The Caribbean is taking significant strides in enhancing its cybersecurity resilience through regional collaboration, strategic planning, and proactive policy-making. With the increasing prevalence of cyber threats, nations in the region are working together to strengthen digital security and combat cybercrime. Regional Collaboration and Cyber Resilience …
Information Security News Joint Letter on the UK Government’s use of Investigatory Powers Act to attack End-to-End EncryptionGlobal Encryption Coalition by Ryan Polk The Global Encryption Coalition is actively opposing the UK government’s utilisation of the Investigatory Powers Act to erode end-to-end encryption, asserting that …
In a recent feature from (In)Securities, Bill Toulas of BleepingComputer highlighted an emerging cyber threat known as “syncjacking.” This method exploits the synchronization features of browsers like Chrome to hijack user sessions across devices. By seducing users into installing malicious extensions, attackers gain access to synced data, including passwords, browsing history, and authentication tokens.
With Google yet to release a patch, this issue underscores the double-edged sword of convenience features in digital tools—offering ease of use on one hand but posing significant security risks on the other.
Syncjacking is a cyberattack where criminals manipulate browser synchronization functionalities to control a user’s digital environment. The attack starts with a simple browser extension, which, while appearing benign, can override user settings and log into a maliciously controlled profile.
The attack unfolds in several steps:
For businesses, the stakes are exceptionally high. A single compromised browser can lead to a significant breach, exposing sensitive corporate data, customer information, and financial records.
For individuals, it means a direct threat to personal privacy and financial security.
To shield yourself from such threats:
✅ Verify Extensions: Only add extensions from verified publishers and understand the permissions they request. If an extension seems overly invasive, it’s best to avoid it.
✅ Use Two-Factor Authentication (2FA): Adding this additional layer of security can significantly deter unauthorized access.
✅ Regular Updates: Keep your browser and its extensions updated to benefit from the latest security patches.
✅ Educational Awareness: Both at an individual and organizational level, understanding the landscape of cyber threats like syncjacking is crucial.
As our reliance on digital tools grows, so does the sophistication of threats against them. Syncjacking exemplifies how features designed for user convenience can be subverted for malicious purposes.
By staying informed and vigilant, we can protect our digital identities and maintain the integrity of our personal and professional digital environments. This balance of convenience and security is not just advisable; it is essential in our interconnected world.
🔗 Read the full BleepingComputer article here by Bill Toulas.
Kim Chandler McDonald (She/Her)
📌 LinkedIn Profile
Kim is the Co-Founder and CEO of 3 Steps Data, driving data and digital governance solutions. She is also the Global VP of CyAN, an award-winning author, and a dedicated advocate for cybersecurity, digital sovereignty, compliance, and end-user empowerment.
Information Security News Thai authorities detain four Europeans in ransomware crackdown Cyberscoop by Greg OttoIn a coordinated operation, Thai authorities arrested four European nationals in Phuket, suspected of orchestrating Phobos ransomware attacks. The individuals allegedly extorted approximately $16 million in Bitcoin from over 1,000 victims …
Safer Internet Day: A Call for Responsibility As we observe Safer Internet Day, we are reminded of our collective responsibility to foster a digital environment that is secure and respectful. This global observance not only promotes safer and more responsible use of online technology but …
In today’s interconnected world, the importance of digital rights cannot be overstated. While the European Union is making commendable strides in this arena, Australia stands at a pivotal juncture to assert its leadership in championing online freedom. The nation’s commitment to democratic values, coupled with a robust technological infrastructure, uniquely positions it to influence the future of digital rights both domestically and across the Asia-Pacific region.
Australia boasts a well-developed information and communication technology (ICT) infrastructure, facilitating widespread internet access and digital engagement. However, the evolution of the digital landscape brings with it challenges such as misinformation, data breaches, and cyber threats, necessitating a proactive approach to safeguard our digital freedoms.
To bridge the digital divide and ensure all Australians benefit from the digital economy, several key initiatives have been launched:
Organisations such as Digital Rights Watch and Electronic Frontiers Australia play crucial roles in promoting online liberties and privacy, advocating for civil liberties in the digital context.
Established in 2015, the Office of the eSafety Commissioner is dedicated to promoting online safety, tackling issues such as cyberbullying, image-based abuse, and harmful online content. Under the leadership of Julie Inman Grant since 2017, the office has expanded its efforts to create a safer online environment.
Despite these initiatives, significant challenges remain. The Australian Digital Inclusion Index reveals that nearly a quarter of Australians are digitally excluded, which adversely affects their educational and job opportunities.
