PRESS RELEASE

RALEIGH, N.C., Oct. 28, 2024 /PRNewswire-PRWeb/ -- ALL THINGS OPEN 2024 -- After a year-long, global, community design process, the Open Source Definition (OSAID) v.1.0 is available for public use.

The release of version 1.0 was announced today at All Things Open 2024, an industry conference focused on common issues of interest to the worldwide Open Source community. The OSAID offers a standard by which community-led, open and public evaluations will be conducted to validate whether or not an AI system can be deemed Open Source AI. This first stable version of the OSAID is the result of multiple years of research and collaboration, an international roadshow of workshops, and a year-long co-design process led by the Open Source Initiative (OSI), globally recognized by individuals, companies and public institutions as the authority that defines Open Source.

"The co-design process that led to version 1.0 of the Open Source AI Definition was well-developed, thorough, inclusive and fair," said Carlo Piana, OSI board chair. "It adhered to the principles laid out by the board, and the OSI leadership and staff followed our directives faithfully. The board is confident that the process has resulted in a definition that meets the standards of Open Source as defined in the Open Source Definition and the Four Essential Freedoms, and we're energized about how this definition positions OSI to facilitate meaningful and practical Open Source guidance for the entire industry."

"The new definition requires Open Source models to provide enough information about their training data so that a 'skilled person can recreate a substantially equivalent system using the same or similar data,' which goes further than what many proprietary or ostensibly Open Source models do today," said Ayah Bdeir, who leads AI strategy at Mozilla. "This is the starting point to addressing the complexities of how AI training data should be treated, acknowledging the challenges of sharing full datasets while working to make open datasets a more commonplace part of the AI ecosystem. This view of AI training data in Open Source AI may not be a perfect place to be, but insisting on an ideologically pristine kind of gold standard that will not actually be met by any model builder could end up backfiring."

"We welcome OSI's stewardship of the complex process of defining Open Source AI," said Liv Marte Nordhaug, CEO of the Digital Public Goods Alliance (DPGA) secretariat. "The Digital Public Goods Alliance secretariat will build on this foundational work as we update the DPG Standard as it relates to AI as a category of DPGs."

"Transparency is at the core of EleutherAI's non-profit mission. The Open Source AI Definition is a necessary step towards promoting the benefits of Open Source principles in the field of AI," said Stella Biderman, executive director at the EleutherAI Institute. "We believe that this definition supports the needs of independent machine learning researchers and promotes greater transparency among the largest AI developers."

"Arriving at today's OSAID version 1.0 was a difficult journey, filled with new challenges for the OSI community," said OSI Executive Director, Stefano Maffulli. "Despite this delicate process, filled with differing opinions and uncharted technical frontiers—and the occasional heated exchange—the results are aligned with the expectations set out at the start of this two-year process. This is a starting point for a continued effort to engage with the communities to improve the definition over time as we develop with the broader Open Source community the knowledge to read and apply OSAID v.1.0."

The text of the OSAID v.1.0 as well as a partial list of the many global stakeholders who endorse the definition can be found here:

https://opensource.org/ai

About the Open Source Initiative   
Founded in 1998, the Open Source Initiative (OSI) is a non-profit corporation with global scope formed to educate about and advocate for the benefits of Open Source and to build bridges among different constituencies in the Open Source community. It is the steward of the Open Source Definition and the Open Source AI Definition, setting the foundation for the global Open Source ecosystem. Join and support the OSI mission today at https://opensource.org/join.

The Open Source Initiative Announces Open Source AI Definition

PRESS RELEASE

LONDON, Oct. 28, 2024 /PRNewswire/ -- VIPRE Security Group, a global leader and award-winning cybersecurity, privacy, and data protection company, has released its Q3 2024 Email Threat Trends Report, shedding light on the evolving cybersecurity landscape. This comprehensive analysis of real-world data reveals the sophisticated strategies and techniques employed by cybercriminals, with a particular persistent focus on the highly lucrative tactic of business email compromise (BEC). VIPRE processed 1.8 billion emails globally, of which 208 million were malicious.

BEC impersonation weaponisation  

In this third quarter of 2024, cybercriminals intensified their efforts to exploit organisational vulnerabilities through employee deception. BEC scams surged, accounting for 58% of phishing attempts. Notably, 89% of these BEC attacks involved impersonation of authority figures, including CEOs, senior executives, and IT staff, underscoring the sophisticated tactics employed by malicious actors.

