In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-7q22-x757-cmgc: Symfony http-security has authentication bypass

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

GHSA-2mj3-vfvx-fc43: Moby Race Condition vulnerability

moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

GHSA-gh5c-3h97-2f3q: Moby Race Condition vulnerability

Whether it's detecting fraudulent activity, preventing phishing, or protecting sensitive data, AI is transforming cybersecurity in ridesharing.

Source: Askar Karimullin via Alamy Stock Photo

COMMENTARY

Picture yourself standing on a busy street corner, smartphone in hand. With just a few taps, you summon a car that will arrive in minutes. This seemingly simple action has now become a daily routine for millions of Americans across the country. But as ridesharing apps offer unparalleled convenience, they also face growing concerns about security and data protection. As a result, these platforms are increasingly turning to artificial intelligence (AI) to fortify their defenses and ensure the safety of both riders and drivers.

Beneath the surface of this seamless user experience lies a complex ecosystem of AI algorithms working tirelessly to keep every journey safe and secure. Whether it's detecting fraudulent activity, preventing phishing attempts, or protecting sensitive data, AI is fundamentally transforming the cybersecurity landscape in ridesharing.

**AI-Driven Identity Verification**

Security starts at the very first step of the ridesharing journey — identity verification. Both riders and drivers must be authenticated to ensure a secure experience. However, verifying millions of users poses a substantial challenge. That's where AI steps in as a powerful tool for combating identity fraud.

Driver Authentication: AI-powered facial recognition systems use computer vision to compare selfies taken by drivers with their government-issued IDs. This process ensures that the person behind the wheel matches the registered account. To enhance security, these platforms implement periodic re-verification through biometric checks, preventing fraudulent actors from using stolen accounts to access the platform.

Rider Authentication: Currently, riders are authenticated through basic checks such as validating email addresses, phone numbers, and payment methods. However, the potential for AI in rider verification extends far beyond these initial steps. In the future, AI systems could incorporate more sophisticated predictive modeling to detect anomalies in user activity — for example, unusual patterns in booking history or device usage could flag compromised accounts, enabling platforms to intervene before any security breach occurs.

**Detecting Fraud and Phishing Attacks**

One of the most pervasive threats in digital platforms today is phishing. With the rise of sophisticated phishing schemes aimed at ridesharing users — whether to steal credentials or payment information — ridesharing apps have embraced AI-driven systems to detect and block malicious attempts in real time.

Fraud and Phishing Detection: Fraudsters often exploit vulnerabilities like stolen payment information or fake driver profiles to manipulate the system for unauthorized gains. Meanwhile, phishing campaigns attempt to trick users — both drivers and riders — into revealing sensitive details. AI tackles these threats by:

*   Identifying Suspicious Behavior: AI models flag irregularities, such as unusual login locations, sudden changes in ride patterns, or attempts to manipulate driver or payment profiles.
    
*   Blocking Phishing Attempts: Sophisticated algorithms analyze signals like abnormal contact rates, high cancellation frequencies, and sequential anomalies to detect and prevent phishing schemes.
    
*   Responding Swiftly to Threats: When anomalies are detected, AI systems react in real time by locking compromised accounts, intercepting fraudulent actions, and mitigating risks before they escalate.
    
*   Payment Security: AI also plays a critical role in securing payment transactions. Using machine learning, ridesharing platforms can detect anomalies in payment processing, such as transaction tampering or repeated failed payments, that could indicate fraudulent activity. Payment gateways are closely monitored for suspicious transactions, and any deviations from typical user behavior are flagged for further review.
    

**Real-Time Threat Monitoring**

While preemptive security measures like identity verification and encryption are essential, ridesharing platforms must also continuously monitor for real-time threats during rides. Here, AI-driven systems act as vigilant guardians, ensuring safety throughout the journey.

*   Monitoring for Suspicious Behavior: AI systems monitor ongoing trips, flagging erratic behavior such as deviations from planned routes or excessive speed. By using GPS data, machine learning models can identify unsafe driving patterns and alert both the rider and driver to potential issues. This real-time monitoring not only ensures physical safety but also acts as a safeguard against hijacking or driver impersonation.
    
*   Emergency Response Systems: Ridesharing platforms have integrated AI-enhanced emergency features into their apps, allowing users to access help instantly. One-tap emergency buttons are backed by AI-driven systems that can instantly share real-time ride data, including location and driver information, with authorities or emergency contacts. In addition, AI models can analyze data from encrypted dashcams and provide insights into incidents that require rapid intervention, ensuring that support arrives as quickly as possible.
    

