Tag: CyAN

Cybersecurity Developments in the Caribbean: Regional Collaboration and Strategic Growth by Dale Connell

The Caribbean is taking significant strides in enhancing its cybersecurity resilience through regional collaboration, strategic planning, and proactive policy-making. With the increasing prevalence of cyber threats, nations in the region are working together to strengthen digital security and combat cybercrime. Regional Collaboration and Cyber Resilience 

Cyber (In)Securities – Issue 125

Information Security News Joint Letter on the UK Government’s use of Investigatory Powers Act to attack End-to-End EncryptionGlobal Encryption Coalition by Ryan Polk The Global Encryption Coalition is actively opposing the UK government’s utilisation of the Investigatory Powers Act to erode end-to-end encryption, asserting that 

Your Browser’s Betrayal:Understanding Syncjacking Attacks

Your Browser’s Betrayal:Understanding Syncjacking Attacks

In a recent feature from (In)Securities, Bill Toulas of BleepingComputer highlighted an emerging cyber threat known as “syncjacking.” This method exploits the synchronization features of browsers like Chrome to hijack user sessions across devices. By seducing users into installing malicious extensions, attackers gain access to synced data, including passwords, browsing history, and authentication tokens.

With Google yet to release a patch, this issue underscores the double-edged sword of convenience features in digital tools—offering ease of use on one hand but posing significant security risks on the other.

What is Syncjacking?

Syncjacking is a cyberattack where criminals manipulate browser synchronization functionalities to control a user’s digital environment. The attack starts with a simple browser extension, which, while appearing benign, can override user settings and log into a maliciously controlled profile.

How Does Syncjacking Work?

The attack unfolds in several steps:

  1. Malicious Setup: Attackers create a deceptive domain and browser extension.
  2. Deceptive Installation: They trick users into installing the extension using cleverly crafted emails or compromised websites.
  3. Profile Takeover: Once installed, the extension forces the browser to log into a profile controlled by the attackers.
  4. Data Extraction: Attackers deploy tools to harvest personal and professional data from the victim.

The Broader Implications

For businesses, the stakes are exceptionally high. A single compromised browser can lead to a significant breach, exposing sensitive corporate data, customer information, and financial records.

For individuals, it means a direct threat to personal privacy and financial security.

Protective Measures Against Syncjacking

To shield yourself from such threats:

Verify Extensions: Only add extensions from verified publishers and understand the permissions they request. If an extension seems overly invasive, it’s best to avoid it.
Use Two-Factor Authentication (2FA): Adding this additional layer of security can significantly deter unauthorized access.
Regular Updates: Keep your browser and its extensions updated to benefit from the latest security patches.
Educational Awareness: Both at an individual and organizational level, understanding the landscape of cyber threats like syncjacking is crucial.

Conclusion

As our reliance on digital tools grows, so does the sophistication of threats against them. Syncjacking exemplifies how features designed for user convenience can be subverted for malicious purposes.

By staying informed and vigilant, we can protect our digital identities and maintain the integrity of our personal and professional digital environments. This balance of convenience and security is not just advisable; it is essential in our interconnected world.

🔗 Read the full BleepingComputer article here by Bill Toulas.


About the Author

Kim Chandler McDonald (She/Her)
📌 LinkedIn Profile

Kim is the Co-Founder and CEO of 3 Steps Data, driving data and digital governance solutions. She is also the Global VP of CyAN, an award-winning author, and a dedicated advocate for cybersecurity, digital sovereignty, compliance, and end-user empowerment.

🔗 Read Kim’s original LinkedIn post on Syncjacking.

Cyber (In)Securities – Issue 124

Information Security News Thai authorities detain four Europeans in ransomware crackdown Cyberscoop by Greg OttoIn a coordinated operation, Thai authorities arrested four European nationals in Phuket, suspected of orchestrating Phobos ransomware attacks. The individuals allegedly extorted approximately $16 million in Bitcoin from over 1,000 victims 

Enhancing Cybersecurity: A Safer Internet Day Reflection on Protecting the Vulnerable

Enhancing Cybersecurity: A Safer Internet Day Reflection on Protecting the Vulnerable

Safer Internet Day: A Call for Responsibility As we observe Safer Internet Day, we are reminded of our collective responsibility to foster a digital environment that is secure and respectful. This global observance not only promotes safer and more responsible use of online technology but 

Australia’s Digital Destiny: Leading the Charge for Online Freedom

Australia’s Digital Destiny: Leading the Charge for Online Freedom

Introduction

In today’s interconnected world, the importance of digital rights cannot be overstated. While the European Union is making commendable strides in this arena, Australia stands at a pivotal juncture to assert its leadership in championing online freedom. The nation’s commitment to democratic values, coupled with a robust technological infrastructure, uniquely positions it to influence the future of digital rights both domestically and across the Asia-Pacific region.

