In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as "the new perimeter", the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data breaches, account takeovers, and credential theft.

The "Enterprise Identity Threat Report 2024" (download here) is based on exclusive data available only to the LayerX Browser Security platform. This data derives from LayerX's unique visibility into every user action in the browser, across industries. It provides a detailed analysis of emerging risks and uncovered hidden threats. To register to a live webinar to cover the key findings in this report, Click here.

Below is a deeper dive into some of the report's most critical findings:

**1\. The Greatest Risk Comes from 2% of Users**

Security professionals researching security threats might come to the impression that every action taken in the enterprise is a threat to the business's operations. This kind of FUD is counter-productive, since it does not help prioritize risk management.

On the contrary, this report provides data on where the actual risk is coming from. It finds that 2% of users within an organization are responsible for the majority of identity-related risks. These individuals have appeared in multiple public data breaches, typically with weak or compromised credentials, and also bypass SSO mechanisms, using outdated, easily crackable passwords.

There is another interesting factor that makes these users more risky. The report indicates not only _if_ a corporate identity was exposed, but also _whether a password was exposed,_ as well as _how many times_ it was exposed.

On average, identities that had their password exposed, appeared in 9.5 breaches. Whereas identities exposed without password exposure appeared on average in 5.9 data sets.

Could this be because attackers place more attack resources on datasets with passwords? The data doesn't say. But it does mean that users who have had their password exposed are at a significantly higher risk, since the more datasets they appear in, the higher the potential malicious reach of their credentials. This should be taken into consideration in your risk management plan.

**2\. Blind Spots in Corporate Credential Management**

One of the most pressing risks identified in the report is the prevalence of shadow identities. According to LayerX, 67.5% of corporate logins are performed without the protection of SSO. Even more concerning, 42.5% of all logins to SaaS applications within organizational networks take place through personal accounts, completely outside the purview of corporate security teams.

These blind spots allow users to bypass corporate identity protections. Security teams lack visibility into where corporate access is taking place, blocking their ability to detect and respond to identity-related risks.

**3\. Corporate Passwords Are Just as Vulnerable as Personal Ones**

Corporate security measures are perceived to be stronger than personal ones. For example, managed devices seem more secure than BYOD, corporate networks are more secure than public wifi, etc. But when it comes to passwords, this is hardly the case.

Despite password management and governance policies, the report shows that 54% of corporate passwords are categorized as medium-strength or weaker. For personal passwords, the percentage is 58%. Such passwords, while complying with minimum security policies, can often be cracked in under 30 minutes with modern tools.

**4\. Browser Extensions: An Overlooked but Growing Risk**

LayerX has a unique perspective into one of the most ubiquitous, but invisible, productivity tools: browser extensions. According to LayerX's findings, 66.6% of installed browser extensions have high or critical risk permissions and over 40% of users have such high-risk extensions installed. These permissions often allow extensions access to sensitive data such as users' cookies and session tokens, which can be exploited to steal corporate credentials or hijack sessions.

**5\. Attackers Are Evading Legacy Security Tools with Sophisticated Techniques**

Finally, the report reveals how attackers are exploiting weaknesses in traditional security tools like SWGs. As a result, these tools have become less effective in preventing browser-related breaches. Some of the key findings in this area:

*   49.6% of successful malicious web pages that bypass protections are hosted on legitimate public hosting services, leveraging trust in well-known domains to avoid detection
*   70% of these malicious pages use phishing kits with low or medium similarity to known phishing templates, which allows them to evade standard phishing detection mechanisms.
*   82% of these pages scored high on reputation risk and 52% of the pages had low "top-level domain" risk, indicating that attackers are manipulating common reputation-based defenses by using public infrastructure to distribute malicious content.

The findings in the "Enterprise Identity Threat Report 2024" underscore the pressing need for organizations to rethink their identity security strategies. Traditional methods relying on network-layer protection, password governance and trust in existing tools are no longer sufficient to protect today's browser-based, remote-access environments. At the very least, security teams should be aware of what they do not cover.

To register to the live webinar presenting the report's main insights, To register to a live webinar to cover the key findings in this report, Click here.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

A successful CIA hack of Venezuela's military payroll system, insider fights for spy agency resources, and messy opposition politics: A WIRED investigation reveals a secret Trump-era attempt to oust autocratic ruler Nicolás Maduro.

The Untold Story of Trump's Failed Attempt to Overthrow Venezuela's President

Despite the absence of laws specifically covering AI-based attacks, regulators can use existing rules around fraud and deceptive business practices.

Source: mike via Adobe Stock Photo

As AI-generated deepfakes become more sophisticated, regulators are turning to existing fraud and deceptive practice rules to combat misuse. While no federal law specifically addresses deepfakes, agencies like the FTC and SEC are applying creative solutions to mitigate these risks.

The quality of AI-generated deepfakes is astounding. "We cannot believe our eyes anymore. What you see is not real," says Binghamton University professor Yu Chen. Tools are being developed in real time to distinguish between an authentic image and a deepfake. But even if a user knows an image isn't real, there are still challenges.