**AI, the Guardian of Ridesharing Security**

Looking ahead, AI will play a pivotal role in enhancing the security and privacy of ridesharing platforms. As the amount of personally identifiable information (PII) grows, AI systems will continue to evolve, strengthening encryption, anomaly detection, and proactive threat monitoring. Machine learning models will not only monitor for emerging cyber threats, such as phishing and fraud, but also predict and flag high-risk behaviors like frequent ride cancellations or erratic driving. By deprioritizing these risky matches, AI ensures a safer experience for both riders and drivers.

With the integration of real-time cyber threat intelligence, AI will adapt to new attack methods, staying one step ahead of cybercriminals. Predictive analytics will help identify potential risks before they escalate, allowing ridesharing platforms to take action early. AI's ability to monitor and mitigate threats in real time, coupled with its capacity for proactive threat prediction, will provide a resilient, adaptive security framework.

As ridesharing services continue to transform urban mobility, the role of AI in ensuring security and privacy will only grow. AI will enable platforms to address increasingly sophisticated cybersecurity challenges, providing a robust foundation for privacy, safety, and trust in a rapidly evolving digital world. Through its continuous innovation, AI will not only make rides more convenient but will also create a safer, more secure environment for users worldwide.

**About the Author**

Machine Learning Engineer, Lyft

Rachita Naik is a Machine Learning Engineer at Lyft in New York with a Master's in Computer Science from Columbia University. Passionate about leveraging machine learning to solve real-world problems, she has developed a diverse skill set through academic projects and professional experience. At Lyft, she works on algorithms to optimally match riders with drivers, enhancing marketplace efficiency and profit. Rachita thrives in fast-paced environments and is always eager to learn new technologies to improve her work.

How AI Is Enhancing Security in Ridesharing

Check Point Research has discovered cybercriminals exploiting the popular Godot Game Engine to deliver malicious software. Discover the techniques used by attackers and how to protect yourself from these threats.

****SUMMARY****

*   **Cybercriminals are exploiting the Godot game engine to deliver malware called GodLoader, targeting multiple platforms like Windows, macOS, and Linux.**

*   **GodLoader hides malicious code in game files, bypassing antivirus detection and compromising over 17,000 devices since June 2024.**

*   **The malware uses sandbox evasion, Microsoft Defender exclusions, and GitHub-hosted repositories to distribute attacks.**

*   **GodLoader’s payloads include RedLine Stealer and cryptocurrency miners, affecting 1.2 million Godot game users.**

*   **The Godot team advises downloading software from trusted sources and avoiding cracked files to stay safe.**

Check Point Research (CPR) has published its latest research on a novel multi-platform technique employed by cybercriminals to exploit the popular open-source game engine, Godot to deliver a newly discovered malicious payload dubbed GodLoader after bypassing traditional security measures.

The concerning aspect is GodLoader’s cross-platform functionality, making it effective on macOS, Windows, Linux, iOS, and Android. Although designed to target Windows, it can be used on Linux and macOS with minimal adjustments.  The malware is, reportedly, distributed via the Stargazers Ghost Network on GitHub, using over 200 repositories and 225 accounts between September and October 2024. 

“The threat actor behind this malware has been utilizing it since June 29, 2024, infecting over 17,000 machines,” and an attack can put 1.2 million users of Godot-developed games at risk, researchers noted in the blog post.

According to CPR’s research, cybercriminals exploit the flexibility of Godot’s scripting language, GDScript and embed malicious code within game assets, executing it when the game is launched. This is a stealthy approach, which enables attackers to bypass antivirus detection and compromise systems without raising alarms.

Further probing revealed that it uses sandbox and virtual machine detection, as well as Microsoft Defender exclusions, to avoid detection. The malware was hosted on Bitbucket.org and distributed across four attack waves, with initial payloads including RedLine Stealer and XMRig cryptocurrency miners.

For your information, Godot is a powerful tool for game development that allows developers to bundle game assets and scripts into .pck files, which contain the game’s resources, including images, sounds, and scripts. By injecting malicious GDScript code into these .pck files, attackers can trick the game engine into executing harmful commands.

As soon as the game loads the infected .pck file, the hidden script springs into action, downloading and deploying additional malware payloads onto the victim’s device.

