The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.

The eye-popping scandal surrounding the Trump cabinet’s accidental invitation to The Atlantic’s editor in chief to join a text-message group secretly planning a bombing in Yemen has rolled into its third day, and that controversy now has a name: SignalGate, a reference to the fact that the conversation took place on the end-to-end encrypted free messaging tool Signal.

As that name becomes a shorthand for the biggest public blunder of the second Trump administration to date, however, security and privacy experts who have promoted Signal as the best encrypted messaging tool available to the public want to be clear about one thing: SignalGate is not about Signal.

Since The Atlantic’s editor, Jeffrey Goldberg, revealed Monday that he was mistakenly included in a Signal group chat earlier this month created to plan US airstrikes against the Houthi rebels in Yemen, the reaction from the Trump cabinet’s critics and even the administration itself has in some cases seemed to cast blame on Signal for the security breach. Some commentators have pointed to reports last month of Signal-targeted phishing by Russian spies. National security adviser Michael Waltz, who reportedly invited Goldberg to the Signal group chat, has even suggested that Goldberg may have hacked into it.

On Wednesday afternoon, even President Donald Trump suggested Signal was somehow responsible for the group chat fiasco. “I don't know that Signal works,” Trump told reporters at the White House. “I think Signal could be defective, to be honest with you.”

The real lesson is much simpler, says Kenn White, a security and cryptography researcher who has conducted audits on widely used encryption tools in the past as the director of the Open Crypto Audit Project: Don’t invite untrusted contacts into your Signal group chat. And if you’re a government official working with highly sensitive or classified information, use the encrypted communication tools that run on restricted, often air-gapped devices intended for a top-secret setting rather than the unauthorized devices that can run publicly available apps like Signal.

“Unequivocally, no blame in this falls on Signal,” says White. “Signal is a communication tool designed for confidential conversations. If someone's brought into a conversation who’s not meant to be part of it, that's not a technology problem. That's an operator issue.”

Cryptographer Matt Green, a professor of computer science at Johns Hopkins University, puts it more simply. “Signal is a tool. If you misuse a tool, bad things are going to happen,” says Green. “If you hit yourself in the face with a hammer, it’s not the hammer’s fault. It’s really on you to make sure you know who you’re talking to.”

The only sense in which SignalGate _is_ a Signal-related scandal, White adds, is that the use of Signal suggests that the cabinet-level officials involved in the Houthi bombing plans, including secretary of defense Pete Hegseth and director of national intelligence Tulsi Gabbard, were conducting the conversation on internet-connected devices—possibly even including personal ones—since Signal wouldn’t typically be allowed on the official, highly restricted machines intended for such conversations. “In past administrations, at least, that would be absolutely forbidden, especially for classified communications,” says White.

Indeed, using Signal on internet-connected commercial devices doesn’t just leave communications open to anyone who can somehow exploit a hackable vulnerability in Signal, but anyone who can hack the iOS, Android, Windows, or Mac devices that might be running the Signal mobile or desktop apps.

This is why US agencies in general, and the Department of Defense in particular, conduct business on specially managed federal devices that are specially provisioned to control what software is installed and which features are available. Whether the cabinet members had conducted the discussion on Signal or another consumer platform, the core issue was communicating about incredibly high-stakes, secret military operations using inappropriate devices or software.

One of the most straightforward reasons that communication apps like Signal and WhatsApp are not suitable for classified government work is that they offer “disappearing message” features—mechanisms to automatically delete messages after a preset amount of time—that are incompatible with federal record retention laws. This issue was on full display in the principals’ chat about the impending strike on Yemen, which was originally set for one-week auto-delete before the Michael Waltz account changed the timer to four-week auto-delete, according to screenshots of the chat published by The Atlantic on Wednesday. Had The Atlantic’s Goldberg not been mistakenly included in the chat, its contents might not have been preserved in accordance with long-standing government requirements.

In congressional testimony on Wednesday, US director of national intelligence Tulsi Gabbard said that Signal can come preinstalled on government devices. Multiple sources tell WIRED that this is not the norm, though, and noted specifically that downloading consumer apps like Signal to Defense Department devices is highly restricted and often banned. The fact that Hegseth, the defense secretary, participated in the chat indicates that he either obtained an extremely unusual waiver to install Signal on a department device, bypassed the standard process for seeking such a waiver, or was using a non-DOD device for the chat. According to political consultant and podcaster FP Wellman, DOD “political appointees” demanded that Signal be installed on their government devices last month.

