Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials.
"Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials.

"Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto Networks Unit 42 researchers Yu Zhang, Zeyu You, and Wei Wang said.

"Malicious links direct the browser to automatically refresh or reload a web page immediately, without requiring user interaction."

Targets of the large-scale activity, observed between May and July 2024, include large corporations in South Korea, as well as government agencies and schools in the U.S. As many as 2,000 malicious URLs have been associated with the campaigns.

Over 36% of the attacks have singled out the business-and-economy sector, followed by financial services (12.9%), government (6.9%), health and medicine (5.7%), and computer and internet (5.4%).

The attacks are the latest in a long list of tactics that threat actors have employed to obfuscate their intent and trick email recipients into parting with sensitive information, including taking advantage of trending top-level domains (TLDs) and domain names to propagate phishing and redirection attacks.

The infection chains are characterized by the delivery of malicious links through header refresh URLs containing targeted recipients' email addresses. The link to which to be redirected is embedded in the Refresh response header.

The starting point of the infection chain is an email message containing a link that mimics a legitimate or compromised domain that, when clicked, triggers the redirection to the actor-controlled credential harvesting page.

To lend the phishing attempt a veneer of legitimacy, the malicious webmail login pages have the recipients' email addresses pre-filled. Attackers have also been observed using legitimate domains that offer URL shortening, tracking, and campaign marketing services.

"By carefully mimicking legitimate domains and redirecting victims to official sites, attackers can effectively mask their true objectives and increase the likelihood of successful credential theft," the researchers said.

"These tactics highlight the sophisticated strategies attackers use to avoid detection and exploit unsuspecting targets."

Phishing and business email compromise (BEC) continues to be a prominent pathway for adversaries looking to siphon information and perform financially motivated attacks.

BEC attacks have cost U.S. and international organizations an estimated $55.49 billion between October 2013 and December 2023, with over 305,000 scam incidents reported during the same time period, according to the U.S. Federal Bureau of Investigation (FBI).

The development comes amid "dozens of scam campaigns" that have leveraged deepfake videos featuring public figures, CEOs, news anchors, and top government officials to promote bogus investment schemes such as Quantum AI since at least July 2023.

These campaigns are propagated via posts and ads on various social media platforms, directing users to phony web pages that prompt them to fill out a form in order to sign up, after which a scammer contacts them via a phone call and asks them to pay an initial fee of $250 in order to access the service.

"The scammer instructs the victim to download a special app so that they can 'invest' more of their funds," Unit 42 researchers said. "Within the app, a dashboard appears to show small profits."

"Finally, when the victim tries to withdraw their funds, the scammers either demand withdrawal fees or cite some other reason (e.g., tax issues) for not being able to get their funds back.

"The scammers may then lock the victim out of their account and pocket the remaining funds, causing the victim to have lost the majority of the money that they put into the 'platform.'"

It also follows the discovery of a stealthy threat actor that presents itself as a legitimate enterprise and has been advertising automated CAPTCHA-solving services at scale to other cybercriminals and helping them infiltrate IT networks.

Dubbed Greasy Opal by Arkose Labs, the Czech Republic-based "cyber attack enablement business" is believed to have been operational since 2009, offering to customers a toolkit of sorts for credential stuffing, mass fake account creation, browser automation, and social media spam at a price point of $190 and an additional $10 for a monthly subscription.

The product portfolio runs the cybercrime gamut, allowing them to develop a sophisticated business model by packaging several services together. The entity's revenues for 2023 alone are said to be no less than $1.7 million.

"Greasy Opal employs cutting-edge OCR technology to effectively analyze and interpret text-based CAPTCHAs, even those distorted or obscured by noise, rotation, or occlusion," the fraud prevention company noted in a recent analysis. "The service develops machine-learning algorithms trained on extensive datasets of images."

One of its users is Storm-1152, a Vietnamese cybercrime group that was previously identified by Microsoft as selling 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors.

"Greasy Opal has built a thriving conglomerate of multi-faceted businesses, offering not only CAPTCHA-solving services but also SEO-boosting software and social media automation services that are often used for spam, which could be a precursor for malware delivery," Arkose Labs said.

