Cyware joins CoSAI to help drive the development of secure and ethical AI technologies, addressing the urgent need for AI safety amid today’s rapidly evolving cyber threats. Cyware, a provider of threat intelligence management, security collaboration, and orchestrated response, has joined the Coalition for Secure AI (CoSAI). By joining CoSAI, Cyware says it reinforces its commitment to fostering innovation in AI while ensuring that safety, privacy, and security remain at the forefront of technological advancement. CoSAI is an international alliance dedicated to promoting the development and deployment of secure, ethical, and transparent AI technologies. It is a collaborative open-source initiative…
ISB Staff Reporter
Nearly two weeks after a significant cybersecurity breach, Transport for London (TfL) announced on its employee hub that its 30,000 employees must attend in-person appointments to verify their identities and reset their passwords. This move follows a full system reset after the entity discovered that some employee and customer data had been compromised. The cyberattack first detected on 1 September 2024, prompted immediate action to limit access to TfL systems. According to TfL’s Chief Technology Officer, Shashi Verma, investigations revealed that employee directory details, including email addresses, job titles, and employee numbers, were accessed. Luckily, there is zero evidence that…
In 2024, Unit 42 researchers observed a sharp increase in large-scale phishing campaigns using a novel technique involving the HTTP response header. Between May and July, they detected approximately 2,000 malicious URLs daily, which directed web browsers to refresh or reload pages automatically—without user interaction. Unit 42 is a threat intelligence, incident response, and cyber risk expertise team backed by Palo Alto Networks technology. Unlike traditional phishing tactics that rely on HTML content, this method manipulates the HTTP response header, allowing malicious links to execute before any visible content loads. “Since the original and landing URLs are often found under…
The ransomware group, Hunters International, has reportedly claimed responsibility for a breach at the London branch of the Industrial and Commercial Bank of China (ICBC), one of China’s largest state-owned banks. According to the group, they have exfiltrated 6.6 terabytes of data, comprising over 5.2 million files. The gang was given a ransom deadline of 13 September 2024 and threatened to release the stolen data if their demands are not met. Potentially Catastrophic Exposure Ted Miracco, CEO of Approov, says financial entities house and manage highly sensitive data, and a breach of this magnitude could result in heavy fines and…
Cleafy’s Threat Intelligence team has uncovered a new variant of the TrickMo Android banking Trojan. Initially classified as an unknown malware sample, deeper analysis revealed it as a TrickMo variant with some new anti-analysis features, making detection more difficult and posing a significant threat to mobile banking users. TrickMo’s Evolution TrickMo, first identified by CERT-Bund in 2019, has a long history of targeting Android devices to carry out financial fraud. It initially gained infamy for intercepting one-time passwords (OTPs) and other two-factor authentication (2FA) mechanisms, focusing on European banking applications, particularly in Germany. The Trojan evolved from the notorious TrickBot…
Cybersecurity firm Fortinet has confirmed that user data was stolen from its Microsoft SharePoint server and posted on a hacking forum earlier today, according to a report by BleepingComputer. The threat actor, known as “Fortibitch,” shared credentials to what is claimed to be an S3 bucket (an online file storage system), with a total of 440GB available for download. Despite an extortion attempt, Fortinet refused to comply with the demands. The company has already notified affected users, though it has not specified the exact data that was stolen. In a statement, Fortinet clarified: “An individual gained unauthorized access to a…
Cybersecurity experts at Doctor Web have uncovered a massive malware campaign targeting Android-based TV boxes. Dubbed Android.Vo1d, the newly discovered malware has infected nearly 1.3 million devices across 197 countries, making it one of the most widespread infections of its kind. The malware acts as a backdoor, allowing attackers to secretly install third-party software on compromised devices by manipulating system files. The infection was first detected in August 2024 when users contacted Doctor Web after noticing suspicious changes in their TV boxes. The problem occurred with these models: TV Box Model Declared Firmware Version R4 Android 7.1.2; R4…
A new cyber threat dubbed “DragonRank” is actively targeting countries across Asia and Europe. Discovered by Cisco Talos, the sophisticated campaign leverages malicious tools like PlugX and BadIIS to exploit web application services and manipulate SEO rankings. DragonRank primarily focuses on compromising Windows Internet Information Services (IIS) servers, with confirmed attacks in countries including Thailand, India, Korea, Belgium, the Netherlands, and China. The tool uses search engine optimization (SEO) manipulation to disrupt online visibility and rankings. Its authors exploit vulnerabilities in web applications to deploy web shells, which allow them to gain unauthorized access to compromised servers. From there, they…
A fresh wave of attacks tied to North Korea’s infamous Lazarus Group is targeting software developers through fraudulent job recruitment schemes. These attacks are part of the VMConnect campaign, first uncovered in August last year. Malicious actors pretend to be recruiters from top financial services firms, distributing malicious Python packages disguised as coding tests. These packages, which mimic legitimate developer tools, are designed to infiltrate and compromise developer systems. ReversingLabs researchers say the attackers were found using deceptive methods, including fake LinkedIn profiles, to trick developers into downloading and executing malicious code disguised as part of job interview materials. A…
Healthcare is no longer just about treating the sick; it’s about safeguarding their most personal information. Unfortunately, today, a slew of threats target this sector, including ransomware, phishing, API vulnerabilities, and the significant complexities of securing interconnected systems and supply chains. So said Nuno Loureiro in his opening remarks during yesterday’s Probely webinar, “Unveiling Hidden APIs and Securing Vulnerabilities in the Healthcare Sector.” The conversation opened with Errol Weiss from Health-ISAC, discussing the common threats and ongoing challenges in the healthcare sector. He said ransomware remains one of the most pressing threats in healthcare. With attackers leveraging social engineering techniques,…