Core to the Trump administration’s defense of the behavior is the claim that no classified material was discussed in the Signal chat. In particular, Gabbard and others have noted that Hegseth himself is the classification authority for the information. Multiple sources tell WIRED, though, that this authority does not make a consumer application the right forum for such a discussion.

“The way this was being communicated, the conversation had no formal designation like 'for official use only' or something. But whether it should have been classified or not, whatever it was, it was obviously sensitive operational information that no soldier or officer would be expected to release to the public—but they had added a member of the media into the chat,” says Andy Jabbour, a US Army veteran and founder of the domestic security risk-management firm Gate 15.

Jabbour adds that military personnel undergo annual information awareness and security training to reinforce operating procedures for handling all levels of nonpublic information. Multiple sources emphasize to WIRED that while the information in the Yemen strike chat appears to meet the standard for classification, even nonclassified material can be extremely sensitive and is typically carefully protected.

“Putting aside for a moment that classified information should never be discussed over an unclassified system, it’s also just mind-boggling to me that all of these senior folks who were on this line and nobody bothered to even check, security hygiene 101, who are all the names? Who are they?” US senator Mark Warner, a Virginia Democrat, said during Tuesday’s Senate Intelligence Committee hearing.

According to The Atlantic, 12 Trump administration officials were in the Signal group chat, including vice president JD Vance, secretary of state Marco Rubio, and Trump adviser Susie Wiles. Jabbour adds that even with ​​decisionmaking authorities present and participating in a communication, establishing an information designation or declassifying information happens through an established, proactive process. As he puts it, “If you spill milk on the floor, you can’t just say, ‘That’s actually not spilled milk, because I intended to spill it.’”

All of which is to say, SignalGate raises plenty of security, privacy, and legal issues. But the security of Signal itself is not one of them. Despite that, in the wake of The Atlantic’s story on Monday, some have sought tenuous connections between the Trump cabinet’s security breach and Signal vulnerabilities. On Tuesday, for example, a Pentagon adviser echoed a report from Google’s security researchers, who alerted Signal earlier this year to a phishing technique that Russian military intelligence used to target the app’s users in Ukraine. But Signal pushed out an update to make that tactic—which tricks users into adding a hacker as a secondary device on their account—far harder to pull off, and the same tactic also targeted some accounts on the messaging services WhatsApp and Telegram.

“Phishing attacks against people using popular applications and websites are a fact of life on the internet,” Signal spokesperson Jun Harada tells WIRED. “Once we learned that Signal users were being targeted, and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks. This work was completed months ago."

In fact, says White, the cryptography researcher, if the Trump administration is going to put secret communications at risk by discussing war plans on unapproved commercial devices and freely available messaging apps, they could have done much worse than to choose Signal for those conversations, given its reputation and track record among security experts.

“Signal is the consensus recommendation for highly at-risk communities—human rights activists, attorneys, and confidential sources for journalists,” says White. Just not, as this week has made clear, executive branch officials planning airstrikes.

_Updated at 5:50 pm ET, March 25, 2025: Added remarks about Signal by President Trump._

SignalGate Isn’t About Signal

About Remote Code Execution – Veeam Backup & Replication (CVE-2025-23120) vulnerability. Veeam B&R is a client-server software solution for centralized backup of virtual machines in VMware vSphere and Microsoft Hyper-V environments. A deserialization flaw (CWE-502) lets an attacker run arbitrary code on a Veeam server. The necessary conditions: the Veeam server must be part of […]

**About Remote Code Execution – Veeam Backup & Replication (CVE-2025-23120) vulnerability.** Veeam B&R is a client-server software solution for centralized backup of virtual machines in VMware vSphere and Microsoft Hyper-V environments.

A deserialization flaw (CWE-502) lets an attacker run arbitrary code on a Veeam server. The necessary conditions: the Veeam server must be part of an Active Directory domain, and the attacker must be authenticated in this domain.

The vendor’s security advisory was released on March 19. The next day, on March 20, WatchTowr Labs published an analysis of the vulnerability. A PoC exploit is expected to appear soon.