BEC aims for the manufacturing sector 

The manufacturing sector saw a significant rise in BEC attacks, potentially driven by financial fraud. These incidents increased from just 2% in Q1 to 10% in Q3 this year. This rise may be attributed to the industry's widespread use of mobile sign-ins at various worksites. Employees accessing systems "on the go", often under pressure to meet production deadlines, are more susceptible to phishing attempts.

Subtler tactics are a larger threat

Email threats in Q3 were dominated by scams (34%), commercial spam (30%), and phishing (20%). These email threats overshadowed ransomware and malware combined, which comprised less than 20% of all email attacks. Interestingly, despite their lower prevalence, ransomware and malware continue to receive disproportionate attention from the cybersecurity industry.

Sneakier attachments 

To counter advancing email security solutions, criminals are deploying increasingly more intricate methods to bypass defenses. Attackers are employing sneakier techniques such as disguising malicious attachments as voicemail recordings or critical security updates to lure unsuspecting users into downloading them.

Additionally, Microsoft PDFs and .DOCX files remain the most common forms of malicious attachments. In Q3 2024, 2.18 million emails were detected containing harmful attachments, marking a 30% increase from the previous quarter's 21% attachment-based attacks.

Phishing links and compromised websites

Cybercriminals continue to favour the URL redirection technique, a tactic that typically proves effective at evading security controls. This deceptive ploy utilises a "clean" URL within the body of the email, which then redirects unsuspecting users to a malicious one once inside. In Q3 2024, URL redirection accounted for 52% of such attacks, leading victims to meticulously crafted fraudulent websites designed to appear authentic, and gain trust.

Malspam pendulum swing from malicious links to attachments

When it comes to malspam, there is a pendulum swing from a preference for malicious links to attachments. During Q3, malspam efforts were centered on malicious attachments (64%), while only 36% employed a link. The attachment formats used were predominantly LNK, ZIP, and DOCX. Only a quarter ago, links were the tool of choice by a factor of nearly nine-to-one (86% links to 14%).

The 'Malware Family of the Quarter' goes to Redline

Redline is the top malspam family of Q3 2024, a spot it has maintained since the corresponding quarter in 2023. RedLine is designed to steal sensitive information from web browsers, such as credentials and payment data. Typically distributed via phishing emails or malicious websites, it sends stolen data to a command-and-control server controlled by the attacker. It can completely take over a compromised machine and uses multiple infiltration methods.

"The findings of this report yet again illustrate the sophistication of criminal tactics. BEC email and phishing attacks are becoming more targeted and convincing," Usman Choudhary, CPTO, VIPRE Security Group, says. "Additionally, malware distribution through malicious spam campaigns continues to pose a serious threat to organisations. These findings stress the critical need for robust cybersecurity measures and ongoing employee education to combat these evolving threats, especially as bad actors gear up for the upcoming holiday season – Black Friday, Thanksgiving, Christmas, and New Year."

To read the full report, click here: VIPRE's Email Threat Trends Report: Q3 2024. 

VIPRE leverages its vast understanding of email security to equip businesses with the information they need to protect themselves. This report is based on proprietary intelligence gleaned from round-the-clock vigilance of the cybersecurity landscape.

About VIPRE Security Group

VIPRE Security Group, part of Ziff Davis, Inc., is a leading provider of internet security solutions purpose-built to protect businesses, solution providers, and home users from costly and malicious cyber threats. With over 25 years of industry expertise, VIPRE is one of the world's largest threat intelligence clouds, delivering exceptional protection against today's most aggressive online threats. Our award-winning software portfolio includes next-generation antivirus endpoint cloud solutions, advanced email security products, along with threat intelligence for real-time malware analysis, and security awareness training for compliance and risk management. VIPRE solutions deliver easy-to-use, comprehensive layered defense through cloud-based and server security, with mobile interfaces that enable instant threat response. VIPRE is a proud Advanced Technology Partner of Amazon Web Services operating globally across North America and Europe.