The attack flow (Via CPR)

****Godot Engine’s Statement****

The Godot Engine development team, in response, has issued a statement, explaining that GodLoader doesn’t exploit a specific weakness in Godot itself because like any programming language (e.g. Python or Ruby) Godot also allows the creation of both good and bad programs. Though the malware exploits Godot’s scripting language (GDScript) to deliver its payload, this doesn’t make Godot inherently unsafe.

The team also noted that it isn’t a one-click exploit because the GodLoader malware tricks users into downloading/executing a seemingly harmless file (typically a .pck file disguised as a software crack). This file wouldn’t work on its own and the attackers also must provide the Godot runtime (.exe file) separately to make it successful. This means users have to take multiple steps to install the malware, making it less likely to be a one-click exploit.

Nonetheless, team Godot emphasizes the importance of good security habits and downloading from trusted sources like official websites, established distribution platforms, or trusted individuals. Windows and macOS users should check for signed executables and notarization by a trusted party and avoid using cracked software as it is a common target for malicious actors.

1.  **Gcore Thwarts 500M PPS DDoS Attack on Gaming Firm**
2.  **What is Blockchain Gaming and its Play-to-Earn Model?**
3.  **Exploring Data Privacy and Security in B2B Gaming Data**
4.  **Winos4.0 Malware Hits Windows via Fake Gaming Apps**
5.  **Gaming Firms, Community Members Hit by Dark Frost Botnet**

Godot Engine Exploited to Spread Malware on Windows, macOS, Linux

Python has emerged as a powerful ally in combating rising cybersecurity threats and tracking cybercrime through tools leveraging…

Python has emerged as a powerful ally in combating rising cybersecurity threats and tracking cybercrime through tools leveraging **threat intelligence**. With its versatility and powerful libraries, experts today can create solutions that run large algorithms and enhance searchability and scalability.

****Unmatched Versatility in Threat Detection****

Cyber threats are evolving rapidly, and tools must stay ahead to counter them effectively. Python stands out with its versatility and a wide range of libraries tailored for cybersecurity. For instance, Scapy allows developers to analyze network packets, identifying suspicious behaviours before they can cause harm. Additionally, Python can be used to create predictive models to detect and mitigate threats using frameworks like TensorFlow.

****Real-life use cases highlight Python’s potential****

Python is incredibly useful in real-world cybersecurity. For network monitoring, tools like **Pyshark** leverage Python to decode and analyze network traffic for anomalies. Automated penetration testing benefits from Python scripts that streamline server and application vulnerability scans. In malware analysis, the Python-based **YARA** library plays a crucial role in identifying patterns of malicious code, making it an invaluable tool for threat detection.

Beyond technical strength, Python’s simplicity makes it easy for cybersecurity teams of different levels of expertise to work together. **Python software development services** are used by developers and analysts alike to easily integrate threat detection into existing systems.   

****Why Python Outshines Other Languages in Cybersecurity**  **

Python isn’t the only programming language out there—so what sets it apart? Its rich ecosystem, ability to quickly prototype, and cross-platform compatibility make it stand out from languages like Java or C++. Python enables rapid development of tools that can respond to threats in real-time, a critical factor in combating modern cyber risks.

Stay tuned as we explore how Python accelerates incident response and powers proactive defence systems, helping organizations stay ahead of security threats worldwide.

****Python’s Role in Accelerating Incident Response**  **

Quick action is necessary for incident response to limit the damage. The automation of repetitive tasks and real-time analysis make Python an ideal tool for this. Its simple syntax enables teams to write scripts that respond to threats quickly and resolve the issues faster.  

****Key ways Python aids incident response****

Python plays a vital role in incident response by streamlining critical tasks. Libraries like Loguru help parse server logs to identify irregularities, while Python scripts enable real-time alerts when threats are detected.

Tools like **Beautiful Soup** automate data extraction from compromised systems, and custom scripts can isolate infected systems to prevent the spread of malicious activity. These capabilities make Python an invaluable asset in managing and mitigating cyber threats effectively.

Python software development service helps organizations improve their incident response, reducing downtime and protecting their critical assets. Thanks to Python’s robust capabilities, teams can accelerate risk mitigation and manage what was once a potential crisis as an ordinary event.    

****Proactive Defense Through Python Development**  **

Python isn’t just reactive—it’s also a proactive tool for combating threats right from the start. With its extensive libraries and frameworks, cybersecurity teams can build predictive analytics tools to identify potential vulnerabilities and detect unusual patterns, keeping organizations one step ahead of attackers.