Veeam products were widely deployed in Russia until 2022, and many active installations likely remain.

❗️ Compromising the backup system could severely delay infrastructure recovery following a ransomware attack. 😉

Upgrade to version 12.3.1 and, if possible, disconnect the B&R server from the domain.

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

About Remote Code Execution – Veeam Backup & Replication (CVE-2025-23120) vulnerability

Ramat Gan, Israel, 25th March 2025, CyberNewsWire

**Ramat Gan, Israel, March 25th, 2025, CyberNewsWire**

CYREBRO, the AI-native Managed Detection and Response (MDR), today announced its recognition as a leading detection and response startup in the Gartner report, Emerging Tech: Techscape for Detection and Response Startups. This acknowledgment highlights CYREBRO’s innovative approach to cybersecurity, leveraging advanced technology and expert analysis to combat evolving cyber threats.

Among the key findings in the report:

*   Startups are experimenting with generative AI (GenAI) technologies. The use of AI agents/AI security operations center (SOC) analysts and GenAI remediation recommendations has become crucial for staying ahead of evolving threats.
*   The preemptive cybersecurity approach to detection and response has gained momentum, with startups working across complex threat intelligence, adopting purple team cultures, and improving their strategic industry offerings.

CYREBRO has been identified as a key startup in the preemptive cybersecurity category, which highlights companies with a proactive strategy designed to prevent, disrupt, or deter cyberattacks before they can achieve their goals. CYREBRO’s inclusion validates its commitment to delivering comprehensive future-proof security solutions, providing organizations with a robust defense against diverse risks and cyberattacks.

> “We are honored to be recognized by Gartner for our emerging technology in the detection and response space,” said Ori Arbel, CTO of CYREBRO. “The report highlights the growing need for innovative detection and response solutions that can effectively address the increasing sophistication of cyberattacks. CYREBRO is committed to empower its partners and customers with cutting-edge solutions.”

CYREBRO’s platform leverages advanced proprietary technology, including AI and machine learning, to precisely detect and respond to threats. By automating the correlation and prioritization of security events, CYREBRO ensures that businesses can focus on critical threats, minimizing disruption and maintaining operational continuity.

Gartner, Emerging Tech: Techscape for Detection and Response Startups, 19 March 2025. Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner members can access the full report here. (For Gartner subscribers only).

**Gartner Disclaimer**

GARTNER is the registered trademark and service mark of Gartner Inc., and/or its affiliates in the U.S. and/or internationally and has been used herein with permission. All rights reserved. Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner’s research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

**About CYREBRO**

CYREBRO is an AI-native, end-to-end Managed Detection and Response (MDR) solution, designed for hands-off or hands-on control through its future-proof SOC platform.

With its advanced Security Data Lake revolutionizing SIEM and SOAR capabilities, CYREBRO includes 24/7 SOC monitoring and threat intelligence, augmented with exceptionally swift incident response and forensic investigations. CYREBRO delivers precision-guided threat detection and response across any tech stack, providing clear, actionable insights to ensure world-class security and compliance.

With comprehensive visibility and expert guidance, CYREBRO empowers over 900 businesses of all sizes to manage threats proactively, enhancing their security posture and delivering full and complete protection.  

**Contact**

**CMO**  
**Gil Harel**  
**CYREBRO**  
**\[email protected\]**

CYREBRO Recognized in Gartner Emerging Tech Report for Detection and Response Startups

Cybercriminals exploit AbyssWorker driver to disable EDR systems, deploying MEDUSA ransomware with revoked certificates for stealthy attacks.

Cybercriminals are exploiting custom and compromised drivers to disable endpoint detection and response (EDR) systems, facilitating undetected malicious activity. Elastic Security Labs (ESL) has identified a financially motivated campaign deploying MEDUSA ransomware, utilizing a loader paired with a revoked certificate-signed driver named AbyssWorker. This driver, originating from a Chinese vendor, is designed to neutralize EDR solutions.

As per ESL’s investigation, shared with Hackread.com, this tactic blinds security tools and allows malicious actors to operate freely, increasing the success rate of their attacks.

The AbyssWorker driver, originating from a Chinese vendor, is a key component in a campaign that installs itself on victim machines and systematically targets and silences various EDR solutions.

