The ABB BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'file' HTTP POST parameter called by the databaseFileDelete.php script.

ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Remote Code Execution

Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems.
"This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems," French cybersecurity company Sekoia said in

Threat Intelligence / Phishing Attack

Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed **ClickFix** to deliver infostealers targeting Windows and macOS systems.

"This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems," French cybersecurity company Sekoia said in a report shared with The Hacker News.

Variations of the ClickFix (aka ClearFake and OneDrive Pastejacking) campaign have been reported widely in recent months, with threat actors employing different lures to redirect users to bogus pages that aim to deploy malware by urging site visitors to run an encoded PowerShell code to address a supposed issue with displaying content in the web browser.

These pages are known to masquerade as popular online services, including Facebook, Google Chrome, PDFSimpli, and reCAPTCHA, and now Google Meet as well as potentially Zoom -

*   meet.google.us-join\[.\]com
*   meet.googie.com-join\[.\]us
*   meet.google.com-join\[.\]us
*   meet.google.web-join\[.\]com
*   meet.google.webjoining\[.\]com
*   meet.google.cdm-join\[.\]us
*   meet.google.us07host\[.\]com
*   googiedrivers\[.\]com
*   us01web-zoom\[.\]us
*   us002webzoom\[.\]us
*   web05-zoom\[.\]us
*   webroom-zoom\[.\]us

On Windows, the attack chain culminates in the deployment of StealC and Rhadamanthys stealers, while Apple macOS users are served a booby-trapped disk image file ("Launcher\_v1.94.dmg") that drops another stealer known as Atomic.

This emerging social engineering tactic is notable for the fact that it cleverly evades detection by security tools, as it involves the users manually running the malicious PowerShell command directly on the terminal, as opposed to being automatically invoked by a payload downloaded and executed by them.

Sekoia has attributed the cluster impersonating Google Meet to two traffers groups, namely Slavic Nation Empire (aka Slavice Nation Land) and Scamquerteo, which are sub-teams within markopolo and CryptoLove, respectively.

"Both traffers teams \[...\] use the same ClickFix template that impersonates Google Meet," Sekoia said. "This discovery suggests that these teams share materials, also known as 'landing project,' as well as infrastructure."

This, in turn, has raised the possibility that both the threat groups are making use of the same, as-yet-unknown cybercrime service, with a third-party likely managing their infrastructure.

The development comes amid the emergence of malware campaigns distributing the open-source ThunderKitty stealer, which shares overlaps with Skuld and Kematian Stealer, as well as new stealer families named Divulge, DedSec (aka Doenerium), Duck, Vilsa, and Yunit.

"The rise of open-source infostealers represents a significant shift in the world of cyber threats," cybersecurity company Hudson Rock noted back in July 2024.

"By lowering the barrier of entry and fostering rapid innovation, these tools could fuel a new wave of computer infections, posing challenges for cybersecurity professionals and increasing the overall risk to businesses and individuals."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Sixty-five years ago, the Army's leaders unveiled its “ultimate weapon” for the age of atomic warfare. Here’s how the service’s vision stands up to today's reality.

Then there’s the matter of the Integrated Visual Augmentation System (IVAS), the Army’s futuristic “smart” goggles. Currently based on a ruggedized version of the Microsoft HoloLens 2 augmented reality headset, the IVAS is both night vision goggles and futuristic heads-up display, capable of feeding sensor inputs into a soldier’s line of sight. The Army has long experimented with helmet-mounted displays for decades as part of various “future warrior” programs, and the IVAS hasn’t been immune to the pitfalls of previous efforts—namely, complaints from soldiers about “mission-affecting physical impairments” like headache, nausea, and discomfort associated with prolonged use. And the future of the long-delayed headset now appears uncertain anyway: According to Breaking Defense, the service may end up going back to the drawing board with a new primary contractor for the sophisticated system as part of its IVAS Next initiative after auditing its existing night vision goggle capabilities. Still, between the ENVG-B and IVAS, helmet-mounted night vision devices have progressed far beyond anything Sawicki’s chain of command had previously imagined.