Business Email Compromise (BEC) Impersonation: The Weapon of Choice of Cybercriminals

PRESS RELEASE

NEW YORK, Oct. 28, 2024 /PRNewswire/ -- Casap, a disputes automation and fraud prevention platform, has raised $8.5 million to scale the first AI-powered solution for banks, credit unions and fintechs to intelligently tackle first-party fraud and automate disputes and chargebacks. The recent round was led by Lightspeed Venture Partners with participation from Primary Venture Partners, Commerce Ventures, Curql, Alloy Labs, and notable fintech founders and execs from Chime, Robinhood, Square, Current, Novo, and Alloy. The funding will enable Casap to continue to scale its AI decisioning, helping financial institutions reduce operational costs, curb fraud-related losses, and transform the consumer experience.

"The surge in first-party fraud and dispute volumes are overwhelming financial institutions," said Shanthi Shanmugam, co-founder and CEO of Casap. "Our platform helps banks, credit unions and fintechs meet these challenges head-on with intelligent automation that delivers fast, frictionless dispute resolution at a fraction of today's cost. By empowering institutions to identify fraudulent claims early and resolve legitimate cases swiftly, Casap is transforming what is often a frustrating customer service experience into an opportunity to build consumer loyalty."

Financial institutions are under immense pressure to resolve the 238 million chargebacks that emerge annually, most of which take 45-90 days to resolve. First-party fraud has consistently risen year over year since COVID, with more consumers disputing legitimate charges to avoid payment. This surge, combined with a growing tendency to file disputes directly with payment providers instead of merchants, has led to overwhelming volumes and substantial financial losses. Institutions are forced to hire large teams, navigate complex regulations, and outsource chargebacks yet still struggle to meet consumer expectations — 50% of consumers will switch banks if they are not getting the service they want and expect, leading to long-term attrition and escalating costs.

Casap's AI-powered automations and proprietary "first-party fraud score", similar to an industry-standard FICO score, combine to resolve a dispute end-to-end without human intervention. The platform intelligently analyzes evidence, predicts outcomes, and automates key actions — such as issuing credits, filing chargebacks, and responding to merchants — while using its fraud score to identify suspicious consumers and merchants to proactively reduce disputes.

"Our team was impressed by the deep expertise Shanthi and Saisi brought to what is a cross-industry problem with significant scale. The company's early momentum is a promising indication of the type of compounding technological innovation we look for," says Aaron Frank, Partner at Lightspeed.

Casap's chargeback model, the first of its kind, includes publicly available weights — putting Casap at the forefront of innovation and sets a new standard for transparency in the industry. With built-in regulatory expertise and key integrations, Casap's advanced AI and decisioning capabilities cut resolution times from days to minutes, driving significant cost savings and enhancing operational efficiency for financial institutions.

Casap is already delivering measurable results for customers across the payments ecosystem, from major fintechs and established institutions like Chartway Credit Union to Banking-as-a-Service providers and sponsor banks.

"Before Casap, our team lacked the tools to effectively resolve disputes or file chargebacks, leading to a negative member experience and limited ability to improve the process," said Karin Collier, Director of Card Services at Chartway Credit Union. "Partnering with Casap has revolutionized how we think about disputes. With Casap's built-in regulatory expertise and AI-powered automation, we get to drive fast, accurate dispute outcomes, catch friendly fraud early, achieve higher NPS, all while seeing an immediate positive impact on our bottom line. Casap's customizability helps us adapt quickly to evolving needs, fraud trends, and transforms the way we work across the credit union. With Casap, AI is more than a tool—it's the engine driving our mission to create an unparalleled member experience. We're excited to continue partnering with Casap to transform how we operate across the back-office and set a new benchmark for exceptional member service."

"Choosing Casap as our multi-year partner for disputes and fraud management was an easy decision," continues Collier. "The partnership delivers immediate impact, with 29% cost savings from day one with even greater efficiencies projected just a month out. More importantly, Casap enables us to build trust by offering our members a fast, seamless self-service experience that sets a new standard for dispute resolution."

Casap is committed to making its platform the best-in-class solution for resolving disputes and chargebacks, helping customers achieve results up to four times faster than competitors in the space.

"Consumer trust is the lifeblood of financial institutions," Shanmugam continues. "Casap gives banks, credit unions and fintechs the tools they need to resolve genuine disputes quickly, while curbing the rising costs of fraud. We're not just solving a back-office problem—we're reshaping how institutions build trust and loyalty in the face of fraud."

Before founding Casap, Shanthi Shanmugam and Saisi Peter spent years driving innovation at fintech powerhouses Chime and Robinhood, with a focus on delivering seamless, consumer-first experiences. Their expertise in revolutionizing the way we operate payments has fueled Casap's rapid growth and early momentum.