"Using AI tools to trick, mislead, or defraud people is illegal," Federal Trade Commission chair Lina M. Kahn said, back in September. AI tools used for fraud or deception are subject to existing laws, and Khan made it clear the FTC will be going after artificial intelligence fraudsters.

**Intent: Fraud and Deception**

Deepfakes can be used for other corporate unfair business practices, such as creating a false image of an executive who announces their company is taking an action that could cause stock prices to change. For example, a deepfake could declare a company is going out of business or make an acquisition. If stock trading stock is involved, the SEC could prosecute.

When a deepfake is created with the intent to deceive, "that is a classic element of fraud," says Joanna Forster, a partner at the law firm Crowell & Morning and the former deputy attorney general, Corporate Fraud Section, for the State of California

"We've all seen the past four years a very activist FTC on areas of antitrust and competition, on consumer protection, on privacy," Forster says.

In fact, an FTC official, speaking on background, says the agency is aggressively addressing the issue. In April, a rule on government or business impersonation went into effect. The agency also is continuing its efforts on voice clones designed to deceive and defraud victims. The agency has a business guidance blog that tracks many of these efforts.

Several state and local laws address deepfakes and privacy, but there is no federal legislation or clear rules defining which agency takes the lead on enforcement. In early October, U.S. District Judge John A. Mendez granted a preliminary injunction blocking a California law against election-related deepfakes. Even though the judge acknowledged AI and deepfakes pose significant risks, California's law likely violated the First Amendment, Mendez said. Currently, 45 states plus the District of Columbia have laws prohibiting using deepfakes in elections.

**Privacy and Accountability Challenges**

There are few laws that protect non-celebrities or politicians from a deepfake violating their privacy. The laws are written so that they protect the celebrity's trademarked face, voice and mannerisms. This differs from a comic impersonating a celebrity for entertainment's sake where there is no intent to deceive the audience. However, if a deepfake does try to deceive the audience, that crosses the line of intent to deceive.

In the case of a deepfake of a non-celebrity, there is no way to sue without first knowing who created the deepfake, which is not always possible on the internet, says Debbie Reynolds, privacy expert and CEO of Debbie Reynolds Consulting. Identity theft laws might apply in some cases, but internet anonymity is difficult to overcome. "You may never know who created this thing, but that harm still exists," Reynolds says.

While some states are looking at laws specifically focusing on the use of AI and deepfakes, the tool used for the fraud or deception is not significant, says Edward Lewis, CEO of CyXcel, a consulting firm specializing in cybersecurity law and risk management.  Many corporate executives do not realize how easy deepfakes and other AI-generated content are to create and distribute.

"It's not so much about what do I need to know about deepfakes; It's rather who has access, and how do we control that access in the workplace, because we wouldn't want our staff to be engaging for inappropriate reasons with any AI," Lewis says. "Secondly, what is our firm's policy on the use of AI? What context can or can't it be used for, and who actually do we grant access to AI so that they can carry out their jobs?"

Lewis notes, "It's much the same way as we have controls around other cyber security risks. The same controls need to be considered in the context of the use of AI."

As AI-generated deepfakes become more sophisticated, regulators are working to adapt by leveraging existing fraud and privacy laws. Without federal legislation specific to deepfakes, agencies like the FTC and SEC are actively enforcing rules against deception, impersonation, and identity misuse. But the challenges of accountability, privacy, and recognition persist, leaving gaps that both individuals and organizations need to navigate. As regulatory frameworks evolve, proactive measures—such as AI governance policies and continuous monitoring—will be essential in mitigating risks and safeguarding trust in the digital landscape.

**About the Author**

Stephen Lawton is a veteran journalist and cybersecurity subject matter expert who has been covering cybersecurity and business continuity for more than 30 years. He was named a Global Top 25 Data Expert for 2023 and a Global Top 20 Cybersecurity Expert for 2022. Stephen spent more than a decade with SC Magazine/SC Media/CyberRisk Alliance, where he served as editorial director of the content lab. Earlier he was chief editor for several national and regional award-winning publications, including MicroTimes and Digital News & Review. Stephen is the founder and senior consultant of the media and technology firm AFAB Consulting LLC. You can reach him at \[email protected\].

Regulators Combat Deepfakes With Anti-Fraud Rules

The Russian-backed group is using a novel access vector to harvest victim data and compromise devices in a large-scale intelligence-gathering operation.

Source: Funtap via Shutterstock

"Midnight Blizzard," a threat group linked to Russia's foreign intelligence service, is stoking more concern than usual for both its sheer scope and its use of a new tactic for harvesting information and gaining control of victim systems.

Microsoft this week said its threat intelligence group observed Midnight Blizzard actors sending out thousands of spear-phishing emails to targeted individuals at more than 100 organizations worldwide since Oct. 22.