“This EDR-killer driver was recently reported by ConnectWise in another campaign, using a different certificate and IO control codes, at which time some of its capabilities were discussed. In 2022, Google Cloud Mandiant disclosed a malicious driver called POORTRY, which we believe is the earliest mention of this driver,” researchers noted in the blog post.

The actual filename of the malicious driver is identified as smuol.sys (a 64-bit Windows PE driver). It cleverly mimics a legitimate CrowdStrike Falcon driver, probably to blend into legitimate system processes. ESL identified multiple samples on VirusTotal dating from August 2024 to February 2025, all signed with revoked certificates from various Chinese companies, including Foshan Gaoming Kedeyu Insulation Materials Co., Ltd and FEI XIAO, among others. These certificates, while widely used across various malware campaigns, are not specific to AbyssWorker.

Upon initialization, AbyssWorker establishes a device and symbolic link, registering callbacks for major functions. A critical defence evasion mechanism involves stripping existing handles to its client process from other processes, preventing external manipulation. It also registers callbacks to deny access to handles of protected processes and threads.

The driver’s core functionality resides in its DeviceIoControl handlers, which execute a range of operations based on I/O control codes. These operations include file manipulation, process and driver termination, and API loading. A password is required to enable the driver’s malicious capabilities. For file operations, AbyssWorker uses I/O Request Packets (IRPs), bypassing standard APIs.

AbyssWorker can remove notification callbacks, replace driver major functions, detach mini-filter devices, terminate processes and threads, and restore hooked NTFS and PNP driver functions. Notably, it can trigger a system reboot using the undocumented HalReturnToFirmware function. These capabilities directly support MEDUSA ransomware’s ability to operate without security interference.

A key obfuscation technique AbyssWorker employs is calling “constant-returning functions” throughout the binary to complicate static analysis. However, Elastic deemed it inefficient, as they are easy to identify and declared it “an inefficient obfuscation scheme.”

Nevertheless, AbyssWorker represents a significant threat, demonstrating the increasing sophistication of kernel-level malware designed to disable security infrastructure. ESL has provided a client implementation example, offering researchers a means to further explore and experiment with this malware. To further aid in detection, Elastic Security has released YARA rules, available on their GitHub repository, enabling security professionals to identify instances of AbyssWorker within their environments.

Thomas Richards, Principal Consultant, Network and Red Team Practice Director at Black Duck, a Burlington, Massachusetts-based provider of application security solutions, commented on the latest development, stating,

_“_The Medusa malware is living up to its name, finding new ways to infect hosts even after one method has been blocked. Using a batch file to disable system services is a short-term ploy as it can be detected and blocked. Security teams should be on alert for any systems that have a time change and review end-user permissions to prevent the user from stopping the time service._“_

Top/Featured Image by WaveGenerics from Pixabay

Medusa Ransomware Disables Anti-Malware Tools with Stolen Certificates

When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns…

When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns out, some pretty innocent-looking devices can also be used as sneaky vectors for malicious software. Here are five surprising gadgets that could become malware delivery systems, and how to protect yourself.

****1\. Headphones and Speakers****

Yes, you read that right! Your trusty headphones or speakers could spread malware. This isn’t about plugging them into an infected device but rather using them to transmit data through sound waves. Researchers have demonstrated how malware can convert audio output devices into ultrasonic transmitters.

In one proof-of-concept attack called “AirHopper,” headphones were used to leak data from air-gapped computers by sending high-frequency audio signals that could be picked up by a nearby compromised device with a microphone.

While this kind of attack is rare and highly sophisticated, it shows that even your headphones can be weaponized. To minimize risk, always update your audio drivers and keep your system security tight.

****2\. Smart Light Bulbs****

Your fancy smart lighting system could be more than just mood lighting — it could also be a way for hackers to infiltrate your network. Researchers have shown that some smart bulbs can be infected with malware, which then spreads to other connected devices.

A notable example is the “Philips Hue” vulnerability discovered in 2020. Hackers could exploit flaws to jump from the smart bulb to the home network. Once inside, they could potentially access sensitive data or take control of other smart gadgets.

To stay safe, always update your smart devices’ firmware and keep them on a separate network from your primary devices.

