Gambling companies are sharing their users’ data with Meta for marketing and tracking purposes.

While you might think you’re hitting the jackpot, whether you’ve consented to it or not, online gambling sites are playing with your data. Users’ data, including details of webpages they visited and buttons they clicked, are being shared with Meta, Facebook’s parent company.  

The Observer reports that over 150 UK gambling websites have been extracting visitor data through a hidden embedded tracking tool, and then sending that data to Meta in order to profile people as gamblers and flood them with Facebook ads for casinos and betting sites.

The gambling websites used and shared data for marketing purposes—without obtaining explicit permission from the users—in an apparent breach of data protection laws. The websites include popular sites like Hollywoodbets, Sporting Index, Lottoland, and Bwin.  

Of the 150 websites that were tested, 52 used a tracking tool called Meta Pixel to share data directly and without explicit consent. This data was automatically transferred when loading the webpage, before users could even accept or decline the use of their data.  

The data collection resulted in the reporter—who said they never once agreed to the use of their data for marketing purposes— being inundated with ads for gambling websites. In one browsing session, the reporter encountered ads from 49 different brands, including from betting companies which were not involved in the data collection and had been using Meta Pixel within the rules.  

Wolfie Christl, a data privacy expert investigating the ad tech industry commented:

> “Sharing data with Meta is highly problematic, even with consent, but doing so without explicit informed consent shows a blatant disregard for the law. Meta is complicit and must be held accountable” 

This isn’t the first time that gambling sites have been caught unlawfully selling off user data, and comes amid calls for a wider investigation into the targeting of gamblers, as well as the need for more protective measures.

**Don’t gamble away your data and stay protected**

Here are some ways to protect your data while using gambling (or any other) sites online:

*   Use a VPN, especially on public Wi-Fi networks
*   Use privacy-focused browsers and search engines, such as Brave
*   Clear your browsing data when closing your browser
*   Review the permissions of all your apps. Only grant them permission to access things they absolutely need.
*   Disable location tracking for as many apps as possible
*   Disable personalized ads as much as you can
*   Keep your devices up-to-date. This protects you from vulnerabilities that cybercriminals might try to exploit
*   Install Malwarebytes Browser Guard—our free tool that protects against ad tracking.

 Gambling firms are secretly sharing your data with Facebook  

Privacy, security, and unrestricted access are the promises of a personal VPN. But what does it actually do,…

Privacy, security, and unrestricted access are the promises of a personal VPN. But what does it actually do, and why do so many people rely on it? In an era of constant digital surveillance, increasing cyber threats, and growing concerns over data privacy, VPNs (Virtual Private Networks) have surged in popularity.

But not all VPNs are created equal. Some are designed for corporate use, while others cater to individuals looking for enhanced online anonymity. So, let’s break it down: What is a personal VPN? How does it work? And what benefits does it bring to the table?

****Understanding Personal VPNs****

A Personal VPN is a service that encrypts your internet traffic and routes it through a secure server, masking your IP address and online activities. Unlike business or corporate VPNs, which are typically used to provide remote employees with access to internal company networks, personal VPNs focus on individual users who want to protect their privacy, bypass geo-restrictions, or stay safe on public Wi-Fi.

Think of it as a digital invisibility cloak, one that shields you from prying eyes, whether they belong to hackers, advertisers, or even your own Internet Service Provider (ISP).

But why does this matter? Consider this: 70% of internet users worldwide are concerned about their online privacy (Statista, 2023). That’s a lot of people looking for ways to stay anonymous, avoid tracking, and prevent data breaches.

****How Does a Personal VPN Work?****

A VPN functions like a secure tunnel between your device and the internet. Here’s a simplified breakdown of what happens when you connect to a VPN server:

*   **Your device encrypts all outgoing internet traffic.** This means your browsing data, passwords, and online activities become unreadable to outsiders.

*   **The encrypted data is sent to a VPN server, located in a different region or country.** Your real IP address is replaced with one from the VPN server, making it appear as if you’re browsing from that location.

*   **The server forwards your requests to the internet.** Websites and services see only the VPN server’s IP address, not yours.

*   **Incoming data follows the same path back, fully encrypted.** This prevents hackers, ISPs, and governments from snooping on your activity.

****What Is a Personal VPN Server?****

For those who want even more control, a personal VPN server is an option. Instead of relying on a commercial VPN provider, you can set up your own VPN server; on a cloud platform, a home router, or a dedicated server. This offers:

*   **Full control over security settings**

*   **No reliance on third-party VPN providers**

*   **Faster speeds with fewer users sharing the server**

However, setting up a personal VPN server requires technical knowledge and maintenance. Most people opt for paid VPN services instead.

****Key Features of a Personal VPN********1\. Strong Encryption****

A good VPN uses AES-256 encryption; the same standard used by governments and banks. It ensures that even if your data is intercepted, it remains unreadable.

****2\. No-Logs Policy****

Some VPNs keep logs of your online activity, which defeats the purpose of using one. The best VPNs follow a strict no-logs policy, meaning they don’t track or store user data.

****3\. Multiple Server Locations****

Want to access Netflix libraries from different countries? A VPN with global server locations lets you bypass geo-blocks and censorship.