**Large-Scale Campaign**

Besides its wide scope, the campaign is noteworthy for Midnight Blizzard's use of a digitally signed Remote Desktop Protocol (RDP) configuration file in its spear-phishing emails. The RDP file connects to a server controlled by a threat actor; when the file is opened, it allows the attacker to harvest user credentials and detailed system information to aid further exploit activity.

"The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of zero trust," Microsoft said on its threat intelligence group blog this week. "Microsoft has observed this campaign targeting governmental agencies, higher education, defense, and non-governmental organizations in dozens of countries, but particularly in the UK, Europe, Australia, and Japan."

Midnight Blizzard — aka Cozy Bear, APT29, and UNC2452 — has been the proverbial thorn in the side of security organizations for some years now. The group's many victims include SolarWinds, Microsoft, HPE, multiple US federal government agencies, and diplomatic entities worldwide. Its well-documented tactics, techniques, and procedures (TTPs) include using spear phishing, stolen credentials, and supply chain attacks for initial access. Midnight Blizzard actors have also targeted vulnerabilities in widely used networking and collaboration technologies such as those from Fortinet, Pulse Secure, Citrix, and Zimbra to gain an initial toehold on a target network.

**Bidirectional Connection**

The RDP file in the Microsoft, AWS, and zero-trust themed emails in Midnight Blizzard's latest campaign allows the attacker to establish a quick, bidirectional connection with a compromised device. The threat actor is using it to harvest a range of information including user credentials, files, and directories on the victim system and connected network drives; information from connected smart cards and other peripherals; Web authentication credentials; and clipboard data. The RDF file is signed with a LetsEncrypt certificate to lend it an air of legitimacy. "This access could enable the threat actor to install malware on the target's local drive(s) and mapped network share(s), particularly in AutoStart folders, or install additional tools such as remote access Trojans (RATs) to maintain access when the RDP session is closed," Microsoft cautioned.

Stephen Kowski, field CTO at SlashNext, says Midnight Blizzard's use of signed RDP files in its current campaign is significant. Signed RDP files can bypass traditional security controls since they appear to come from a legitimate source, he points out.

"This technique is particularly cunning because RDP files are commonly used in business environments, making them less likely to raise immediate suspicion, while the legitimate signature helps evade standard malware detection systems," he says. He advocates that organizations scan all email attachments in real time, with a particular focus on RDP files and other seemingly legitimate Microsoft-related content. "The use of legitimately signed files creates a significant blind spot for conventional security tools that rely heavily on signature-based detection or reputation scoring," Kowski advises.

**Mitigating the Threat**

Microsoft has released a list of indicators of compromise for the new Midnight Blizzard campaign, including email sender domains, RDP files, and RDP remote computer domains. It has recommended that security teams review their organizational email security settings and antivirus and anti-phishing measures; turn on Safe Links and Safe Attachments settings in Office 365; and enable measures for quarantining sent email if needed. Other recommendations include using firewalls to block RDP connections, implementing multifactor authentication, and strengthening endpoint security configurations.

Venky Raju, field CTO at ColorTokens, says the campaign is a reminder why organizations need to maintain a tight rein over the use of Microsoft's remote desktop. While it can be useful to share devices, folders, and clipboard content over an RDP session, it gives attackers a way into a user's device. "Signing the RDP configuration file may prevent email security systems from classifying the email as having a suspicious link or attachment. It may also reduce the warnings presented by the RDP client," he points out.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

'Midnight Blizzard' Targets Networks With Signed RDP Files

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for…

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for popular software. The malware steals Facebook credentials, hijacks accounts espicially those administrating business pages, and spreads further attacks globally.

A new malvertising campaign is exploiting Meta’s advertising platform to spread the **SYS01 infostealer**, a cybersecurity threat known to Meta and particularly Facebook users for stealing their personal information.

What makes this attack targeted is that millions of users globally, specifically men aged 45 and above, are potential victims of this ongoing attack, which cleverly disguises itself as advertisements for popular software, games, and online services.

This campaign, first detected in September 2024, stands out due to its impersonation tactics and popular brands that it exploits. Instead of focusing on a single lure, the attackers mimic a broad range of trusted brands, including productivity tools like Office 365, creative software like Canva and Adobe Photoshop, VPN services like ExpressVPN, streaming platforms like Netflix, messaging apps like Telegram, and even popular video games like Super Mario Bros Wonder.

****How the Attack Works:****

According to Bitdefender’s **blog post** shared with Hackread.com ahead of publishing on Wednesday, the malicious ads often lead to MediaFire links offering direct downloads of seemingly legitimate software. These downloads, packaged as zip archives, contain a malicious Electron application.

Once executed, this application drops and **runs the SYS01 infostealer**, often while displaying a decoy app that mimics the advertised software. This deceptive tactic makes it difficult for victims to realize they’ve been compromised.

For your information, an Electron application is a type of desktop app built with web technologies like HTML, CSS, and JavaScript. Electron is an open-source framework developed by GitHub that allows developers to create cross-platform applications that run on Windows, macOS, and Linux, all from a single codebase.

