Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years.
The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch

Secure Coding / Mobile Security

Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years.

The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch more "scalable and cost-effective."

Eventually, this leads to a drop in memory safety vulnerabilities as new memory unsafe development slows down after a certain period of time, and new memory safe development takes over, Google's Jeff Vander Stoep and Alex Rebert said in a post shared with The Hacker News.

Perhaps even more interestingly, the number of memory safety vulnerabilities can also drop notwithstanding an increase in the quantity of new memory unsafe code.

The paradox is explained by the fact that vulnerabilities decay exponentially, with a study finding that a high number of vulnerabilities often reside in new or recently modified code.

"The problem is overwhelmingly with new code, necessitating a fundamental change in how we develop code," Vander Stoep and Rebert noted. "Code matures and gets safer with time, exponentially, making the returns on investments like rewrites diminish over time as code gets older."

Google, which formally announced its plans to support the Rust programming language in Android way back in April 2021, said it began prioritizing transitioning new development to memory-safe languages around 2019.

As a result, the number of memory safety vulnerabilities discovered in the operating system has declined from 223 in 2019 to less than 50 in 2024.

It also goes without saying that much of the decrease in such flaws is down to advancements in the ways devised to combat them, moving from reactive patching to proactive mitigating to proactive vulnerability discovery using tools like Clang sanitizers.

The tech giant further noted that memory safety strategies should evolve even more to prioritize "high-assurance prevention" by incorporating secure-by-design principles that enshrine security into the very foundations.

"Instead of focusing on the interventions applied (mitigations, fuzzing), or attempting to use past performance to predict future security, Safe Coding allows us to make strong assertions about the code's properties and what can or cannot happen based on those properties," Vander Stoep and Rebert said.

That's not all. Google said it is also focusing on offering interoperability between Rust, C++, and Kotlin, instead of code rewrites, as a "practical and incremental approach" to embracing memory-safe languages and ultimately eliminating entire vulnerability classes.

"Adopting Safe Coding in new code offers a paradigm shift, allowing us to leverage the inherent decay of vulnerabilities to our advantage, even in large existing systems," it said.

"The concept is simple: once we turn off the tap of new vulnerabilities, they decrease exponentially, making all of our code safer, increasing the effectiveness of security design, and alleviating the scalability challenges associated with existing memory safety strategies such that they can be applied more effectively in a targeted manner."

The development comes as Google touted increased collaboration with Arm's product security and graphics processing unit (GPU) engineering teams to flag multiple shortcomings and elevate the overall security of the GPU software/firmware stack across the Android ecosystem.

This includes the discovery of two memory issues in Pixel's customization of driver code (CVE-2023-48409 and CVE-2023-48421) and another in Arm Valhall GPU firmware and 5th Gen GPU architecture firmware (CVE-2024-0153).

"Proactive testing is good hygiene as it can lead to the detection and resolution of new vulnerabilities before they're exploited," Google and Arm said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%

The advanced Python-based PysSilon malware can steal data, record keystrokes, and execute remote commands. The attackers behind it are promising to leak details of deleted X posts related to accused rapper and music producer Sean Combs.

Source: Photo 12 via Alamy Stock Photo

Threat actors are using the public's interest in a current scandal surrounding celebrity rapper Sean "Diddy" Combs to spread spyware, via files promising to reveal details of deleted posts related to Combs from the X social media platform.

Researchers have uncovered a version of the open source PySilon RAT, a remote access Trojan called "PdiddySploit" hiding in files posted online and then submitted to VirusTotal, according to analysis from Veriti Research published Sept. 24.

PySilon RAT is an advanced Python-based malware that can steal sensitive information, record keystrokes, capture screen activity, and execute remote commands, posing "serious threats to personal and organizational security," according to the post by Veriti.

Combs (aka P. Diddy), a rapper, record producer, and entrepreneur who has been in the public eye since the 1990s, is facing multiple charges of sexual assault and misconduct in New York, which has thrust him into the recent media spotlight. One area of acute public interest are controversial posts related to Combs and alleged illicit activity on X by fellow celebrities and musicians, such as Usher and Pink, as well as Combs himself that have since been deleted, according to Veriti.

"One of the most concerning aspects of this trend is the use of files related to Combs' social media activity, particularly from X.com," according to the post.

Related:Security Concerns Plague Emerging Chip Architecture

Specifically, the researchers uncovered files containing posts and replies from Combs' now-deleted account on VirusTotal, where they were uploaded by a user named @lamps\_apple. "These files are part of an automated process of 'collecting posts and replies,' but they pose a high risk because they can be easily armed with malicious payloads," according to Veriti.

**Taking Advantage of Current Events**

The activity demonstrates how attackers are quick to take advantage of current events or media stories of interest to the public to spread malware by weaponizing content related to them. One clear example of this activity was during the COVID-19 pandemic, when multiple phishing and other malicious campaigns leveraged public interest in the virus and other health-related topics to spread malware.

"Given the intense media coverage surrounding P. Diddy and other public figures, attackers are using these files to lure curious users into downloading them, only to be infected with malware," according to Veriti. "The fact that P. Diddy and others have deleted their social media content adds an additional layer of intrigue, tempting users to open these files to see what was deleted."

Related:How to Establish & Enhance Endpoint Security

PsySilon RAT — discovered in 2022 — also has seen a surge in recent use by multiple threat actors, with more than 300 samples reported on VirusTotal since June 2023, according to Cyble Research and Intelligence Labs (CRIL). Attackers use the malware to infiltrate systems, steal information, and even control devices remotely, according to Veriti.

PsySilon RAT is currently in version 3.6 and has been detected in numerous samples that imitate software, tools, and cracks, which likely originate from phishing websites, free software-downloading websites, and the like, according to Cyble.