****4\. Kill Switch****

If your VPN connection drops unexpectedly, a kill switch cuts off your internet to prevent data leaks.

****5\. Split Tunneling****

Some users need certain apps to bypass the VPN. Split tunneling allows you to choose which traffic goes through the VPN and which doesn’t.

****6\. Fast Speeds****

VPNs can slow down your connection, but top-tier services use high-speed servers to **minimize lag and buffering**.

****What Is the Best VPN for Personal Use?****

With so many options, what is the best personal VPN? The answer depends on your needs. It is quite difficult to choose the most balanced solution in terms of security features, anonymity, functionality, speed, number of servers and price. According to VeePN VPN, users should choose a VPN with a proven history of protecting their privacy.

****What Is a Personal VPN on an iPhone?****

If you’ve ever seen a “Personal VPN” option in your iPhone settings, you might wonder what it means. Apple allows users to configure VPN connections manually or use third-party VPN apps. The built-in option is designed for those with a VPN configuration file (such as one provided by an employer or a self-hosted VPN).

****Benefits of Using a Personal VPN********1\. Privacy Protection****

Your ISP can see everything you do online. A VPN stops this by encrypting your traffic, preventing tracking, data collection, and targeted ads.

****2\. Security on Public Wi-Fi****

Hackers love public Wi-Fi networks. Airports, coffee shops, hotels. A VPN encrypts your data, making it useless to cybercriminals.

****3\. Access Restricted Content****

Whether it’s streaming services, websites blocked in your country, or social media platforms, a VPN can bypass geo-restrictions and censorship.

****4\. Safe Torrenting****

Downloading torrents can expose your real IP address. A VPN masks your identity, ensuring anonymous and secure torrenting. (Avoid downloading pirated software, eBooks, or engaging in any other illegal activities while torrenting.)

****5\. Avoid Bandwidth Throttling****

Some ISPs slow down your connection based on your activities (e.g., streaming, gaming). A VPN hides your activity, preventing speed throttling.

****6\. Better Online Deals****

Airline tickets, hotel rates, and rental services sometimes offer different prices based on your location. A VPN lets you change your virtual location and find better deals.

At the end of the day, a personal VPN is all about keeping your online activity private, secure, and unrestricted. Whether you want to protect your data on public Wi-Fi, stop your ISP from tracking you, or access content from different parts of the world, a good VPN can make a big difference. Not all VPNs are the same, so it’s important to pick one that actually protects your privacy without slowing you down. If you’re serious about staying safe online, using a VPN is one of the easiest and smartest ways to do it.

What Is a Personal VPN? Features, Benefits, and How It Works

The Importance of Balancing Cost and Security!

Finding a virtual private network (VPN) that offers complete privacy protection without breaking the bank might be difficult when worries about online privacy are growing. Many users must decide between paying for premium VPNs, which are usually expensive, and using free services that can **jeopardize their data**.

However, what if you could locate a reasonably priced service with robust privacy features? The top VPNs that ideally balance cost and security. Whether streaming, torrenting, or safeguarding your online presence, these options are tailored to meet your needs without breaking the bank. The key considerations for choosing a VPN are to explore the best budget-friendly options available today.

****Key Features to Look for in a Secure VPN****

When privacy is a concern, knowing which features are most important is fundamental because not all VPNs are equal. For example, any trustworthy **VPN** must-have military-grade encryption to shield your data from prying eyes. Protocols like OpenVPN or WireGuard ensure secure and efficient connections, and a strict no-logs policy keeps your browsing activity private.

The user experience can be improved by features like a kill switch, DNS leak protection, and multi-device compatibility. Transparency is essential for those worried about privacy; look for suppliers whose claims have been independently audited.

These fundamental capabilities are still available in low-cost VPNs, demonstrating that economy need not equate to sacrificing quality. By prioritizing these factors, you can ensure your VPN satisfies strict security requirements while remaining within your budget.

****Top Affordable VPNs for Streaming and Torrenting****

Streaming and torrenting are two of the most popular reasons individuals seek VPNs. However, these activities require a service with particular features, such as avoiding geo-restrictions and preserving quick, reliable connections. Cheap VPNs like NordVPN and Surfshark are excellent choices for these purposes.

While NordVPN offers dedicated P2P servers for torrenting, Surfshark allows unlimited device connections, making it perfect for families or individuals with many devices. Both providers can unblock well-known **streaming services** like Netflix and Hulu thanks to SmartDNS capability.

These VPNs demonstrate flawless streaming and safe torrenting, which is possible without breaking the bank. Purchasing a reasonably priced VPN with strong features might improve your online experience without compromising privacy.

****Evaluating Privacy Policies: No-Logs and Transparency****

Examining a VPN’s privacy policies is essential when selecting one. A “no-logs” policy guarantees that your actions stay anonymous by preventing the supplier from storing your browsing data. But not every no-log assertion is made equally.

To ensure transparency, choose VPNs that third parties audit, such as ExpressVPN and CyberGhost. These suppliers have demonstrated their commitment to protecting their customers’ privacy by permitting independent companies to audit their systems. 