**Armor Up**

The bulletproof vest and camouflage suit combination that Sawicki donned for his AUSA debut, referred to in contemporaneous publications as “layered nylon armor” and “layered nylon vest,” is actually a bit closer to modern Army personal protective equipment than the flak jackets that were accompanying soldiers downrange during the Vietnam War. Currently under development, the Soldier Protection System (SPS) offers modern soldiers a “lightweight modular, scalable and tailorable suite of protective equipment,” according to the Army’s description. What this really means is that the protective ensemble comes in several different pieces that work together to maximize soldier survivability without impairing mobility; in terms of body armor, this refers primarily to the soft armor Torso and Extremity Protection subsystem and the hard armor Vital Torso Protection subsystem that, using reinforced ceramic plates, offer improved ballistic protection against small arms fire.

Protecting soldiers from bullets is one thing, but protecting them from the effects of nuclear explosions, as Army leaders told The New York Times Sawicki’s suit would, is another thing entirely—at least, in terms of equipment. While the well-worn Mission Oriented Protective Posture (MOPP) ensemble has been safeguarding Americans service members against chemical, biological, radiological, and nuclear threats for years, it’s an entirely separate system of personal protective gear rather than one integrated into the SPS or the standard-issue Army Combat Uniform. And while the 1959 design calls for specially designed “‘welded’ combat boots” and “molded plastic gloves” to help protect soldiers on an irradiated battlefield, modern troops must, unfortunately, go into battle with their Army Regulation 670-1-authorized boots and tactical gloves, apart from what’s in their MOPP kit. Then again, if the nukes do start flying, nobody will survive long enough for ground combat anyway.

**Bullet Time**

While the 1959 “soldier of tomorrow” appears armed with an M14, advances in firearms technology have long since left the beloved battle rifle in the dust. The Army began replacing the M14 with the lighter-weight 5.56-mm M16 assault rifle in the late 1960s, which was itself replaced by the shorter-barreled M4 carbine during the Global War on Terror in the 2000s. Replacing the M16 and M4 family of rifles has proven difficult in the past, but it’s safe to say that the promises from Army brass in 1959 of a lighter standard-issue rifle for soldiers have, for the most part, come true in the intervening decades—even if the new XM7 rifle, recently adopted under the service’s Next Generation Squad Weapon (NGSW) program, is actually noticeably heavier than the M4.

So, too, has the promise of “new high-velocity bullets.” While the Army in the early 2000s fielded the 5.56-mm M855A1 Enhanced Performance Round for improved performance over the standard M855 ammo previously adopted in the 1980s, the service undertook a major small arms study in 2017 to determine whether soldiers required a different caliber ammunition to deal with the sudden proliferation of body armor among adversaries. The study determined that the Army’s next rifle should come chambered in 6.8 mm, which would purportedly offer significantly improved performance at range compared to both 5.56-mm and 7.62-mm rounds. From there, the Army ended up selecting Sig Sauer to produce its two 6.8mm NGSW systems in 2022, weapons the service began officially fielding earlier this year. It may have taken several decades, but the Army’s new high-velocity round is finally here.

**Rocket Man**

While certain elements of Sawicki’s combat kit are clearly represented in recent military innovations, others simply never came to fruition. The automatic foxhole-digging charges, for example, never materialized as an effective replacement for the beloved handheld entrenching tool, despite their prevalence among military futurists at the time. But if there’s one vision that has persisted in military and defense circles, it’s that of jetpack-equipped troops.

The Defense Department has pursued the militarized jetpack for decades, starting with research and development in the 1950s and culminating in October 1961 with the successful demonstration of Bell Aerosystems’s Small Rocket Lift Device (or, colloquially, the “Bell Rocket Belt”) for President John F. Kennedy at Fort Bragg, North Carolina. The Army ended up abandoning development of the Rocket Belt over fuel constraints that limited its potential tactical applications, but US military planners would revisit the concept time and again in subsequent decades.