In this attack however, behind the scenes, the Electron app uses obfuscated Javascript code and a standalone 7zip executable to extract a password-protected archive containing the core malware components. This archive includes PHP scripts responsible for **installing the infostealer** and establishing persistence on the victim’s system. The malware also incorporates anti-sandbox checks to evade detection by security researchers.

****Stealing Data and Hijacking Accounts:****

The primary goal of the SYS01 infostealer is to harvest Facebook credentials, particularly those associated with business accounts. These compromised accounts are then used to further attacks/scams.

What’s worse, the attack also leverages the advertising capabilities of hijacked accounts, allowing attackers to create **new malicious ads** that appear more legitimate and easily bypass security filters. This creates a self-sustaining cycle where stolen accounts are used to spread the malware even further. The stolen credentials are also likely sold on underground marketplaces, further enriching the criminals.

Fake Netflix, Super Mario Bros. Wonder, and other malicious ads are currently being used in the campaign (Via Bitdefender)

****Global Reach and Protection****

While the campaign has a global reach, impacting users in the EU, North America, Australia, and Asia, Bitdefender could not verify the full extent of its impact, especially outside the EU, which remains unclear due to limited data transparency.

Nevertheless, if you are on Facebook—especially if you run a business page—you must watch out for SYS01 Infostealer and **similar threats**. While using common sense is essential, here are some vital steps you should take:

1.  **Monitor your accounts:** Regularly check your Facebook and other social media accounts for suspicious activity. Report any unauthorized access immediately and change your passwords.
2.  **Be wary of ads:** Exercise caution when clicking on ads, especially those offering free downloads or deals that seem too good to be true. Verify the source before downloading any software.
3.  **Stick to official sources:** Download software directly from official websites or trusted app stores. Avoid third-party platforms and file-sharing services.
4.  **Use strong security software:** Install reputable security software and keep it updated. Choose a solution that offers real-time protection and advanced threat detection.
5.  **Enable two-factor authentication (2FA):** Activate 2FA on your Facebook and other important online accounts for added security.

1.  **Fake GTA VI Beta Download Spreads Malware**
2.  **ALPHV Ransomware Uses Google Ads to Target Victims**
3.  **Fake WhatsApp clone steals crypto on Android and Windows**
4.  **Facebook, Meta, Apple, Amazon Most Impersonated in Scams**
5.  **Fake ChatGPT and Facebook Ads Used in DNS Investment Scam**

Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

PRESS RELEASE

DALLAS, Oct. 29, 2024 (GLOBE NEWSWIRE) -- MEF, a global consortium of network, cloud, security, and technology providers driving enterprise digital transformation, today announced significant advancements in its MEF 3.0 Secure Access Service Edge (SASE) Certification Program. Technology providers Fortinet and Versa have achieved full SASE certification, while service providers AT&T, BT, Colt, Comcast Business, Console Connect, Liberty Latin America, Lumen, Orange Business, TPG, and Verizon have also earned full SASE certification. Additionally, technology providers Broadcom Inc. and Palo Alto Networks, and service provider Sparkle, are expected to achieve full SASE certification shortly. Organizations that achieve SASE certification through MEF’s rigorous independent program receive a rating on product effectiveness and are listed in MEF’s registry of certified companies. SASE certification is now available to all MEF members.

"As cyber threats continue to escalate in complexity and frequency, enterprises need absolute confidence in their security solutions,” said Nan Chen, Chief Executive Officer, MEF. “MEF's independent SASE certification program provides that assurance, enabling organizations to choose validated solutions that protect their digital assets and support their transformation initiatives."

Validated Security for the Enterprise   
MEF's comprehensive certification program addresses today's critical cybersecurity threats through rigorous testing of SASE, which includes Software-Defined Wide Area Network (SD-WAN), Security Service Edge (SSE), and Zero Trust (ZT) capabilities. The program is delivered in partnership with CyberRatings.org (CRO), a world-class testing laboratory that ensures transparency and confidence in cybersecurity solutions.

Technology providers must successfully complete all three certification modules to achieve full SASE certification. Service providers can achieve certification by integrating MEF-certified technology solutions, ensuring enterprise customers can trust the security and performance of their provider's ecosystem.

"Building secure, high-performing networks is critical to enterprise success,” said Pascal Menezes, Chief Technology Officer, MEF. “By achieving SASE certification, technology and service providers are proving their commitment to delivering reliable, scalable, and secure solutions."

Setting the Standard for Network Security   
The certification program validates compliance with MEF standards, including MEF SD-WAN (MEF 70.1) and industry-first standards for SASE (MEF 117) and Zero Trust (MEF 118). Certified solutions receive detailed ratings displayed in MEF's certification registry, enabling enterprises to make informed decisions about their security investments.

As SASE becomes central to Network-as-a-Service (NaaS) offerings, certified solutions give enterprises confidence in the cybersecurity embedded within their network environments. To help organizations navigate this landscape, MEF recently released its "State of the Industry Report: SASE – Validating Cyber Defense in an Era of Unprecedented Threats."