The jurisdiction in which the VPN works should also be taken into account. Services based in privacy-friendly countries like Switzerland or the British Virgin Islands are not subject to invasive data retention laws. A transparent and reliable VPN policy is non-negotiable for privacy-conscious users; even budget-friendly options can meet these stringent standards.

****Practical Use Cases: Everyday Benefits of a Secure VPN****

More than just a tool for techies, a secure VPN is useful for regular users. A VPN lowers the danger of hacking by protecting private information on public Wi-Fi networks for frequent travellers. VPNs allow remote employees to safely access corporate networks without disclosing sensitive data.

Because a VPN protects users from online tracking and invasive advertisements, even casual internet users can benefit from increased privacy. Those with limited funds can use inexpensive VPNs like ProtonVPN and Windscribe because they provide free tiers with strong security features. Using a secure VPN to stream, shop online, or get around censorship guarantees that your digital activities stay private and protected.

****Affordable Privacy is Within Reach****

Finding a **cheap VPN** that meets your spending limit doesn’t have to be complicated. Concentrating on essential features like encryption, no-logs policies, and multi-device support may give you strong privacy without exceeding budget. Affordability and security can coexist, as shown by services like Surfshark, NordVPN, and ProtonVPN, which serve a range of use cases from streaming to regular online safety.

Accept the comfort of protecting your digital footprint while adhering to your spending plan. Users concerned about their privacy can browse the internet with confidence and security if they have the correct VPN.

Cheap Yet Secure: Top VPNs for Privacy-Conscious Users on a Budget

Subaru STARLINK flaw exposed a critical security vulnerability, enabling unauthorized access to vehicle tracking, remote control, and sensitive…

Subaru STARLINK flaw exposed a critical security vulnerability, enabling unauthorized access to vehicle tracking, remote control, and sensitive customer data.

A vulnerability was recently discovered by cybersecurity researchers Shubham Shah and Sam Curry in Subaru’s STARLINK-connected vehicle system, enabling them to remotely start, stop, and track vehicles. The vulnerability in Subaru’s Starlink in-vehicle service, allowed attackers to remotely control and track connected vehicles. 

The vulnerability, an arbitrary account takeover flaw in the Starlink admin portal, enabled the duo to compromise a Subaru employee account. This flaw could let them target vehicles and customer accounts across the United States, Canada, and Japan.

Exploiting this flaw, Curry and Shah could gain unauthorized access to sensitive customer and vehicle data, and even remotely control targeted vehicles. According to a blog post published by researchers, the issue originated from a flaw in the Subaru STARLINK admin portal, a system intended for employee use.

This portal had a critical vulnerability that allowed attackers to reset employee passwords without requiring any confirmation. This meant that by simply knowing an employee’s email address, an attacker could gain access to their account.

> _“It appeared that there was a “resetPassword.json” endpoint that would reset employees’ accounts without a confirmation token. If this worked how it was written in the JavaScript, then an attacker could simply enter any valid employee email and take over their account.”_
> 
> Sam Curry

Researchers further bypassed two-factor authentication (2FA) by manipulating the website’s code, effectively disabling the security measure. With unauthorized access to the admin portal, the researchers demonstrated the ability to, start, stop, lock, and unlock any Subaru vehicle, and access a year’s worth of detailed location history for any vehicle, including stops and engine starts, providing precise locations with updates every time the engine started. 

Furthermore, they could retrieve the personal information of any customer, including contact details, addresses, billing information (partially masked), and vehicle PINs. They could also add themselves as authorized users to other vehicles, effectively taking control of them without the owner’s knowledge.

Researchers reported this vulnerability to Subaru on November 20, 2024, and the company in response promptly addressed the issue, patching it within 24 hours. The findings were publicly disclosed on January 23, 2025.

****Previous Hacks by the Duo****

Sam Curry and Shubham Shah are well-known for their creative and innovative methods of uncovering security vulnerabilities and responsibly disclosing them to companies.

One of their notable discoveries involved exploiting vulnerabilities in the globally used Points.com loyalty system. This flaw allowed unauthorized access to sensitive user data, including names, addresses, email addresses, phone numbers, and transaction details.

In December 2022, Sam Curry identified a critical app flaw that compromised Honda and Nissan vehicles through their VINs. Attackers could exploit this vulnerability to unlock doors, honk horns, and flashlights, and even start the vehicle remotely.

In September 2024, Sam Curry and three other security researchers found a way to control Kia vehicles by exploiting vulnerabilities linked to their license plates.