What the US Army’s 1959 ‘Soldier of Tomorrow’ Got Right About the Future of Warfare

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

Skip to content

**Navigation Menu**

*   *   GitHub Copilot
        
        Write better code with AI
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Actions
        
        Automate any workflow
        
    *   Codespaces
        
        Instant dev environments
        
    *   Issues
        
        Plan and track work
        
    *   Code Review
        
        Manage code changes
        
    *   Discussions
        
        Collaborate outside of code
        
    *   Code Search
        
        Find more, search less
        
    

*   Explore
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-38820

**Spring Framework DataBinder Case Sensitive Match Exception**

Low severity GitHub Reviewed Published Oct 18, 2024 to the GitHub Advisory Database • Updated Oct 18, 2024

**Package**

maven org.springframework:spring-context (Maven)

**Affected versions**

\>= 6.1.0, < 6.1.14

\>= 6.0.0, < 6.0.25

< 5.3.41

**Patched versions**

6.1.14

6.0.25

5.3.41

**Description**

Published to the GitHub Advisory Database

Oct 18, 2024

Last updated

Oct 18, 2024

GHSA-4gc7-5j7h-4qph: Spring Framework DataBinder Case Sensitive Match Exception

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack.  The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-q99m-qcv4-fpm7: Grafana Command Injection And Local File Inclusion Via Sql Expressions

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data.
The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133. It was addressed by Apple as part of macOS Sequoia 15 by removing the

Threat Intelligence / Browser Security

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data.

The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133. It was addressed by Apple as part of macOS Sequoia 15 by removing the vulnerable code.

HM Surf "involves removing the TCC protection for the Safari browser directory and modifying a configuration file in the said directory to gain access to the user's data, including browsed pages, the device's camera, microphone, and location, without the user's consent," Jonathan Bar Or of the Microsoft Threat Intelligence team said.

Microsoft said the new protections are limited to Apple's Safari browser, and that it's working with other major browser vendors to further explore the benefits of hardening local configuration files.

HM Surf follows Microsoft's discovery of Apple macOS flaws like Shrootless, powerdir, Achilles, and Migraine that could enable malicious actors to sidestep security enforcements.

While TCC is a security framework that prevents apps from accessing users' personal information without their consent, the newly discovered bug could enable attackers to bypass this requirement and gain access to location services, address book, camera, microphone, downloads directory, and others in an unauthorized manner.

The access is governed by a set of entitlements, with Apple's own apps like Safari having the ability to completely sidestep TCC using the "com.apple.private.tcc.allow" entitlement.

While this allows Safari to freely access sensitive permissions, it also incorporates a new security mechanism called Hardened Runtime that makes it harder to execute arbitrary code in the context of the web browser.

That said, when users visit a website that requests location or camera access for the first time, Safari prompts for access via a TCC-like popup. These entitlements are stored on a per-website basis within various files located in the "~/Library/Safari" directory.

The HM Surf exploit devised by Microsoft hinges on performing the following steps -

*   Changing the home directory of the current user with the dscl utility, a step that does not require TCC access in macOS Sonoma
*   Modifying the sensitive files (e.g., PerSitePreferences.db) within "~/Library/Safari" under the user's real home directory
*   Changing the home directory back to the original directory causes Safari to use the modified files
*   Launching Safari to open a web page that takes a snapshot via the device's camera and grab the location

The attack could be extended further to save an entire camera stream or stealthily capture audio through the Mac's microphone, Microsoft said. Third-party web browsers don't suffer from this problem as they do not have the same private entitlements as Apple applications.

Microsoft noted it observed suspicious activity associated with a known macOS adware threat named AdLoad likely exploiting the vulnerability, making it imperative that users take steps to apply the latest updates.

"Since we weren't able to observe the steps taken leading to the activity, we can't fully determine if the AdLoad campaign is exploiting the HM surf vulnerability itself," Bar Or said. "Attackers using a similar method to deploy a prevalent threat raises the importance of having protection against attacks using this technique."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

