alt=A faceless figure in a dark hoodie holding a smartphone, set against a shadowy background, evokes a sense of mystery and anonymity.
Cyber security
2025-10-08 Post a Comment

A CRM for cybercriminals – SpamGPT makes cybercriminals’ wildest dreams come true with business-grade marketing tools and features

Story by Efosa Udinmwen
  • SpamGPT turns phishing into an automated process with minimal expertise
  • Attackers can rotate multiple SMTP servers to dodge email throttling
  • Real-time inbox monitoring enables immediate adjustments to phishing strategies

Many of us are familiar with ChatGPT, but you may not have heard of SpamGPT, a new professional-grade email campaign tool created for cybercriminals.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-1-ba76b757-db61-4114-a335-61289431c253″ size=”_2x_1y” part=””>

Ad

Use an AI Writing Tool That Actually Understands Your Voice

Grammarly
call to action icon

Researchers at Varonis have revealed this platform offers “all the conveniences a Fortune 500 marketer might expect, but adapted for cybercrime.”

Its interface copies legitimate marketing dashboards, enabling attackers to design, schedule, and monitor large-scale spam and phishing operations with minimal technical expertise.

Infrastructure and deliverability capabilities

By integrating AI tools directly into the platform, SpamGPT can generate convincing phishing content, refine subject lines, and suggest optimizations for scams.

This shifts phishing from a craft requiring skill to a process that even low-level criminals can execute.

“SpamGPT is essentially a CRM for cybercriminals, automating phishing at scale, personalizing attacks with stolen data, and optimizing conversion rates much like a seasoned marketer would. It’s also a chilling reminder that threat actors are embracing AI tools just as fast as defenders are,” said Rob Sobers, CMO at Varonis.

SpamGPT’s built-in modules handle SMTP/IMAP setup, inbox monitoring, and deliverability testing.

Attackers can bulk import SMTP credentials, validate them through a built-in checker, and rotate multiple servers to avoid throttling.

IMAP monitoring allows them to observe replies, bounces, and inbox placement.

Its automated inbox check feature sends test messages and instantly verifies whether they reached the inbox or spam folder, providing real-time feedback before campaigns go live.

These functions, combined with campaign analytics, mirror legitimate marketing CRMs but are repurposed to facilitate phishing, ransomware, or other malicious payloads.

SpamGPT’s developers market the toolkit as an all-in-one spam-as-a-service solution.

By offering a straightforward graphical interface and detailed documentation, it reduces the need for specialized skills or deep knowledge of email protocols.

Features like “SMTP cracking mastery” tutorials instruct buyers on acquiring or compromising servers, while custom header options allow spoofing of trusted brands or domains.

This makes it possible for attackers with limited experience to bypass basic email authentication protections and deploy campaigns at scale.

The rise of SpamGPT suggests that phishing and ransomware incidents could become more frequent and advanced.

This campaign can also deliver malware disguised as harmless correspondence by bypassing spam filters and blending with legitimate mail traffic.

While this may sound alarming, there are several measures individuals and enterprises can take to stay safe.

How to stay safe

  • Strengthen email authentication with DMARC, SPF, and DKIM to prevent spoofed domains.
  • Deploy AI-powered tools to detect phishing emails generated by large language models.
  • Maintain robust malware removal procedures and keep regular, updated data backups.
  • Enforce multi-factor authentication on all accounts to limit stolen credential misuse.
  • Provide continuous phishing awareness training so employees can recognize suspicious emails.
  • Use network segmentation and least-privilege access controls to limit malware spread.
  • Keep all software and security patches updated to close exploitable vulnerabilities.
  • Test and refine an incident response plan to ensure quick, effective recovery.
read more
alt=A hooded figure typing on a keyboard, surrounded by floating binary numbers and a digital world map, symbolizes cybersecurity threats.
Cyber security
2025-10-01 Post a Comment

Criminals looking to disturb holidaymakers with devious AI-powered cyberattacks – here’s what you need to know

Story by Efosa Udinmwen
  • Phishing emails look ordinary but hide malware that compromises hotel systems
  • VenomRAT gives criminals remote access to sensitive data within hotels
  • RevengeHotels has operated since 2015, adapting methods to remain effective

Kaspersky has issued a warning about a new wave of cyberattacks aimed at hotel computing systems, with particular concern raised over the use of artificial intelligence-powered assaults.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-1-d815cedd-d108-44e8-b1f3-aa2d5ec1bf23″ size=”_2x_1y” part=””>

Ad

WordPress Site Security

Jetpack.com
call to action icon

The group behind these incidents, known as “RevengeHotels,” has been active since 2015, the company says, but its activities have slowed in recent years.