"This threat actor group reflects a growing trend of businesses operating in a gray zone, while its products and services have been used for illegal activities downstream."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

PRESS RELEASE

Burlingame, Sept. 13, 2024 (GLOBE NEWSWIRE) -- CoherentMI published a report, titled, South Korea Digital Forensics Market is estimated to value at US$ 1.64 Billion in the year 2024 and is anticipated to reach US$ 3.52 Billion by 2031, at a CAGR of 11.5% during forecast period 2024-2031. With rising digitalization across various industry verticals in South Korea, incidents of cybercrimes have also increased exponentially over the years. Organizations across banking, finance, healthcare and other sectors are increasingly focusing on protecting sensitive data and investigating cyber threats. This has propelled the demand for professional digital forensics services that can retrieve hidden electronic data from computers, mobiles and other devices to solve cybercrime cases.

Market Dynamics: 

The South Korea digital forensics market is expected to witness significant growth, owing to increasing number of cybercrimes in the country. According to statistics, the number of cybercrimes reported in South Korea increased from 78,385 cases in 2018 to 95,172 cases in 2019. With rapid digitalization and increasing internet penetration, the cases of cyberbullying, hacking, data theft, and financial fraud have increased sharply. As a result, the demand for digital forensics solutions to collect, examine, and analyze digital evidence from computing devices such as smartphones, laptops, and servers is growing significantly. Moreover, increasing investments by law enforcement agencies to strengthen their digital investigation capabilities is also fueling the market growth.

Key Market Takeaways:

*   On the basis of forensic type, the computer forensics segment is expected to hold a dominant position, owing to a large volume of electronic evidence involving computers in cybercrime investigations.
    
*   On the basis of component, the services segment is expected to hold the largest share due to increasing demand for forensic consulting, investigation, training and education from law enforcement agencies and enterprises. 
    
*   On the basis of verticals, the government and defense segment is expected to hold the major market share due to initiatives towards strengthening cybersecurity and increasing reliance on digital forensics solutions.
    
*   Regionally, South Korea is expected to hold a dominant position over the forecast period due to stringent cyber regulations, robust law enforcement agencies and digital infrastructure in the country.
    
*   Key players operating in the South Korea digital forensics market include AhnLab, FireEye, IBM Corporation., Guidance Software, Inc., OpenTextCorp. These players are focusing on developing innovative forensic solutions and adopting organic and inorganic growth strategies to strengthen their market presence.
    

Market Trends:

Mobile device forensics and cloud forensics are the major trends witnessed in the South Korea digital forensics market. With increasing usage of smartphones and tablets, mobile device forensics solutions that can extract, recover, analyze and preserve deleted data from mobile devices are gaining more importance. Additionally, as more data is being stored on cloud systems, cloud forensics solutions are being increasingly used to investigate data breach incidents involving cloud applications and services. Major players in the market are focusing on developing advanced mobile and cloud forensics solutions to leverage lucrative business opportunities.

Recent Developments:

*   On April 22 2021, Plainbit Co., Ltd., has signed a memorandum of understanding with FRONTEO Inc. FRONTEO Inc. is an overseas subsidiary of FRONTEO Korea, Inc., based in Minato-ku, Tokyo. The partnership aims to strengthen digital forensic services through collaborative business initiatives, facilitating mutual exchange and cooperation between the two companies. FRONTEO specializes in digital forensic services, while Plainbit focuses on enhancing digital forensic capabilities through collaborative business initiatives.
    

Get a detailed analysis on regions, market segments, and companies: https://www.coherentmi.com/industry-reports/south-korea-digital-forensics-market

South Korea Digital Forensics Market Opportunities:

Computer Forensics: The computer forensics segment held the largest market share in 2024 owing to increasing cases of cybercrimes involving computers. Computer forensics aids in investigating computer related crimes by analyzing data stored on computers and recovering digital evidence. It allows examination of digital media in a forensically sound manner and law enforcement agencies heavily rely on computer forensics for examining digital devices seized from crime scenes.

Network Forensics: Network forensics is anticipated to witness substantial growth during the forecast period due to rising network intrusions and data breaches. It involves monitoring and analyzing network traffic for potential security issues and policy violations. Network forensics provides insights into network security incidents, data leakage and helps identify compromised accounts. The technology assists in conducting post-intrusion analysis and network traffic reconstruction to gather digital evidence from network infrastructure.