For instance, Python integrates seamlessly with AI tools for real-time anomaly detection. Developers can create algorithms to monitor network behavior and trigger instant alerts when deviations occur. Additionally, Python’s flexibility allows it to integrate easily with existing security infrastructures without stretching budgets.

By leveraging Python, businesses can reduce the risk of breaches, maintain stakeholder trust, and strengthen their overall security posture. Its proactive capabilities transform cybersecurity from a reactive necessity into a strategic advantage, enhancing digital protection at every level.

****Key Advantages of Python in Cyber Defense**  **

Python is a powerhouse in cybersecurity, offering developers and organizations unmatched efficiency in tackling complex security challenges. With extensive libraries like Cryptography and Hashlib for secure encryption and hashing, Python ensures data protection is seamless.

Furthermore, its cross-platform support allows it to work effortlessly across Windows, Linux, and macOS without compromising security. Python’s user-friendly syntax accelerates tool development and reduces deployment time, while its vast and active community continuously updates resources to address evolving threats. This combination of features makes Python a key factor for cybersecurity solutions.

1.  **Top Software Development Outsourcing Trends**
2.  **Why is learning Python important in Data Science?**
3.  **A Step-by-Step Guide to How Threat Hunting Works**
4.  **Power of Cloud App Development, DevOps for Businesses**
5.  **The Essential Tools and Plugins for WordPress Development**

How Python Software Development Enhances Cyber Defense

Group-IB has discovered that cybercriminals are using fake betting apps and ads with AI-generated voices to steal personal information and money. Discover the tactics used by scammers and how to avoid falling victim to these fraudulent schemes.

**SUMMARY**

*   **Scammers Use Fake Ads**: Cybercriminals are creating fake betting app ads to lure users and steal money and personal information.

*   **AI-Generated Voices**: Scammers use AI-generated voices in multiple languages to make their schemes seem more credible.

*   **Massive Reach**: Over 500 fake ads and 1,377 malicious sites have been identified, targeting users in regions like Egypt, the Middle East, Europe, and Asia.

*   **Serious Losses**: Victims have reported losing significant amounts, with some losing over $10,000 to these scams.

*   **Stay Safe**: Avoid downloading apps from unofficial sources, be wary of too-good-to-be-true offers, and always use strong security measures.

Cybersecurity firm Group-IB has observed a surge in **fake betting** game advertisements across various social media platforms. In its detailed investigation, shared with Hackread.com, Group-IB’s CERT team discovered deceptive ads designed to lure unsuspecting users by promising easy money, ultimately leading to financial loss and personal data compromise. The ads typically target users in regions like Egypt, the Middle East, Europe, and Asia.

One of the fake apps used in the scam (Source: Group-IB)

Researchers, reportedly, discovered over 500 deceptive ads and 1,377 malicious websites targeting users to download fraudulent applications. Further probing revealed that cybercriminals are employing advanced techniques to make these fraudulent ads appear legitimate.

This, according to Group-IB’s **blog post**, includes using AI-generated voices in multiple languages to create a sense of authenticity, even when the scam originates from a different country. Victims have suffered significant financial losses, with some reporting losses exceeding US$10,000.

As soon as a user clicks on a deceptive ad, they are directed to download a fraudulent app. These apps are typically distributed through third-party websites or APK files and are capable of bypassing security measures on official app stores. Upon installation, the app requests various personal and financial information, which is then harvested by the scammers.

> _“Group-IB CERT discovered these scams across multiple regions, with more than 200 ads targeting Egypt, 160 ads in the GCC, and another 140 in Europe and Asia. The momentum of such scams has rapidly increased, with scammers continually expanding into new markets.”_
> 
> Group-IB

Fake reviews and testimonials are a key facilitating factor in these scams, as these enhance the legitimacy of the fake apps. These reviews feature detailed narratives, screenshots, and photos of “successful” players, creating the illusion of a highly profitable and trustworthy game, and generating attraction for the scam.

Fake reviews on one of the fraud apps (Source: Group-IB)

Fake betting apps can lead to severe consequences for users, such as financial loss through “bait and switch” tactics, identity theft due to the collection of personal information, and device compromise. Malicious apps can compromise device security, allowing attackers to access sensitive data and install additional malware, posing a significant risk to users’ personal information.