However, its recent adoption of AI-generated code has made its operations more dangerous and difficult to counter.

A shift in attack methods

Between June and August 2025, Kaspersky’s Global Research and Analysis Team tracked multiple intrusions linked to the group.

While “RevengeHotels” previously relied on relatively unsophisticated malware, its latest wave of campaigns shows a clear evolution.

By incorporating code likely generated with AI tools, the attackers can quickly produce malware variants that evade traditional security measures.

This makes older defenses less effective, even though the phishing tactics used to deliver the malware remain largely unchanged.

The group’s method is simple in principle. Emails posing as hotel booking requests or job applications are sent to hotel staff.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-2-5a979a5e-f7a4-45b4-8b44-a3c103268fba” size=”_2x_1y” part=””>

Ad

Jetpack: Power for Your Site

Jetpack.com
call to action icon

Once an employee clicks, malware known as VenomRAT is installed, giving the attackers remote access to hotel systems.

This access can be used to capture payment card information or other sensitive guest data.

Kaspersky’s researchers note that while the emails appear legitimate, the real danger lies in the harder-to-detect malicious payload embedded within them.

Historically, most of these attacks have been concentrated in Brazil, where hotels have borne the brunt of the activity.

However, Kaspersky has confirmed related incidents in Italy, and there are concerns that popular tourist and business destinations across Africa, including South Africa, Kenya, and Nigeria, could become prime targets.

Given the global reliance on digital hotel systems, researchers caution that no region should assume immunity from such threats.

“Cybercriminals are increasingly using AI to create new tools and make their attacks more effective. This means that even familiar schemes, like phishing emails, are becoming harder to spot for a common user,” said Lisandro Ubiedo of Kaspersky’s GReAT team.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-3-3c0c3ba0-10d3-413e-824e-94f204ee4ed9″ size=”_2x_1y” part=””>

Ad

Get Outsourced

Outsourced
call to action icon

“For hotel guests, this translates into higher risks of card and personal data theft, even when you trust well-known hotels.”

How to stay safe

  • Training hotel staff to recognize suspicious emails and avoid interacting with them unnecessarily.
  • Configuring spam filters more aggressively to reduce the number of phishing messages reaching inboxes.
  • Deploying endpoint detection systems that can identify infections early, before attackers gain control.
  • Travelers must monitor their card activity closely to spot signs of fraudulent transactions.
  • Using virtual payment methods where possible to limit exposure of actual card details.
read more
alt=A smartphone displays digital distortions while a fishing hook dangles a white envelope, symbolizing phishing scams.
Cyber security
2025-09-26 Post a Comment

Python developers targeted with new password-stealing phishing attacks – here’s how to stay safe

Story by Sead Fadilpaši?
  • PyPI warns phishing attacks will persist using fake domains and urgent email tactics
  • Victims are tricked into verifying accounts via typosquatted sites like pypi-mirror.org
  • Users and maintainers urged to adopt phishing-resistant 2FA and domain-aware password managers

Phishing attacks against PyPI users and maintainers are going to continue, the foundation is warning, as it urged members to tighten up on security and remain vigilant.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-1-599a2746-ba79-4538-97b1-d9b087c60840″ size=”_2x_1y” part=””>

Ad

See Where Your Next Trade Takes You — Start Today with Just $10

IQ Option
call to action icon

A new blog post, published by the foundation’s security developer-in-residence, Seth Larson,noted the most recent attacks are a continuation of a months-long campaign that uses convincing emails and typosquatted domains to steal people’s login credentials.

“Unfortunately the string of phishing attacks using domain-confusion and legitimate-looking emails continues,” Larson wrote. “This is the same attack PyPI saw a few months ago and targeting many other open source repositories but with a different domain name. Judging from this, we believe this type of campaign will continue with new domains in the future.”