Casap has also been recognized by industry leaders, winning the NACUSO 2024 Next Big Idea Competition.

About

Casap is an AI-powered disputes automation and fraud prevention platform. With built-in regulatory expertise and network integrations, Casap's intelligent automation identifies fraudulent claims early and delivers fast, frictionless dispute and chargeback resolution at a fraction of today's cost. Growing financial institutions use Casap to scale with a triple shield — back office efficiencies, fraud protection, and consumer delight. Casap is backed by top-tier VCs and notable fintech founders. Learn more at casaphq.com.

Casap Secures $8.5M in Funding

Russian state-sponsored hackers Cozy Bear are targeting over 100 organizations globally with a new phishing campaign. This sophisticated…

Russian state-sponsored hackers Cozy Bear are targeting over 100 organizations globally with a new phishing campaign. This sophisticated attack uses signed RDP files disguised as legitimate documents to gain remote access and steal sensitive data. Learn how to protect yourself and your organization from this threat.

Microsoft has revealed that the Russian state-sponsored threat actor Cozy Bear (or APT29, UNC2452, and Midnight Blizzard) has launched a new phishing campaign targeting over 100 organizations worldwide, especially Ukraine, the United States and Europe.

The campaign, active since October 22, 2024, involves highly targeted emails designed to trick users into opening malicious files, ultimately granting the attackers access to sensitive information.

The attackers are mainly focusing on organizations in critical sectors such as government, defence, academia, and non-governmental organizations. This aligns with Cozy Bear’s previous pattern of targeting entities holding valuable intelligence.

****What’s new this time?****

Cozy Bear is using a never-before-seen approach involving signed Remote Desktop Protocol (RDP) configuration files. These apparently harmless files are sent as attachments in phishing emails, often disguised with lures related to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust. The emails are composed with sophistication, even impersonating Microsoft employees to enhance their credibility.

****How does it work?****

According to Microsoft’s blog post shared with Hackread.com ahead of publishing, when a user opens the malicious RDP file, a connection is established to a server controlled by Cozy Bear.

This connection grants the attackers access to a wide range of resources on the victim’s device, including files, connected peripherals, clipboard data, and even authentication features. This access can be exploited to install malware, steal sensitive data, and maintain persistent access even after the RDP session is closed.

****What’s at risk?****

The potential consequences of a successful attack are significant. Cozy Bear could gain access to confidential government information, intellectual property, and sensitive data belonging to various organizations. The compromised devices could also be used as launchpads for further attacks, potentially spreading the infection to other connected systems.

Patrick Harr, CEO of Pleasanton, Calif.-based SlashNext Email Security+, commented on the recent developments, warning organizations about the increasing sophistication of phishing attacks.

_“_This attack once again highlights that phishing continues to be the most dangerous threat to your organization which is why companies must not only continuously train their users, they must also employ AI detection and phishing sandboxes for malicious links and files directly in their email, collaboration and messaging apps,_“_ Patrick advised.

_“_These new sophisticated attacks, many of them AI-generated, evade current secure email gateways (SEGs) and even Microsoft Defender for Office. The only way organizations can defend themselves is by using AI to prevent these attacks before successful breaches._“_

Microsoft, along with CERT-UA and Amazon, has confirmed the ongoing campaign and is working to notify affected customers. Cybersecurity experts urge organizations and individuals to be alert, especially when dealing with emails containing attachments or requests for remote access.

Additionally, enabling multi-factor authentication, using phishing-resistant authentication methods, and educating users about these phishing techniques are important steps in mitigating this attack.

1.  TeamViewer Confirms Breach by Midnight Blizzard
2.  Midnight Blizzard Hacked UK Home Office via Microsoft
3.  Midnight Blizzard Hackers Hit MS Teams in Precision Attack
4.  Iranian Hackers Hit Microsoft 365 Users with MFA Push Bombing
5.  Russian Malware Attack Hits Ukrainian Military Recruits via Telegram

Russian Cozy Bear Hackers Phish Critical Sectors with Microsoft, AWS Lures

With a lack of cybersecurity awareness training resources for all employees, organizations are more susceptible to being breached or falling short when it comes to preventing threats.