Given the discovery of the RAT lurking behind the cover of PdiddySploit, it's likely that as the related scandal continues to attract attention, even more attackers will "leverage this malware to exploit public interest," according to Veriti.

**Don't Let Curiosity Cloud Safe Judgment**

It's perfectly natural for people to take an interest in trending topics and celebrity scandals, the researchers noted. However, that doesn't mean people should throw caution to the wind when interacting with any related files or content online.

"Curiosity can be dangerous," Veriti researchers warned, especially as attackers are well-versed in social engineering and "are always looking for ways to exploit human nature."

Related:RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary

To avoid falling prey to attackers aiming to capitalize on this and other news of public interest, Veriti advised that people avoid downloading suspicious files, especially if they encounter files claiming to contain deleted posts or exclusive content related to a celebrity scandal. They should always verify the source of these or any files before downloading something from the Internet, the researchers noted.

People also should be wary of email attachments because phishing emails remain a primary way that attackers spread malware. "If you receive an email with attachments related to the P. Diddy scandal, think twice before opening it," according to Veriti. Using up-to-date antivirus software and other protections to secure email accounts also effectively can delete malware or malicious files before they even reach someone's inbox.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Sophisticated RAT Hides Behind P. Diddy Scandal Lures

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick elderly people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

One of the phony real estate companies trying to scam people out of money over fake offers to buy their timeshares.

One evening in late 2022, someone phoned **Mr. & Mrs. Dimitruk**, a retired couple from Ontario, Canada and asked whether they’d ever considered selling their timeshare in Florida. The person on the phone referenced their timeshare address and said they had an interested buyer in Mexico. Would they possibly be interested in selling it?

The Dimitruks had purchased the timeshare years ago, but it wasn’t fully paid off — they still owed roughly $5,000 before they could legally sell it. That wouldn’t be an issue for this buyer, the man on the phone assured them.

With a few days, their contact at an escrow company in New York called **ecurrencyescrow\[.\]llc** faxed them forms to fill out and send back to start the process of selling their timeshare to the potential buyer, who had offered an amount that was above what the property was likely worth.

After certain forms were signed and faxed, the Dimitruks were asked to send a small wire transfer of more than $3,000 to handle “administrative” and “processing” fees, supposedly so that the sale would not be held up by any bureaucratic red tape down in Mexico.

These document exchanges went on for almost a year, during which time the real estate brokers made additional financial demands, such as tax payments on the sale, and various administrative fees. Mrs. Dimitruk even sent them a $5,000 wire to pay off her remaining balance on the timeshare they thought they were selling.

In a phone interview with KrebsOnSecurity, Mr. Dimitruk said they lost over $50,000.

“They kept calling me after that saying, ‘Hey your money is waiting for you here’,” said **William Dimitruk**, a 73-year-old retired long-haul truck driver. “They said ‘We’re going to get in trouble if the money isn’t returned to you,’ and gave me a toll-free number to call them at.”

In the last call he had with the scammers, the man on the other end of the line confessed that some bad people had worked for them previously, but that those employees had been fired.

“Near the end of the call he said, ‘You’ve been dealing with some bad people and we fired all those bad guys,'” Dimitruk recalled. “So they were like, yeah it’s all good. You can go ahead and pay us more and we’ll send you your money.”

According to the FBI, there are indeed some very bad people behind these scams. The FBI warns the timeshare fraud schemes have been linked to the **Jalisco New Generation drug cartel** in Mexico.

In July 2024, the FBI and the Treasury Department’s **Financial Crimes Enforcement Network** (FinCEN) warned the Jalisco cartel is running boiler room-like call centers that target people who own timeshares:

> “Mexico-based \[transnational criminal organizations\] such as the Jalisco New Generation Cartel are increasingly targeting U.S. owners of timeshares in Mexico through complex and often yearslong telemarketing, impersonation, and advance fee schemes. They use the illicit proceeds to diversify their revenue streams and finance other criminal activities, including the manufacturing and trafficking of illicit fentanyl and other synthetic drugs into the United States.”

A July 2024 CBS News story about these scams notes that U.S. and Mexican officials last year confirmed that as many as eight young workers were confirmed dead after they apparently tried to quit jobs at a call center operated by the Jalisco cartel.

Source: US Department of the Treasury’s Office of Foreign Assets Control.

The phony escrow company the Dimitruks dealt with — **ecurrencyescrow\[.\]llc** — is no longer online. But the documents sent by their contact there referenced a few other still-active domains, including **realestateassetsllc\[.\]com**

The original registration records of both of these domains reference another domain — **datasur\[.\]host** — that is associated with dozens of other real estate and escrow-themed domains going back at least four years. Some of these domains are no longer active, while others have been previously suspended at different hosting providers.

061nyr\[.\]net  
061-newyorkrealty\[.\]net  
1nydevelopersgroupllc\[.\]com  
1oceanrealtyllc\[.\]com  
advancedclosingservicesllc\[.\]com  
americancorporatetitle\[.\]com  
asesorialegalsiglo\[.\]com  
atencion-tributaria.\[\]com  
carolinasctinc\[.\]net  
closingandsettlementservices\[.\]com  
closingandsettlementsllc\[.\]com  
closingsettlementllc\[.\]com  
crefaescrowslimited\[.\]net  
ecurrencyescrow\[.\]llc  
empirerllc\[.\]com  
fiduciarocitibanamex\[.\]com  
fondosmx\[.\]org  
freightescrowcollc\[.\]com  
goldmansachs-investment\[.\]com  
hgvccorp\[.\]com  
infodivisionfinanciera\[.\]com  
internationaladvisorllc\[.\]com  
jadehillrealtyllc\[.\]com  
lewisandassociaterealty\[.\]com  
nyreputable\[.\]org  
privateinvestment.com\[.\]co  
realestateassetsllc\[.\]com  
realestateisinc\[.\]com  
settlementandmanagement\[.\]com  
stllcservices\[.\]com  
stllcservices\[.\]net  
thebluehorizonrealtyinc\[.\]com  
walshrealtyny\[.\]net  
windsorre\[.\]com

By loading ecurrencyescrowllc\[.\]com into the Wayback Machine at archive.org, we can see text at the top of the page that reads, “Visit our resource library for videos and tools designed to make managing your escrow disbursements a breeze.”