How to stay safe

In the emails, the victims are asked to “verify” their addresses for “account maintenance and security procedures”, and threatened with account closure if they don’t comply.

This sense of urgency and threat is typical for a phishing email, which redirects victims to pypi-mirror.org, a domain not owned by PyPI or the Python Software Foundation.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-2-a6b64005-6010-4d00-8fa9-d8927335b363″ size=”_2x_1y” part=””>

Ad

Start Trading with Just $10

IQ Option
call to action icon

“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately,” Larson warned. “Inspect your account’s Security History for anything unexpected. Report suspicious activity, such as potential phishing campaigns against PyPI, to security@pypi.org.”

Phishing is both extremely difficult, and extremely easy to defend against. In theory, just using common sense and thinking before clicking should suffice in most cases. However, just in case of a drop in focus, users are advised to use phishing-resistant 2FA such as hardware tokens.

Maintainers, on the other hand, should use a password manager which auto-fills based on domain name. If auto-fill isn’t working when it usually does, that is a huge red flag. Phishing-resistant 2FA is also recommended.

read more
alt=A person in a dark shirt holds a smartphone displaying a red alert symbol, while a laptop is open in front of them.
Cyber security
2025-09-26 Post a Comment

Apple iOS apps are worse at leaking sensitive data than Android apps, worrying research finds – here’s what you need to know

Story by Efosa Udinmwen
  • Report warns attackers can intercept API calls on iOS devices, and make them appear legitimate
  • Traditional security tools fail to protect apps against in-device attacks
  • Compromised mobile devices significantly increase the risk of API exploitation

New research from Zimperium has claimed mobile apps are now the primary battleground for API-based attacks, creating serious risks of fraud and data theft for enterprises.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-1-e12ea3ab-d3ee-4373-a2e2-b7a71aa0b03b” size=”_2x_1y” part=””>

Ad

WordPress Site Security

Jetpack.com
call to action icon

The research shows 1 in 3 Android apps and more than half of iOS apps leak sensitive data, offering attackers direct access to business-critical systems.

Even more worrying the report claims three of every 1,000 mobile devices arealready infected, with 1 in 5 Android devices encountering malware in the wild.

The scale of mobile API vulnerabilities

Unlike web applications, mobile apps ship API endpoints and calling logic onto untrusted devices, exposing them to potential tampering and reverse-engineering.

This allows attackers to intercept traffic, modify the app, and make malicious API calls appear legitimate.

Traditional defenses such as firewalls, gateways, proxies, and API key validation cannot fully protect against these in-app threats.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-2-da4e343c-e1b3-4518-9fb1-f07d8932ce79″ size=”_2x_1y” part=””>

Ad

Yukon denali – Popular in Your Area. – Find Results Within Seconds

searchtravelrepeat.com
call to action icon

“APIs don’t just power mobile apps, they expose them,” said Krishna Vishnubhotla, vice president of product solutions at Zimperium.

“Traditional security tools can’t stop attacks happening inside the app itself. Protecting APIs now requires in-app defenses that secure the client side.”

Client-side tampering is common, as attackers can intercept and alter API calls before they reach backend systems.

Even SSL pinning, designed to prevent man-in-the-middle attacks, has gaps: nearly 1 in 3 Android finance apps and 1 in 5 iOS travel apps remain vulnerable.

Beyond API exposure, many apps mishandle sensitive data on devices, as Zimperium revealed console logging, external storage, and insecure local storage are common problems.

For example, 6% of the top 100 Android apps write personally identifiable information (PII) to console logs, and 4% write it to external storage accessible by other apps.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-3-594a4eaa-9212-4df3-9997-e5e4b297aa2e” size=”_2x_1y” part=””>

Ad

Wimbledon Championship 2025

WimbledonDebentureOwners
call to action icon

Even local storage, although not shared, can become a liability if an attacker gains device access.

The analysis also shows nearly a third (31%) of all apps and 37% of the top 100 send PII to remote servers, often without proper encryption.

Certain apps incorporate SDKs capable of secretly exfiltrating data, recording user interactions, capturing GPS locations, and sending information to external servers.

These hidden activities increase enterprise exposure and show that even apps from official stores can carry major security risks.