We have been witnessing a gradual rise in fake gaming apps compromising users’ devices. Recently, Hackread **reported** Fortinet’s FortiGuard Labs discovery of a new malicious campaign targeting Microsoft Windows users using game-related applications to deliver Winos4.0, an advanced malware framework similar to Cobalt Strike and Sliver. Earlier this week, Indian authorities **busted** an international gang of cybercriminals who used fake gaming apps to mint over 190cr from unsuspecting users.

Hence, it is essential to be cautious of quick money offers to avoid falling victim to such scams. Always download apps from official stores, avoid suspicious links, use strong security measures like passwords and two-factor authentication, and stay updated on the latest online scams and **phishing techniques** to stay safe.

1.  **Crooks Exploit Satellite Live Feed Delay for Betting Advantage**
2.  **Fake GlobalProtect VPN Downloads Spread WikiLoader Malware**
3.  **Chinese Scammers Exploit Cloned Sites in Vast Gambling Network**
4.  **Facebook Malvertising Campaign Drops Malware via Fake Bitwarden**
5.  **Dude Finds Flaw in World’s Biggest Gambling Site, Steals $1M in BTC**

Fake Betting Apps Using AI-Generated Voices to Sensitive Data

Qualified applicants must be able to test ransomware encryption and find bugs that might enable defenders to jailbreak the malware.

Source: TippaPatt via Shutterstock

Businesses are not the only organizations looking for skilled cybersecurity professionals; cybercriminals are also advertising for individuals capable of creating dark AI models and penetration-testing products — that is, ransomware — to reduce the chance of defenders finding ways to circumvent the scheme.

In advertisements on Telegram chats and forums — such as the Russian Anonymous Marketplace, or RAMP — ransomware affiliate groups and initial access providers are seeking cybersecurity professionals to help find and close holes in their malware and other attack tools, security firm Cato Networks stated in its "Q3 SASE Threat Report." In the past, the firm's threat researchers have noted advertisements seeking developers capable of creating a malicious version of ChatGPT.

The search for more technical talent highlights the recent success of law enforcement and private companies in taking down botnets and helping defenders recover their data, says Etay Maor, chief security strategist at Cato Networks.

"They definitely want to make sure that all the effort they're putting into their software is not going to be turned over when somebody finds a vulnerability," he says. "They're really stepping up their game in terms of approaching software development, making it closer to what an enterprise would do than what is typically seen today from other development groups."

The search for better software security is the latest sign of technical evolution among cybercriminal groups. In Southeast Asia, cybercriminal syndicates have grown from illegal gambling and drug cartels into enterprises that rake in more than $27 billion a year, fueling improvements in money laundering, technical development, and forced labor.

**Penetration Testing Just the Latest**

As cybercriminal groups grow, specialization is a necessity. In fact, as cybercriminal gangs grow, their business structures increasingly resemble a corporation, with full-time staff, software development groups, and finance teams. By creating more structure around roles, cybercriminals can boost economies of scale and increase profits.

Currently, the top ransomware groups are LockBit, RansomHub, PLAY, Hunters International, and Akira — all likely using more structured roles and cybercriminal services to operate efficiently, according to a 2024 review of the top ransomware groups by threat intelligence firm Recorded Future, now part of Mastercard International.

"These emerging groups and platforms bring new and interesting ways to attack so organizations need to be on their toes and adjust their cybersecurity accordingly," the company stated in a blog post. "As they evolve, understanding their modus operandi and targets will be key to mitigating the impact."

New cybercriminals groups are always appearing, and that also means new opportunities for skilled cybercriminals. The first half of 2024 saw 21 new ransomware groups appear in underground forums, although many of those new groups are likely rebranded versions of previous groups that had splintered. Overall, 68 groups posted more than 2,600 claimed breaches to leak sites in the first six months of the year, a 23% increase over the same period in 2023, according to cybersecurity firm Rapid7.

Most malware and tools created by the groups use C or C++ — the programming language used in 58 samples — but the use of more modern, memory-safe languages is growing, with Rust used in 10 samples and Go used in six samples, according to a report released by Rapid7, which noted "the complexity of the ransomware business model, with groups coming and going, extortion tactics intensifying, builders and code 'leaking' — and all the while, the overall scope of the threat only expanding."

**More Aggressive Defense**

Finally, some groups required specialization in roles based on geographical need — one of the earliest forms of contract work for cybercriminals is for those who can physically move cash, a way to break the paper trail. "Of course, there's recruitment for roles across the entire attack life cycle," Maor says. "When you're talking about financial fraud, mule recruitment ... has always been a key part of the business, and of course, development of the software, of malware, and end of services."