South Korea Digital Forensics Market Segmentation:

*   By Verticals:
    
    *   Banking, Financial Services, and Insurance (BFSI)
        
    

The research provides answers to the following key questions:

1.  What is the estimated growth rate of the market for the forecast period 2024-2031?
    
2.  What will be the market size during the estimated period?
    
3.  What are the key driving forces responsible for shaping the fate of the South Korea Digital Forensics market during the forecast period?
    
4.  Who are the major market vendors and what are the winning strategies that have helped them occupy a strong foothold in the South Korea Digital Forensics market?
    
5.  What are the prominent market trends influencing the development of the South Korea Digital Forensics market across different regions?
    
6.  What are the major threats and challenges likely to act as a barrier in the growth of the South Korea Digital Forensics market?
    
7.  What are the major opportunities the market leaders can rely on to gain success and profitability?
    

Purchase Latest Edition of this Research Report @ https://www.coherentmi.com/industry-reports/south-korea-digital-forensics-market/buynow

Key insights provided by the report that could help you take critical strategic decisions?

*   Regional report analysis highlighting the consumption of products/services in a region also shows the factors that influence the market in each region.
    
*   Reports provide opportunities and threats faced by suppliers in the South Korea Digital Forensics industry around the world.
    
*   The report shows regions and sectors with the fastest growth potential.
    
*   A competitive environment that includes market rankings of major companies, along with new product launches, partnerships, business expansions, and acquisitions.
    
*   The report provides an extensive corporate profile consisting of company overviews, company insights, product benchmarks, and SWOT analysis for key market participants.
    
*   This report provides the industry's current and future market outlook on the recent development, growth opportunities, drivers, challenges, and two regional constraints emerging in advanced regions.
    

Browse Related Reports:

United States Racing Drones Market: The United States Racing Drones Market is estimated to be valued at USD 353.01 Mn in 2024 and is expected to reach USD 1,333.19 Mn by 2031, growing at a CAGR of 18.1% from 2024 to 2031.

New Zealand Power Tool Market: New Zealand Power Tool Market is estimated to be valued at US$ 167.2 million in 2024 and is expected to reach US$ 286.1 million by 2031, exhibiting a compound annual growth rate (CAGR) of 8% from 2024 to 2031.

Philippines Robot as a Service Market: Philippines robot as a service market is estimated to be valued at US$ 298.9 Million in 2024, and is expected to reach US$ 918.8 Million by 2031, growing at a compound annual growth rate (CAGR) of 17.4% from 2024 to 2031.

UAE Dark Kitchens/Ghost Kitchens/Cloud Kitchens Market: The UAE Dark Kitchens/Ghost Kitchens/Cloud Kitchens market size was valued at US$ 330.3 million in 2023 and is expected to reach US$ 821.5 million by 2030, grow at a compound annual growth rate (CAGR) of 13.9% from 2023 to 2030.

Author of this marketing PR:

Ravina Pandya, PR Writer, has a strong foothold in the market research industry. She specializes in writing well-researched articles from different industries, including food and beverages, information and technology, healthcare, chemical and materials, etc. With an MBA in E-commerce, she has an expertise in SEO-optimized content that resonates with industry professionals.

About Us:

At CoherentMI, we are a leading global market intelligence company dedicated to providing comprehensive insights, analysis, and strategic solutions to empower businesses and organizations worldwide. Moreover, CoherentMI is a subsidiary of Coherent Market Insights Pvt Ltd., which is a market intelligence and consulting organization that helps businesses in critical business decisions. With our cutting-edge technology and experienced team of industry experts, we deliver actionable intelligence that helps our clients make informed decisions and stay ahead in today's rapidly changing business landscape.

South Korea Digital Forensics Market to Hit US $3.52B by 2031

A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create projects or use the instance as if they were a user with local access. The main attack vector is for instances hosted locally on personal machines, which are not publicly accessible. The CORS settings in the backend permit all origins, exposing unauthenticated endpoints to CSRF attacks.