1.  **How Hackers Can Remotely Unlock/Start Honda Cars**
2.  **Cybercriminals Exploit CAN Injection Hack to Steal Cars**
3.  **Critical Intel chip flaw left cars and IoT devices vulnerable**
4.  **Self-driving cars can be fooled by displaying virtual objects**
5.  **Tesla cars can be remotely hacked using drone, WIFI dongle**

Subaru STARLINK Flaw Enabled Remote Tracking and Control of Vehicles

View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 8.5
ATTENTION: Low attack complexity
Vendor: Schneider Electric
Equipment: EVlink Home Smart and Schneider Charge
Vulnerability: Cleartext Storage of Sensitive Information
2. RISK EVALUATION
Successful exploitation of this vulnerability may expose test credentials in the firmware binary.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports that the following EVlink Home Smart and Schneider Charge charging stations are affected:
EVlink Home Smart: All versions prior to 2.0.6.0.0
Schneider Charge: All versions prior to 1.13.4
3.2 VULNERABILITY OVERVIEW
3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312
A cleartext storage of sensitive information vulnerability exists that exposes test credentials in the firmware binary.
CVE-2024-8070 has been assigned to this vulnerability. A CVSS v3 base score of 8.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Transportation Systems
COUNTRIES/AREAS DEPLOYED: Europe, Asia Pacific, Middle East, and Africa
COMPANY HEADQUARTERS LOCATION: France
3.4 RESEARCHER
Simon Petitjean reported this vulnerability to Schneider Electric.
4. MITIGATIONS
Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:
EVlink Home Smart: For already connected products, Version 2.0.6.0.0 of EVlink Home Smart includes a fix for this vulnerability and has been deployed to automatically upgrade all charging stations connected to the Wiser application.

Make sure the charging station is connected to the Wiser application to ensure the new version is downloaded and installed.
For new installations, a fix for this vulnerability is enforced through eSetup commissioning application.
The installed firmware version can be verified through Wiser application (refer to the settings page for the charging station).
Schneider Charge: For already connected products, Version 1.13.4 of Schneider Charge includes a fix for this vulnerability and has been deployed to automatically upgrade all charging stations connected to the Wiser application.

Make sure the charging station is connected to the Wiser application to ensure the new version is downloaded and installed.
For new installations, a fix for this vulnerability is enforced through eSetup commissioning application.
The installed firmware version can be verified through either Wiser application (refer to the settings page for the charging station), or the third-party supervision application.
Schneider Electric strongly recommends the following cybersecurity best practices:
Device should only be used in a personal home network.
Device should not have a publicly accessible IP address.
Do NOT use port forwarding to access a device from the public Internet.
A device should be on its own network segment. If your router supports a guest network or VLAN, it is preferable to locate the device there.
Use the strongest Wi-Fi encryption available in the home Wi-Fi network, such as WPA3 or WPA2/3 with protected management frames.
Schedule regular reboots of your routing device, smartphones, and computers.
Ensure that unauthorized individuals cannot gain physical access to your devices or regularly inspect the device for visual clues that may reveal a tampering attempt.
For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. and the associated Schneider Electric Security Notification SEVD-2024-282-04 in PDF and CSAF.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.
5. UPDATE HISTORY
January 23, 2025: Initial Publication

Schneider Electric EVlink Home Smart and Schneider Charge

Millions of devices, including home routers, VPN servers, and CDNs are vulnerable to exploitation due to critical flaws…

Millions of devices, including home routers, VPN servers, and CDNs are vulnerable to exploitation due to critical flaws in common tunnelling protocols like IPIP, GRE, and 6in4/4in6. Learn how these vulnerabilities can be exploited for malicious attacks and how to protect your devices.

New vulnerabilities in multiple tunnelling protocols (IPIP/IP6IP6, GRE/GRE6, 4in6, 6in4) have been discovered by Top10VPN in collaboration with security researcher Mathy Vanhoef. These vulnerabilities allow attackers to hijack affected internet hosts to perform anonymous attacks and gain unauthorized network access. 

A large-scale internet scan identified 4.2 million open tunnelling hosts. This includes critical infrastructure such as VPN servers, home routers, core internet routers, mobile network gateways, and even content delivery networks (CDNs) operated by major players like Facebook and Tencent. Vulnerable hosts can enable a range of attacks, including new DoS techniques and DNS spoofing. The identified vulnerabilities include CVE-2024-7595, CVE-2025-23018/23019, and CVE-2024-7596.

The most affected countries are China, France, Japan, the U.S., and Brazil. Over 11,000 autonomous systems (AS) have been impacted, with Softbank, Eircom, Telmex, and China Mobile being the most affected.

The vulnerabilities stem from many internet hosts accepting tunneling traffic without verifying the sender’s identity. This lack of authentication allows attackers to exploit these hosts as proxies for malicious activities. 

“These hosts accept unauthenticated tunneling traffic from any source. This means they can be abused as one-way proxies to perform a range of anonymous attacks. Vulnerable hosts can also potentially be abused to gain access to victims’ private networks,” Top10VPN’s researcher and report author Simon Migliano noted.

Specifically, attackers can manipulate these hosts to send traffic on their behalf, concealing their true origin and making it difficult to trace attacks back to them. In some cases, attackers might be able to exploit these vulnerabilities to gain access to private networks connected to the hijacked host.

Tunneling protocols, such as IPIP, GRE, and 6in4/4in6, play a crucial role in modern networking, enabling seamless communication across diverse networks. However, many devices utilizing these protocols lack proper authentication and encryption, leaving them vulnerable to exploitation. 

According to Top10VPN’s report, at least 1,365 vulnerable VPN servers were identified, including consumer VPNs, routers with remote access features, and business VPNs. AoxVPN, a service with over a million users, was among those with vulnerabilities.

