GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect…

GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect your CI/CD pipelines.

Research firm StepSecurity’s CI/CD security solution Harden-Runner recently uncovered a security vulnerability within a GitHub Action, “tj-actions/changed-files,” used in over 23,000 repositories. The vulnerability allows remote attackers to discover secrets by reading action logs.

The vulnerability, identified as CVE-2025-30066, affected all versions of the compromised Action. For your information, this action identifies files modified within pull requests or commits, allowing development teams to trigger processes like testing or deployments based on specific file changes. This approach enhances the efficiency of continuous integration and continuous delivery pipelines

As per StepSecurity’s research, the malicious code focused on infiltrating the Runner.Worker process, designed to extract secrets, passwords, and authentication tokens exposed during CI/CD execution. In many scenarios, these sensitive details were likely made publicly accessible, potentially granting unauthorized individuals access to critical systems and internal services. 

The timeline of the compromise began with the introduction of a malicious commit, disguised as a routine Dependabot update, on March 14th. Immediately following this, all Action tags were redirected to point towards the compromised commit, placing a significant number of repositories at risk. Suspicious activity was subsequently flagged by the community, indicating the Action was exfiltrating environment variables and secrets.

Approximately twelve hours after this discovery, the repository was taken offline, effectively preventing further downloads of the compromised version. While the exact initiator of the takedown remains unclear, the repository was reactivated on March 16th, following the removal of the malicious commit. However, by this point, an estimated 23,000 repositories had already been exposed.

Due to the action’s widespread use, public GitHub repositories with enabled GitHub Actions were placed at considerable risk. The tj-actions maintainers claim that an attacker breached a GitHub personal access token (PAT) used by a bot with access to the repository.

GitHub responded by removing the compromised Action, necessitating users to seek alternative solutions. This removal, however, introduced potential disruptions to CI pipelines, particularly for those relying on non-cached versions.

Endor Labs exclusively published a blog post for its users, providing specific guidance on mitigating the impact. Customers utilizing the Endor Labs GitHub App were advised to search their dependencies for “tj-actions/changed-files” within the Endor Labs dashboard. Those using CI or CLI scanning were instructed to configure CI scanning with specific parameters to identify affected repositories. Additionally, auditing GitHub logs for suspicious IP addresses and rotating active secrets were recommended.

The primary objective of the attackers was likely to compromise the software supply chain, targeting open-source libraries, binaries, and artefacts generated by the affected CI pipelines, Dimitri Stiliadis, CTO and co-founder of Endor Labs, shared with his analysis Hackread.com.

“The attacker was likely not looking for secrets in public repositories — they are already public. They were likely looking to compromise the software supply chain for other open-source libraries, binaries, and artefacts created with this. Any public repository that creates packages or containers as part of a CI pipeline could have been impacted. That means potentially thousands of open source packages have the potential to have been compromised,” Stiliadis explained.

Organizations not utilizing Endor Labs were also advised to take immediate action. This included inspecting GitHub Actions workflows for the compromised Action, removing it from all branches, auditing past CI workflows for signs of compromise, and rotating any exposed secrets.

Malicious Code Hits ‘tj-actions/changed-files’ in 23,000 GitHub Repos

Scammers are sending fake extortion and ransom demands while posing as ransomware gangs, including the notorious Cl0p ransomware.…

Scammers are sending fake extortion and ransom demands while posing as ransomware gangs, including the notorious Cl0p ransomware. Learn how to spot these scams and protect your business from fraudulent attacks

Recent investigations by Barracuda Networks reveal a new trend in cybercriminal activity: the impersonation of notorious ransomware groups to defraud businesses. Researchers have documented incidents where individuals are falsely claiming affiliation with the Clop ransomware gang, leveraging the group’s notorious reputation to extort payments from unsuspecting companies to capitalize on the fear and notoriety associated with well-known cybercriminal organizations.

The latest research aligns with other recent findings that scammers have been spotted mailing fake ransomware letters to businesses’ physical addresses while posing as BianLian ransomware. These scammers have been targeting businesses in the United States by sending ransomware letters through the US Postal Service.

As for the latest campaign, Barracuda Networks’ report reveals that scammers have been crafting extortion emails that mimic the language and claims of genuine ransomware attacks.  

These emails often assert that the perpetrators have successfully infiltrated the target company’s network, exfiltrating sensitive data. To lend credibility to their claims, they reference publicly available information about actual attacks conducted by the group they are impersonating.

For example, they might cite news reports detailing a specific vulnerability exploited by the Clop gang, thereby creating a facade of authenticity. Such as in one email Barracuda Networks shared, scammers use Cl0p ransomware’s exploitation of a vulnerability in Cleo, which Hackread.com reported in December 2024.

It is also worth noting that phishing kits like FishXProxy and Telekopye allow even inexperienced scammers to create realistic phishing pages that mimic legitimate login portals. These platforms have the ability to dynamically adapt to user input and integrate with various communication channels, making them particularly effective at evading detection.

In addition to sophisticated phishing platforms, cybercriminals are also exploiting the vulnerabilities of file formats, such as Scalable Vector Graphics (SVG). These files, which contain embedded scripts, are increasingly being used to deliver malicious payloads. Because these scripts are often overlooked by security tools, they provide a means for attackers to bypass traditional defences and compromise systems. 