**Lunary Cross-Site Request Forgery (CSRF) vulnerability**

Moderate severity GitHub Reviewed Published Sep 13, 2024 to the GitHub Advisory Database • Updated Sep 13, 2024

GHSA-v6x6-4v4x-2fx9: Lunary Cross-Site Request Forgery (CSRF) vulnerability

An improper access control vulnerability exists in lunary-ai/lunary prior to commit 844e8855c7a713dc7371766dba4125de4007b1cf on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. The attacker can invite a target email, obtain a one-time use token, retract the invite, and later use the token to reset the password of the target user, leading to full account takeover.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   GitHub Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   Explore
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-6087

**Lunary improper access control vulnerability**

Moderate severity GitHub Reviewed Published Sep 13, 2024 to the GitHub Advisory Database • Updated Sep 13, 2024

**Affected versions**

< 1.4.9

**Description**

An improper access control vulnerability exists in lunary-ai/lunary prior to commit 844e8855c7a713dc7371766dba4125de4007b1cf on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. The attacker can invite a target email, obtain a one-time use token, retract the invite, and later use the token to reset the password of the target user, leading to full account takeover.

**References**

*   https://nvd.nist.gov/vuln/detail/CVE-2024-6087
*   lunary-ai/lunary@844e885
*   https://huntr.com/bounties/bd9f2301-11c7-4cbd-8d77-3e9225bd67e8

Published to the GitHub Advisory Database

Sep 13, 2024

Last updated

Sep 13, 2024

GHSA-6p2q-8qfq-wq7x: Lunary improper access control vulnerability

An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access rights to the run(s) they are accessing. As a result, it returns not only the specified run but also all runs that have the `run_id` listed as their parent run. This issue affects the main branch, commit a761d833. The vulnerability allows unauthorized users to obtain information about non-public runs and their related runs, given the `run_id` of a public or non-public run.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   GitHub Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   Explore
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-6867

**Lunary information disclosure vulnerability**

Moderate severity GitHub Reviewed Published Sep 13, 2024 to the GitHub Advisory Database • Updated Sep 13, 2024

**Affected versions**

< 1.4.10

**Description**

An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the runs/{run_id}/related endpoint. This endpoint does not verify that the user has the necessary access rights to the run(s) they are accessing. As a result, it returns not only the specified run but also all runs that have the run_id listed as their parent run. This issue affects the main branch, commit a761d833. The vulnerability allows unauthorized users to obtain information about non-public runs and their related runs, given the run_id of a public or non-public run.

**References**

*   https://nvd.nist.gov/vuln/detail/CVE-2024-6867
*   lunary-ai/lunary@35afd44
*   https://huntr.com/bounties/460df515-164c-4435-954b-0233a181545f

Published to the GitHub Advisory Database

Sep 13, 2024

Last updated

Sep 13, 2024

GHSA-9jmp-j63g-8x6m: Lunary information disclosure vulnerability

PRESS RELEASE

CLEARWATER, Fla., Sept. 11, 2024 /PRNewswire/ --  Concerns about the trustworthiness of internal data exist in nearly all organizations globally according to "The Real Value of Technology Connectivity" report released today by TeamViewer, a leading global provider of remote connectivity and workplace digitalization solutions. Ninety-nine percent of business leaders pointed to factors undermining trust in internal data, citing multiple versions of the truth (38%), conflicting data management practices (32%) and too many instances of poor hardware reliability (31%) as top reasons for mistrust.

Interestingly this mistrust of internal data varies across company size. It is more likely to be driven by lack of data literacy in smaller organizations. Forty percent of respondents working for companies generating US $10 million - US $49.99 million in yearly revenue report a lack of data literacy among employees, compared to 21% of companies generating US $10 billion and above.

The global research study also found that only 5% of business leaders believe they have seamless technology connectivity across their organizations, identifying a huge opportunity to close the connectivity gap to not only gain internal trust in data, but to also enhance nearly all areas of the business from innovation to HR.

When asked how seamless technology connectivity could help their organization:

*   80% of respondents state is allows for better customer interactions and increases customer satisfaction
    
*   81% say it enables better innovation
    
*   82% believe it allows more time for considered decision making
    
*   86% consider it an important aspect of working at their company increasing talent retention
    

Technology Connectivity = Industry Leadership & Cyber Defense 

The research also uncovered a correlation between excellent connectivity and industry leadership, with 33% of business leaders at organizations with excellent technology connectivity saying their financial performance is among the leaders in their industry. Just 16% of business leaders with good connectivity say the same. In addition, 61% say that excellent technology connectivity gives them a competitive edge.