Additionally, around 1,200 vulnerable dynamic DNS routers, primarily Synology models offering remote access via VPN Plus Server, were detected. And, 171 company VPN servers were exposed, mainly using the GRE protocol, belonging to businesses and organizations in 33 countries, with the United States, China, and Hong Kong being the most affected. Over 17% of vulnerable devices were Free ISP’s home routers in France, which accepted unauthenticated traffic.

Furthermore, researchers discovered novel attack methods, such as “Ping-pong Amplification” and “Tunneled-Temporal Lensing,” which leverage these vulnerabilities to launch powerful Denial-of-Service (DoS) attacks. These vulnerabilities can also amplify the impact of existing attacks, such as DNS spoofing, traditional amplification DoS attacks, off-path TCP hijacking, SYN floods, and certain WiFi attacks.

The research highlights the need for enhanced security measures in these protocols to mitigate risks and ensure the reliability of our interconnected world. Proactive measures, including regular security audits, software updates, and increased awareness among system administrators and end-users, are also important for identifying and patching vulnerable devices.

1.  **Millions of websites using CDNs at risk of CPDoS attack**
2.  **DNS Tunneling Used for Stealthy Scans and Email Tracking**
3.  **GoogleUserContent CDN Hosting Images Infected with Malware**
4.  **Fake GlobalProtect VPN Downloads Spread WikiLoader Malware**
5.  **Millions of Email Servers Exposed Due to Missing TLS Encryption**

Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally

As the US faces “the worst telecommunications hack in our nation’s history,” by China’s Salt Typhoon hackers, the outgoing FCC chair is determined to bolster network security if it’s the last thing she does.

As the United States scrambles to kick China out of its communications networks, Jessica Rosenworcel, the outgoing Democratic chair of the Federal Communications Commission, says it’s vital for her Republican successor to maintain strong oversight of the telecommunications industry.

The government is still reeling from the Chinese “Salt Typhoon” hacking campaign that penetrated at least nine US telecom companies and gave Beijing access to Americans’ phone calls and text messages and the wiretap systems used by law enforcement. The operation exploited US carriers’ shockingly poor cybersecurity, including an AT&T administrator account that lacked basic security protections.

To prevent a repeat of the unprecedented telecom intrusion, Rosenworcel used the waning days of her FCC leadership to propose new cybersecurity requirements for telecom operators. On Thursday, the commission narrowly voted to approve her proposal. But those rules face a bleak future, with president-elect Donald Trump preparing to take office and control of the FCC transferring to commissioner Brendan Carr, a Trump ally who voted against Rosenworcel’s regulatory plan.

In an interview days before Trump’s inauguration, Rosenworcel is adamant that regulation is part of the answer to America’s telecom security crisis. And she has a stern message for Republicans who think the solution is to let the telecoms police themselves.

“We are wrestling with what has been described as the worst telecommunications hack in our nation's history,” she says. “Either you take serious action or you don't.”

**“The Right Thing to Do”**

Rosenworcel’s plan consists of two steps. First, the FCC formally declared that the 1994 Communications Assistance for Law Enforcement Act (CALEA), which required telecom companies to design their phone and internet systems to comply with wiretaps, also requires them to implement basic cyber defenses to prevent tampering. Next, the FCC proposed requiring a wider range of companies regulated by the commission to develop detailed cyber risk-management plans and annually attest to their implementation.

The outgoing chairwoman describes the rules as a commonsense response to a devastating attack.

“In the United States in 2025, it would shock most consumers to know that our networks do not have minimum cybersecurity standards,” Rosenworcel says. “We're asking the carriers to develop a plan and certify they follow that plan. That's the right thing to do.”

Absent these standards, she adds, “our networks are going to lack the protection they need from nation-state threats like this in the future.”

But Republicans are unlikely to embrace the new regulations on telecom networks. The powerful telecom industry tends to staunchly oppose any new regulations, and Republicans almost always side with the industry in these debates.

Senator Ted Cruz, a Texas Republican who now chairs the Commerce Committee, called Rosenworcel’s plan “a Band-Aid at best and a concealment of a serious blind spot at worst” during a hearing in December.

Carr—who last month called Salt Typhoon “deeply concerning”—voted against Rosenworcel’s proposal, along with his fellow Republican commissioner Nathan Simington. Carr’s office didn’t respond to a request for comment about the new regulations. But he has repeatedly criticized Rosenworcel’s approach to enforcing rules on the telecom industry, accusing her of overreach and warning that the FCC must rein itself in or face pushback from courts.

Once Carr takes over as FCC chairman, he could call a new vote of the commission to rescind Rosenworcel’s regulations. Or he could let Republican lawmakers do it for him—the GOP-controlled Congress is already planning to undo another FCC rule and might be happy to add this one to their list.

Rosenworcel dismisses the idea that her plan is radical. “We are not reinventing the wheel here,” she says. The new cyber requirements would be pegged to existing consensus standards from the National Institute of Standards and Technology and the Cybersecurity and Infrastructure Security Agency.

“Voices from the left and the right have called this the worst telecommunications hack in our nation's history,” Rosenworcel says. “It deserves a serious response.”

**Modernizing an Old Law**

One potential challenge facing Rosenworcel’s plan is that it hinges on the 30-year-old CALEA, which says almost nothing about cybersecurity.