Australia’s Digital Landscape

Australia boasts a well-developed information and communication technology (ICT) infrastructure, facilitating widespread internet access and digital engagement. However, the evolution of the digital landscape brings with it challenges such as misinformation, data breaches, and cyber threats, necessitating a proactive approach to safeguard our digital freedoms.

Driving Digital Inclusion

To bridge the digital divide and ensure all Australians benefit from the digital economy, several key initiatives have been launched:

  • Good Things Foundation – This organisation runs innovative national programs aimed at increasing digital skills and confidence among Australians. Programs like “Be Connected” focus on enhancing online safety and skills for older Australians, while “Digital Sisters” aims to close the digital divide for women.
  • Australia’s Digital ID System – A voluntary initiative designed to provide Australians with a method to verify their identity online while accessing online services. The system aims to streamline access to digital services, enhancing user convenience and supporting secure online interactions.
  • Australian Digital Inclusion Alliance (ADIA) – This alliance brings together more than 500 stakeholders from business, government, academia, and community sectors to drive digital inclusion across Australia.
  • First Nations Digital Inclusion Plan (FNDIP) – This plan extends the government’s commitment to achieving digital parity for Aboriginal and Torres Strait Islander people by 2026, enhancing digital access, affordability, and skills.

Advocating for Digital Rights

Organisations such as Digital Rights Watch and Electronic Frontiers Australia play crucial roles in promoting online liberties and privacy, advocating for civil liberties in the digital context.

The Role of the eSafety Commissioner

Established in 2015, the Office of the eSafety Commissioner is dedicated to promoting online safety, tackling issues such as cyberbullying, image-based abuse, and harmful online content. Under the leadership of Julie Inman Grant since 2017, the office has expanded its efforts to create a safer online environment.

Challenges and the Path Forward

Despite these initiatives, significant challenges remain. The Australian Digital Inclusion Index reveals that nearly a quarter of Australians are digitally excluded, which adversely affects their educational and job opportunities.

Furthermore, the proposed reforms to the Online Safety Act 2021, which aim to impose stricter penalties on tech companies failing to prevent online harms, might conflict with the crucial imperative to support End-to-End Encryption. This potential conflict poses a significant challenge for crafting effective legislation.

Conclusion

While the European Union’s initiatives are commendable, Australia must also seize this moment to reaffirm its commitment to digital freedom. By supporting projects that promote online privacy and security and collaborating with international partners, Australia can ensure that the internet remains a space where freedom and privacy are protected.

As residents of this digitally connected nation, it’s our collective responsibility to champion digital rights and lead the way in ensuring a free and open internet for all.

Note: This article is a response to John Salomon’s “An Opportunity For the EU to Support Digital Freedom”, originally published on the Cybersecurity Advisors Network (CyAN) blog.

Cyber (In)Securities – Issue 123

Information Security News: Federal Judge Tightens DOGE Leash Over Critical Treasury Payment System AccessThe Register by Brandon Vigliarolo and Jessica LyonA federal judge has mandated stricter regulatory oversight on the integration of Dogecoin (DOGE) within the U.S. Treasury’s critical payment systems, following concerns about the 

Cyber (In)Securities – Issue 122

Information Security News: TSA’s Airport Facial-Recog Tech Faces Audit ProbeThe Register by Brandon VigliaroloThe U.S. Transportation Security Administration’s (TSA) facial recognition program is under audit by the Government Accountability Office (GAO) due to concerns over privacy, data security, and potential biases. The audit will assess 

Beyond Data Protection Day: Safeguarding Our Digital Lives Every Day

Beyond Data Protection Day: Safeguarding Our Digital Lives Every Day

January 28th was Data Protection Day—a global reminder that privacy isn’t just a legal formality or an operational headache. It’s a fundamental pillar of trust.