1.  Fake CrowdStrike Recruiters Distribute Malware
2.  Journalist Targeted in USB Drive Bombing Attack
3.  Hackers Call Employees to Steal VPN Data from US Firms
4.  Volcano Demon Ransomware Makes Phones Victim of Ransom
5.  Fake IT Calls Scam MS Teams Users into Installing Ransomware

Scammers Pose as Cl0p Ransomware to Send Fake Extortion Letters

Following the success of the Neuro Nostalgia Hackathon that closed out in 2024, Hackathon Raptors has completed its…

Following the success of the Neuro Nostalgia Hackathon that closed out in 2024, Hackathon Raptors has completed its second major event of the year – the AI-Powered DEI Web Accessibility Hackathon. This 72-hour virtual competition, held from February 28 to March 3, 2025, brought together developers worldwide to tackle one of technology’s most pressing challenges: making the web accessible to all users through AI-enhanced solutions.

This event builds upon Hackathon Raptors’ growing reputation for creating signature technical competitions, continuing the momentum from their previous IAHD DEI Web Accessibility Hackathon held in September 2023. That 48-hour event focused on e-commerce and retail accessibility challenges, laying the groundwork for this expanded AI-powered iteration. While the 2023 hackathon emphasized visual accessibility, cognitive accessibility, text resizing, and keyboard accessibility, the 2025 event pushed participants further by requiring sophisticated AI implementations to address these same challenges at scale.

**The Technical Challenge**

The hackathon addressed a critical gap in digital infrastructure: according to WebAIM’s 2023 analysis, 96.8% of the top million website homepages contain detectable WCAG failures. As the global AI in accessibility market projects to reach $7.3 billion this year (MarketsandMarkets, 2023), participants were tasked with creating functional, AI-powered accessibility tools that could be deployed in real-world applications.

Unlike traditional hackathons focusing on proof-of-concept demonstrations, this event required participants to build solutions addressing specific technical requirements:

*   Ethical AI implementation principles
*   Resource optimization for performance
*   WCAG 2.2 compliance through AI assistance
*   Cross-platform compatibility with scalable architecture
*   Implementation of current AI technologies (LLMs, computer vision, speech processing)

**Technical Deep Dive: Winning Projects****VoxSurf (1st Place)**

Team VoxSurf captured first place with a comprehensive desktop application built specifically for visually impaired users, featuring:

*   Neural speech-to-intent processing that converts natural language commands into precise browsing actions
*   Custom-trained computer vision model that identifies UI elements even when not properly tagged
*   Context-aware RAG implementation that maintains user navigation history to improve accuracy
*   Low-latency feedback system providing audio descriptions of visual content

The technical architecture leverages a client-side application that processes voice commands locally before sending complex requests to a cloud backend for heavier AI processing, maintaining responsiveness while providing sophisticated assistance.

**Accessibility Helper (2nd Place)**

Team Lakshan Krithik’s browser extension demonstrated innovative input methodologies with:

*   Real-time facial feature tracking using optimized computer vision algorithms that function even in low-light conditions
*   Machine learning model trained to distinguish between intentional and unintentional head/nose movements
*   Predictive cursor positioning that anticipates user intent based on page context
*   Hardware-accelerated processing for maintaining 60fps performance despite complex AI operations

The solution enables users with limited mobility to navigate web interfaces with minimal physical input, potentially transforming web accessibility for users with severe motor impairments.

**Browsingforall (3rd Place)**

This solution implemented:

*   Voice recognition engine optimized for command detection with high accuracy even in noisy environments
*   Computer vision system that analyzes rendered web pages to identify interactive elements
*   Command execution pipeline that translates voice inputs to DOM interactions
*   Accessibility notification system that proactively identifies potential navigation barriers

**ComplyScan (Category Winner: Technical Architecture)**

Team CtrlShiftHack’s compliance automation tool leveraged sophisticated technical approaches:

*   Static and dynamic page analysis algorithms that evaluate keyboard navigation paths
*   Contrast analysis engine using computer vision to verify color combinations against WCAG requirements
*   Machine learning classifier to identify and flag non-compliant page elements
*   Integration API allows the tool to work within existing development environments

**Expert Technical Assessment**

Igor Kiselev, Principal Director at Accenture and member of multiple professional organizations, including the IEEE, CFA, and Forbes Technology Council, evaluated projects based on technical architecture and scalability. With his extensive background in business applications and digital twin models, he provided critical insights on real-world deployment potential.

“What impressed me most about the winning solutions was their approach to system architecture,” Kiselev noted. “VoxSurf, in particular, demonstrated exceptional technical foresight by implementing a hybrid processing model that balances local and cloud computing resources. This approach ensures both privacy and performance—critical factors for accessibility tools that must function reliably across varying internet conditions. The team’s implementation of dynamic response handling based on network latency showed enterprise-grade thinking.”

Chingiz Mizambekov, Lead Functional Analyst and Proxy Product Owner at Qframe NV, brought his healthcare digitalization expertise to the judging panel. With over a decade of experience in software development and project management, including work on the Factura invoicing system for the University Hospital of Antwerp, Mizambekov evaluated projects for their practical implementation in regulated environments.