Section 105 of the law does require telecoms to ensure that wiretaps “can be activated only in accordance with a court order or other lawful authorization,” which Rosenworcel reads as a requirement to protect telecom networks from unauthorized access. But after the US Supreme Court’s recent ruling that courts shouldn’t defer to agencies as the experts in their policies, the FCC will almost certainly face an industry lawsuit as it tries to implement Rosenworcel’s plan.

Carr may have opposed the proposal in part for that reason. He has repeatedly cheered court decisions invalidating Biden administration tech policies and the FCC’s own previous actions, and in congressional testimony last July, he cited the risk of courtroom setbacks in opposing FCC subsidies for school and library Wi-Fi hot spots (the FCC program that Congress is preparing to invalidate). “Following the Supreme Court’s decision,” he said, “courts will not defer to an FCC decision to read into the Communications Act a grant of authority that Congress did not provide.”

Rosenworcel defends the use of CALEA, saying “we have to step back and look at it from a broader point of view.” Section 105 clearly supports the conclusion that “every telecommunications carrier has a legal obligation to secure their networks against unlawful access and interception,” she argues.

The chairwoman admits that her proposal is “a modern way to think about” CALEA, but she says her staff “worked closely with our general counsel's office” to ensure its legality.

“This is the right and proper interpretation of the law that meets the moment we're in and the threats we face,” she says.

**New Sheriff in Town**

As the Rosenworcel era gives way to the Carr era at the FCC, one open question is how the commission’s relationship with the telecom industry will change, and how that will affect the companies’ commitment to improving cybersecurity.

Businesses typically have friendlier relationships with independent regulators when they’re led by Republicans, who tend to favor hands-off approaches to overseeing their industries. From that perspective, telecom firms—which slammed the FCC for its recently thwarted attempt to reinstate net neutrality—are likely to welcome Carr’s promises to rein in the commission’s “overreach.”

But it is unclear how that shift will affect the incentives driving telecoms’ investments in better cybersecurity practices. Security experts have already expressed concerns about the broader Trump administration’s likely retreat from Biden-era cyber rules for critical infrastructure operators. A similar trend could play out with the FCC in the telecom space.

**Uncertain Future for an Ambitious Agenda**

Even beyond Salt Typhoon’s breach of US telecom systems, there are many questions about how the FCC will tackle cybersecurity after Rosenworcel departs.

“One of the hallmarks of my tenure has been that we put network security and national security front and center,” she says. “I've been in and around the FCC for a long time, and this issue has never had top-tier billing like it has during my time here.”

Rosenworcel’s initiatives included banning Chinese wireless firms from providing services in the US, prohibiting telecom equipment manufacturers linked to foreign adversaries from selling their products in the US, and running a multibillion-dollar program to help US carriers “rip and replace” that risky equipment.

Under Rosenworcel, the FCC also proposed rules to secure the internet’s traffic-routing system, protect undersea cables from tampering, and update 16-year-old data-breach notification procedures; launched a privacy and data protection task force; created a pilot program to help schools and libraries improve their cyber defenses; and fined the major US wireless carriers for selling access to customers’ locations. Most recently, Rosenworcel worked with the White House to launch an FCC-run security labeling program for internet-of-things devices.

The rip-and-replace program is an especially ambitious effort. More than 100 US wireless carriers have reported using equipment made by risky companies like China’s Huawei. But Rosenworcel is confident that the program—which recently received a $3 billion infusion from Congress—is on the right track. “We're doing a good job working with carriers to take this equipment out,” she says.

Rosenworcel isn’t worried that carriers will simply refuse to participate. “If you have this equipment in your networks, you can't get funds from FCC programs,” she says. “Right there, you have a pretty powerful incentive.” She thinks that incentive will be especially strong for the most vulnerable organizations: the small, rural carriers that heavily depend on federal subsidies.

The IoT labeling program, known as the US Cyber Trust Mark, might be even more ambitious, given that its goal is to completely change how consumers and businesses think about the importance of cybersecurity in home appliances. But Rosenworcel says a lot of manufacturers are “very excited” about getting their products tested and marked with the federal seal of approval, because “they see it as a way to differentiate their products in the marketplace.”

As for consumers, Rosenworcel admits that they may not start shopping based on security right away, but she compares the program to Energy Star, which launched in 1992 and is now a household name. “This is an iterative process,” she says. “It's going to create its own momentum over time, and these are just early days.”

While a group of FCC-designated organizations devise specific testing criteria for the program, Rosenworcel is concerned that other countries may leap ahead with their own security labels. South Korea and Singapore signed an agreement in December 2023 to mutually recognize each other’s labels. The US and the European Union are working on similar reciprocity. “There will be a race globally to develop these kind of marks,” Rosenworcel says. “This is an area where I think the US should really invest some time, energy, and effort, because I would like us to lead.”

**Escaping the “Analog Era”**

As she counts down her final days atop the FCC, Rosenworcel is preoccupied with how Salt Typhoon has highlighted alarming vulnerabilities in systems that underpin American prosperity.