Further, 34% of businesses with excellent connectivity say their operational performance is on par with industry leaders but only 19% with good connectivity say this is the case. Seamless technology connectivity, the extent to which staff can operate and connect without interruptions, and what all businesses should be aiming for, also increases resilience and supports risk management. In particular, better connectivity helps organizations to withstand the growing threat of cyberattacks. 38% of those with excellent connectivity, those one step below achieving seamless connectivity, are among the leaders in their sector for cybersecurity performance, compared to 22% of those with good connectivity.

"It's clear from the research that connectivity isn't just about driving workforce productivity and efficiencies. The approach of shifting connectivity from a supporting role and cost centre to one that empowers the business has an impact on growth, and ultimately revenue. Fragmented systems blunt competitive advantage so just being good is not good enough when it comes to connectivity. Businesses need seamless integration and harmonization of data to fully realise the opportunities that technologies like augmented reality (AR) and artificial intelligence (AI) bring," said Mei Dent, chief product and technology officer, TeamViewer.   

What is holding organizations back?

Organizations with gaps in connectivity (those who say they have good connectivity but not excellent or seamless) are more likely to be held back by differences between departments within their organization (30%) and the inability to show the ROI of tech connectivity (27%). Whereas those who say they have excellent connectivity are most likely to be held back by concerns about cybersecurity (24%). So, cybersecurity is both a benefit and a hindrance to better connectivity.

A company's ability to connect to any device, application and system in its infrastructure, and to make use of existing data, has an outsized influence on performance. Whether it is smarter logistics operations or remote technical guidance, access to knowledge from any device, at any time, helps people work smarter and reduces the mistrust that there are multiple versions of truth in data.

Dent continued, "There is a long way to go for companies to achieve seamless connectivity, but the benefits far outweigh the initial investment of time and resources. Doing nothing also has a cost. With many struggling with increased competition and a lack of skilled labour available, organizations need to do all they can to attract and retain the best talent. And one way to do this is to offer a working environment with integrated systems and connectivity that makes it a great place to work and thrive in their careers."

Research Methodology 

The research was conducted by FT Longitude between March and April 2024. 500 business leaders across six countries took part: Australia, Canada, Japan, Germany, United Kingdom and the United States. Business leaders represented enterprises from the automotive, industrial manufacturing, IT, logistics, transport & distribution, financial services, retail, public sector and utilities industries.

About TeamViewer

TeamViewer is a leading global technology company that provides a connectivity platform to remotely access, control, manage, monitor, and repair devices of any kind – from laptops and mobile phones to industrial machines and robots. Although TeamViewer is free of charge for private use, it has around 640,000 subscribers and enables companies of all sizes and from all industries to digitalize their business-critical processes through seamless connectivity. Against the backdrop of global megatrends like device proliferation, automation and new work, TeamViewer proactively shapes digital transformation and continuously innovates in the fields of Augmented Reality, Internet of Things and Artificial Intelligence. Since the company's foundation in 2005, TeamViewer's software has been installed on more than 2.5 billion devices around the world. The company is headquartered in Goppingen, Germany, and employs more than 1,500 people globally. In 2023, TeamViewer achieved a revenue of around EUR 627 million. TeamViewer SE (TMV) is listed at Frankfurt Stock Exchange and belongs to the MDAX. Further information can be found at  https://www.teamviewer.com/.

99% of Business Leaders Have Concerns About the Trustworthiness of Internal Data

PRESS RELEASE

REDWOOD CITY, Calif., Sept. 11, 2024 /PRNewswire/ -- According to a recently published report from Dell'Oro Group, the trusted source for market information about the telecommunications, security, networks, and data center industries, the Network Security market showed signs of recovery in 2Q 2024, growing 6 percent year-over-year (Y/Y) to reach $5.9 billion and breaking a streak of six consecutive quarters of deceleration. This growth was primarily driven by solid demand for cloud-native security solutions and virtual firewalls, which saw a 17 percent increase. In contrast, hardware-based solutions experienced their fourth consecutive quarter of decline, dropping 2 percent.