“The ComplyScan solution stood out for its technical thoroughness,” Mizambekov observed. “The team built a verification system that doesn’t just identify accessibility issues but provides contextual remediation suggestions with code samples—similar to approaches we’ve implemented in healthcare systems where compliance is non-negotiable. Their approach to programmatically verifying ARIA roles and semantic HTML structure demonstrates a deep technical understanding of both accessibility standards and modern web architecture.”

**Technical Implementation Challenges**

Participants navigated several significant technical hurdles throughout the competition:

1.  **AI model optimization**: Balancing model size and accuracy for browser-based deployment without compromising performance
2.  **Cross-device compatibility**: Ensuring consistent behaviour across operating systems, browsers, and assistive technologies
3.  **Real-time processing**: Minimizing latency for accessibility tools that require immediate feedback
4.  **Ethical considerations**: Addressing potential AI biases while maintaining user privacy and data security

**Future Technical Directions**

The hackathon highlighted several promising technical approaches for improving web accessibility:

1.  **Hybrid AI architectures** that combine edge and cloud processing for optimal performance
2.  **Multimodal interfaces** that adapt to user capabilities rather than requiring users to adapt to interfaces
3.  **Automated compliance verification** integrated directly into development workflows
4.  **Contextual assistance** that understands user intent beyond literal commands

As organizations face increasing legal and ethical pressure to make digital experiences accessible to all users, the technical solutions demonstrated at this hackathon represent significant advancements in addressing the complex challenges of web accessibility.

With the remarkable success of the AI-powered DEI Web Accessibility Hackathon, Hackathon Raptors has solidified this event as a cornerstone in the technical accessibility community.

Given the extraordinary innovations demonstrated this year, plans are underway to expand the event in 2026 and 2027, potentially incorporating multi-stage development cycles and enterprise implementation tracks. As digital accessibility continues evolving at the intersection of AI and inclusive design, this hackathon is positioned to become the definitive annual benchmark for technical progress in making the web accessible to all users.

1.  INE Security Wins 2024 SC Excellence Award
2.  One Identity Wins 2024 Top InfoSec Innovator Award
3.  EMPACT Hackathon Targets Online Human Traffickers
4.  Ultimate Guide to Designing a Logo Online: Tips and Tricks
5.  Embracing Minimalism: “Less is More” Approach in UI/UX Design

AI-Powered DEI Web Accessibility Hackathon 2025: Technical Innovations and Real-World Impact

Spring Break vacationers could open themselves up to online scams and cyberthreats this year, according to new research from Malwarebytes.

This year, Spring Break vacationers are packing more than their flip-flops, bucket hats, and sunglasses—they’re also packing a few cybersecurity anxieties for the trip.

According to new research from Malwarebytes, 52% of people said they “worry about being scammed while traveling,” while another 40% admitted that they “worry about my kids or family sharing trip details online.” While most people said they will act on these concerns—63% will make sure their security software is up to date, 53% will back up their data—roughly 10% of people said they will take no precautions whatsoever into protecting their security or privacy while on vacation.

The findings reveal that the public approaches cybersecurity as a patchwork quilt, implementing some best practices while forgoing others, and engaging in a few behaviors that carry significant risk online.

For this research, Malwarebytes conducted a pulse survey of its customers in March via the Alchemer Survey Platform.

Broadly, Malwarebytes found that:

*   52% of people “agreed” or “strongly agreed” that they “worry about being scammed while traveling.”
*   20% of people “agreed” or “strongly agreed” that they “don’t really think about protecting my data while traveling.”
*   38% of people said they will book their next travel opportunity through a “general search,” which could leave them vulnerable to malvertising.
*   Apps are a way of life, as 66% of people said they use between one and six apps specifically for travel (such as hotel apps, airline apps, and translation apps). A particularly plugged-in 8% of people said they manage more than seven apps for the same purposes.
*   To stay cybersecure and private on vacation, the majority of people will backup their data (53%), ensure their security software is up to date (63%), and set up credit card transaction alerts (56%), but 10% will take none of these—or other—steps.
*   53% of people refuse to take a single laptop with them on vacation, whereas just 1% leave even their smartphone behind—talk about a holiday.

****Risky business break****

The cybersecurity risks around personal vacations are unlike those around the holidays for major organizations and businesses, in which cybercriminals know that low staffing will leave companies more vulnerable to an attack or breach.

Instead, far-flung Spring Breakers can engage in a series of behaviors both before and during their holidays that leave them open to online scams and theft.

Take, for example, the 38% of people who told Malwarebytes that they would conduct a “general search online” in booking their next vacation. While Google searches are probably one of the most common tasks for any vacation planning, the results that people see can be manipulated through a type of cybercrime called malvertising, short for “malicious advertising.” 

In malvertising, cybercriminals will create a fake website that looks like a popular service, like Facebook, Slack, or eBay. Cybercriminals will also pay a small sum so that these fake websites show up near the top of Google’s sponsored results for relevant searches. Once users click on the websites, which appear legitimate, they’re tricked into downloading malware or handing over sensitive information to scammers.