Searching on that bit of text at publicwww.com shows the same text appears on the website of an escrow company called **Escshieldsecurity Network** (escshieldsecurity\[.\]com). This entity claims to have been around since 2009, but the domain itself is less than two years old, and there is no contact information associated with the site. The Pennsylvania Secretary of State also has no record of a business by this name at its stated address.

Incredibly, Escshieldsecurity pitches itself as a solution to timeshare closing scams.

“By 2015, cyber thieves had realized the amount of funds involved and had targeted the real estate, title and settlement industry,” the company’s website states. “As funding became more complex and risky, agents and underwriters had little time or resources to keep up. The industry needed a simple solution that allowed it to keep pace with new funding security needs.”

The domains associated with this scam will often reference legitimate companies and licensed professionals in the real estate and closing businesses, but those real professionals often have no idea they’re being impersonated until someone starts asking around. The truth is, the original reader tip that caused KrebsOnSecurity to investigate this scheme came from one such professional whose name and reputation was being used to scam others.

It is unclear whether the Dimitruks were robbed by people working for the Jalisco cartel, but it is clear that whoever is responsible for managing many of the above-mentioned domains — including the DNS provider datasur\[.\]host — recently compromised their computer with information-stealing malware.

That’s according to data collected by the breach tracking service Constella Intelligence \[Constella is currently an advertiser on KrebsOnSecurity\]. Constella found that someone using the email address exposed in the DNS records for datasur\[.\]host — jyanes1920@gmail.com — also was relieved of credentials for managing most of the domains referenced above at a Mexican hosting provider.

It’s not unusual for victims of such scams to keep mum about their misfortune. Sometimes, it’s shame and embarrassment that prevents victims from filing a report with the local authorities. But in this case, victims who learn they’ve been robbed by a violent drug cartel have even more reason to remain silent.

William Dimitruk said he and his wife haven’t yet filed a police report. But after acknowledging it could help prevent harm to other would-be victims, Mr. Dimitruk said he would consider it.

There is another reason victims of scams like this should notify authorities: Occasionally, the feds will bust up one of these scam operations and seize funds that were stolen from victims. But those investigations can take years, and it can be even more years before the government starts trying to figure out who got scammed and how to remunerate victims. All too often, the real impediment to returning some of those losses is that the feds have no idea who the victims are.

If you are the victim of a timeshare scam like this, please consider filing a report with the FBI’s Internet Crime Complaint Center (IC3), at ic3.gov. Other places where victims may wish to file a complaint:

**Federal Trade Commission –** https://www.ftccomplaintassistant.gov  
**International Consumer Protection and Enforcement Network –** https://www.econsumer.gov/en  
**Profeco – Mexican Attorney General** – https://consulmex.sre.gob.mx/montreal/index.php/en/foreigners/services-foreigners/318-consumer-protection

Timeshare Owner? The Mexican Drug Cartels Want You

Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller.

Wednesday, September 25, 2024 12:00

Cisco Talos’ Vulnerability Research team recently disclosed two vulnerabilities in Microsoft products that have been patched by the company over the past two Patch Tuesdays. 

One is a vulnerability in the High-Definition Audio Bus Driver in Windows systems that could lead to a denial of service, while the other is a memory corruption issue that exists in a multicasting protocol in Windows 10. 

Additionally, Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller.  

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website. 

**Microsoft High-Definition Audio Bus Driver denial-of-service vulnerability **

_Discovered by Marcin “Icewall” Noga._ 

TALOS-2024-2008 (CVE-2024-45383) is a vulnerability in the Microsoft HD Audio Bus Driver that could allow an attacker to cause a denial of service. 

The driver allows the Windows operating system to communicate with external audio devices that play sound, including those that are integrated into machines’ motherboards or connected via HD audio interfaces.  

A mishandling of IRP requests in the driver’s interface could allow an attacker to send multiple IRP Complete requests to the driver, causing the DoS and forcing the operating system into the “Blue Screen of Death.” 

**Stale memory dereference in Microsoft Pragmatic General Multicast Server **

_Discovered by a Cisco Talos researcher._ 

A memory corruption vulnerability exists in the Pragmatic General Multicast server in the Microsoft Windows 10 Kernel.  

The Pragmatic General Multicast protocol is an IP-based multicasting protocol that is implemented by Microsoft as part of the Message Queueing service available in different versions of Windows. 

A specially crafted network packet can lead to the access of stale memory structure, resulting in memory corruption. An attacker can send a sequence of malicious packets to trigger TALOS-2024-2062 (CVE-2024-38140). 

Talos independently discovered this issue and reported it to Microsoft prior to their patch release earlier this year. However, Microsoft informed us that an internal researcher had already discovered this issue. 

**Three vulnerabilities in OpenPLC **

_Discovered by Jared Rittle_.

Talos recently discovered three vulnerabilities in OpenPLC, an open-source programmable logic controller designed to provide a low-cost option for automation in many manufacturing and logistics settings. 

Two of the issues — TALOS-2024-2004 (CVE-2024-36980, CVE-2024-36981) and TALOS-2024-2016 (CVE-2024-39589, CVE-2024-39590) — can lead to a denial-of-service on the targeted device. An adversary could exploit these vulnerabilities by sending a series of specially crafted Ethernet/IP requests. 