"The Network Security market's performance in 2Q 2024 reaffirms the enduring shift towards cloud-centric architectures," said Mauricio Sanchez, Sr. Director, Enterprise Security and Networking at Dell'Oro Group. "The firewall segment serves as a microcosm of this transformation. While overall firewall revenue grew modestly at 2 percent, virtual firewalls surged by 22 percent as physical firewall sales struggled. This stark contrast in growth rates within a single product category underscores how enterprises consistently favor flexible, cloud-native security solutions to address their evolving needs."

Additional highlights from the 2Q 2024 Network Security Quarterly Report:

*   The Infrastructure Security market, comprising firewalls, Security Service Edge (SSE), and traditional Secure Web Gateway (SWG) appliances, achieved nearly $5 billion, marking a mid-single-digit growth.
    
*   The Application Security and Delivery market, including Application Delivery Controllers (ADC) and Web Application Firewall (WAF) segments, experienced high single-digit growth, reaching $1.2 billion, primarily driven by robust WAF sales that offset the weakness of ADCs.
    
*   SSE revenue increased to nearly $1.5 billion, with the top three vendors – Zscaler, Palo Alto Networks, and Broadcom – controlling almost 60 percent of the market.
    
*   WAF revenue rose 18 percent, driven by a 25 percent growth in SaaS-based WAF solutions.
    
*   High-end physical firewalls showed signs of stabilization with a slight 1 percent revenue growth, potentially indicating a turning point after several quarters of decline.
    

About the Report  
The Dell'Oro Group Network Security Report includes manufacturers' revenue covering the ADC, Firewall, SSE, traditional SWG appliances, and WAF product segments. Moreover, SSEs are further broken down across four primary functions: CASB, FWaaS, SWG, and ZTNA. The report also splits many segments by form factor: physical, virtual, and SaaS. To purchase this report, please contact us at \[email protected\].

About Dell'Oro Group  
Dell'Oro Group is a market research firm that specializes in strategic competitive analysis in the telecommunications, security, enterprise networks, and data center markets. Our firm provides in-depth quantitative data and qualitative analysis to facilitate critical, fact-based business decisions. For more information, contact Dell'Oro Group at +1.650.622.9400 or visit https://www.delloro.com.

You May Also Like

Cloud-Native Network Security Up 17%, Hardware Down 2%

As the 104th season of the National Football League kicks off, expect cyberattacks aimed at its customers, players, and arenas.

Source: Illus\_man via Shutterstock

This past weekend, the National Football League kicked off its 2024 season, and while the sport itself has remained the same, mainly — hello, new kicking rules — the technological operations around games and players is constantly evolving, and face increasing cyber threats.

While all companies have a mix of digital and physical assets, sports teams have a unique cocktail of critical assets, especially as data has become increasingly the lifeblood of sports franchises in the NFL. Pervasive Wi-Fi in every stadium and cellular systems that allow, say, concessions to more easily handle demand means there's data to be collected on every aspect of venue operations. Technology also allows connections with fans that extend online, at home, and at stadiums through loyalty programs, biometric checks at venues, and experiences customized by QR codes on every stadium seat.

In addition to information on their fans, NFL teams have real-time data on players, brands that need protecting, and critical infrastructure relied on by arena operations and video broadcasters.

In all, it's a challenging logistical puzzle that requires continuous risk assessment, threat intelligence, and an agile IT team, says Brandon Covert, vice president of IT for the Cleveland Browns (and the area's professional soccer team, the Columbus Crew).

Related:Dark Reading Confidential: Pen Test Arrests, Five Years Later

"I started here 20 years ago, and there wasn't a whole lot of tech in our stadiums — they were all-cash, concrete buildings without a lot of technology," he says. "And now you see there's pervasive Wi-Fi ... and biometric payments and identification. All of these systems are inherently at risk, and we have to manage and mitigate that risk. The challenges \[that come along with\] tech just continue to grow, and get introduced to all areas of our business."

**A Game of Data**

The Cleveland Browns kicked off their game opener at their home stadium, the Huntington Bank Field, on Sept. 8. While the fans were focused on game day, the Browns' information-technology and security groups have been working year-round to ensure that the season remains free of technological glitches and safe from cyberattacks.

One of the thorniest issues is the need to secure increasing volumes of data, be that player data, broadcast feeds, transactional data, or customer information. Every iota of that information has value to cyberattackers, says Covert.