A safer option for vacationers is to book travel directly with an airline or hotel chain. Many participants wrote this approach into the Malwarebytes survey when selecting the “Other” option (14%). Interestingly, the 29% of respondents who said they use a travel agent for booking likely also receive some extra safeguards, simply because another, experienced, person is involved in the process.

But in the same way that cybercriminals have begun abusing Google search results to send victims to dangerous websites, they’ve also done the same to trick users into downloading fake versions of popular apps.

Android “phishing” apps are a serious threat to users today—Malwarebytes detected 22,800 of them last year alone—and, as we wrote before, they represent the next step in camouflaged cyber-scamming:

> “By disguising themselves as legitimate apps—including for services like TikTok, Spotify, and WhatsApp—Android phishing apps can trick victims into typing in their real usernames and passwords on bogus login screens that are controlled entirely by cybercriminals.”

The threat here endures long after the app is installed. If enough victims unwittingly send their passwords, cyber thieves could bundle the login credentials for sale on the dark web. Once the passwords are sold, the new, malicious owners will attempt to use individual passwords for a variety of common online accounts—testing whether, say, an email account password is the same one used for a victim’s online banking system, their mortgage payment platform, or their Social Security portal.

This wouldn’t be too much a problem if modern traveling didn’t involve so many apps.

According to our survey, 44% of people manage between two to four apps specifically for travel purposes, and 9% manage between five and six apps. And while 20% of people use zero apps for travel and 14% use just one app, there are 8% of people who rely on more than seven apps strictly for travel purposes.

That could include airlines apps, hotel apps, translation apps, and more. But as more apps help with traveling needs, more opportunities arise for those apps to be falsely emulated and maliciously advertised online.

As for what people do while physically on vacation, many engaged in online behaviors that could prove risky, but they can hardly be criticized for it.

For example, 25% of people said they scan QR codes while on vacation. These codes could lead people to malicious websites, but QR codes have become normalized at restaurants that no longer have physical menus. And 33% of people “log into financial institution sites or apps to manage \[their\] budget, check purchases, etc.” This type of activity was susceptible to online eavesdropping many years ago, but everyday internet connections have become far more secure in the past decade. That said, it’s inspiring to see that 41% of people “download or install a VPN” to provide an extra level of security when browsing on public Wi-Fi.

****Safe travels****

Cybersecurity is probably the last thing people want to “pack” before going away on a break, but, thankfully, it’s something that a majority of people said they do.

For instance, 63% said they “check that \[their\] security software is up to date,” while 53% said they “backup \[their\] data.” Similarly, 56% said they “set up credit card transaction alerts.” And while it isn’t quite a majority, 47% said they turn on “Find my Device” features which can help in case of a lost or stolen device. Interestingly, people do not commit to the same precautions for their bags—just 21% of survey participants said they “put a tracker in \[their\] luggage.”

Still, there’s progress to be made.

Not only did 10% of survey participants share that they take zero cybersecurity or data privacy precautions before traveling, but 20% also agreed or strongly agreed with the statement “I don’t really think about protecting my data while traveling.”

For safety abroad, here are a few tips travelers can take before and during their next vacation:

*   **Backup your data before you head out**. Losing a device or having it stolen while on vacation won’t just ruin the trip itself—it will return the return journey, too. Backing up your data will help ensure that any lost device doesn’t lead to lost files.
*   **Turn on “Find My” features**. To respond to a lost or stolen device, turn on the “Find My” features on iPhones and Androids before your vacation so you can track a device’s location in real time.
*   **Protect your devices with antivirus and cybersecurity tools**. Modern cybersecurity tools don’t just stop viruses from landing on your devices, they also warn you about dangerous websites and links that could steal your info.
*   **Update your software**. Ensure that your devices are running on the latest versions of their operating systems. This helps prevent any known weaknesses from being exploited by cybercriminals.
*   **Use a password manager and 2FA**. Your most sensitive accounts shouldn’t just have a unique password. They should also be protected by two-factor authentication, which requires more than a password for anyone to login.
*   **Consider a VPN**. If you are doing something sensitive online, it never hurts to use a VPN. Bonus: If you’re travelling to another country where your favourite streaming shows aren’t available, a VPN can help here too.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 1 in 10 people do nothing to stay secure and private on vacation 

From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source

⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow.
The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

Frankfurt am Main, Germany, 17th March 2025, CyberNewsWire

Cyberattacks are no longer an abstract threat – they dominate risk planning for companies worldwide. The latest Link11 European Cyber Report shows an alarming trend: the number of DDoS attacks has more than doubled, and they are shorter, more targeted, and more technically sophisticated. Organizations that do not continuously evolve their security strategies face significant financial losses and long-term reputational damage.

** **The numbers speak for themselves:****

*    **137%** more DDoS attacks on the Link11 network compared to last year.
*   **A new scale has been reached:** The largest attack measured to date was **1.4 terabits per second** (Tbps).
*   **Attacks are shorter and highly effective:** Two-thirds of all attacks peaked in just 10 to 60 seconds.
*   **Multi-vector attacks are setting new standards:** The combination of different attack vectors makes defence more difficult and requires more precise protection.