More information about MEF’s SASE certification program can be found here.

SASE certifications and advancements will be featured at MEF’s Global Network-as-a-Service Event (GNE) from Oct 28–30, 2024, in Dallas, Texas. Visit gne.mef.net.

About MEF  
MEF is a global consortium of service, cloud, cybersecurity, and technology providers collaborating to accelerate enterprise digital transformation. It delivers standards-based frameworks, services, technologies, APIs, and certification programs to enable Network-as-a-Service (NaaS) across an automated ecosystem. MEF is the defining authority for certified Lifecycle Service Orchestration (LSO) business and operational APIs and Carrier Ethernet, SASE, SD-WAN, Zero Trust, and Security Service Edge (SSE) technologies and services. MEF’s Global NaaS Event (GNE) convenes industry leaders building, delivering and consuming the next generation of NaaS solutions. For more information about MEF, visit MEF.net and follow us on LinkedIn, Twitter and YouTube.

15 Leading Technology and Service Providers Achieve SASE Certification

PRESS RELEASE

TEMPE, Ariz. and PRAGUE, Oct. 29, 2024 /PRNewswire/ -- Holiday shopping is in full swing, with over 60% of Americans ready to click "add to cart" for most of their purchases this holiday season. But it's not just shoppers gearing up – scammers are, too. Nearly half (48%) of U.S. consumers report being targeted by a scam while holiday shopping online, according to the 2024 Norton Cyber Safety Insights Report: Holiday. Additionally, more than half (53%) of Americans are worried about Black Friday and Cyber Monday shopping scams. Norton, a consumer Cyber Safety brand of Gen (NASDAQ: GEN), encourages people to take time on Cyber Safety Sunday, December 1st, to prepare to safely shop online this holiday season and bolster their defenses against cybercriminals and scammers.

'Tis the Season for Shopping and Scamming

Cyber Safety Sunday is observed the Sunday after Thanksgiving and is a day for shoppers to take proactive steps to prioritize their online safety ahead of shopping Cyber Week deals, booking holiday travel, and more. Nearly half of Americans (48%) will do most of their holiday shopping between Black Friday and Cyber Monday – making it not only the busiest time of the year for shoppers – but also scammers. Thirty percent of Americans say they have been targeted by a scam while holiday shopping online. Of the two fifths (43%) who fell victim, 30% report the scam happened on Black Friday, 11% on Cyber Monday and 30% on Christmas.

"The holidays can be a hectic time, and when we are busy or looking for ways to save money, sometimes we let our guard down," said Leyla Bilge for Norton. "This Cyber Safety Sunday, we encourage everyone to take a few simple steps that will go a long way to help you stay safe online this season. Stick to sites you trust, stay educated on common scams, update passwords, set fraud alerts and always think twice before sharing your personal information. Give yourself the gift of peace of mind knowing you're prepared."

Rising Concerns Over Cyber Grinches 

Of the 90% of Americans buying gifts to spread holiday cheer, 60% will be clicking "add to cart" for most of their presents this season. While online shopping is fun and convenient, the rise in online crime has made shoppers feel less merry and more wary about their online safety. In fact, 62% are concerned about becoming victims of cybercrime this season, with 47% specifically worried about falling for a sophisticated holiday shopping scam. A look deeper into Norton's data reveals concerns rising from last year:

*   71% of US consumers are concerned about their personal details being compromised, up 8% YoY. 
    
*   59% are concerned about being scammed by a 3rd party retailer, up 9% YoY. 
    
*   59% are concerned about AI shopping scams, up 11% YoY. 
    

Decking the Halls with Discounts 

With the costs of many goods on the rise, everyone's looking to stretch their holiday budgets a little further, resulting in 87% of U.S. online shoppers spending extra time to look for discount codes. However, it is important to be aware of the information you offer to gain access to these deals, as it can lead to significant privacy risks.  When you enter personal details, such as your name, email or payment information to redeem a discount code, that data could fall into the wrong hands if the website is not secure. Some scammers also create fake promotions or clone legitimate retailer websites to trick consumers into submitting their information, which they can then use for identity theft, financial fraud or to sell on the dark web.

Norton discovered that two thirds (67%) of people have taken some action to receive a discount code. Of these deal seekers, 57% signed up for a mailing list, 39% answered a survey and 30% liked a post or posted on social media. Nearly two-thirds (65%) of people were willing to give personal information including their email (91%), phone number (52%) or home address (35%).

It's no coincidence that while shoppers are keen for discounts, malvertising and adware are the cyber threats that increase the most dramatically during the holiday season. During last year's holiday shopping season, Gen data reveals a 53% increase in malvertising attacks – malicious ads often seen by consumers when searching for something such as sales. Adware – malicious software often distributed via malvertising – increased by 227% over the same period.

To stay safe, try to find codes directly from the retailer and not third-party providers. Consider using an alternative email address that you don't typically use for daily, personal life. Products such as Norton AntiTrack can create these emails for you in a single click. Think twice: Is the discount worth potentially compromising your digital safety or identity?