PRESS RELEASE

October 17, 2024: OpenAI is projected to generate over $10 billion in revenue next year, a clear sign that the adoption of generative AI is accelerating. Yet, most companies struggle to deploy large AI models in production. With the steep costs and complexities involved, nearly 90% of machine learning projects are estimated never to make it to production. Addressing this pressing issue, Simplismart is today announcing a $7m funding round for its infrastructure that enables organizations to deploy AI models seamlessly. Like the shift to cloud computing, which relied on tools like Terraform and mobile app development fueled by Android, Simplismart is positioning itself as the critical enabler for AI’s transition into mainstream enterprise operations.   
The series A funding round was led by Accel with participation from Shastra VC, Titan Capital, and high-profile angels, including Akshay Kothari, Co-Founder of Notion. This tranche, more than ten times the size of their previous round, will fuel R&D and growth for their enterprise-focused MLOps orchestration platform.  
The company was co-founded in 2022 by Amritanshu Jain, who tackled cloud infrastructure challenges at Oracle Cloud, and Devansh Ghatak, who honed his expertise on search algorithms at Google Search. In just two years, with under $1m in initial funding, Simplismart has outperformed public benchmarks by building the world’s fastest inference engine. This engine allows organizations to run machine learning models at lightning speed, significantly boosting performance while driving down costs.  
Simplismart’s fast inference engine allows users to leverage optimized performance for all their model deployments. For example, Its software-level optimization helps run Llama3.1 (8B) at an impressive throughput of >440 tokens per second. While most competitors focus on hardware optimisations or cloud computing, Simplismart has engineered this breakthrough in speed within a comprehensive MLOps platform tailored for on-prem enterprise deployments - agnostic towards choice of model and cloud platform.  
“Building generative AI applications is a core need for enterprises today. However, the adoption of generative AI is far behind the rate of new developments. It’s because enterprises struggle with four bottlenecks: lack of standardized workflows, high costs leading to poor ROI, data privacy, and the need to control and customise the system to avoid downtime and limits from other services,” said Amritanshu Jain, Co-Founder and CEO at Simplismart  
Simplismart’s platform offers organizations a declarative language (similar to Terraform) that simplifies fine-tuning, deploying, and monitoring genAI models at scale. Third-party APIs often bring concerns around data security, rate limits, and utter lack of flexibility, while deploying AI in-house comes with its own set of hurdles: access to computing power, model optimisation, scaling infrastructure, CI/CD pipelines, and cost efficiency, all requiring highly skilled machine learning engineers. Simplismart’s end-to-end MLOps platform standardizes these orchestration workflows, allowing the teams to focus on their core product needs rather than spending numerous manhours building this infrastructure.  
Amritanshu Jain added: “Until now, enterprises could leverage off-the-shelf capabilities to orchestrate their MLOps workloads since the quantum of workloads, be it the size of data, model or compute required, was small. As the models get larger and the workload increases, it will be imperative to have command over the orchestration workflows. Every new technology goes through the same cycle: exactly what Terraform did for cloud, android studio for mobile, and Databricks/Snowflake did for data.”  
“As GenAI undergoes its Cambrian explosion moment, developers are starting to realise that customizing & deploying open-source models on their infrastructure carries significant merit; it unlocks control over performance, costs, customizability over proprietary data, flexibility in the backend stack, and high levels of privacy/security”, said Anand Daniel, Partner at Accel. “We were happy to see that Simplismart’s team saw this opportunity quite early, but what blew us away was how their tiny team had already begun serving some of the fastest-growing GenAI companies in production. It furthered our belief that Simplismart has a shot at winning in the massive but fiercely competitive global AI infrastructure market.”  
Solving MLOps workflows will allow more enterprises to deploy genAI applications with more control. They want to manage the tradeoff between performance and cost to suit their needs. Simplismart believes that providing enterprises with granular Lego blocks to assemble their inference engine and deployment environments is key to driving adoption. 

You May Also Like

Ex-Oracle, Google Engineers Raise $7m From Accel for Public Launch of Simplismart to Empower AI Adoption

PRESS RELEASE

WASHINGTON, DC (October 15, 2024) – The Consortium for School Networking (CoSN) today announced that the Illinois Learning Technology Center (LTC), a program of the Illinois State Board of Education, has partnered with CoSN on a program to improve student data privacy practices in their school districts. By joining the CoSN Trusted Learning Environment (TLE) State Partnership Program, Illinois is helping to ensure that K-12 education institutions across the states are equipped with the necessary tools, training, and guidance to build and improve their school districts’ student data privacy programs.

LTC joins the North Carolina Department of Instruction and the South Carolina Department of Education in partnering with CoSN on this important work.