New studies show that cybersecurity executives often fail to prioritize software security training for the entirety of a company, instead only deeming it necessary for a select few — and not always for the right reasons.

Nearly half of cybersecurity leaders who provide these kind of training tools don't consider awareness efforts to be essential within their organizations, according to a study conducted by CMD+CTRL Security and Wakefield Research. In addition to this, half of the leaders who do provide security training do so to build a "security culture," but only 41% say they provide training because of the increased risk from third parties and supply chains.

In "Enhancing Cybersecurity: The Critical Role of Software Training," the research data showed that executives who implement these kinds of trainings are highly motivated by factors such as customer satisfaction, time to market, and financial costs when implementing training resources.

Further, cyber leaders who recognize the need for this kind of software security training don't tend to prioritize customized training solutions, either because they don't consider it important or because they don't have the resources to provide it. Ultimately, this leads to a focus on developer-only training, or broad-based training programs that aren't effective, according to the findings.

With the risks that come with inadequate training, however, it's essential that company executives implement effective resources for all employees, tailored to their roles in an organization, the research concluded: "Employees gain the knowledge and skills necessary to identify vulnerabilities and adhere to best practices, learning about the latest threats and how to mitigate against them. This ultimately leads to fewer cyber breaches and a better resilience in an organization's supply chain."

**About the Author**

Cybersecurity Training Resources Often Limited to Developers

A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.

Source: Brian Jackson via Alamy Stock Photo

A new variant of a sophisticated malware that helps attackers carry out advanced voice and mobile phishing (aka vishing and mishing) attacks against Android users has evolved with new capabilities that extend their control over compromised devices to commit further malicious activities.

FakeCall, a malware that's been tracked by various research groups since at least 2022, conducts the attacks by tricking victims into calling fraudulent phone numbers controlled by the attacker, and then impersonating a typical conversation with bank employees or other entities aimed at defrauding the user in some way.

FakeCall's capability historically lies inherently in its design for communicating with an attacker-controlled command-and-control (C2) server, enabling it to execute a range of actions aimed at deceiving the end user. In addition to allowing attackers to control a person's phone calls, it also allows them to gain access to various permissions to Android devices for other malicious activity.  

Researchers at Zimperium zLabs now have discovered a new variant of FakeCall that adds novel capabilities — some of which appear to be under development — that give attackers even more capabilities to monitor people's device activity and control the device with even more precision, they revealed in a blog post published today.

Related:Dark Reading Confidential: Meet the Ransomware Negotiators

The variant demonstrates attackers coming up with new and strategic ways to create a more seamless integration with Android devices, which can help the malware avoid detection and remain active on a user's device without them knowing, the researchers found.

**FakeCall's Extension of Malicious Capabilities**

Specifically, one of the features allows for the malware to integrate with Android's Accessibility Service to give attackers "significant control over the user interface and the ability to capture information displayed on the screen," according to the post.

The feature demonstrates how attackers can evolve past simple device permissions to abuse an even more complex attack vector, "granting attackers near-total control to intercept calls, access sensitive data, and manipulate the user interface," notes Jason Soroko, senior fellow at Sectigo, a provider of certificate life-cycle management (CLM).

By seamlessly mimicking legitimate interfaces, attackers also are making detection by users "nearly impossible," he says, highlighting a critical need for advanced security solutions capable of detecting this threat.

Other new features extend FakeCall's persistent spyware capabilities, which have existed since it was first discovered and set it apart from other vishing and mishing attacks, which tend to be a one-time engagement. One of these is a Bluetooth receiver that acts as a listener to monitor Bluetooth status and changes, while the other is similar, but it acts as a screen receiver to monitor the state of the device's screen.

Related:French ISP Confirms Cyberattack, Data Breach Affecting 19M

**How a FakeCall Attack Works**

FakeCall was first detailed by researchers at Kaspersky in April 2022 as a banking Trojan with extended capability to intercept calls that users make with their banks, to create a fake customer-service experience for malicious purposes.

The malware also had some spyware capabilities, including a feature to turn on a device's microphone and send recordings from it to an attacker's C2 server; the ability to secretly broadcast audio and video from the phone in real time; and the option to pinpoint device location.

A typical FakeCall attack begins when victims download a malicious APK file (masquerading as a legitimate app) onto an Android mobile device through a phishing attack, which acts as a dropper for FakeCall. When launched, the app prompts the user to set it as the default call handler and, once designated, attackers can manage all incoming and outgoing calls. The malware then displays a custom interface mimicking the native Android dialer, seamlessly integrating its malicious functionality.