****3\. Barcode Scanners****

Believe it or not, barcode scanners can become vectors for malware, too. In one case known as “Zombie Zero,” attackers embedded malware into the firmware of barcode scanners before they even left the factory.

Once these compromised scanners were used in warehouses, they infected connected systems, allowing hackers to spy on corporate networks and steal data. This is a prime example of a supply chain attack where infected hardware is shipped directly from the manufacturer.

Always check for firmware updates and run security scans even on seemingly simple devices like scanners.

****4\. Smart Coffee Maker****

Who knew your morning coffee could be a security risk? Some high-tech coffee makers come with Wi-Fi connectivity and smartphone control, making them vulnerable to attacks. Researchers have shown that smart coffee machines can be hacked to not only disrupt their functions but also act as a gateway into your home network.

One security researcher demonstrated how they could make the coffee maker constantly boil water or refuse to brew until a ransom was paid; a quirky but serious take on ransomware. However, a real-world cyber attack on a coffee machine has already happened. It happened in July 2017 when a coffee machine was compromised to infect computer devices at a factory company that has multiple petrochemical factories making chemicals in Europe.

****5\. Traffic Lights****

Smart traffic lights, essential for managing city traffic, are vulnerable to cyberattacks. Hackers can exploit weak security protocols or outdated software to manipulate signals, causing chaos on the roads. In some cases, malware can alter light patterns or disable systems entirely, leading to accidents or gridlock. Researchers have demonstrated how vulnerabilities in communication protocols allow control over signals.

****How to Stay Safe****

*   **Keep Firmware Updated:** No matter how harmless a device seems, make sure its software is up to date.

*   **Segment Your Network:** Keep IoT devices on a separate network from your primary devices.

*   **Use Strong Passwords:** Set unique, complex passwords for each device.

*   **Monitor Network Activity:** Regularly check which devices are connected to your network.

It’s crazy to think that everyday gadgets, from headphones to coffee makers, can become cybersecurity nightmares. However, that’s just how the world of cybersecurity works – make security part of your daily routine.

5 Unexpected Devices You Didn’t Know Could Spread Malware

LayerX Labs reports a sophisticated macOS phishing campaign, evading security measures. Learn how attackers adapt and steal credentials from Mac users.

A recent report by LayerX Labs has revealed a new phishing campaign that was initially designed to deceive Windows users but lately focused on targeting macOS users.

The campaign, which LayerX Labs monitored for several months, originally posed as Microsoft security alerts, aiming to steal user credentials. In the attack, attackers employed deceptive tactics, creating fake security warnings on hacked websites that claimed the user’s computer was “compromised” and “locked.” Victims were encouraged to enter their Windows username and password, while malicious code froze the webpage, mimicking a complete system lockdown.

According to LayerX’s analysis, shared with Hackread.com, several factors contributed to the campaign’s initial effectiveness. Firstly, the phishing pages were hosted on Microsoft’s Windows.net platform, making the fake security warnings appear legitimate.

Also, attackers utilized trusted hosting services, exploiting the fact that traditional anti-phishing defences often rely on top-level domain reputation. Furthermore, they employed randomized, rapidly changing subdomains, making it difficult for security tools to track and block the malicious pages, which themselves were professionally designed, and frequently updated to evade detection. Some even incorporated anti-bot and CAPTCHA technologies to hinder automated web crawlers. 

When Microsoft, along with Chrome and Firefox, introduced new anti-scareware features in early 2025, a dramatic 90% drop in Windows-targeted attacks was noticed. In response, the attackers adapted their strategy, shifting their focus to macOS users, unprotected by these new defences.

Within two weeks, LayerX Labs observed a surge in Mac-based attacks, much similar to the Windows-targeted ones but with slight code adjustments aiming to specifically target macOS and Safari users. Victims were lured to the phishing pages via compromised domain “parking” pages, often after making a typo in a URL.

In one instance, a macOS and Safari user from a LayerX enterprise customer was targeted. Although the organization employed a Secure Web Gateway, the attack bypassed it. However, LayerX’s AI-based detection system, which analyzes web pages using numerous parameters at the browser level, successfully blocked the attack.