****Why organizations should act now****

The Allianz Risk Barometer 2025 highlights that while digital transformation presents new opportunities, it also expands the attack surface for cyber threats. Cybercriminals are leveraging powerful botnets and increasingly sophisticated attack techniques, accelerating the speed and impact of DDoS attacks. A recent case demonstrates how these evolving threats are testing the resilience of organizations.

****Multi-vector DDoS: When Network Load Meets Application Attacks****

A four-day attack combined Layer 3/4 and Layer 7 techniques, putting both infrastructure and web applications under massive pressure. Link11 recorded a total of 120 million requests, resulting in more than a million WAF logs – a load that quickly overwhelmed conventional defenses.

****The attackers’ strategic approach was particularly striking:****

*   **Layer 3/4 attacks:** Massive data streams overwhelm the network infrastructure.
*   **Layer 7 attacks:** APIs and web applications were deliberately crippled with complex queries.
*   **Dynamic attack patterns**: Attacks were launched in waves to test the response times of defences.

Organizations that do not continuously adapt their IT security strategy risk becoming victims of targeted attacks. Web applications and APIs are particularly targeted by cybercriminals because they often handle sensitive data and control critical business processes.

****Modern security architecture is the key to resilience****

The incident underscores the growing limitations of traditional DDoS defences, emphasizing the need for more adaptive mitigation strategies. Enterprises are increasingly turning to AI-powered systems for real-time threat detection and attack prevention. Additionally, Web Application and API (WAAP) protection is gaining importance as attackers continue to exploit this critical attack vector.

** **Combining advanced protection solutions:****

*   Bot management to block automated attacks
*   Adaptive WAF systems that adapt in real time
*   AI-based attack detection for early detection of suspicious patterns

> _A holistic security strategy combines advanced DDoS mitigation, continuous monitoring, and adaptive protection mechanisms. “The increasing number of DDoS attacks shows that cybercriminals continue to rely on this proven method. However, the shortened attack time does not mean that the threat is decreasing – on the contrary: companies need to react faster and further optimize their defense mechanisms.”_
> 
> Jens-Philipp Jung, CEO of Link11

The full European Cyber Report 2025 can be downloaded **here****.**

****About Link11****

Link11 is a specialized global IT security provider that protects infrastructures and web applications from cyberattacks. Its cloud-based IT security solutions help companies worldwide to strengthen the cyber resilience of their networks and critical applications and avoid business disruption. Link11 is a BSI-qualified provider for DDoS protection of critical infrastructure. With ISO 27001 certification, the company meets the highest standards in data security.

****Contact****

**Corporate Communications**  
**Lisa Froehlich**  
**Link11 GmbH**  
**\[email protected\]**  
**+49 16098088442**

European Cyber Report 2025: 137% more DDoS attacks than last year – what companies need to know

Did you know that 43% of cyberattacks target small businesses, yet only 14% are prepared to defend themselves?…

Did you know that 43% of cyberattacks target small businesses, yet only 14% are prepared to defend themselves? For start-ups, the stakes are even higher. A single breach could lead to significant financial losses, tarnish your reputation and derail your growth trajectory. So, all things considered, cybersecurity is no longer a luxury or an afterthought, it is the need of the hour. 

As cybercriminals become more sophisticated, start-ups must recognise their vulnerabilities and take proactive measures to safeguard their operations. This guide explores the essential steps you need to protect your venture, from identifying risks to implementing strong cybersecurity practices.

****Why Cybersecurity Matters for Start-ups****

Start-ups often operate under the misconception that their small size makes them unlikely targets for cybercriminals. However, this couldn’t be further from the truth. Start-ups are particularly vulnerable to cyber attacks due to their limited resources, growing digital footprint, and often less-developed security infrastructure. 

Cybercriminals understand that strained resources mean that start-ups cannot invest significant time, effort or money into large-scale security measures, making them easier targets. The generally tighter-knit employee pool also means that the company is more susceptible to social engineering tactics than a large decentralised corporation. 

The consequences of a cyber attack can be devastating for a start-up. Beyond immediate financial losses, businesses face potential damage to their reputation, loss of customer trust and legal ramifications. And for many start-ups, a significant security breach could mean the difference between survival and failure.

But cybersecurity is not always about the sheer volume of resources you can throw at the problem. Understanding the nature of the attacks headed your way can significantly help you fight against them. 

****Common Cyber Risks Facing Start-ups****

_Image via Freepik_

Understanding the threats your start-up faces is the first step toward protecting against them. Here are the primary risks that start-ups need to be aware of:

****Data Breaches****

Start-ups often handle sensitive information, including customer data, intellectual property and financial records. A data breach can expose this valuable information, leading to significant financial and reputational damage. This type of attack commonly targets large-scale data storage solutions like servers or data clouds. They can be especially damaging both in terms of financial losses as well as a large hit to the company’s reputation. 

****Ransomware Attacks****

These attacks encrypt a company’s data and demand payment for its release. Start-ups are particularly vulnerable due to their often limited backup systems and immediate need for data access to maintain operations. While the MO for them vary from social engineering to physically infecting systems, it usually involves the attacker using a custom-made program to lock away access to data and demand payment with the threat of deleting or releasing said data. 

