As cybersecurity regulations tighten, AI is transforming the CISO’s role, automating audits, enhancing risk assessments, and ensuring real-time compliance with NIS2, DORA, and the AI Act. While AI streamlines security governance, challenges around transparency and bias remain. This article explores how Retrieval-Augmented Generation (RAG) enhances traceability and reliability in cybersecurity compliance.
How I separate noise from real risk… I’ve been asked numerous times how I select the threat groups I write about – why one and not another. So, I thought I’d take a perfectly good Sunday afternoon to share. MITRE currently tracks at least 133 …
The Caribbean is taking significant strides in enhancing its cybersecurity resilience through regional collaboration, strategic planning, and proactive policy-making. With the increasing prevalence of cyber threats, nations in the region are working together to strengthen digital security and combat cybercrime.
In January 2025, cybersecurity experts from The Bahamas, Barbados, Grenada, Guyana, Jamaica, Trinidad and Tobago, and key regional security organizations convened in Port of Spain, Trinidad, for the inaugural Commonwealth Caribbean Cyber Fellowship. This meeting aimed to develop a roadmap aligned with the Commonwealth Cyber Declaration, focusing on preventing and addressing cyber threats such as fraud, ransomware, and hacking. A central component of the roadmap includes an online platform for knowledge sharing and exchanging cybersecurity strategies among nations.
Additionally, the Cyber Resilience Strategy 2030 Project, launched in March 2024 by the Caribbean Community (CARICOM) Secretariat and USAID, seeks to bolster cybersecurity capabilities across member states. This initiative is a major step toward mitigating digital threats and securing national infrastructures.
The Caribbean has witnessed a surge in cyberattacks, aligning with global trends. For example, Jamaica recorded approximately 4 million attempted cyberattacks in the first half of 2024, highlighting the region’s vulnerability. The energy sector in Latin America and the Caribbean has also been a major target for ransomware attacks, resulting in disruptions to public services and the compromise of sensitive data.
The Caribbean is making significant progress in cybersecurity, with regional and national initiatives aimed at improving resilience, securing digital infrastructure, and promoting awareness. As cyber threats continue to evolve, these proactive measures will play a crucial role in safeguarding economies, businesses, and citizens from potential attacks.
It is essential for Caribbean nations to remain proactive in developing policies, fostering international collaborations, and investing in cybersecurity infrastructure. These initiatives not only enhance national security but also contribute to the overall economic and digital growth of the region.
Stay updated on the latest cybersecurity trends and initiatives by following our blog. Share your thoughts on these cybersecurity efforts in the Caribbean, and let’s discuss ways to further enhance digital security in the region.
💬 Follow CyAN on LinkedIn: Cybersecurity Advisors Network (CyAN)
Dale Connell is a Senior Manager in Consulting, specializing in Cyber Risk and Technology at Deloitte. With extensive experience in cybersecurity, digital transformation, and risk management, Dale plays a key role in strengthening cyber resilience across the Caribbean region.
As CyAN’s first member in the Caribbean, Dale is deeply committed to fostering regional collaboration and advancing cybersecurity initiatives.
Information Security News Joint Letter on the UK Government’s use of Investigatory Powers Act to attack End-to-End EncryptionGlobal Encryption Coalition by Ryan Polk The Global Encryption Coalition is actively opposing the UK government’s utilisation of the Investigatory Powers Act to erode end-to-end encryption, asserting that …
In a recent feature from (In)Securities, Bill Toulas of BleepingComputer highlighted an emerging cyber threat known as “syncjacking.” This method exploits the synchronization features of browsers like Chrome to hijack user sessions across devices. By seducing users into installing malicious extensions, attackers gain access to synced data, including passwords, browsing history, and authentication tokens.
With Google yet to release a patch, this issue underscores the double-edged sword of convenience features in digital tools—offering ease of use on one hand but posing significant security risks on the other.
Syncjacking is a cyberattack where criminals manipulate browser synchronization functionalities to control a user’s digital environment. The attack starts with a simple browser extension, which, while appearing benign, can override user settings and log into a maliciously controlled profile.
The attack unfolds in several steps:
For businesses, the stakes are exceptionally high. A single compromised browser can lead to a significant breach, exposing sensitive corporate data, customer information, and financial records.
For individuals, it means a direct threat to personal privacy and financial security.
To shield yourself from such threats:
✅ Verify Extensions: Only add extensions from verified publishers and understand the permissions they request. If an extension seems overly invasive, it’s best to avoid it.
✅ Use Two-Factor Authentication (2FA): Adding this additional layer of security can significantly deter unauthorized access.
✅ Regular Updates: Keep your browser and its extensions updated to benefit from the latest security patches.
✅ Educational Awareness: Both at an individual and organizational level, understanding the landscape of cyber threats like syncjacking is crucial.