"Our charge being a sports organization — we have a really good bond with our fans and we get a lot of trust from our fans, probably elevated beyond what other industries see with their customers — so we want to be responsible and not be involved in any of those data breaches or loss of fan information, just from a brand and reputation standpoint for us," he says.

And indeed, stolen data on fans and players can appear on the Dark Web; plus, the rapid legalization of sports gambling has added potential monetary losses to the mix, ratcheting up the emotional rollercoaster ride for many fans, says Jake Aurand, counterintelligence lead for Binary Defense, a cyberthreat intelligence firm that counts the Cleveland Browns among its customers.

"Teams have a lot of customer information — whether it's biometric or credit card data from people purchasing game tickets — so we're constantly out there on the darknet looking to see if any of that data has been stolen and is being reposted somewhere on a forum," he says. "But what we're also doing is looking for \[potential threats on the\] physical side."

For instance, among the most major of concerns to operations continues to be ransomware, says Brad Garnett, director and general manager of the Talos Incident Response team at Cisco, which has a partnership with the NFL.

"Ransomware is not going anywhere," he says. "Anything that would impact the integrity of the game — whether that's football, baseball, basketball, or footy — anything that would attack the game's integrity or around infrastructure availability" is a concern for cyber defenders.

Cyberattacks on the operational systems of an arena or stadium could cause a broadcast outage or take an approach as simple as posting a bomb threat on a scoreboard, National Football League CISO Tomás Maldonado said in an interview in June.

"I think a lot of people don't fully appreciate the convergence between cyber physical and the ... ramifications of a cyber event ... they don't usually make that connection right off the bat," said Maldonaldo, who is securing his sixth season with the organization.

**A Game of 1s and 0s**

About half of the threats detected by the company have some cyber-physical component, but the other half are purely about data, Binary Defense's Aurand says. Using the Browns' branding to fool fans into purchasing fake merchandise or just giving up their payment card details are common scams, he says.

Teams should take an active approach to defense, he adds. There are tools for doing just that: CISA and the NFL conduct annual tabletop exercises to workshop incident response, for instance.

"You need a first line of defense put in place, ... looking for those attacks immediately, in real time and throwing them off or identifying them extremely quickly," Aurand says. "And two, you need to stop the attacker from being able to move any further in their attacks."

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa and forced to spend the night in jail — just for doing their pen-testing jobs. Listen now!

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

NFL Teams Block &amp; Tackle Cyberattacks in a Digital World

Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from...

Car manufacturer Ford Motor Company has filed a patent application for an in-vehicle advertisement presentation system based on information derived from several trip and driver characteristics. Among those characteristics—human conversations.

In the abstract of the patent application publication Ford writes:

> “An example method includes determining vehicle information for a trip, the vehicle information including any one or more of a current vehicle location, a vehicle speed, a drive mode, and/or traffic information, the user information including any one or more of a route prediction, a speed prediction for the trip, and/or a destination, determining user preferences for advertisements from any one or more of audio signals within the vehicle and/or historical user data, selecting a number of the advertisements to present to the user during the trip, and providing the advertisements to the user during the trip through a human-machine interface (HMI) of the vehicle.”

Further one it details that “the controller may monitor user dialogue to detect when individuals are in a conversation.”

Based on this info, the controller can decrease or increase the number of advertisements. And “the conversations can be parsed for keywords or phrases that may indicate where the occupants are travelling to.”

Okay.

Essentially, the car you’re driving would not only spy on your driving behavior, your present and future locations, and your requested driving routes, but it would also eavesdrop on you. And let’s not forget the safety implications of displaying advertisements while you’re driving.

We have spoken about cars and privacy at length and came to the conclusion they’re not very good at it. Many politicians in the US agree with that point of view. US senators have asked the Federal Trade Commission (FTC) to investigate car makers’ privacy practices and Texas Attorney General Ken Paxton sued General Motors for selling customer driving data to third parties.

We explained why car location tracking needs an overhaul and we’ve implored that automakers work together to help users by providing them with the ability to turn tracking features off (a serious vulnerability for people fleeing from an abusive relationship).

Yet nowhere in the entire document exists one word about how Ford intends to keep the acquired information secure. We’d advise all car companies remediate existing security vulnerabilities before introducing potential new ones.