Cybercriminals' concerns over software security boil down to self-preservation. In the first half of 2024, law enforcement agencies in the US, Australia, and the UK — among other nations — arrested prominent members of several groups, including the ALPHV/BlackCat ransomware group and seized control of BreachForums. The FBI was able to offer a decryption tool for victims of the BlackCat group — another reason why ransomware groups want to shore up their security.

Current geopolitical disruptions, which can lead to highly skilled people unemployed, are making it more likely that cybercriminals groups will be able to convince legitimate cybersecurity professionals to take a risk and do illegal work, Cato Networks' Maor says.

"There's people ... losing jobs in Eastern Europe because of the current war situation, so unfortunately you see that in the underground forums, where you have smart people there, who — at the end of the day — need to put food on the table," he says. "If that means they have to resort to jobs that are not necessarily super legal, if that's what they need to do to pay the bills, then they'll pop up on these forums and be like, 'Hey, I worked for this company. I have this knowledge ... and I can offer access.'"

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Ransomware Gangs Seek Pen Testers to Boost Quality

When looking to create a business, one of the most important things to consider is how you will…

When looking to create a business, one of the most important things to consider is how you will get it off the ground. Having an idea is great, but you need to go way beyond this to ensure your success. You need to think of everything including how much you have to invest in your business, how you’re going to get your website up and what this will mean for you going forward. In this article, we take a look at how to get your startup off the ground and into a profitable business in no time. Keep reading to get inspired. 

****Ensure your brand is strong****

Your branding is essentially the foundation of your business and is something everyone will see and focus on as you grow and scale up. With this in mind, you want to ensure it’s strong and designed to last. Consider your brand colours and how well these correlate with what you offer. Think about your font – do you want something fun and playful? Or perhaps something more professional and business-like? Consider the message you want to put across when it comes to this and what you want to convey. 

****Place emphasis on your website****

Your website is the storefront for your business online and is the place where your customers, clients and others will come for information or to buy your products and services. Because of this, you need to make sure it’s functional, practical, looks good and does the job. Web hosting from a professional company is vital as they can help your website run smoothly and provide support when you need it. This can ensure a top experience not only for you in the back end but for your customers also. Think about how many pages you want your website to be and things like if you want a blog or other elements to it.

**Protection Against Brand Impersonation**

Brand impersonation is a growing cybersecurity threat that startups must take seriously. Cybercriminals often mimic established brands or even newly launched startups to deceive customers, partners, or employees into sharing sensitive information or making unauthorized transactions. This type of attack not only risks financial security but can also ruin a company’s reputation before it fully establishes itself in the market.

Startups should invest in cybersecurity measures like domain protection, email authentication protocols (such as **DMARC**), and regular monitoring of online mentions of their brand. Educating employees and customers about identifying phishing attempts and fake profiles is equally important to protect against these malicious tactics.

X (formerly Twitter) has become a hub for brand impersonation, with scammers frequently posing as major crypto and blockchain firms to defraud users of their funds. The issue has worsened since Elon Musk introduced the option to purchase blue checkmarks, which has significantly increased the prevalence of such scams.

> A large network of bot accounts impersonating users like myself on X/Twitter has resulted in $305k+ stolen over the past few days.
> 
> They even tricked Dexerto into accidentally making an article/post promoting the scam.
> 
> The scam worked by having impersonators post about a fake… pic.twitter.com/lde4CXHjK5
> 
> — ZachXBT (@zachxbt) November 15, 2023

****Focus on your budget allocation****

Let’s face it, starting a business isn’t cheap, but by having a budget in mind, you can avoid going too heavy over what you can afford and risking it being stressful. Allocate budget for things such as your web hosting and building, marketing, office premises if this is something you will need, warehouse and any stock, as well as a work phone and contract, your internet and travel costs that might need to be paid for. Organisation is key and can help ensure you’re a success. 

These are just a few things you can do to help get your startup off the ground and on the path to success. There are so many attributing factors to making sure your company does well, but a solid foundation is arguably the most important of them all. By starting out well with your business you can help it scale up effectively and know it will continue to grow and do well as time goes on. What are some top tips you have for getting a startup off the ground? Let us know in the comments.

How To Get Your Startup Off The Ground Amid Cybersecurity Threats

A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023.
The covert campaign undertaken by Social Design Agency (SDA), leverages videos enhanced using artificial intelligence (AI) and bogus websites impersonating reputable news sources

Latest News