If your business handles client or customer data (and let’s be honest, that includes almost every business these days), you have a responsibility to protect it.

Yet, too many still see data privacy as an afterthought—something to think about only when a breach happens, only when the regulators come knocking, only when customers start asking questions.

The truth is: Privacy isn’t just about compliance—it’s about competitive advantage. Businesses that prioritise privacy build stronger relationships, enhance loyalty, and set themselves apart in a world where trust is the ultimate currency.

And it’s not just about business. It’s about people.

Why Everyday Privacy Protections Matter

Data protection is about more than preventing hacks and avoiding fines. It’s about protecting individuals from real harm.

Every time a company stores, tracks, or shares data without robust protections, it’s not just putting its reputation at risk—it’s potentially putting someone’s safety at risk.

Technology-Facilitated Domestic Violence (TFDV) is a stark example. Privacy failures, weak security policies, and a lack of user control can unintentionally enable abusers. From tracking location data to exploiting weak authentication measures, poorly designed systems can become tools of control and coercion.

Think about it:

  • Spyware installed on a victim’s phone, allowing an abuser to read messages, track location, and eavesdrop on calls.
  • Financial coercion, where joint accounts allow one party to drain funds or monitor transactions without the other’s knowledge.
  • Smart home systems used to harass—turning off heating, unlocking doors remotely, or surveilling through security cameras.
  • AI-generated deepfakes and non-consensual image abuse used to threaten or manipulate victims.

These technologies weren’t designed for abuse. But because risk and compliance teams didn’t anticipate these threats, they have become tools of control. This is why businesses must think beyond compliance checklists.

Four Ways to Embed Everyday Privacy Protections

So what can businesses do—not just on Data Protection Day, but every day?

1. Make Data Governance & Consent Meaningful

Data privacy should be proactive, not reactive. Make explicit consent mandatory for all data sharing, and ensure customers can easily control and revoke access to their data.

2. Think Beyond Borders

TFDV and privacy concerns don’t stop at jurisdictional lines. If your business operates across regions, privacy protections should travel with the individual, not reset when they cross a border.

3. Monitor for Coercion, Not Just Cyberattacks

Cyber teams already track fraudulent logins and suspicious activity. Why not apply the same vigilance to patterns of coercion—such as repeated password resets, changes in account access, or unusual tracking permissions?

4. Go Beyond Regulatory Compliance—Embed Ethical Privacy Safeguards

→ The real question isn’t “Are we compliant?”—it’s “Are we building safe, privacy-conscious systems?” Companies that lead with ethical privacy protections will be the ones customers trust the most.

The Real Cost of Ignoring Privacy

Some businesses still resist strengthening privacy protections because it feels too complicated or too expensive.

But let’s be clear: The real cost of inaction isn’t a fine. It’s the loss of trust.

  • When businesses fail to protect privacy, customers leave.
  • When privacy isn’t prioritised, vulnerable people suffer.
  • When compliance is treated as an inconvenience, regulators step in aggressively.

A Final Thought

If your business had the power to prevent even one person from experiencing digital abuse, would you take that opportunity?

Because you do. Right now.

Every system you build, every policy you create, every decision you make about who gets access to what data has real-world consequences.

Data Protection Day shouldn’t be the only time we talk about this.
It’s an everyday imperative.

So, let’s move beyond just checking the box—let’s make privacy protection a competitive edge, an ethical responsibility, and a commitment to trust that lasts long after January 28th.

Read the original post on LinkedIn:
🔗 Original Post by Kim Chandler McDonald

Connect with the author on LinkedIn:
🔗 Kim Chandler McDonald

Identity: The New Perimeter for Organisational Cybersecurity in the Age of Competitive AI

Identity: The New Perimeter for Organisational Cybersecurity in the Age of Competitive AI

In today’s hyper-connected, rapidly evolving digital landscape, traditional cybersecurity paradigms no longer suffice. The perimeter-based approach, which relied on securing the network boundary, has become obsolete as organizations increasingly adopt cloud computing, remote work, and AI-driven tools. The competitive nature of artificial intelligence (AI) further