Screenshot shows the phishing scam targeting both Windows and macOS users (Credit: LayerX Labs)

This campaign highlights the increasing sophistication of phishing attacks targeting macOS users. Menlo Security’s recent State of Browser Security report further highlights this trend, revealing a dramatic increase in browser-based attacks, especially since the popularity of generative AI.

The report found a whopping 140% increase in browser-based phishing attacks compared to 2023, with a 130% increase specifically in zero-hour phishing attacks and the impersonation of major brands like Facebook, Microsoft, and Netflix.  

Menlo Security’s analysis of over 752,000 browser-based phishing attacks reveals that one in five attacks now employs evasive techniques to bypass traditional security measures.

Thomas Richards, Principal Consultant, Network and Red Team Practice Director at Black Duck, a Burlington, Massachusetts-based provider of application security solutions, commented on the latest development stating, “In the past few weeks, we’ve seen an uptick in browser-based phishing attacks that use legitimate hosting services to trick users into falling for the attack and the ruse they use is a fairly old one and quite common.”

“If you ever get an unknown random pop-up saying your computer is compromised, it should be treated as suspicious and ignored,” Thomas warned. “Anti-virus services will never ask you to enter a username and password to remove a threat.”

New Phishing Campaign Targets macOS Users with Fake Security Alerts

This week on the Lock and Code podcast, we speak with Carey Parker about what Google Chrome knows about you.

_This week on the Lock and Code podcast…_

Google Chrome is, by far, the most popular web browser in the world.

According to several metrics, Chrome accounts for anywhere between 52% and 66% of the current global market share for web browser use. At that higher estimate, that means that, if the 5.5 billion internet users around the world were to open up a web browser right now, 3.6 billion of them would open up Google Chrome.

And because the browser is the most common portal to our daily universe of online activity—searching for answers to questions, looking up recipes, applying for jobs, posting on forums, accessing cloud applications, reading the news, comparing prices, recording Lock and Code, buying concert tickets, signing up for newsletters—then the company that controls that browser likely knows a lot about its users.

In the case of Google Chrome, that’s entirely true.

Google Chrome knows the websites you visit, the searches you make (through Google), the links you click, and the device model you use, along with the version of Chrome you run. That may sound benign, but when collected over long periods of time, and when coupled with the mountains of data that other Google products collect about you, this wealth of data can paint a deeply intimate portrait of your life.

Today, on the Lock and Code podcast with host David Ruiz, we speak with author, podcast host, and privacy advocate Carey Parker about what Google Chrome knows about you, why that data is sensitive, what “Incognito mode” really does, and what you can do in response.

We also explain exactly why Google would want this money, and that’s to help it run as an ad company.

> “That’s what \[Google is\]. Full stop. Google is an ad company who just happens to make a web browser, and a search engine, and an email app, and a whole lot more than that.”

Tune in today to listen to the full conversation.

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

**Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.**

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

 What Google Chrome knows about you, with Carey Parker (Lock and Code S06E06) 

Counterfeit products are a growing problem in today’s market. With advancements in technology, counterfeiters have become more skilled…

Counterfeit products are a growing problem in today’s market. With advancements in technology, counterfeiters have become more skilled at creating fake labels that are hard to distinguish from the real thing. You need to know how these counterfeiters use technology and what steps you can take to protect yourself and your business.

This blog post will explore the clever methods counterfeiters use, such as digital printing and holograms, to create convincing fake labels. Understanding these tactics can help you identify counterfeit goods before they reach your hands. You will also learn practical strategies to spot and combat counterfeit products effectively.

Taking action against counterfeiters is crucial for safeguarding your reputation and finances. Knowing what to look for and how to verify product authenticity can help you make smarter choices as a consumer. Let’s dive into the details and empower ourselves against counterfeit threats.

****Understanding Counterfeit Labels****

Counterfeit labels use various techniques and technologies to imitate genuine products. Recognizing these methods helps protect both brands and consumers. Learn about how counterfeiters operate and why the issue matters.

****Techniques and Technologies Used by Counterfeiters****

Counterfeiters employ a range of methods to create fake labels. Some common techniques include:

*   Digital Printing: This allows them to produce high-quality labels that closely mimic real ones.
*   Augmented Reality: Some counterfeiters use AR to make labels appear authentic when scanned.
*   Custom Software: They often design their programs to copy logos and text styles.