By subscribing to the TLE Partnership Program, LTC will be providing free TLE Seal applications to all districts in their state.  In addition, the TLE State Partnership Program makes available exclusive data privacy benchmarking reports that provide aggregate measures of the state’s district privacy programs compared with aggregate measures from TLE Seal recipients across 25 specific privacy practices, as well as CoSN’s student data privacy resources designed to support areas of growth for the districts in protecting the privacy of more than 1.85 million students. The CoSN TLE Seal is a national distinction awarded to school districts demonstrating a tangible commitment to protecting student data privacy through modern, rigorous policies and practices.

“Protecting student privacy is a top priority in Illinois. By joining CoSN’s Trusted Learning Environment State Partnership Program—a program backed by one of the leaders in the K-12 technology space—we can enhance our understanding of district privacy needs and offer stronger support," said Tim McIlvain, Executive Director of the Learning Technology Center. "We’re excited to provide 851 districts with access to CoSN’s expert guidance and resources, which will strengthen privacy protections for all Illinois students.”

CoSN’s TLE State Partnership Program provides state education agencies with: 

*   Exclusive state data privacy benchmarking reports that provide aggregated measures of district student data privacy practices as compared with those of current TLE Seal recipients.
    
*   Resources to support improvements across common areas of challenge for the states’ districts and updated benchmarking reports to measure improvements.
    
*   Unlimited free applications for the TLE Seal for districts in the state.
    

Additional supports can include student data privacy training and seats in CoSN’s Certified Education Technology Leader (CETL®) preparation and exam.

“With the increasing complexity of today’s technological environment, protecting student data privacy is imperative. We are delighted to welcome the Learning Technology Center of Illinois to the CoSN TLE State Partnership Program, and to providing Illinois districts with vital tools, training, and resources to help better protect their student information and foster a culture committed to enhancing privacy practices,” said Keith Krueger, CEO of the Consortium for School Networking.

As the only privacy framework designed specifically for K-12 school districts, earning the CoSN TLE Seal requires that districts have taken measurable steps to implement, maintain, and improve organization-wide student data privacy practices. All TLE Seal recipients are required to demonstrate that improvement through a reapplication process every two years.

About CoSN 

CoSN is the premier professional association designed to meet the needs of K-12 edtech leaders, their teams, and other district leaders. CoSN provides thought leadership resources, community, best practices, and advocacy tools to help edtech leaders succeed in the digital transformation. CoSN represents over 13 million students and continues to grow as a powerful and influential voice in K-12 education. For more information, visit CoSN.org.

About the CoSN Trusted Learning Environment State Partnership Program

The CoSN Trusted Learning Environment (TLE) State Partnership Program is designed to measure and improve district student data privacy practices across all districts in the state. Through survey-based benchmarking, CoSN is able to aggregate district privacy performance across the 25 requirements of the CoSN Trusted Learning Environment Seal Program. CoSN provides comparisons of these results to the aggregated results of TLE Seal recipients. CoSN then provides each  state with resources that are ready-made for its districts, providing guidance to improve the top three areas of weakness. The process is repeated on a cycle to continuously build up privacy practices across all districts. States are also provided with free TLE applications for all districts, providing the opportunity for districts to gain additional, customized feedback on their privacy programs and earn recognition for their efforts. For more information, visit CoSN.org/TLEpartner.

About the Learning Technology Center

The Learning Technology Center (LTC) is a state-wide organization dedicated to supporting schools and districts in Illinois with technology integration, professional development, and digital learning initiatives. Through innovative programs, expert guidance, and collaborative partnerships, the LTC empowers educators and administrators to leverage technology for improved teaching and learning outcomes. With a focus on areas such as artificial intelligence, digital citizenship, cybersecurity, and infrastructure, the LTC is committed to helping schools navigate the evolving landscape of educational technology. Learn more at ltcillinois.org.

Illinois Joins CoSN's Trusted Learning Environment (TLE) State Partnership Program for Student Data Privacy

PRESS RELEASE

Brussels, 16 October 2024 – Swift today announced that it is rolling out new AI-enhanced fraud detection to help the global payments industry step up its defence as bad actors grow increasingly sophisticated. Available from January 2025, the service is the result of extensive collaboration with banks from around the world and a successful pilot earlier this year.   