Another stack-based buffer overflow vulnerability, TALOS-2024-2005 (CVE-2024-34026), can also be exploited in this way. However, in this case, it could lead to remote code execution.

Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC

DragonForce ransomware is expanding its RaaS operation and becoming a global cybersecurity threat against businesses. Companies must implement…

DragonForce ransomware is expanding its RaaS operation and becoming a global cybersecurity threat against businesses. Companies must implement strong cybersecurity strategies to defend against this growing ransomware attack and avoid becoming victims.

**Ransomware attacks** are growing, leaving organizations vulnerable to new and more sophisticated threats. According to Group-IB’s Hi-Tech Crime Trends 2023/2024 report, ransomware incidents could cause even greater damage in 2024.

One of the most significant emerging threats is the DragonForce ransomware group, which leverages a Ransomware-as-a-Service (**RaaS**) affiliate program, employing variants of well-known ransomware families to wreak havoc on targeted industries.

****DragonForce: A Dual-Ransomware Threat****

The DragonForce ransomware group emerged in August 2023, deploying a variant based on **LockBit 3.0**, a notorious ransomware strain. However, by July 2024, the group introduced a second variant, initially claimed to be their original creation but later found to be a fork of **ContiV3 ransomware**. These dual ransomware versions are used to exploit vulnerabilities in companies, particularly in sectors like manufacturing, real estate, and transportation.

Screenshot of the LockBit version of the DragonForce ransomware

DragonForce’s attack strategy revolves around double extortion—encrypting data and threatening to leak it unless a ransom is paid. This adds immense pressure on victims to comply, fearing not only operational disruption but also the reputational damage that could arise from exposed sensitive information.

****Advanced Tactics for Maximum Damage****

According to Group-IB’s research shared with Hackread.com ahead of publication on Wednesday, the DragonForce ransomware gang’s operations are highly customizable, allowing affiliates to configure attacks based on the type of victim.

With its RaaS affiliate program, launched on June 26, 2024, DragonForce ransomware offers attackers the ability to personalize ransomware payloads. Affiliates can disable security features, set encryption parameters, and even customize ransom notes. In return, affiliates receive 80% of any ransom collected.

DragonForce employs a variety of advanced techniques for evasion and persistence. One of their key tactics is “Bring Your Own Vulnerable Driver” (**BYOVD**), where affiliates use vulnerable drivers to disable security processes and evade detection. Additionally, they clear Windows Event Logs after encryption to hinder forensic investigations.

For lateral movement, the group uses tools like **Cobalt Strike** and **SystemBC**, both of which allow them to harvest credentials and persist in networks. They also use network scanning tools like SoftPerfect Network Scanner to map out networks, helping spread the ransomware to as many devices as possible.

****Targeted Attacks and Global Reach****

Between August 2023 and August 2024, DragonForce listed 82 victims on its **dark web** leak site. Most attacks were concentrated in the U.S. (52.4%), followed by the U.K. and Australia. The manufacturing sector suffered the highest number of attacks, with real estate and transportation industries close behind.

In addition to their use of ContiV3 and LockBit variants, DragonForce’s ability to adapt to new affiliate demands makes them a rapidly growing threat. By targeting high-revenue companies and critical sectors, they continue to increase their foothold in the cybercrime infrastructure.

****What Can Businesses Do?****

To combat these sophisticated attacks, businesses need to adopt more proactive and layered security measures. Here are some critical steps:

*   **Multi-Factor Authentication (MFA):** Adding additional authentication layers makes it harder for attackers to compromise credentials.
*   **Early Detection:** Use behavioural detection tools such as Endpoint Detection and Response (EDR) to identify suspicious activity early.
*   **Backup Strategy:** Regular backups reduce the impact of ransomware by ensuring data can be recovered without paying ransom.
*   **Patch Vulnerabilities:** Regularly patching known vulnerabilities prevents ransomware from exploiting outdated systems.
*   **Employee Training:** Training employees to recognize phishing and other malicious tactics can prevent initial infiltration.
*   **Avoid Paying the Ransom:** Paying ransom often leads to more attacks, as it signals vulnerability to other cybercriminals.

While DragonForce ransomware expands its RaaS operation, businesses must remain alert and implement proper cybersecurity strategies to avoid becoming victims of this and other dangerous threats.

1.  New Kransom Ransomware Disguised as Game
2.  $75 Million Ransom Paid to Dark Angels Ransomware Group
3.  Play Ransomware Variant Targeting Linux ESXi Environments
4.  PythonAnywhere Cloud Platform Abused for Hosting Ransomware
5.  Qilin Ransomware Upgrades – Now Steals Google Chrome Credentials

DragonForce Ransomware Expands RaaS, Targets Firms Worldwide

Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users' consent.
"Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said

Data Protection / Online Tracking

Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users' consent.

"Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said. "In essence, the browser is now controlling the tracking, rather than individual websites."

Noyb also called out Mozilla for allegedly taking a leaf out of Google's playbook by "secretly" enabling the feature by default without informing users.

PPA, which is currently enabled in Firefox version 128 as an experimental feature, has its parallels in Google's Privacy Sandbox project in Chrome.

The initiative, now abandoned by Google, sought to replace third-party tracking cookies with a set of APIs baked into the web browser that advertisers can talk to in order to determine users' interests and serve targeted ads.

Put differently, the web browser acts as a middleman that stores information about the different categories that users can be slotted into based on their internet browsing patterns.

PPA, per Mozilla, is a way for sites to "understand how their ads perform without collecting data about individual people," describing it as a "non-invasive alternative to cross-site tracking."