“Network security is national security,” she says. “Communications is an input in everything we do in day-to-day life. You don't have health care, manufacturing, energy, transportation, any of it without secure communications.”

Those dependencies have put the US in increasing jeopardy as foreign government hackers exploit these networks’ complexity and inconsistency.

“We have portions \[of networks\] that are gleaming new and operate on internet protocols, and we've got others that are built for the analog era,” Rosenworcel notes. “There are consequences to having networks like this that are overseen by commercial actors … Some equipment and facilities have not been updated.”

Republicans may be tempted to leave it up to the industry to shore up these vulnerabilities. But Rosenworcel says that would be a costly mistake.

“We have a choice to make,” she says. “We take action to prevent this from happening in the future, or we turn the other way, cross our fingers, and hope it never happens again. I like hope, but hope isn't a plan. And when you look at the scope of the threats that we're facing, it would be foolhardy to just rely on hope at this point.”

The FCC’s Jessica Rosenworcel Isn’t Leaving Without a Fight

Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access,

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.

A device capable of intercepting phone signals was likely deployed during the 2024 Democratic National Convention (DNC) in Chicago, WIRED has learned, raising critical questions about who authorized its use and for what purpose.

The device, known as a cell-site simulator, was identified by the Electronic Frontier Foundation (EFF), a digital rights advocacy organization, after analyzing wireless signal data collected by WIRED during the August event.

Cell-site simulators mimic cell towers to intercept communications, indiscriminately collecting sensitive data such as call metadata, location information, and app traffic from all phones within their range. Their use has drawn widespread criticism from privacy advocates and activists, who argue that such technology can be exploited to covertly monitor protesters and suppress dissent.

The DNC convened amid widespread protests over Israel’s assault on Gaza. While credentialed influencers attended exclusive yacht parties and VIP events, thousands of demonstrators faced a heavy law enforcement presence, including officers from the US Capitol Police, the Secret Service, Homeland Security Investigations, local sheriff’s offices, and Chicago police.

Concerns over potential surveillance prompted WIRED to conduct a first-of-its-kind wireless survey to investigate whether cell-site simulators were being deployed. Reporters, equipped with two rooted Android phones and Wi-Fi hot spots running detection software, used Rayhunter—a tool developed by the EFF to detect data anomalies associated with these devices. WIRED’s reporters monitored signals at protests and event locations across Chicago, collecting extensive data during the political convention.

Initial tests conducted during the DNC revealed no conclusive evidence of cell-site simulator activity. However, months later, EFF technologists reanalyzed the raw data using improved detection methods. According to Cooper Quintin, a senior technologist at the EFF, the Rayhunter tool stores all interactions between devices and cell towers, allowing for deeper analysis as detection techniques evolve.

A breakthrough came when EFF technologists applied a new heuristic to examine situations where cell towers requested IMSI (international mobile subscriber identity) numbers from devices. According to the EFF’s analysis, on August 18—the day before the convention officially began—a device carried by WIRED reporters en route a hotel housing Democratic delegates from states in the US Midwest abruptly switched to a new tower. That tower asked for the device’s IMSI and then immediately disconnected—a sequence consistent with the operation of a cell-site simulator.

“This is extremely suspicious behavior that normal towers do not exhibit,” Quintin says. He notes that the EFF typically observed similar patterns only during simulated and controlled attacks. “This is not 100 percent incontrovertible truth, but it’s strong evidence suggesting a cell-site simulator was deployed. We don’t know who was responsible—it could have been the US government, foreign actors, or another entity.”

Under Illinois law, law enforcement agencies must obtain a warrant to deploy cell-site simulators. Similarly, federal agents—including those from the Department of Homeland Security—are required to secure warrants unless an immediate national security threat exists. However, a 2023 DHS Inspector General report found that both the Secret Service and Homeland Security Investigations did not always comply with these requirements.

The Chicago Police Department tells WIRED it did not deploy a cell-site simulator during the DNC, while the Secret Service tells WIRED in a statement that, “as a matter of practice,” it does not discuss the “means and methods” of its operations for “National Special Security Events.”

Other components of DHS as well as the DNC have not responded to requests for comment.

Quintin notes that the EFF detected similar anomalous behavior in a previous test conducted in Washington, DC’s Embassy Row, an area known for its high concentration of embassies and diplomatic offices. It wouldn’t be the first time that cell-site simulators were found in the nation's capitol. In 2019, the FBI accused Israel’s government of deploying a cell-site simulator near the White House—a claim Israel denied.

While the possible deployment of a cell-site simulator at the DNC has raised more questions than answers, for privacy and civil liberties advocates the implications are troubling nonetheless.

Nate Wessler, deputy director of the ACLU’s Speech, Privacy, and Technology Project, says, “It would be a big deal if the digital artifacts you found were in fact due to the presence of a cell-site simulator deployed to identify people at a protest.” However, Wessler adds, “it is also entirely possible that law enforcement was using a cell-site simulator in the area for a lawful purpose.”

For Wessler, the lack of clarity around their use is itself a cause for concern. “The ambiguity is really chilling,” he says. “The uncertainty around their use undermines people’s ability to express themselves.”