The new capability builds on Swift’s existing Payment Controls Service — used by many small and medium-sized financial institutions — by drawing on pseudonymised data from the billions of transactions that flow over the Swift network each year to identify and flag suspicious transactions so that action can be taken in real-time. 

The rollout is part of Swift’s broader collaboration with its global community of more than 11,500 banks and financial institutions to test how AI can solve cross-industry challenges. With global industry estimates putting the total cost of fraud in financial services at USD 485 billion in 2023 alone , Swift is focused on using AI to give financial institutions stronger and more accurate insights into instances of potentially fraudulent activity.

Jerome Piens, Chief Product Officer at Swift, said: “Bad actors are using increasingly sophisticated tactics to commit financial crime, and the global financial industry needs to raise its defences higher to ensure their customers can continue to transact globally with confidence. Swift has a long track record of supporting our community by staying one step ahead to maintain the security and resilience that our network is known for - and now we’re doing so again by harnessing the latest technology.”

Since February, Swift has been working with leading global financial institutions to explore how federated learning, combined with privacy-enhancing technologies, could enable market participants to share information without revealing their proprietary data. The group has so far developed a number of fraud detection use cases which are set to be tested in a sandbox environment. 

The rollout of this enhanced service is a key milestone in Swift’s strategic vision to make end to end international transactions instant and frictionless, while maintaining trust, security and compliance.

"Collaboration across the banking sector is crucial to enhancing fraud detection, and by sharing data and leveraging AI, we empower ourselves to stay ahead. At BNP Paribas, we are fully committed to supporting Swift’s innovative initiative in that regard, as it marks a key step forward in protecting the integrity of our financial ecosystem." 

Olivier Nautet, Head of Cybersecurity, BNP Paribas; Nicolas Trimbour, Head of Fraud Prevention, Cash Management, BNP Paribas, and Su Yang, Head of Artificial Intelligence, Transaction Banking, BNP Paribas

“Standard Bank Group, Africa’s biggest bank by assets, has participated in Swift’s initiative for AI fraud detection capability to enhance the security of its customers’ transactions. The technology will identify suspicious patterns in real-time, reducing fraud-risk and ensuring a safer banking experience for clients. By leveraging the power of AI, Standard Bank Group reaffirms its commitment to innovation and safeguarding the financial assets of its clients - who are our main asset.”  

John McHugh, Head Operations Control – CIB at Standard Bank

Swift to Launch AI-Powered Fraud Defence to Enhance Cross-Border Payments

The scammers used real-time deepfakes in online dating video calls to convince the victims of their legitimacy.

Source: Mike via Adobe Stock

Hong Kong police arrested 27 people Monday for their involvement in a deepfake scam operation, stealing $46 million from the scam's victims.

The scammers used AI face-swapping technology to create female personas for online dating, using tools to alter their appearance and voices. 

They then contacted their victims via social media platforms using these AI-generated photos of people with made-up personalities, occupations, and backgrounds.

However, the victims began requesting video calls to become more familiar with the person they were communicating with, prompting the scammers to turn to real-time deepfakes, which transformed the scammers into attractive women, adding legitimacy to the fraud and gaining the trust of those that were being duped.

"The syndicate presented fabricated profit transaction records to victims, claiming substantial returns on their investments," said Fang Chi-kin, head of the New Territories South regional crime unit.

The victims realized that they had been scammed after attempting to withdraw money from their accounts without success.

The police seized computers, phones, and just over $25,000 in funds and luxury watches from the crime ring's headquarters, a 4,000-square-foot building in Hong Kong.

They also arrested six individuals who were recruited to set up cryptocurrency trading platforms, five of whom were reportedly potentially associated with Sun Yee On, a crime gang that operates in Hong Kong and China.

These developments come in the wake of a recent United Nations Office on Drugs and Crime report warning of the technological advancements crime syndicates are making to carry out cyber fraud in Asia, such as the use of deepfake technology. Some 10 different deepfake software providers were identified, selling their services via Telegram to criminal groups in Southeast Asia.

Latest News