****Phishing Scams****

Sophisticated phishing attempts can trick employees into revealing sensitive information or downloading malicious software (usually by masquerading as a trusted entity). These attacks often target start-ups due to their typically less-experienced workforce. Start-ups also often consist of a small group of employees who have high-level access to sensitive information, making them more vulnerable. 

****Cloud Security Vulnerabilities****

As start-ups increasingly rely on cloud services for operations, inadequate cloud security measures can leave sensitive data exposed to unauthorised access. Solutions like large offline server farms are often not feasible from a financial standpoint for start-ups leaving them with no backup in the case of Cloud service attack. 

****Cybersecurity Best Practices for Start-ups****

Implementing strong cybersecurity measures doesn’t have to be overwhelming. Here are key practices that every start-up should adopt:

****Regular Security Assessments****

Conduct periodic security audits to identify vulnerabilities in your systems and processes. This helps you stay ahead of potential threats and address weaknesses before they can be exploited.

****Data Encryption****

Implement strong encryption protocols for all sensitive data, both in transit and at rest. This ensures that even if data is intercepted, it remains unreadable to unauthorised parties. Encryption protocols and programs can get expensive, but they are often worth the investment.

****Access Control****

Establish strict access control policies, limiting employee access to only the data and systems they need for their specific roles. This is especially a concern for start-ups which often have a very small team of employees. This hierarchical access control restricts the damage that can be inflicted, even if just one employee is compromised. 

****Backup Systems****

Maintain regular backups of all critical data and systems, storing them securely off-site or in the cloud. This provides a safety net in case of data loss or ransomware attacks.

****How to Implement Cybersecurity Measures****

Creating a strong cybersecurity foundation requires a systematic approach and ongoing commitment. Here’s how to get started:

****1\. Develop a Security Policy****

Create clear guidelines for data handling, access controls and security procedures. This policy should be documented and easily accessible to all employees.

****2\. Invest in Employee Education****

While IT professionals with qualifications like a Master of Cyber Security understand the complexities of cyber threats, most employees will need additional security training. Regular security awareness training helps employees recognise and respond to potential threats, making them your first line of defence against cyber attacks.

****3\. Implement Technical Controls****

Deploy essential security tools such as:

*   Multi-factor authentication
*   Endpoint protection solutions
*   Virtual Private Networks (VPNs)
*   Firewalls and antivirus software

****4\. Create an Incident Response Plan****

Develop and maintain a clear plan for responding to security incidents. This should include steps for containing the breach, assessing damage and notifying affected parties.

****5\. Regular Updates and Maintenance****

Keep all software and systems updated with the latest security patches. Regularly review and update security measures to address emerging threats.

****Building a Security-First Culture****

Creating a security-conscious culture is crucial for long-term success. This means making cybersecurity a priority from day one and integrating it into every aspect of your operations. Encourage open communication about security concerns and celebrate security-conscious behaviour.

****Investing in Cybersecurity****

For start-ups, cybersecurity isn’t just an IT issue – it’s a business imperative. By understanding the risks and implementing appropriate security measures, you can protect your venture’s future while building trust with customers and stakeholders. 

Remember, cybersecurity is an ongoing journey, not a destination. Start with the basics, build incrementally, and stay vigilant as your business grows.

While the initial investment in cybersecurity might seem a lot, the cost of a security breach far outweighs the resources required for prevention. By taking proactive steps to secure your start-up today, you’re investing in its long-term success and sustainability in an increasingly digital world.

Feature/Top Image via Freepik

Start-up Security 101: How to Protect Your Venture from Cybersecurity Risk

Cybersecurity tips to protect your cryptocurrency from hackers, scams, and fraud. Learn best practices for securing digital assets…

Cybersecurity tips to protect your cryptocurrency from hackers, scams, and fraud. Learn best practices for securing digital assets and staying safe online.

The cryptocurrency market is changing and growing daily, with new coins created weekly. While the broader market is struggling with weak demand and remains at a critical juncture, Cardano’s ADA is among the top-performing altcoins.

The 8th largest cryptocurrency by market cap has made a breakout of the local support of $0.6638 and could test the $0.70 zone soon, according to U.Today. When discussing the bullish outlook for the ADA price prediction, it’s essential to understand that the Securities and Exchange Commission’s potential approval of Grayscale’s Cardano ETF filing can impact liquidity and trading volumes. 

Investors and traders aren’t the only ones interested in cryptocurrency. Hackers are thrilled with the idea of unregulated money, which opens new attack vectors and allows them to disappear, leaving no trace. ADA and other cryptocurrency transactions can’t be reversed, altered, or cancelled.

Once transactions have been written to the blockchain – in other words, confirmed – they become immutable. If threat actors get access to or transfer funds from a victim’s wallet, the money is lost forever. Neither transactions nor accounts are connected to real-world identities, so it’s easy for hackers to remain unidentified when they use cryptocurrency, 

****Cyberattacks Are An Ever-Present Threat, And The Crypto World Is No Exception** **

No threat facing the world has grown so fast, or in a way as difficult to understand, as the danger from cyberattacks. Investors and traders must understand that the inherent risk is increasing; cybercriminals are getting smarter, and their tactics are becoming more sophisticated. There are multiple types of cyberattacks where malicious actors take advantage of cryptocurrencies, such as: 

*   **_Ransomware_:** When ransomware occurs in the crypto space, malware encrypts files containing the victim’s private keys or digital wallet, making them unreadable. The attacker demands a ransom to provide the encryption key. As a rule, hackers demand payment in the form of cryptocurrency. Infection methods include phishing emails, malicious websites, and compromised accounts. 