Furthermore, the proposed reforms to the Online Safety Act 2021, which aim to impose stricter penalties on tech companies failing to prevent online harms, might conflict with the crucial imperative to support End-to-End Encryption. This potential conflict poses a significant challenge for crafting effective legislation.
While the European Union’s initiatives are commendable, Australia must also seize this moment to reaffirm its commitment to digital freedom. By supporting projects that promote online privacy and security and collaborating with international partners, Australia can ensure that the internet remains a space where freedom and privacy are protected.
As residents of this digitally connected nation, it’s our collective responsibility to champion digital rights and lead the way in ensuring a free and open internet for all.
Note: This article is a response to John Salomon’s “An Opportunity For the EU to Support Digital Freedom”, originally published on the Cybersecurity Advisors Network (CyAN) blog.
Information Security News: Federal Judge Tightens DOGE Leash Over Critical Treasury Payment System AccessThe Register by Brandon Vigliarolo and Jessica LyonA federal judge has mandated stricter regulatory oversight on the integration of Dogecoin (DOGE) within the U.S. Treasury’s critical payment systems, following concerns about the …
Information Security News: TSA’s Airport Facial-Recog Tech Faces Audit ProbeThe Register by Brandon VigliaroloThe U.S. Transportation Security Administration’s (TSA) facial recognition program is under audit by the Government Accountability Office (GAO) due to concerns over privacy, data security, and potential biases. The audit will assess …
January 28th was Data Protection Day—a global reminder that privacy isn’t just a legal formality or an operational headache. It’s a fundamental pillar of trust.
If your business handles client or customer data (and let’s be honest, that includes almost every business these days), you have a responsibility to protect it.
Yet, too many still see data privacy as an afterthought—something to think about only when a breach happens, only when the regulators come knocking, only when customers start asking questions.
The truth is: Privacy isn’t just about compliance—it’s about competitive advantage. Businesses that prioritise privacy build stronger relationships, enhance loyalty, and set themselves apart in a world where trust is the ultimate currency.
And it’s not just about business. It’s about people.
Data protection is about more than preventing hacks and avoiding fines. It’s about protecting individuals from real harm.
Every time a company stores, tracks, or shares data without robust protections, it’s not just putting its reputation at risk—it’s potentially putting someone’s safety at risk.
Technology-Facilitated Domestic Violence (TFDV) is a stark example. Privacy failures, weak security policies, and a lack of user control can unintentionally enable abusers. From tracking location data to exploiting weak authentication measures, poorly designed systems can become tools of control and coercion.
These technologies weren’t designed for abuse. But because risk and compliance teams didn’t anticipate these threats, they have become tools of control. This is why businesses must think beyond compliance checklists.
So what can businesses do—not just on Data Protection Day, but every day?
→ Data privacy should be proactive, not reactive. Make explicit consent mandatory for all data sharing, and ensure customers can easily control and revoke access to their data.
→ TFDV and privacy concerns don’t stop at jurisdictional lines. If your business operates across regions, privacy protections should travel with the individual, not reset when they cross a border.
→ Cyber teams already track fraudulent logins and suspicious activity. Why not apply the same vigilance to patterns of coercion—such as repeated password resets, changes in account access, or unusual tracking permissions?
→ The real question isn’t “Are we compliant?”—it’s “Are we building safe, privacy-conscious systems?” Companies that lead with ethical privacy protections will be the ones customers trust the most.
Some businesses still resist strengthening privacy protections because it feels too complicated or too expensive.
But let’s be clear: The real cost of inaction isn’t a fine. It’s the loss of trust.
If your business had the power to prevent even one person from experiencing digital abuse, would you take that opportunity?
Because you do. Right now.
Every system you build, every policy you create, every decision you make about who gets access to what data has real-world consequences.
Data Protection Day shouldn’t be the only time we talk about this.
It’s an everyday imperative.
So, let’s move beyond just checking the box—let’s make privacy protection a competitive edge, an ethical responsibility, and a commitment to trust that lasts long after January 28th.
Read the original post on LinkedIn:
🔗 Original Post by Kim Chandler McDonald
Connect with the author on LinkedIn:
🔗 Kim Chandler McDonald
In today’s hyper-connected, rapidly evolving digital landscape, traditional cybersecurity paradigms no longer suffice. The perimeter-based approach, which relied on securing the network boundary, has become obsolete as organizations increasingly adopt cloud computing, remote work, and AI-driven tools. The competitive nature of artificial intelligence (AI) further …