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

Explore top cybersecurity risks in crypto, including phishing, ransomware, and MitM attacks. Learn practical tips to safeguard your…

Explore top cybersecurity risks in crypto, including phishing, ransomware, and MitM attacks. Learn practical tips to safeguard your digital assets now.

Cryptocurrencies have recently increased in popularity, with more alternatives launched every day. The first cryptocurrency ever developed was Bitcoin, which inspired plenty of other cryptocurrencies to be created and make new waves in the world.

Even though there are various other notable examples in the crypto space, Bitcoin still has the number one position and represents the largest cryptocurrency by market cap. This has made a lot of individuals search for the best crypto exchange from where to buy Bitcoin to add it to their portfolios. 

Cryptocurrencies have brought several advantages to the world, as they have finally offered another solution to fiat money, integrating decentralization into the world. However, even if the popularity of cryptocurrencies has many advantages, it also has a major downside. For example, the price of the major digital coins has increased greatly, and this has attracted a lot of hackers who are trying to steal the funds of innocent people.

So, the crypto space is subjected to various threats, and because of that, before investing, it is imperative to adopt a more cautious approach, as, in this way, you can protect your crypto funds from malicious actors.

To protect your crypto assets, you must know the most common cybersecurity risks in the crypto space. In this way, you can avoid them and protect yourself against everything that might appear on the horizon. To help you a little in this process, we will explore together the most common cybersecurity threats in the crypto ecosystem. Keep reading to discover more. 

****Phishing threats****

One of the most common ways hackers try to steal information is through phishing attacks. In this cybersecurity threat, a malicious actor can use plenty of online means to try to steal information, such as texts, emails, and websites. The hacker will then try to fool users into clicking on this misleading information. But if individuals do that, their crypto funds can be stolen, as these clicks can reveal seed phrases or private keys. 

One of the most common ways hackers want to steal information is when they pretend to be a crypto exchange; in this way, they think they have a bigger chance of making users click on the sent links.

Unfortunately, especially when cryptocurrencies started becoming more popular, many people lost access to their crypto accounts because they fell prey to this kind of scam. This is why anyone wanting to increase the chances of keeping their crypto accounts secure should take measures to help them prevent phishing scams.

One of the best cybersecurity measures for this is to use two-factor authentication (2FA), which can increase resilience against these online threats. Another important security action is to double-check before clicking on a link or email to ensure that the offered details are veritable and that there is no chance of a scam. 

****Ransomware attacks****

Ransomware attacks are also very popular in the crypto industry, and these threats contain malicious malware that can encrypt files that individuals use to access their crypto funds, such as crypto wallets or their private keys.

These attacks will make the data on these files unreadable, and for the owner to have access to these files again, they need to pay in return. And as we’re talking about crypto accounts, in most cases, these malicious actors ask for payment with cryptocurrencies to receive access to their accounts again.

One of the best ways to reduce becoming a victim of these attacks is to use a cold wallet instead of one that functions with internet connectivity or to maintain a regular backup. Another great solution to avoid these cybersecurity attacks is to be cautious before clicking on something, like a link or an email, especially if an unknown or unidentified person sends it. 

****Malware attacks****

Malware attacks can also be dangerous to everyone who holds significant crypto funds. In these attacks, a malicious actor tries to compromise a crypto wallet or infect gadgets to steal cryptocurrencies. A very common malware attack used in the crypto landscape is crypto-jacking, which infiltrates into devices and then uses computing power to mine digital assets. 

In most cases, this leads to high electrical costs, financial losses, or damage to device performance. One of the best measures to protect against these attacks is installing anti-virus software and downloading everything needed only from official or reputable sites. 

****Man-in-the-Middle (MitM)** **

Man-in-the-Middle (MitM) attacks happen when a hacker wants to come between the communication between a crypto exchange and a user, with the final goal of stealing private keys and login credentials. Unfortunately, these attacks can steal crypto funds because hackers can discover sensitive crypto information, like private keys or login credentials.

In this type of attack, the crypto transactions can be sent directly to the hacker’s wallet instead of the right recipient. This is why it is better to refrain from paying with cryptocurrencies when using public WiFi, as in this way, you might encourage your crypto funds to be stolen. 

****Zero-day attacks****

Zero-day attacks are also very common, where hackers exploit every vulnerability they find in crypto platforms, such as hardware wallets or crypto software. If developers don’t discover these vulnerabilities on time, hackers will have everything they need to steal the crypto funds of innocent people. And until developers notice the potential vulnerability, the malicious actors have enough time to steal what they want, bringing enormous losses to individuals worldwide. 

****The bottom line****

Industries from all around the world can deal with hackers who are trying to steal information, but these threats have become even more prevalent in the crypto sphere because of the popularity of digital assets. This is why malicious actors see cryptocurrency as the perfect target, which is why recent attacks on digital coins have become so common.

1.  **AI Can Guess Crypto Seed Phrases in 0.02 Seconds**
2.  **Biggest Crypto Scam Tactics in 2024 – How to Avoid Them**
3.  **The Growing Importance of Secure Crypto Payment Gateways**
4.  **Why Web hosting firms have started to accept crypto payments**
5.  **Blockchain and Smart Contracts in Securing Digital Transactions**

Tag

#wifi