As our reliance on digital tools grows, so does the sophistication of threats against them. Syncjacking exemplifies how features designed for user convenience can be subverted for malicious purposes.
By staying informed and vigilant, we can protect our digital identities and maintain the integrity of our personal and professional digital environments. This balance of convenience and security is not just advisable; it is essential in our interconnected world.
🔗 Read the full BleepingComputer article here by Bill Toulas.
Kim Chandler McDonald (She/Her)
📌 LinkedIn Profile
Kim is the Co-Founder and CEO of 3 Steps Data, driving data and digital governance solutions. She is also the Global VP of CyAN, an award-winning author, and a dedicated advocate for cybersecurity, digital sovereignty, compliance, and end-user empowerment.
Information Security News Thai authorities detain four Europeans in ransomware crackdown Cyberscoop by Greg OttoIn a coordinated operation, Thai authorities arrested four European nationals in Phuket, suspected of orchestrating Phobos ransomware attacks. The individuals allegedly extorted approximately $16 million in Bitcoin from over 1,000 victims …
Safer Internet Day: A Call for Responsibility As we observe Safer Internet Day, we are reminded of our collective responsibility to foster a digital environment that is secure and respectful. This global observance not only promotes safer and more responsible use of online technology but …
By Shantanu Bhattacharya
Posted on February 06, 2025 | Originally published on RSAC Conference
📌 Read the original article on RSAC Conference
In the ever-evolving landscape of cybersecurity, attackers are constantly seeking new ways to bypass traditional defenses. This blog delves into the often-overlooked methods they use, focusing on how obscure techniques, specifically within UNIX system calls and file system manipulation, are employed to gain access and exfiltrate sensitive data. While a similar situation occurs with Windows system calls, we decided to focus on one system for better understanding and conciseness. It is important to recognize that our primary focus is on attacks leveraging user mode and how we can protect access using that.
We begin by exploring “the shadows” of UNIX-like systems, highlighting system calls that are typically not monitored, such as openat, ptrace, mmap, and others. These system calls are not inherently malicious; however, attackers cleverly misuse them. Think of it as using the wrong key to open a door. Attackers use ptrace, for example, to manipulate running processes and access data they’re not supposed to. Or they use mmap to map sensitive files like /etc/shadow directly into memory, bypassing traditional file-based access controls. Other examples include sendfile which can be used to transfer data directly from the file system to an unauthorized remote network location or rename that is used to exchange sensitive files with malicious ones. We even see the exploitation of dup to duplicate file descriptors to access privileged data. While a similar set of attacks are also possible with Windows based systems, these methods are very similar to their UNIX system-based counterparts, and hence it will not provide additional context.
Attackers manipulate file system features and metadata to carry out their activities. Methods range from hiding data within alternate data streams (ADS) and sparse files, to exploiting NTFS junctions, symbolic links, and even the use of rootkits to hide the malicious activities from the security tools. These methods are difficult to detect as they often utilize system level tools and techniques and do not necessarily leave a trail, particularly in the user-mode.
The current security landscape is often lacking when it comes to protecting against these more subtle attacks. Traditional security solutions, while proficient with user authentication, often fall short on device authentication using easily spoofable IP and MAC addresses, and they completely overlook software authentication, a huge gap that needs to be addressed. Consider this: current security checks if the user has the permission to use the software, but not the specific instance of that software is trusted and is authorized. This is a key weakness which can be exploited using compromised software instances to gain unauthorized access.
This is where a new solution comes in, using a multi-dimensional approach. Unlike traditional security which focuses on user credentials, the solution requires not only the right user, but also the right device and the right software. It authenticates each of the three, ensuring that the valid user with valid device and valid software instance is given access. In addition, it provides 24×7 monitoring of all data access paths, so even if an attack uses an obscure or unintended system call, access is automatically denied. This multi-faceted approach provides significantly more stringent access controls. It’s like adding multiple layers to a bank transaction. Organizations should take into consideration many of the obscure techniques used by hackers for their attack vectors. By treating administrator access as a higher privileged user, organizations can close the loopholes usually present in the security system.
Much like fortifying the foundation of a building, it is critical to ensure that operating system security is strengthened at both user and kernel level. It’s fundamental to all secure computing going forward.
In conclusion, by understanding obscure attack vectors and implementing robust and comprehensive security solutions such as the one offered by the solution, organizations and users can move closer to a truly secure digital environment. It’s time to look beyond the usual and fortify every aspect of our systems from the ground up.
Introduction In today’s interconnected world, the importance of digital rights cannot be overstated. While the European Union is making commendable strides in this arena, Australia stands at a pivotal juncture to assert its leadership in championing online freedom. The nation’s commitment to democratic values, coupled …