*   **_DDoS extorsion_:** Threat actors blackmail crypto exchanges or blockchain networks by asking them to pay ADA or any other cryptocurrency to avoid their site or service being disrupted by a DDoS attack. The system may struggle to process transactions. Plus, legitimate users can’t connect to network resources.

*   **_Crypto hijacking_:** The computing power of a compromised device is used to mine cryptocurrency without the owner’s knowledge (Also called cryptomining). Smartphones, servers, and computers are vulnerable to crypto hijacking. Applications may be able to access data and information from the device or other applications. Unlike malware, control is camouflaged in the background. 

****We Suggest These Steps To Secure Your Cryptocurrency** ******Transfer Crypto From A Centralized Exchange To A Self-Custody Wallet** **

If you wish to own Cardano’s ADA, you can choose from among the many crypto exchanges that provide this service. Of course, you must give priority to the security features. Otherwise, you risk losing your hard-earned savings. Crypto exchanges are some of the most targeted in terms of cyberattacks, and while most attempts by hackers have been successfully mitigated, there have been several reports of damaging attacks. Find a reliable exchange with strong security measures and strong DDoS prevention tools. 

Better yet, withdraw your funds to a secure wallet to stay in control of your assets. Due to the difficulty of effectively implementing safety measures, crypto exchanges can’t fully guarantee protection. Whether they call it withdrawing, sending, or transferring, crypto exchanges let you move your funds to a wallet that is compatible with the asset you’re relocating.

A self-custody wallet puts you in complete control of your cryptocurrency, so you must take full responsibility for the security. Lock your account when not in use to make it harder for others to access your account. 

****Keep Safe Backups Of Everything** **

No matter what type of wallet you use, having a backup of your data ensures quick recovery and minimizes information loss. Go to your wallet’s settings and select the backup option or the export keys option; encrypt your backups to protect against unauthorized access. If you lose your wallet’s private keys, you’ve permanently lost your cryptocurrency. Keep multiple backups on different devices, such as USB drives and paper, which aren’t prone to failure. This way, you have alternate recovery paths. 

****When Dealing With Unsolicited Messages, Be Careful** **

One of the most prevalent social engineering techniques, phishing, involves sending deceptive messages that seem to be from legitimate sources. Don’t reply without investigating. Most importantly, never confront the sender of a phishing message yourself because it could result in you being targeted specifically. The sender doesn’t even know if your number is active.

Refrain from opening attachments or clicking on links from unidentified sources even if the sender seems familiar, as you can potentially infect your phone. A phishing link can direct you to a website containing malicious code. You can always use a free site like VirusTotal to scan for malicious files and links before executing/opening them.

Replying to unsolicited messages increases the chances of receiving more spam, so you should block the number. It requires a few adjustments in your settings. Android phones allow for freedom when it comes to customization, so the process will vary from device to device.

Many phones have built-in options to filter out messages from unknown senders or mark texts as spam. Be cautious when sharing your phone number online with unfamiliar organizations because it exposes you to other social engineering-based tactics, such as pretexting, quid pro quo, or vishing. 

****In Closing** **

Cyberattacks have become increasingly targeted and complex due to sophisticated pieces of malware. Individual users are more vulnerable than ever before since hackers have adapted their strategies to exploit weaknesses in smart contracts, wallets, and decentralized finance (DeFi) platforms. As such, it’s necessary to take personal responsibility and protect yourself. Acquire new skills, expand your knowledge, and, above all, shift your perspective.

Image credits: Free Vector | Realistic cardano coin illustration

Cybersecurity in Crypto: Best Practices to Prevent Theft and Fraud

Plus: A nominee to lead CISA emerges, Elon Musk visits the NSA, a renowned crypto cracking firm’s secret (and problematic) cofounder is revealed, and more.

Knifings, firebombings, shootings, and murder-for-hire plots—all linked to a splinter group of the 764 crime network called “No Lives Matter.” According to its own manifesto, the group seeks to “purify mankind through endless attacks” and has released at least two “kill guides” tied to violent plots in the US and Europe. Intelligence documents reviewed by WIRED reveal growing concern among analysts, but experts remain unsure how to stop the group’s spread.

On Monday, X experienced intermittent outages after a botnet flooded the social network with junk traffic in an attempt to take down its system. Elon Musk stated that the distributed denial-of-service attack originated from Ukrainian IP addresses, implying that the country—already under siege by a Russian invasion and frequently mocked by the centibillionaire—may have been responsible. Security experts tell WIRED that this is not how DDoS attacks work.