“As mobile apps continue to drive business operations and digital experiences, securing APIs from the inside out is critical to preventing fraud, data theft, and service disruption,” added Vishnubhotla.

How to stay safe

  • Inspect apps for improper logging of sensitive information to prevent data leaks.
  • Verify that local storage of data is encrypted and not accessible by other apps.
  • Monitor network traffic to detect apps sending unencrypted personal information.
  • Identify and remove malicious SDKs or third-party components embedded in apps.
  • Review app permissions to ensure they align with intended functionality.
  • Conduct regular audits of app behavior for potential breach vulnerabilities.
  • Implement runtime protections to prevent tampering or reverse engineering of apps.
  • Use code obfuscation to shield business logic and API endpoints from attackers.
  • Validate that API calls come only from legitimate, untampered applications.
  • Establish incident response procedures in case a mobile app compromise occurs.
  • Use mobile security software that protects against malware and ransomware attacks.
read more
alt=A computer displaying the CreditINFO logo stands in water, surrounded by cascading green binary code.
Cyber security
2025-09-18 Post a Comment

Data breach of epic proportions in Vietnam

by Nguyen Ngoc Nhu Quynh

Hackers steal 160 million records from state-run credit center, exposing Communist Party’s digital vulnerability and illiteracy

This month, over 160 million credit records held at Vietnam’s National Credit Information Center (CIC), a unit managed by the State Bank of Vietnam, were stolen and posted for sale online for US$175,000.

The massive breach, allegedly carried out by the hacker group ShinyHunters, exposed the personal data of virtually every Vietnamese citizen above the age of 18.

Yet, beyond the cybercrime headlines, the scandal raises a deeper, more troubling question: What happens when a government simultaneously loses control of citizens’ data, while also proposing to sell it?

Vietnam’s Ministry of Public Security (MPS) has recently introduced a draft law proposing the establishment of a national data exchange platform.

Framed as a way to unlock the value of data for economic development, the platform would allow for the trading of both personal and non-personal data, under certain conditions. While the ministry promises that individual consent will be required, the mechanism for ensuring such consent remains vague.

At the same time, Vietnamese citizens affected by the CIC leak were not notified: not by the CIC, not by relevant banks and not by any state institution.

As of September 13, some individuals whose names appeared in sample files being circulated on the dark web said they had received no warnings, no protection and no explanation.

The leaked dataset, according to security experts, included:

  • Full personal identification (ID numbers, passports, driving licenses)
  • Biometric data and medical records
  • Tax codes, income and debt information
  • Credit card and banking records
  • Employment, education and residence history
  • Government, police and military personnel profiles

This isn’t just a privacy issue; it’s a national security breach. When foreign intelligence services can buy profiles of Vietnamese government officials and military members for less than the cost of a luxury car, no law or slogan can compensate for the damage done.

In a tone-deaf public notice, police authorities urged citizens to remain vigilant and “protect themselves” against identity theft and cybercrime, placing the burden back on the victims.

The irony is stark: the state collects data without consent, fails to protect it and then blames the people for not being digitally literate enough to defend themselves.

This contradiction is particularly jarring in the context of the government’s recent push for a “digital literacy campaign.” On September 13, General Secretary To Lam praised the launch of “Digital Mass Literacy – Digital Parliament” as part of Vietnam’s national modernization.

At the same time, he admitted that most citizens and even government officials lack fundamental knowledge about data protection or digital transformation.

Selling insecure data

The Ministry of Public Security’s draft legislation envisions a future where data is commodified, yet claims to prioritize national security and individual privacy. But the CIC breach reveals a harsh truth: Vietnam does not yet have the technical or institutional capacity to manage that dual mandate.

General Vu Van Tan, head of the Cybersecurity Department, recently stated that data should not sit idly in databases but rather should be “shared and monetized to generate value for society.”

But when the value of data outweighs the commitment to protect it, citizens are no longer stakeholders – they are vulnerable bystanders.