It's also similar to Apple's Privacy Preserving Ad Click Attribution, which allows advertisers to measure the effectiveness of their ad campaigns on the web without compromising on user privacy.

The way PPA works is as follows: Websites that serve ads can ask Firefox to remember the ads in the form of an impression that includes details about the ads themselves, such as the destination website.

If a Firefox user ends up visiting the destination website and performs an action that's deemed valuable by the business – e.g., making an online purchase by clicking on the ad, also called "conversion" – that website can prompt the browser to generate a report.

The generated report is encrypted and submitted anonymously using the Distributed Aggregation Protocol (DAP) to an "aggregation service," after which the results are combined with other similar reports to create a summary such that it makes it impossible to learn too much about any individual.

This, in turn, is made possible by a mathematical framework called differential privacy that enables the sharing of aggregate information about users in a privacy-preserving manner by adding random noise to the results to prevent re-identification attacks.

"PPA is enabled in Firefox starting in version 128," Mozilla notes in a support document. "A small number of sites are going to test this and provide feedback to inform our standardization plans, and help us understand if this is likely to gain traction."

"PPA does not involve sending information about your browsing activities to anyone. Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising."

It's this aspect that noyb has found fault with, as it's in violation of the European Union's (E.U.) stringent data protection regulations by enabling PPA by default without seeking users' permissions.

"While this may be less invasive than unlimited tracking, which is still the norm in the US, it still interferes with user rights under the E.U.'s GDPR," the advocacy group said. "In reality, this tracking option doesn't replace cookies either, but is simply an alternative - additional - way for websites to target advertising."

It further noted that a Mozilla developer justified the move by claiming that user's cannot make an informed decision and that "explaining a system like PPA would be a difficult task."

"It's a shame that an organization like Mozilla believes that users are too dumb to say yes or no," Felix Mikolasch, data protection lawyer at noyb, said. "Users should be able to make a choice and the feature should have been turned off by default."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

To maintain AI leadership, Congress and regulatory agencies must recognize that our foreign competitors are working to surpass us.

Haiman Wong, Fellow, Cybersecurity & Emerging Threats, R Street Institute

September 25, 2024

3 Min Read

Source: NicoElNino via Alamy Stock Photo

COMMENTARY

As a global leader in artificial intelligence (AI) innovation, the United States currently enjoys a significant competitive advantage economically, militarily, and technologically. To maintain this leadership, Congress and federal regulatory agencies must avoid complacency and recognize that our foreign competitors are diligently working to surpass us.

According to a recent report by the United Nations World Intellectual Property Organization, China filed more than 38,000 generative AI patents between 2014 and 2023, demonstrating its aggressive push to dominate AI advancement. This surge in patent activity underscores the critical need for the United States to accelerate its ongoing research and development efforts to maintain our global AI leadership.

To meet the demands of this moment, the US federal government must focus on three strategic AI research and development priorities that enhance our cyber resilience and national defense:

**1\. Clarifying the Definitions of Key AI-Related Terms**

Ambiguity and inconsistency in AI terminology continue to pose significant risks and challenges. Without precise and consistent definitions for key AI-related terms like "open source AI," "AI security," and "trustworthy AI," our country faces challenges in ensuring the responsible use of AI. Focused research and development efforts toward closing this gap can help create a more comprehensive and nuanced taxonomy, mapping out potential varying definitions and detailing parameters. For example, standardizing the term "AI security" could not only help promote secure development practices but also address emerging challenges like prompt injections and ensuring visibility into AI usage across organizations to prevent data leaks.

By systematically analyzing and standardizing terminology through collaborative efforts across academia, industry, and government stakeholders, the United States can lay a foundation for developing robust strategies that protect our national security and promote cyber resilience.

**2\. Developing a Scientific Understanding of AI**

A comprehensive scientific understanding of AI's limitations and capabilities is vital for assessing its impact and countering adversarial threats. The recent Private and Civil Liberties Oversight Board (PCLOB) AI Forum emphasized the importance of continuous research to measure AI's safety and reliability throughout its life cycle. To address this need, focused and strategically aligned research and development efforts are essential.

By developing ways to measure, test, audit, and evaluate AI capabilities, we can establish reliable methods to quantify AI's performance. These methods are critical for conducting accurate risk assessments and for our ability to continually improve AI systems and uses. Building a scientific understanding of AI, led by agencies like the National Institute of Standards and Technology (NIST) in collaboration with industry, academia, and other federal partners, will bolster our national and cybersecurity defenses by ensuring that AI systems are safe, reliable, and effective under various conditions and adversarial scenarios.

**3\. Developing AI Standards Adhering to US Mission and Values**

Establishing AI standards that reflect our mission and values, such as transparency and accountability, is crucial for maintaining national security. The PCLOB AI Forum also highlighted the importance of developing clear standards that guide acceptable and non-acceptable uses of AI, particularly in the intelligence community.

Research and development can support this effort by identifying best practices and creating robust frameworks that ensure AI technologies are deployed ethically and securely. By focusing on these priorities, we can ensure that AI advancements align with American values and strengthen our national security and cybersecurity. This makes the development of AI standards an urgent and essential aspect of AI research and development.

Recognizing AI's pivotal role in national security, policymakers have already made significant investments in its advancement. To ensure these efforts remain focused and strategically aligned, Congress must consider targeted legislative measures while empowering federal agencies to facilitate coordination, promote public-private partnerships, and set actionable research and development priorities that encourage innovation within these established guidelines.

By prioritizing the clarification of key AI-related terms, building a scientific understanding of AI, and establishing AI standards that adhere to our mission and values, the United States can maintain the momentum of our advancements in AI and meet our cyber resilience and national defense imperatives.