Enlisting AI Holiday Helpers 

Both retailers and consumers are using AI tools to help ease the stress of holiday shopping. Nearly a quarter of people (23%) have interacted with an AI chatbot or assistant and 43% have noticed AI-enhanced search results with personal recommendations while shopping.

While 36% of Americans say that AI recommendations are helpful and could enhance their online shopping experience, most shoppers are still resistant to AI. Fifty-seven percent of people say they would abandon their carts if they could only speak with a chatbot rather than a real customer service representative. Only 26% of shoppers trust AI to handle their personal information securely, and 37% who have interacted with an AI chatbot while holiday shopping online report receiving inaccurate information.

Sleighing Suspicious Social Media Ads 

Despite general distrust in social media sites, shoppers continue to click on social ads to purchase holiday gifts. Thirty-seven percent of Americans have purchased a holiday gift from a social ad, with these buyers mainly purchasing through Facebook (60%), Instagram (48%) and TikTok (40%).

Clicking on social media ads can expose people to unnecessary risks such as phishing attacks, malware infections and privacy breaches. Fraudulent ads may lead to fake websites that steal personal information or payment details, and some may download harmful or malicious software onto your device. Despite these risks, 20% of people are still willing to click on a social media ad or email claiming to offer a gift—reminding us all that some "holiday deals" belong on the naughty list.

This Cyber Safety Sunday, take control of your Cyber Safety by using AI to spot scams. Norton Genie is an AI-powered app that provides a fast, easy and free way to check if a message, like an email offering a holiday discount, is a scam. Genie can also review social media links and other suspicious web links, such as those that direct people to track deliveries for holiday gifts, offer gift cards or steer people to fake third-party websites and confirm whether the information or offer is malicious.

Visit Norton.com this Cyber Safety Sunday and throughout the holidays to learn how you can prepare for a safe shopping season and find out about the top scams and more holiday shopping insights in the 2024 Norton Cyber Safety Insights Report: Holiday.

About the 2024 Norton Cyber Safety Insights Report: Holiday 

The study was conducted online within the United States by Dynata on behalf of Gen from August 30th to September 11th, 2024 among 1,000 adults ages 18 and older. Data is weighted where necessary by age, gender and region, to be nationally representative. 

About Norton

Norton is a leader in Cyber Safety, and part of Gen™ (NASDAQ: GEN), a global company dedicated to powering Digital Freedom with a family of trusted consumer brands. Norton empowers millions of individuals and families with award-winning protection for their devices, online privacy, and identity. Norton products and services are certified by independent testing organizations including AV-TEST, AV-Comparatives, and SE Labs. Norton is a founding member of the Coalition Against Stalkerware. Learn more at https://us.norton.com/.

Norton Report Reveals Nearly Half of US Consumers Were Targeted by a Scam While Online Shopping

PRESS RELEASE

RALEIGH, N.C., Oct. 28, 2024 /PRNewswire-PRWeb/ -- ALL THINGS OPEN 2024 -- After a year-long, global, community design process, the Open Source Definition (OSAID) v.1.0 is available for public use.

The release of version 1.0 was announced today at All Things Open 2024, an industry conference focused on common issues of interest to the worldwide Open Source community. The OSAID offers a standard by which community-led, open and public evaluations will be conducted to validate whether or not an AI system can be deemed Open Source AI. This first stable version of the OSAID is the result of multiple years of research and collaboration, an international roadshow of workshops, and a year-long co-design process led by the Open Source Initiative (OSI), globally recognized by individuals, companies and public institutions as the authority that defines Open Source.

"The co-design process that led to version 1.0 of the Open Source AI Definition was well-developed, thorough, inclusive and fair," said Carlo Piana, OSI board chair. "It adhered to the principles laid out by the board, and the OSI leadership and staff followed our directives faithfully. The board is confident that the process has resulted in a definition that meets the standards of Open Source as defined in the Open Source Definition and the Four Essential Freedoms, and we're energized about how this definition positions OSI to facilitate meaningful and practical Open Source guidance for the entire industry."

"The new definition requires Open Source models to provide enough information about their training data so that a 'skilled person can recreate a substantially equivalent system using the same or similar data,' which goes further than what many proprietary or ostensibly Open Source models do today," said Ayah Bdeir, who leads AI strategy at Mozilla. "This is the starting point to addressing the complexities of how AI training data should be treated, acknowledging the challenges of sharing full datasets while working to make open datasets a more commonplace part of the AI ecosystem. This view of AI training data in Open Source AI may not be a perfect place to be, but insisting on an ideologically pristine kind of gold standard that will not actually be met by any model builder could end up backfiring."

"We welcome OSI's stewardship of the complex process of defining Open Source AI," said Liv Marte Nordhaug, CEO of the Digital Public Goods Alliance (DPGA) secretariat. "The Digital Public Goods Alliance secretariat will build on this foundational work as we update the DPG Standard as it relates to AI as a category of DPGs."