To restore trust, Vietnam needs more than draft laws and slogans. It needs:

  • A public apology and immediate notification to all affected individuals
  • Independent oversight of any future data exchanges
  • Strict liability for state and corporate entities involved in data mishandling
  • Investment in real cybersecurity infrastructure, not just propaganda
  • Clear legal pathways for compensation to citizens harmed by data breaches

Most importantly, the Vietnamese government must recognize that data rights are human rights. Without accountability, security and consent, the promise of a “digital society” becomes instead a digital trap.

read more
alt=A person typing on a laptop with a red warning symbol overlay, indicating a potential security threat or data breach.
Cyber security
2025-08-08 Post a Comment

Hackers can bypass Microsoft Defender to install ransomware on PCs

Mikael Markander
By Mikael Markander
Contributor, PCWorld

By exploiting a legitimate driver, hackers can load their own malicious driver to bypass Microsoft Defender.

In a report published by security company GuidePoint Security, they’ve issued a warning that hackers can effectively bypass Microsoft Defender to install and deploy Akira ransomware.

This is done by exploiting a vulnerable driver called rwdrv.sys, which is a legitimate driver used by an Intel CPU tuning tool called ThrottleStop. By exploiting this driver, a hacker can gain kernel-level access to the PC.

With kernel-level access, the hacker can then load their own malicious driver—in this case, hlpdrv.sys, which modifies the Windows Registry and causes Microsoft Defender to disable its protective measures.

This two-punch approach has been flagged by GuidePoint Security as the deployment method for Akira ransomware attacks, which have been ongoing since July of this year.

To stay protected, make sure you’re using reputable antivirus software on your Windows PC and make sure to keep it up-to-date at all times. Regular updates help ensure that your system is defended against new malware definitions as they’re discovered and flagged

read more
alt=Digital illustration of a secure network with a glowing shield and padlock icons, symbolizing cybersecurity protection.
Cyber security
2025-06-05 Post a Comment

Do I need an antivirus and a VPN?

Story by Sead Fadilpašić

The best antivirus acts as most people’s go-to for device protection, but as I have already discussed, there are some threats that antivirus can’t protect against.

With online threats are becoming ever more prevalent, an increasing number of people have an “it won’t happen to me” attitude about their security.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-1-64134ab6-2d50-42da-bedb-6fc7674dd9eb” size=”_2x_1y” part=””>

Ad

Try a FTMO Free Trial

It’s easy to understand why – the web standards have drastically increased over the years, and vanilla browsers and operating systems have become better at identifying all kinds of dangers.

However, with the rising sophistication of cyberthreats (and an uptick in hybrid working environments), a robust antivirus software in combination with a VPN is necessary for complete protection of your computers.

The new threats emerging

Artificial intelligence is, unfortunately, ushering in an era of more sophisticated malware and phishing attacks. If AI-generated phishing emails that are indistinguishable from the real thing weren’t bad enough, cybercriminals can now use AI to modify malware in real time, making it more likely to slip under the radar.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-2-d3d3d8fa-c295-46e9-860b-a6ee84d66367″ size=”_2x_1y” part=””>

Ad

Cegal Cetegra Cloud Platform – Effective Cost Management – Low-Emission Data Centers

There’s also a major uptick in ransomware. In the past, threat actors would implant malware that would encrypt the data and demand a ransom in exchange for decryption. Now, they exfiltrate the data and threaten to leak it on the dark web.

Not only are ransomware kits freely available for purchase, thus lowering the barrier of entry for cybercrime, but attackers also use AI to optimize their methods and choose their next target.

Remote work environments are simply adding fuel to the fire. Hackers will often compromise unsecured home or public networks to gain access to company systems through vulnerable personal and work devices.

Unfortunately, not all cybersecurity risks happen at the hands of a shady external individual. People also have to contend with internal threats, such as children or the elderly who may inadvertently expose systems to malicious actors.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-3-5418d5e3-1943-4bc7-8698-c1199978e7ee” size=”_2x_1y” part=””>

Ad

9 Enneagram Types Test – Best Enneagram Test – Free Enneagram Test

Again, people that enjoy remote working practices get the short end of the stick. Companies that allow staff to connect to the company network with personal devices may get their system decimated by malware on the employee’s own device.

Regardless of the nature of the threat, your entire home network including your personal device can completely fall apart due to a cyberattack, and the financial toll can lead to some serious headaches.

How an antivirus can help

While safeguarding your computer from the wide scope of emerging cyber threats requires continuous effort, a dedicated antivirus software is the bare minimum.

It protects your devices from malware and viruses by scanning files and applications, as well as keeping an eye on the network. In other words, a good AV can stop viruses and malware before they cause damage to your device and files.