What’s next, Ford? Will you stop working if we drive past one of the establishments that sponsor your ads? Or was that “feature” to disable a functionality of a component of the vehicle or to place the vehicle in a lockout condition only for the repossession plans you attempted to patent earlier on?

Another controversial Ford patent filed in July described technology that would enable vehicles to monitor the speed of nearby cars, photograph them and send the information to police.

In a statement to Fortune, the company clarified that filing a patent is a standard practice to explore new ideas and doesn’t necessarily indicate immediate plans to release such a system.

We realize that advertisements make the internet go round. Many useful websites could not exist without them. But do these in-vehicle advertisements benefit the owner of the car? If it makes the cars cheaper, I’d be willing to pay some extra to not be bothered and eavesdropped on while driving. How about you? Let us know in the comments.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Ford seeks patent for conversation-based advertising 

A new Android malware called Trojan Ajina.Banker is targeting Central Asia – Discover how this malicious malware disguises…

A new Android malware called Trojan Ajina.Banker is targeting Central Asia – Discover how this malicious malware disguises itself as legitimate apps to steal banking information and intercept 2FA messages. Learn about the tactics used by the attackers and how to protect yourself from this growing threat.

Central Asia has become the target of a malicious new campaign distributing Android malware dubbed “Ajina.Banker.” Discovered by Group-IB in May 2024, Ajina.Banker has been wreaking havoc since November 2023 and around 1,400 unique variants of the malware were identified by researchers.

The malware is named after a malevolent Uzbek mythical spirit known for deception, shape-shifting, and chaos. Ajina.Banker targets unsuspecting users by masquerading as trusted applications like banking services, government portals, and everyday utilities “to maximize infection rates and entice people to download and run the malicious file, thereby compromising their devices.”

The malware primarily spreads through social engineering tactic on messaging platforms like Telegram. Attackers create numerous accounts to distribute malicious links and files disguised as enticing offers, promotions, or even local tax authority apps. Users lured by the promise of “lucrative rewards” or “exclusive access” unknowingly download and install the malware, compromising their devices.

The attackers also employ a multi-pronged approach, sending messages with just the malicious file attached, exploiting user curiosity. Additionally, they share links to channels hosting the malware, bypassing security measures in place on some community chats.

Ajina used themed messages and localized promotion strategies to create a sense of urgency and excitement in regional community chats, urging users to click on links or download files without suspecting malicious intent. These campaigns were conducted across multiple accounts, sometimes simultaneously, indicating a coordinated effort.

While primarily targeting users in Uzbekistan, Ajina.Banker’s reach extends beyond borders. The malware collects information on installed financial applications from various countries, including Armenia, Azerbaijan, Iceland, and Russia. Additionally, it gathers SIM card details and intercepts incoming SMS messages, potentially capturing 2FA codes for financial accounts.

The malware exhibits a concerning level of adaptability. The analysis reveals two distinct versions – com.example.smshandler and org.zzzz.aaa – suggesting ongoing development. Newer versions showcase additional functionalities, including the ability to steal user-provided phone numbers, bank card details, and PIN codes.

Group-IB’s investigation suggests Ajina.Banker operates on an affiliate program model. A core group manages the infrastructure, while a network of affiliates handles distribution and infection chains, likely incentivized by a share of the stolen funds.

To protect yourself and your devices from Ajina.Banker and similar threats, be cautious of unsolicited messages and downloads, stick to trusted app stores like Google Play Store, scrutinize app permissions, install security software, and stay updated on the latest malware threats and best practices for mobile security.

Rocky Cole, Co-Founder and COO of mobile device security company iVerify shared his comments about this cunning new campaign with Hackread.com:

“Credential theft is the number one action being taken by threat actors. It’s so easy to steal credentials on phones where smaller screens, lower attention spans, lack of training, and the mixing of personal and professional use cases put people at risk. This new Android malware is just a continuation of that trend and a prime example of why phones should be running EDR platforms to detect malicious APKs and social engineering attempts.”

1.  **Hackers using Google Sites to spread banking malware**
2.  **Google reveals spyware attack on Android, iOS, and Chrome**
3.  **Scylla Ad Fraud on iOS, Android Users Halted by Apple, Google**
4.  **V3B Phishing Kit Steals Logins and OTPs from EU Banking Users**
5.  **Android Banking Malware FjordPhantom Steals Via Virtualization**

Tag

#git