"Transparency is at the core of EleutherAI's non-profit mission. The Open Source AI Definition is a necessary step towards promoting the benefits of Open Source principles in the field of AI," said Stella Biderman, executive director at the EleutherAI Institute. "We believe that this definition supports the needs of independent machine learning researchers and promotes greater transparency among the largest AI developers."

"Arriving at today's OSAID version 1.0 was a difficult journey, filled with new challenges for the OSI community," said OSI Executive Director, Stefano Maffulli. "Despite this delicate process, filled with differing opinions and uncharted technical frontiers—and the occasional heated exchange—the results are aligned with the expectations set out at the start of this two-year process. This is a starting point for a continued effort to engage with the communities to improve the definition over time as we develop with the broader Open Source community the knowledge to read and apply OSAID v.1.0."

The text of the OSAID v.1.0 as well as a partial list of the many global stakeholders who endorse the definition can be found here:

https://opensource.org/ai

About the Open Source Initiative   
Founded in 1998, the Open Source Initiative (OSI) is a non-profit corporation with global scope formed to educate about and advocate for the benefits of Open Source and to build bridges among different constituencies in the Open Source community. It is the steward of the Open Source Definition and the Open Source AI Definition, setting the foundation for the global Open Source ecosystem. Join and support the OSI mission today at https://opensource.org/join.

The Open Source Initiative Announces Open Source AI Definition

PRESS RELEASE

NEW YORK, Oct. 28, 2024 /PRNewswire/ -- Casap, a disputes automation and fraud prevention platform, has raised $8.5 million to scale the first AI-powered solution for banks, credit unions and fintechs to intelligently tackle first-party fraud and automate disputes and chargebacks. The recent round was led by Lightspeed Venture Partners with participation from Primary Venture Partners, Commerce Ventures, Curql, Alloy Labs, and notable fintech founders and execs from Chime, Robinhood, Square, Current, Novo, and Alloy. The funding will enable Casap to continue to scale its AI decisioning, helping financial institutions reduce operational costs, curb fraud-related losses, and transform the consumer experience.

"The surge in first-party fraud and dispute volumes are overwhelming financial institutions," said Shanthi Shanmugam, co-founder and CEO of Casap. "Our platform helps banks, credit unions and fintechs meet these challenges head-on with intelligent automation that delivers fast, frictionless dispute resolution at a fraction of today's cost. By empowering institutions to identify fraudulent claims early and resolve legitimate cases swiftly, Casap is transforming what is often a frustrating customer service experience into an opportunity to build consumer loyalty."

Financial institutions are under immense pressure to resolve the 238 million chargebacks that emerge annually, most of which take 45-90 days to resolve. First-party fraud has consistently risen year over year since COVID, with more consumers disputing legitimate charges to avoid payment. This surge, combined with a growing tendency to file disputes directly with payment providers instead of merchants, has led to overwhelming volumes and substantial financial losses. Institutions are forced to hire large teams, navigate complex regulations, and outsource chargebacks yet still struggle to meet consumer expectations — 50% of consumers will switch banks if they are not getting the service they want and expect, leading to long-term attrition and escalating costs.

Casap's AI-powered automations and proprietary "first-party fraud score", similar to an industry-standard FICO score, combine to resolve a dispute end-to-end without human intervention. The platform intelligently analyzes evidence, predicts outcomes, and automates key actions — such as issuing credits, filing chargebacks, and responding to merchants — while using its fraud score to identify suspicious consumers and merchants to proactively reduce disputes.

"Our team was impressed by the deep expertise Shanthi and Saisi brought to what is a cross-industry problem with significant scale. The company's early momentum is a promising indication of the type of compounding technological innovation we look for," says Aaron Frank, Partner at Lightspeed.

Casap's chargeback model, the first of its kind, includes publicly available weights — putting Casap at the forefront of innovation and sets a new standard for transparency in the industry. With built-in regulatory expertise and key integrations, Casap's advanced AI and decisioning capabilities cut resolution times from days to minutes, driving significant cost savings and enhancing operational efficiency for financial institutions.

Casap is already delivering measurable results for customers across the payments ecosystem, from major fintechs and established institutions like Chartway Credit Union to Banking-as-a-Service providers and sponsor banks.

"Before Casap, our team lacked the tools to effectively resolve disputes or file chargebacks, leading to a negative member experience and limited ability to improve the process," said Karin Collier, Director of Card Services at Chartway Credit Union. "Partnering with Casap has revolutionized how we think about disputes. With Casap's built-in regulatory expertise and AI-powered automation, we get to drive fast, accurate dispute outcomes, catch friendly fraud early, achieve higher NPS, all while seeing an immediate positive impact on our bottom line. Casap's customizability helps us adapt quickly to evolving needs, fraud trends, and transforms the way we work across the credit union. With Casap, AI is more than a tool—it's the engine driving our mission to create an unparalleled member experience. We're excited to continue partnering with Casap to transform how we operate across the back-office and set a new benchmark for exceptional member service."