Now, we get what you may be thinking – modern devices usually have pre-installed antivirus software like Windows Defender. However, such solutions fall short of the comprehensive security that you might need to face modern threats.

For instance, even the best free antivirus may not have a centralized dashboard for monitoring security across different devices on your network. Windows Defender also doesn’t protect against sophisticated threats like targeted attacks or zero-day exploits, and is notorious for its slow response time. Put differently, it may not recognize the malware immediately, and if it does, it may only identify the attack when a device is already infected.

On the other hand, a robust antivirus will safeguard your information and offer additional security layers. Modern tools also implement AI to identify issues more quickly, allowing you to proactively boost your network security.

It’s also worth noting that investing in antivirus software is cost-effective, especially when you compare it to all the expenses that a cyberattack could incur.

How a VPN can help

A VPN (virtual private network) is a piece of software that routes your data through an encrypted tunnel to a secure server, encrypting your data in the process. In even simpler terms, it changes your IP address and makes internet traffic unreadable by third parties, even if they somehow manage to intercept the connection.

This simple tool is vital as it helps protect your sensitive data regardless of how secure the network it travels over is, thus allowing you to also securely access your company’s network and resources, or your cloud storage, in a safe and responsible way.

Compared to an antivirus, implementing a VPN is one of the cheapest ways to strengthen your cybersecurity. To put things into perspective, NordLayer, TechRadar’s top choice for the best VPN, can be snagged for just $3.39 per month. That’s practically nothing when you consider the benefits it brings to the table, and costs far less than a potential data breach.

Plus, VPNs often offer applications for different devices, including smartphones – useful if you require protection across all platforms.

Do you need both?

The more the merrier also applies to your cybersecurity. While implementing just one measure is definitely a step in the right direction, both a VPN and an antivirus are necessary if you want to cover all your bases.

In short, a VPN protects the data transmitted over the internet and the connection itself. An antivirus is great against threats attempting to infiltrate the system. You can see a thread develop here, but these solutions are complementary and will lead to a better security posture.

For example, even if you’re using a VPN, you might still fall prey to phishing and download an infected file. What’s more, the opposite is equally dangerous. You may have solid AV protection, but if you connect to a public network, a hacker may be able to intercept the data in transit.

Should you invest in more advanced types of software?

Both an antivirus and a VPN are the essentials when it comes to protecting personal devices. However, businesses are more prone to cyberattacks, and need therefore need to stay on top of the latest developments. A good upgrade is the best endpoint protection solutions, which are becoming the golden standard in digital security.

For consumers this is definitely overkill, as I have discussed before. Most of the time, the combination of antivirus, VPN, and one of the best password managers is enough to secure you against most threats. But it is worth understanding the capabilities an EPP can provide.

Whereas an antivirus is limited to a single endpoint and uses signature-based detection (rendering it useless against fileless malware or threats that don’t use a signature), an endpoint security suite scans all devices connected to the network for suspicious behavior. Put differently, it continuously scans all endpoints and can recognize threats a lot faster.

Investing in such a solution may often end up being more economical in the long run for many businesses. EPP can include a VPN, as well as the basic AV functionality (such is the case with Avast Business Security), which centralizes the protection of the entire network and eliminates the need to deploy separate applications.

You can also get some extra goodies like USB protection, which disables the use of unauthorized removable storage devices. Other providers also employ advanced correlation engines that help identify green zone threats that a regular antivirus might overlook.

The good thing is that despite the advanced nature of an endpoint security software, it’s as easy to implement as a traditional antivirus. You can get it up and running in a few minutes and instantly start protecting thousands upon thousands of endpoints.

Are these tools enough?

Despite being rather effective, the trio of antivirus, VPN, and endpoint security software may not erase all the vulnerabilities in your system, and that’s a fact. We can go as far as to claim they may be dangerous if they lull you into a false sense of security.

Look at it this way:

VPNs and antivirus software are just tools and will always be fallible unless you implement the right personal practices and cybersecurity awareness.

For individuals, this includes being wary of dodgy websites and questionable emails, and also making sure that what your are downloading is legal and from a reputable source. There are many horror stories of people looking to dodge paying for a game or service and being greeted with ransomware the second they launched their new ‘software’.