Meanwhile, inside the Cybersecurity and Infrastructure Security Agency, mass layoffs are hurting US cyberdefense, weakening protections against foreign adversaries. Vital staff cuts have left employees overworked and strained international partnerships, according to interviews with staff at the agency that helps safeguard cities, businesses, and nonprofits from cyberattacks. “A lot of people are scared,” says one employee. “We’re waiting for that other shoe to drop. We don't know what's coming.” As WIRED takes you inside the agencies at the center of the uncertainty and chaos of the second Trump administration, we've updated our quick and easy guide to using Signal to help you get the most out of the messaging app’s end-to-end encryption.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

Those “green bubbles,” the cross-platform text messages that annoy iPhone owners and keep Android users relegated to a group-chat underclass, aren’t just a cultural disconnect. They’re also a security issue: Text messages sent between Android and iOS devices—unlike blue-bubble iMessage texts or Android-to-Android messages—aren’t end-to-end encrypted, leaving them open to surveillance or interception. Now, that may finally be changing.

The GSM Association, responsible for many widely used telecom standards, this week announced that its Rich Communication Services (or RCS) protocol will now support end-to-end encryption for cross-platform texting, and Apple revealed that it will now integrate that feature of RCS into its iOS devices. Until now, Apple and Google had both supported RCS’s other features in texts sent between iOS and Android, but not end-to-end encryption, which ensures that only the devices sending and receiving messages can decrypt them and not any server or snoop that sees them in transit.

Neither Apple nor the GSMA has said exactly when the new privacy features are launching. Until then, anyone sending cross-platform messages would be wise to stick with apps like WhatsApp or Signal that have long provided end-to-end encryption—and have also helped Android and iPhone users avoid personal disputes over bubble colors.

**Sean Plankey Nominated as Head of CISA, America’s Top Cybersecurity Agency**

The White House has tapped Sean Plankey to run CISA, the agency within the Department of Homeland Security primarily responsible for American digital defense. Plankey, long considered the leading contender for the role, served in multiple cybersecurity positions in the first Trump administration and previously held senior roles in US Cyber Command. In that DOD agency focused on cyber offense, he served as a weapons and tactics branch chief and earned a Bronze Star for hacking operations in Afghanistan. CISA, like many federal agencies, has faced hundreds of personnel cuts in recent weeks, and its previous director, Chris Krebs, came under harsh criticism under the previous Trump administration for the agency’s work to counter disinformation and secure elections. Krebs was fired in a Trump tweet near the end of his term after CISA described the 2020 election, whose results Trump baselessly contested, as the “most secure in American history.”

**Elon Musk Visits the National Security Agency**

Not even the National Security Agency has been spared from Elon Musk’s scorched-earth campaign to gut the federal government. On Wednesday, The Wall Street Journal reported that Musk had visited the intelligence agency in Fort Meade, meeting with leadership to discuss staff reductions and operational changes, according to current and former US officials who spoke to the Journal.

Despite being one of the most insulated branches of US intelligence, the NSA has still found itself pulled into Musk’s orbit. The visit to Fort Meade is another sign of the sweeping nature of his influence and the extraordinary access the world’s richest man has been granted over even the most secretive federal operations.

Last month, staff at the intelligence agency received emails offering deferred resignations, signaling impending changes. Then, a week ahead of his visit, Musk publicly called for an overhaul of the intelligence and cybersecurity agency. Posting to his social media site X, Musk wrote, “The NSA needs an overhaul,” alongside an apparent agency recruitment graphic featuring a group of college-aged people of color and a list of universities where the NSA was conducting outreach—seemingly mocking the agency’s recruitment efforts.

**A Buzzy Crypto Cracking Firm Had a Hidden CoFounder Accused of Sexual Assault**

The cryptocurrency recovery firm Unciphered has made headlines with its feats of whitehat wallet cracking on behalf of customers who have lost access to their cryptocurrency fortunes. In the fall of 2023, for instance, the company cracked a model of encrypted IronKey USB drive believed to hold 7,000-plus bitcoins now worth well over half a billion dollars. Now, The Washington Post reports that one of the cofounders of that company was Morgan Marquis-Boire, a once-lauded hacker and security researcher for Google and Citizen Lab who was later accused of sexually assaulting multiple women. The reported involvement of Marquis-Boire, who has largely disappeared from the cybersecurity world after facing the sex crime accusations in 2017, was kept secret from even many of the startup’s staff, and the revelations of his role have left the company in “disarray,” according to the Post.

**A Reporter Behind an Indian Hacker-for-Hire Story Is Fighting to Regain His Citizenship**

In November of 2023, Raphael Satter was one of a team of Reuters reporters who published an in-depth feature on Appin Technology, a startup that allegedly hacked numerous celebrity and civil society targets on behalf of clients. A group with a similar name responded by suing, and obtained a court ruling that for a time successfully censored Reuters’ story—a remarkable case of an Indian judge restricting free speech internationally. Satter is now fighting a different battle following publication of that story. In late 2023, his Overseas Citizen of India (OCI) card—a kind of international citizenship extended to foreign citizens of Indian origin and those married to Indians—was revoked around the same time as the judge filed the injunction. A letter sent to Satter in December of that year accused him of “maliciously creating adverse and biased opinion against Indian institutions in the international arena.” Satter is now petitioning a Delhi court to reverse that revocation, which has prevented him from entering India to visit family there.

Tag

#git