"Choosing Casap as our multi-year partner for disputes and fraud management was an easy decision," continues Collier. "The partnership delivers immediate impact, with 29% cost savings from day one with even greater efficiencies projected just a month out. More importantly, Casap enables us to build trust by offering our members a fast, seamless self-service experience that sets a new standard for dispute resolution."

Casap is committed to making its platform the best-in-class solution for resolving disputes and chargebacks, helping customers achieve results up to four times faster than competitors in the space.

"Consumer trust is the lifeblood of financial institutions," Shanmugam continues. "Casap gives banks, credit unions and fintechs the tools they need to resolve genuine disputes quickly, while curbing the rising costs of fraud. We're not just solving a back-office problem—we're reshaping how institutions build trust and loyalty in the face of fraud."

Before founding Casap, Shanthi Shanmugam and Saisi Peter spent years driving innovation at fintech powerhouses Chime and Robinhood, with a focus on delivering seamless, consumer-first experiences. Their expertise in revolutionizing the way we operate payments has fueled Casap's rapid growth and early momentum.

Casap has also been recognized by industry leaders, winning the NACUSO 2024 Next Big Idea Competition.

About

Casap is an AI-powered disputes automation and fraud prevention platform. With built-in regulatory expertise and network integrations, Casap's intelligent automation identifies fraudulent claims early and delivers fast, frictionless dispute and chargeback resolution at a fraction of today's cost. Growing financial institutions use Casap to scale with a triple shield — back office efficiencies, fraud protection, and consumer delight. Casap is backed by top-tier VCs and notable fintech founders. Learn more at casaphq.com.

Casap Secures $8.5M in Funding

Russian state-sponsored hackers Cozy Bear are targeting over 100 organizations globally with a new phishing campaign. This sophisticated…

Russian state-sponsored hackers Cozy Bear are targeting over 100 organizations globally with a new phishing campaign. This sophisticated attack uses signed RDP files disguised as legitimate documents to gain remote access and steal sensitive data. Learn how to protect yourself and your organization from this threat.

Microsoft has revealed that the Russian state-sponsored threat actor Cozy Bear (or APT29, UNC2452, and Midnight Blizzard) has launched a new phishing campaign targeting over 100 organizations worldwide, especially Ukraine, the United States and Europe.

The campaign, active since October 22, 2024, involves highly targeted emails designed to trick users into opening malicious files, ultimately granting the attackers access to sensitive information.

The attackers are mainly focusing on organizations in critical sectors such as government, defence, academia, and non-governmental organizations. This aligns with Cozy Bear’s previous pattern of targeting entities holding valuable intelligence.

****What’s new this time?****

Cozy Bear is using a never-before-seen approach involving signed Remote Desktop Protocol (RDP) configuration files. These apparently harmless files are sent as attachments in phishing emails, often disguised with lures related to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust. The emails are composed with sophistication, even impersonating Microsoft employees to enhance their credibility.

****How does it work?****

According to Microsoft’s blog post shared with Hackread.com ahead of publishing, when a user opens the malicious RDP file, a connection is established to a server controlled by Cozy Bear.

This connection grants the attackers access to a wide range of resources on the victim’s device, including files, connected peripherals, clipboard data, and even authentication features. This access can be exploited to install malware, steal sensitive data, and maintain persistent access even after the RDP session is closed.

****What’s at risk?****

The potential consequences of a successful attack are significant. Cozy Bear could gain access to confidential government information, intellectual property, and sensitive data belonging to various organizations. The compromised devices could also be used as launchpads for further attacks, potentially spreading the infection to other connected systems.

Patrick Harr, CEO of Pleasanton, Calif.-based SlashNext Email Security+, commented on the recent developments, warning organizations about the increasing sophistication of phishing attacks.

_“_This attack once again highlights that phishing continues to be the most dangerous threat to your organization which is why companies must not only continuously train their users, they must also employ AI detection and phishing sandboxes for malicious links and files directly in their email, collaboration and messaging apps,_“_ Patrick advised.

_“_These new sophisticated attacks, many of them AI-generated, evade current secure email gateways (SEGs) and even Microsoft Defender for Office. The only way organizations can defend themselves is by using AI to prevent these attacks before successful breaches._“_

Microsoft, along with CERT-UA and Amazon, has confirmed the ongoing campaign and is working to notify affected customers. Cybersecurity experts urge organizations and individuals to be alert, especially when dealing with emails containing attachments or requests for remote access.

Additionally, enabling multi-factor authentication, using phishing-resistant authentication methods, and educating users about these phishing techniques are important steps in mitigating this attack.

1.  TeamViewer Confirms Breach by Midnight Blizzard
2.  Midnight Blizzard Hacked UK Home Office via Microsoft
3.  Midnight Blizzard Hackers Hit MS Teams in Precision Attack
4.  Iranian Hackers Hit Microsoft 365 Users with MFA Push Bombing
5.  Russian Malware Attack Hits Ukrainian Military Recruits via Telegram

Tag

#git