For businesses on the other hand, training to recognize fake login pages and phishing emails goes a long way in preventing you from becoming a target of a cybercrime. In addition to all the technological gizmos, you also need to work on your password policy by creating strong passwords and enabling multi-factor authentication on all accounts that support it.

Once you minimize the possibility of human error (which is still the leading source of cyberattacks), your VPN and AV will be a lot more effective in your hands, and significantly help you avoid becoming a cyberattack statistic.

read more
alt=A hooded figure stands with hands bound, while a tactical officer aims a weapon at them in a dimly lit, tech-filled room.
Cyber security
2025-05-17 Post a Comment

Israel arrests new suspect behind Nomad Bridge $190M crypto hack

By

An American-Israeli national named Osei Morrell has been arrested in Israel for his alleged involvement in exploiting the Nomad bridge smart-contract in August 2022 that allowed hackers to siphon $190 million.

Blockchain intelligence platform TRM Labs supplied key information to international law enforcement authorities, leading to the identification of Morrell, who is believed to have played a central role in what is one of the largest hacks in DeFi history.

“The suspect, American-Israeli dual national Osei Morrell, was arrested in Jerusalem by Israeli police working in coordination with the DOJ, the FBI, and Interpol,” explained TRM Labs.

According to the blockchain intelligence firm, Morell will soon be extradited to the United Statesas the legal precedures have already been approved.

Morrell’s links to Nomad Bridge hack

The Nomad bridge is a cross-chain communication standard that allows users to transfer assets between different blockchains.

On August 1, 2022, attackers exploited a critical vulnerability introduced in an update to its Replica smart contract, specifically in the ‘process() function.’

Though the contract was supposed to verify message proofs before releasing funds, a misconfiguration allowed any message with a correct root hash to be accepted, even if the underlying proof was invalid.

Once a single attacker figured out the flaw, the exploit method was quickly picked up by hundreds of other wallets, as it consisted in simply copy-pasting a specific transaction format.

This “mob-style” attack led to a chaotic and decentralized looting of the bridge, draining over $190 million in ETH, USDC, WBTC, and ERC-20 tokens.

Overview of the exploit process
Overview of the attack at Nomad Bridge
Source: TRM Labs

TRM Labs comments that the vulnerability was very easy to leverage, so even people with no hacking skills or deep blockchain knowledge joined in the exploitation. However, experienced North Korean actors were also implicated.

Osei Morrell is not believed to have written or initiated the exploit code itself, but TRM Labs says he “played a central role,” and evidence suggests he conspired with others to launder large amounts of funds stolen during the exploit.

Wallets linked to Morrell received stolen assets within hours of the bridge being drained, suggesting close coordination with early attackers.

TMR Labs’ data shows that Morrell used ‘chain-hopping’ to move the stolen tokens across various blockchains, the Tornado Cash mixer to obfuscate the origin of the funds, and swapped ETH into the privacy-boosting Monero (XMR) and Dash.

Morrell's laundering process
Morrell’s money laundering process
Source: TRM Labs

To cash out the proceeds, he used non-custodial exchanges, OTC brokers, and offshore bank accounts tied to fake or opaque legal entities, and also converted some crypto to fiat through providers with no KYC standards.

Despite all the obfuscation efforts and the time that has passed since these events, blockchain transaction analysis still yielded enough clues to uncover Morrell’s identity, resulting in his arrest.

Morrell’s arrest follows that of another suspected hacker, a Russian-Israeli citizen named Alexander Gurevich, who was caught on May 1st at the Ben Gurion airport in Tel Aviv using documents under a new name, Alexander Block, he had officially changed.

According to prosecutors, Gurevich exploited the Nomad bridge flaw and withdrew about $2.89 million in digital tokens. This was followed by others finding the issue and leveraging it to siphon assets.

Jerusalem Post reports that on August 4, 2022, Gurevich contacted Nomad’s Chief Technology Officer and admitted he had been probing Nomad for weaknesses, apologizing for the trouble and later demanding a $500,000 reward for identifying the vulnerability.

read more
Trustpilot
The rating of livingsafeonline.com at Trustprofile Reviews is 9.1/10 based on 13 reviews.
Verified by MonsterInsights