitter, Threads, YouTube, and Instagram. Pick up my sci-fi novels the Herokiller series and The Earthborn Trilogy.