**About the Author**

Fellow, Cybersecurity & Emerging Threats, R Street Institute

Haiman Wong is a fellow for the R Street Institute’s Cybersecurity and Emerging Threats team. Outside of R Street, she serves as a co-chair in the AI Safety, Cybersecurity, and Inclusion Through Advanced Text Analytics minitrack at the Hawaii International Conference on System Sciences (HICSS). 

Before joining R Street, Haiman was a cyber threat intelligence associate and data scientist at Northern Trust, where she used NLP techniques to analyze more than a million cybersecurity logs. She also advised executive leadership on emerging cyber threat activities to shape the firm’s global cyber defense strategy. 

Haiman is a doctoral candidate at Purdue University, exploring the intersection of technology leadership in innovation and the influence of emerging technologies on the democratic exchange of digital information. She holds a master’s degree in data science with a cybersecurity concentration, and a bachelor’s degree in interdisciplinary studies (communications, legal institutions, economics, and government) from American University.

US May Be Losing the Race for Global AI Leadership

LMS training is vital for modern education and corporate learning, enabling efficient course delivery and progress tracking. To…

LMS training is vital for modern education and corporate learning, enabling efficient course delivery and progress tracking. To succeed, focus on creating engaging content, clear learning objectives, personalized paths, and social learning elements. Ensure prompt feedback, easy accessibility, and data analysis for continuous improvement.

Modern education and corporate learning now heavily rely on LMS (Learning Management System) training as a component of their program’s success trajectory. It offers a way for organizations to distribute courses efficiently, handle content management seamlessly, monitor progress effectively, and evaluate performance accurately. However, attaining outcomes from LMS training necessitates a strategic mindset. In this article, we will delve into strategies that can guarantee fruitful LMS training sessions and elevate the overall quality of the learning journey.

****Craft Compelling Content****

For desired LMS training outcomes, it’s important to create interesting content that grabs the learners’ attention. Captivating content should be showcased in a visually attractive way with easy-to-follow directions and user-friendly interfaces. Incorporating multimedia components such as videos, interactive quizzes, and simulations can also boost engagement levels and improve retention of knowledge. 

****Provide Clear Learning Objectives****

One crucial element of LMS training involves ensuring that learners are presented with well-defined learning goals from the beginning of the course to help them understand what the course aims to accomplish and how it relates to their personal or professional aspirations. This aids them in maintaining their motivation and concentration during the training process. 

****Explore Customized Learning Journeys****

Each learner begins their journey with starting points and preferences for learning styles that differ from one another. To meet these requirements effectively, it is important to incorporate personalized learning tracks into your LMS training curriculum. This can be achieved by offering choices tailored to skill levels and enabling learners to set their tempo for acquiring knowledge.

When students work together and interact with each other in their learning process, it can significantly enhance their learning experience. The inclusion of social learning components in your Learning Management System (LMS) can facilitate communication among students via platforms such as discussion boards, live chats, or virtual classrooms, allowing them to share thoughts and provide mutual assistance. 

****Ensure Feedback and Evaluations are Given Promptly** **

Constructive feedback is essential for enhancing development in LMS training programs. It enables learners to track their advancement and pinpoint areas for enhancement promptly by integrating frequent assessments into the course content to strengthen educational objectives effectively. 

****Guarantee Everyone Can Access and Use It Effectively****

It’s crucial to guarantee that your LMS platform is accessible and user-friendly to meet the needs of various learners. Ensure the content works well on devices and screen sizes to support learners accessing the platform from different gadgets. Moreover, it incorporates navigation routes and user-friendly interfaces for a smooth user experience. 

****Provide Assistance and Guidance****

Support services are essential for keeping learners engaged during training sessions. They include features like forums and chat support to respond quickly to learners’ questions and provide access to experts for guidance and assistance. 

****Analyze Learner Data****

Learner analytics can offer insights into how effective your LMS training program is by examining learner performance data and engagement levels to pinpoint areas for enhancement and adjust your training materials accordingly. 

****Encourage Educational Opportunities****

Continuous learning is essential for growth and development within an LMS training program, as it offers opportunities for learners to expand their knowledge and skills continuously. To further enrich their learning experience, motivate learners to explore courses or modules aligned with their personal interests or professional goals. Offering a variety of resources, like e-books, webinars, and industry-focused articles, can also contribute significantly to enhancing their expertise and capabilities. 

****Ways to Make Learning Fun and Engaging****

Using gamification in LMS training can boost learner motivation and engagement by adding game features, like badges and points, to make the learning experience more fun and foster friendly competition among learners. This approach encourages participation and helps learners retain knowledge better. 

****Conclusion****

By following these strategies for LMS training enhancement, you can significantly improve the effectiveness of your educational programs and achieve better results for learners. Crafting materials, setting clear goals, tailoring learning paths to individuals, integrating social learning elements, giving prompt feedback ensuring ease of access and use, providing continuous support services, and effectively analyzing learner data are all crucial steps organizations can take to deliver meaningful LMS training experiences for their staff or students.

1.  Maximizing Roi With The Best LMS For Elearning
2.  Efficient Document Merging Strategies for Professionals
3.  Technology and Software Redefine Business Operations
4.  Optimizing LMS Integration: 7 Strategies for Enhanced Learning
5.  Essential Features of Cybersecurity Management Software for MSPs

Top LMS Training Tips for Effective Learning

Instagram users are sharing a hoax in enormous numbers in an attempt at preventing Meta from harvesting their posts and photos to train its AI.

A new variation of a hoax that has been doing the rounds on Facebook for years has crossed over to Instagram.

We’re seeing this post on Instagram Stories a lot suddenly over the last few days. The post is usually posted as a shareable screenshot on Instagram Stories, but it’s also been spotted on Facebook and Threads as a copy-and-paste text.