Related:Delta Launches $500M Lawsuit Against CrowdStrike

While the primary function of FakeCall is to monitor outgoing calls and transmit info to attackers via a C2 server, cyberattackers also can commit other malicious activities using the malware. These include identity fraud, which can be done by exploiting FakeCall's position as the default call handler. The malware can modify the dialed number, replacing it with a malicious one and thus deceiving users into making fraudulent calls.

Attackers also can use FakeCall's adversary-in-the-middle (AitM) approach to hijack incoming and outgoing calls, to make unauthorized connections with other mobile device users. "In this case, users may be unaware until they remove the app or restart their device," according to the post.

**Defending Against FakeCall Attacks**

As vishing and mishing attacks have become a worldwide epidemic that defrauds users of millions of dollars annually — including even the most tech-savvy individuals — it's imperative that people learn to defend themselves from sophisticated versions of these attacks, experts say.

One way to do this is to scrutinize carefully any Android apps being downloaded or used on devices, and to only acquire apps from trusted app stores, Soroko says.

FakeCall is especially dangerous to enterprises given that mobile these days is a primary tool for doing business. This makes compromise of that device potentially "catastrophic," notes Mika Aalto, co-founder and CEO at Hoxhunt, a human risk management platform.

To avoid this scenario, the most important thing that companies can do, Aalto says, is to "equip senior management and employees with the skills and tools to recognize and safely report a mobile phishing attack."

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Vishing, Mishing Go Next-Level With FakeCall Android Malware

Atlanta, Georgia, 30th October 2024, CyberNewsWire

**Atlanta, Georgia, October 30th, 2024, CyberNewsWire**

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts will discuss industry priorities for 2025 and beyond  

The American Transaction Processors Coalition (ATPC) Cyber Council will convene “The Tie that Binds: A 21st Century Cybersecurity Dialogue,” on October 31, 2024, at the Bank of America Financial Center Tower’s Convention Hall in Atlanta. This event will feature leading cyber experts from the financial services sector, Federal agencies, the White House, and Congress to focus on pressing cybersecurity issues and ways the financial services sector is addressing these issues. It will include discussions on evolving technologies that will influence the path forward, the role of AI, supply chain security needs, and more. 

> “Cybersecurity is the backbone of the payment processing industry,” said H. West Richards, ATPC executive director. “The work of the ATPC Cyber Council is a testament to our commitment to safeguarding our financial ecosystem and fostering a collaborative approach to tackling the cybersecurity challenges of tomorrow.” 

**Key Speakers and Highlights:** 

*   The Honorable Harry Coker, Jr., White House National Cyber Director, will deliver the luncheon keynote. 
*   The Honorable Rich McCormick (R-GA-06) will deliver a keynote address. 
*   Moira Bergin, Subcommittee on Cybersecurity Staff Director, House Committee on Homeland Security, will discuss legislative priorities and global cybersecurity risks. 
*   The Honorable Andre Dickens, Mayor of Atlanta, will provide a video address. 
*   Barry McCarthy, CEO of Deluxe and Chair of the ATPC Board of Directors, will also deliver a keynote. 
*   Bridgette Walsh, Executive Director of the Financial Services Sector Coordinating Council, and Josh Magri, Founder & CEO of Cyber Risk Institute, will participate in a fireside discussion on private sector best practices. 
*   A panel on AI in financial services will feature Clarissa Banks (Deluxe), David Excell (Featurespace), David King (Mastercard), and Donna Teevens (ACI Worldwide), moderated by Rick Van Luvender. 
*   A panel on cyber education will include Dr. Tony Coulson (CSUSB), Dr. Albena Asenova-Belal (Gwinnett Technical College), Dr. Humayun Zafar (Kennesaw State University), and Dr. Michael Nowatkowski (Augusta University). 
*   H. West Richards, ATPC Executive Director, will open the event with a welcome address. 
*   Rick Van Luvender, ATPC Cyber Council Chair & SVP, Head of Cybersecurity Client Trust & International Cybersecurity Service at Fiserv, will deliver the opening remarks. 
*   Norma Krayem, ATPC Cyber Council Director & Vice President, Chair of the Cybersecurity, Privacy & Digital Innovation Practice Group at Van Scoyoc Associates, will provide insights on future cybersecurity trends.