> “Repub
> 
> Goodbye Meta AI. Please note an attorney has advised us to put this on, failure to do so may result in legal consequences. As Meta is now a public entity all members must post a similar statement. If you do not post at least once it will be assumed you are okay with them using your information and photos. I do not give Met or anyone else permission to use any of my personal data, profile information or photos.”

The fact that this post has been shared by some celebrities is a possible explanation for the sudden popularity. And, as is often the case, true stories about Facebook scraping photos to train its Artificial Intelligence (AI) can rekindle the popularity and urgency to post this type of useless notifications.

Instagram has started to flag versions of the post as false information which means people need to click ‘see post’ to view it. But what happens often is that somebody will start fresh with a slightly revamped version that will not be flagged.

While some may think it doesn’t hurt to share these posts just to be sure, it really isn’t a good idea. It spreads the false posts further, and people may feel they have opted out of their images being used after posting this, when in reality they haven’t. In many cases it would even be contradictory to the terms and conditions they agreed on.

Meta, the company that owns Facebook and Instagram published new terms and conditions, effective on June 26, 2024, which specifically allow it to use posts, images and online tracking data to train its AI large language model called LLaMa 3.

On inspection of the links in the notification, it became clear that the company will use years of personal posts, private images or online tracking data for a “AI technology” that can ingest personal data from any source and share any information with undefined “third parties.”

European and UK users can opt out of this. For others, sadly, it’s not so easy.

Logged in citizens of the EU and the UK can visit the Meta Privacy Center from either their Facebook account or their Instagram account.

**How to opt out of Meta using your data to train AI on Facebook**

*   Tap on your profile picture after logging in
*   Tap **Settings and Privacy**
*   Scroll down to the **Privacy Center**
*   Under **Privacy topics**, tap **AI at Meta**
*   Tap **Information you’ve shared on Meta products and services**
*   From there you’ll be presented with a form to fill out and **Submit** when you’re done.

AI at Meta in the Privacy Center

**How to opt out of Meta using your data to train AI on Instagram**

*   Tap on the hamburger menu from your profile (three stacked lines)
*   Scroll down to the **Privacy Center**
*   Under **Privacy topics**, tap **AI at Meta**
*   Tap **Information you’ve shared on Meta products and services**
*   From there you’ll be presented with a form to fill out and **Submit** when you’re done.

Whether you use Facebook or Instagram to opt out, you should then receive both an email and a notification on your account confirming whether your request has been successful.

Users in the US or other countries without national data privacy laws don’t have any foolproof ways to prevent Meta from using their data to train AI.

My advice: insist that your politicians make some noise and get you similar opt-out options.

 Don&#8217;t share the viral Instagram Meta AI &#8220;legal&#8221; post 

A Malwarebytes survey has found 66 percent of people were targeted by a romance scam, with 10 percent of victims losing $10,000 or more.

Romance scams continue to plague users, but their costs have risen to staggering heights, according to a Malwarebytes survey carried out last month via our weekly newsletter.

More than 66 percent of 850 respondents have been targeted by a romance scam, and those that were ensnared paid a hefty price, with 10 percent of victims losing $10,000 and up. A shocking 3 percent parted with $100,000 or more. The vast majority of those who lost money were unable to recover it, highlighting the need for increased awareness of evolving romance scam tactics and aggressive new methods of manipulation.

Romance scams, also known as confidence or dating scams, typically involve people being targeted online, with the scammers building their victim’s trust over several months. Victims are led to believe they’re in a committed relationship before being tricked into sending money, valuables, and personal information, or to launder money on the perpetrator’s behalf. In addition, some scammers convince their targets into investing in fraudulent cryptocurrency schemes, a method known as pig butchering.

While these scams are nothing new, their popularity has risen since the pandemic and ensuing loneliness epidemic, driven by an increasing reliance on the internet to connect. However, with the return to in-person gatherings, our survey results show romance scams have hardly petered out. Rather, they’re as pervasive as ever, with 52 percent of respondents targeted in the last year alone. And they’ve advanced, as cybercriminals now tap into global scamming networks for scripts, training, and technology to squeeze more money from victims.

As David Ruiz, Senior Privacy Advocate at Malwarebytes, puts it:

> “Romance and dating scams are run by sophisticated cybercriminals who know what they’re doing. They conduct research, and follow a playbook. The more we can remove the stigma surrounding victims and provide education and resources, the faster we can minimize the devastating effects of these scams.”

According to the Federal Trade Commission (FTC), over 64,000 people reported romance scams in 2023, with losses totaling $1.1 billion. The Federal Bureau of Investigation (FBI) received 17,823 complaints last year, costing victims nearly $653 million. However, that data doesn’t capture the recent trend of pig butchering, as romance scammers increasingly incorporate crypto investment fraud for higher payouts. Financial losses from investment fraud totaled $4.6 billion in 2023, the costliest internet crime for consumers.

For a full breakdown of survey results, including demographics, scammer tactics, and financial and emotional impacts, read below.

****Demographics of romance scams****

The majority of survey respondents were subject to romance scam advances within the last year, with 37 percent saying it happened within the last six months, and an additional 15 percent saying it happened between six months and one year ago.

The majority of targets are over the age of 55 (74 percent) and male (56 percent), a pattern consistent with previous trends. As with most scams, older users are targeted because they typically have more assets but are perhaps less familiar with online security. The Department of Homeland Security says cybercriminals zero in on recently widowed or divorced seniors for their vulnerability and access to cash.

However, 26 percent of victims are between 18 and 54 years old. In fact, the FTC asserts that the most common victims of romance scam sextortion are 18–29 years old.