The forum will conclude with a fireside chat focused on “A Look to the Future: 2025: Top Cybersecurity and Critical Technology Priorities for the ATPC Cyber Council,” featuring Rick Van Luvender from Fiserv and Norma Krayem, the ATPC Cyber Council director, focusing on future cybersecurity and critical technology priorities. 

Conference details are available at https://atpcoalition.com/atpc-cyber-forum/.  

ATPC is a leading voice for America’s payments processors, consisting of the world’s largest, global payment processors, banks, credit card companies and financial services companies. ATPC member companies are uniquely positioned to ensure global payments move seamlessly across the world, while empowering broader and more diverse participation within the financial services system. In the race for a better tomorrow, technology solutions can advance faster than companies can keep up with cybersecurity risks. As a result, the ATPC is one of the few coalitions that created a standalone Cybersecurity Council to prioritize these key cybersecurity issues across its member companies. The ATPC Cyber Council is a unique group made up of only CISOs, CSOs, CIOs and CTOs who are on the front lines every day dealing with the operational impacts of cybersecurity. These U.S. based companies serve hundreds of millions of customer businesses across the globe daily and process hundreds of billions of transactions per year.  

**About the ATPC** 

The ATPC is a leading voice for America’s payments processors, driving awareness of the industry and its value to consumers, businesses, and the economy with legislators and regulators at federal, state, and international levels. The ATPC is rooted in Georgia’s Transaction Alley where electronic payments and the fintech industry began. Yet, our members enable payments in states across the nation and in every corner of the globe. The ATPC has a rich history of economic development, thought leadership, and engagement on legislative and regulatory topics like cybersecurity, privacy, financial inclusion, fraud, as well as emerging themes like open banking, AI, and stable coins. 

**About the ATPC Cyber Council** 

The American Transaction Processors Coalition (ATPC) established a dedicated Cyber Council to galvanize the efforts of the ATPC member companies in addressing cybersecurity risks. The Cyber Council’s mission is to identify best practices and areas of shared risk to help ATPC members address the evolving cyber threat across America’s payments processing system to strengthen industry’s ability to identify, protect, detect, respond to and recover from cyberattacks. 

**Contact**

**Alison Watson**  
**Golin**  
**\[email protected\]**

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations.
The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy,

Ransomware / Threat Intelligence

Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations.

The activity, observed between May and September 2024, has been attributed to a threat actor tracked as **Jumpy Pisces**, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy, Silent Chollima, and Stonefly.

"We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group," Palo Alto Networks Unit 42 said in a new report published today.

"This incident is significant because it marks the first recorded collaboration between the Jumpy Pisces North Korean state-sponsored group and an underground ransomware network."

Andariel, active since at least 2009, is affiliated with North Korea's Reconnaissance General Bureau (RGB). It has been previously observed deploying two other ransomware strains known as SHATTEREDGLASS and Maui.

Earlier this month, Symantec, part of Broadcom, noted that three different organizations in the U.S. were targeted by the state-sponsored hacking crew in August 2024 as part of a likely financially motivated attack, even though no ransomware was deployed on their networks.

Play, on the other hand, is a ransomware operation that's believed to have impacted approximately 300 organizations as of October 2023. It is also known as Balloonfly, Fiddling Scorpius, and PlayCrypt.

While cybersecurity firm Adlumin revealed late last year that the operation may have transitioned to a ransomware-as-a-service (RaaS) model, the threat actors behind Play have since announced on their dark web data leak site that it's not the case.

In the incident investigated by Unit 42, Andariel is believed to gained initial access via a compromised user account in May 2024, followed by undertaking lateral movement and persistence activities using the Sliver command-and-control (C2) framework and a bespoke backdoor called Dtrack (aka Valefor and Preft).

"These remote tools continued to communicate with their command-and-control (C2) server until early September," Unit 42 said. "This ultimately led to the deployment of Play ransomware."

The Play ransomware deployment was preceded by an unidentified threat actor infiltrating the network using the same compromised user account, after which they were observed carrying out credential harvesting, privilege escalation, and uninstallation of endpoint detection and response (EDR) sensors, all hallmarks of pre-ransomware activities.

Also utilized as part of the attack was a trojanized binary that's capable of harvesting web browser history, auto-fill information, and credit card details for Google Chrome, Microsoft Edge, and Brave.

The use of the compromised user account by both Andariel and Play Asia, the connection between the two intrusion sets stems from the fact that communication with the Sliver C2 server (172.96.137\[.\]224) remained ongoing until the day before ransomware deployment. The C2 IP address has been offline since the day the deployment took place.

"It remains unclear whether Jumpy Pisces has officially become an affiliate for Play ransomware or if they acted as an IAB \[initial access broker\] by selling network access to Play ransomware actors," Unit 42 concluded. "If Play ransomware does not provide a RaaS ecosystem as it claims, Jumpy Pisces might only have acted as an IAB."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5800-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 29, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2024-9632  
Debian Bug     : 1086244

Jan-Niklas Sohn discovered that a heap-based buffer overflow in the  
_XkbSetCompatMap function in the X Keyboard Extension of the X.org X  
server may result in privilege escalation if the X server is running  
privileged.

For the stable distribution (bookworm), this problem has been fixed in  
version 2:21.1.7-3+deb12u8.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmchKQNfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0S1og//Qc+fk1SZNKINd1d/ItoR5XQQGU4V92/kQKcfNu97F2DLcb1wUc+BZAaY  
yr1HS+ru3pY25XOKYLgR7Tx///BEXzYxKdNxLGVMXzJqU06oSYXAkUBERFW5aU0/  
ayaV+UtwaX7ADUwYpCeJbQJcudMw3YtPlkRpN1uCs/lHMHPcbsGpZt4VBpItksrs  
iRpqq40eQiPafzGBpzx40ejaJyn200s9hYNN6dieqNDQTW6MmGSI9OLfY5alze6M  
Iot3mopREg/iKJblNz7+T2mKng0TEPY2PgolcsmHjvHEKCrWmWcGKwWHKlbvfpJX  
s1522AAWS5aJeW8r6TeGbOa298caLsW4doQa/6EX4HeADQu7SjV9oXZwrUtGsCxn  
eb6oLUGhHs0FGmY/Hvfng/ouZwSj1wKWE45hMCJ1HRSlpbfCoJxQlFpNLWQziFaS  
TuzebmpPXfbrbcXb7tNgUPtLcayu09JwJWxZLYPYcFDXZe1wUz3ZQIWkKHizXkSI  
NZtQYdLMKqBp99XR65vkTORS7QWkpdaW6AY6JujoihKFzh+wRM7qKtgflHl6qTLd  
mPK8DU/qe5jCs5oqzLvQ7sZUb95JqhYaLf8ZWH6koTHLHqnMt9wOxqoEPoFfk4Lz  
TH0FizIOHO6imr6USG+ubOtlf/nd1py1achR9ihKtd+0GE0Hx8Q=  
=Y9nq  
-----END PGP SIGNATURE-----

Debian Security Advisory 5800-1

Ubuntu Security Notice 7085-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-7085-1  
October 30, 2024

xorg-server, xwayland vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

X.Org X Server could be made to crash or run programs if it received  
specially crafted data.

Software Description:  
- xorg-server: X.Org X11 server  
- xwayland: X server for running X clients under Wayland

Details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
certain memory operations in the X Keyboard Extension. An attacker could  
use this issue to cause the X Server to crash, leading to a denial of  
service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  xserver-xorg-core               2:21.1.13-2ubuntu1.1  
  xwayland                        2:24.1.2-1ubuntu0.1

Ubuntu 24.04 LTS  
  xserver-xorg-core               2:21.1.12-1ubuntu1.1  
  xwayland                        2:23.2.6-1ubuntu0.1

Ubuntu 22.04 LTS  
  xserver-xorg-core               2:21.1.4-2ubuntu1.7~22.04.12  
  xwayland                        2:22.1.1-1ubuntu0.14

Ubuntu 20.04 LTS  
  xserver-xorg-core               2:1.20.13-1ubuntu1~20.04.18  
  xwayland                        2:1.20.13-1ubuntu1~20.04.18

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7085-1  
  CVE-2024-9632

Package Information:  
  https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.13-2ubuntu1.1  
  https://launchpad.net/ubuntu/+source/xwayland/2:24.1.2-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.12-1ubuntu1.1  
  https://launchpad.net/ubuntu/+source/xwayland/2:23.2.6-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.12  
  https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.14  
  https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.18

Latest News