Perhaps not surprisingly, the vast majority of phony romantic overtures took place on social media and online dating apps, with 38 and 31 percent of survey respondents targeted on those platforms, respectively. In fact, the proliferation of scams is one reason noted for the decline in social media and dating app use over the last two years. A recent Barclays survey found one third of Brits avoid online dating and dating apps due to romance scam fears.

Romance scams that start on social media end up costing the most. The FTC found from January 2021 to June 2023, more money was lost to scams originating on social media than by any other contact method. Consumers lost $2.7 billion in social media fraud, with crypto investment and romance scams resulting in the steepest costs, accounting for 67 percent of total losses. In the first six months of 2023, half of those who lost money to romance scams said it began on Facebook, Instagram, or Snapchat.

Romance scammers prefer using social media and dating apps to reach their targets because they can easily create fake profiles and tailor their personas to content victims share and like. Criminals can even use advertising tools to methodically select targets based on personal details such as age, interests, or past purchases. More recent trends involve romance scammers using AI to draft convincing emails, create fake photos in the likeness of their target’s recently-departed spouse, or develop deepfake videos of celebrities endorsing their investment scheme.

In addition, despite having strong anti-scam controls, nearly 16 percent of surveyed romance scam targets were initially contacted by email. Just over 10 percent were reached via text, a popular contact method for pig butchering.

****How long does the scam last?****

If survey results are an indication, the majority of those targeted by romance scams have become savvy to their ways—though Malwarebytes newsletter subscribers may be particularly well-informed. 55 percent knew it was a scam right away and never responded. Almost 19 percent figured out the scam within one week, meaning nearly three-quarters of respondents demonstrated excellent cybersecurity awareness.

Unfortunately, that leaves 26 percent engaging with romance scammers for more than two weeks, with 12 percent spending several months talking to pretend paramours, and 5 percent in a faux relationship for one year or more. In general, the longer a respondent was “together” with their scammer, the more money they lost. The exceptions were those who recognized the scam immediately, but spent weeks or months leading them on to waste their time. While this might seem like poetic justice, many romance scammers themselves are victims of human trafficking, forced to work up to 15 hours a day extracting enough money from victims to meet impossibly high quotas.

****Money lost****

User awareness wins the day again, preventing nearly three quarters of those targeted by a romance scam from losing money. However, the majority of those who did part with cash lost a lot of it—10 percent lost $10,000 or more, and 3 percent reported losses in the six figures. An additional 7 percent of survey respondents were scammed out of $1,000–$9,999, and 5 percent lost between $200 and $999. Just 3 percent of victims were scammed out of less than $200.

This means a full 22.5 percent of those targeted by a romance scam end up losing $1,000 and up—enough to make a significant impact on finances, especially for those with lower incomes. In 2023, romance scam victims—not counting those who reported crypto investment fraud—lost a median of $2,000 per person, the highest reported losses for any form of imposter scam, according to the FTC. Romance scams were also the third costliest fraud type reported to the FTC by older Americans (age 60 and over).

The FBI 2023 Internet Crimes Report noted financial losses to investment scams rose from $3.3 billion in 2022 to $4.6 billion in 2023—a 38 percent increase over the 183 percent gained the previous year. Combined, romance and investment scams were the costliest and second-most common internet crimes reported to the FBI last year as well, a fact reflected in Malwarebytes’ survey results and participant testimonials.

Tellingly, 94 percent of those who lost money were unable to recover it. Those who wish to recover cryptocurrency should be aware of additional scams by fraudulent businesses promising to trace and return funds. No private sector company can recover crypto—only legal or internal processes can compel cryptocurrency exchanges to release money back to victims.

****Reporting the scam****

Stigma is still a problem in dealing with the aftermath of a romance scam. Victims report heightened feelings of betrayal and shame on top of their financial burden. Yet 40 percent of surveyed romance scam victims didn’t tell another soul about what happened. An additional 30 percent only opened up to their closest confidantes. And while research suggests individuals impacted by the stress and trauma of romance scams benefit from counseling or support groups, just 4 percent sought out therapy after their experience.

However, there does appear to be a larger portion of romance scam targets willing to speak out than in the past. One quarter of our survey respondents said they told many others about their ordeal, with 11 percent submitting reports to law enforcement and/or nonprofit organizations. Data obtained by the BBC shows there were 7,660 cases processed in England and Wales by a self-reporting tool last year, up from 4,842 in 2019.

**How to spot and avoid a romance scam**

Romance scams aren’t going away, so here’s how to spot signs that someone isn’t who they say they are.

*   Their profile and picture seem too good to be true
*   They profess love and affection very quickly
*   They share a lot about themselves in the first meeting
*   They claim to be overseas and cannot stay in one place for long
*   They try to lure you from whatever platform you are on to talk to you via email or video chat
*   They claim to need money for something

Here’s what you can do to keep yourself safe:

*   Don’t give scammers the information they need. Scammers rely on what you volunteer about yourself online to tweak their script and lure you in. Use tools such as the Malwarebytes Personal Data Remover to minimize the amount of data accessible through search engine results, spam lists, and people search sites.
*   Perform an image search of the photo and the name of the person you’re in touch with. Scammers often steal someone else’s image to use as bait, and stolen identities are rife.
*   Go slow. Scammers tend to rush, building rapport with their victims as quickly as possible before moving in for the money-themed kill.
*   Never give money to anyone you’ve met online
*   Get a second opinion from someone you trust
*   If in doubt, back away and report the account.

If you’ve been impacted by a romance scam, pig butchering, or crypto investment fraud, you can report the crime to the Internet Crimes Complaint Center (IC3), which is run by the FBI, or the FTC on its reporting and resources page.

To talk with other romance scam victims in safe online forums, go to the reddit thread r/Romancescam, or apply to the private Facebook Support Group for Romance Scam Victims.

Latest News