The use of color calibration helps fake labels match the exact colors of legitimate brands. Counterfeiters may also buy legitimate products and copy the labels directly. This makes detecting fakes even harder.

****The Impact of Counterfeit Labels on Brands and Consumers****

Counterfeit labels seriously harm brands. They can cause damage to a brand’s reputation and lead to loss of sales. Some results include:

*   Loss of Trust: Consumers may question the quality of a brand’s offerings.
*   Financial Impact: Brands lose billions annually due to counterfeit products.

For consumers, the risks are substantial. Counterfeit products often lack quality control standards and can pose safety risks. They may receive subpar products that do not perform as promised. This can result in dissatisfaction and financial waste.

****Detection Methods****

You have several ways to spot counterfeit product labels. These methods include visual inspections and the use of digital tools. Each technique plays a crucial role in ensuring product authenticity.

****Visual Inspection Techniques****

Visual inspection is often the first step in detecting counterfeit labels. You should look closely at the packaging and labels for any signs of poor quality. This can include blurry text, uneven colors, or incorrect logos.

Key aspects to check:

*   Fonts: Check for incorrect font styles or sizes.
*   Logos: Ensure logos are aligned and have the right colors.
*   Labels: Examine for signs of tampering or mismatched colors.

Using a magnifying glass can help spot small details. Counterfeit products may also have misspellings or inaccurate information.

****Digital Authentication Tools****

Digital tools provide advanced methods for detecting fakes. You can use QR codes or holograms to verify product authenticity. When scanned, these codes can link to secure databases.

Some tools to consider:

*   Blockchain Technology: This keeps a secure record of product history.
*   Mobile Apps: Many brands offer apps that allow you to scan and verify items.

Using these tools can give you quick access to the product’s information. Make sure to stay updated with the latest verification technologies.

****Preventative Measures for Manufacturers****

Manufacturers must adopt specific strategies to protect their products from counterfeiters. By integrating advanced technologies and tracking systems, you can significantly lower the risk of fakes disrupting your business.

****Incorporating Advanced Security Features****

Using advanced security features on your product labels is essential. These features can include:

*   Holograms: Unique holographic designs make it hard for counterfeiters to replicate.
*   Color-Shifting Inks: Inks that change color based on angle or light add another layer of security.
*   Microprinting: Tiny text or patterns that are difficult to reproduce help verify authenticity.

You can also consider labeling your equipment with permanent identification. These types of labels offer a long-lasting way to identify your machines and products, making it easier to verify their authenticity.

****Utilizing Serialization and Track & Trace Systems****

Serialization assigns a unique code to each product. This code helps you track your items from production to the consumer. Some key benefits include:

*   Enhanced Accountability: You can monitor each product’s journey, making it easier to spot counterfeits.
*   Consumer Verification: Customers can verify a product’s authenticity using its serial number.

Implementing track and trace systems allows you to link those codes to your database. This ensures that each product is registered and easily validated. By combining these methods, you enhance your defense against counterfeit goods.

****Legal and Regulatory Framework****

Understanding the legal and regulatory measures in place can help you recognize how they combat counterfeit products. This section looks at how intellectual property rights and international agreements shape the fight against counterfeit labeling.

****Intellectual Property Rights Enforcement****

Intellectual property rights (IPR) play a key role in protecting brands and products from counterfeiters. These rights allow companies to take legal action against those who produce or sell fake goods.

In many countries, laws protect trademarks, patents, and copyrights. You can report counterfeit products to authorities who investigate and prosecute offenders. Some companies use advanced technology, like tracking systems, to monitor their goods.

Important Actions:

*   Register your trademarks.
*   Monitor the market for counterfeit goods.
*   Report violations quickly to local law enforcement.

Strong enforcement of IPR is essential to deter counterfeiters and protect consumers.

****International Standards and Agreements****

International standards and agreements help countries work together against product counterfeiting. Treaties like the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) create common rules for IPR enforcement.

These agreements encourage countries to have similar laws. This makes it harder for counterfeiters to operate across borders. Your country’s participation in these agreements can strengthen protections against fake labeling.

Key Points:

*   Collaboration among nations improves enforcement efforts.
*   Countries must implement IPR laws in line with international standards.
*   Shared information between countries aids in identifying counterfeit operations.

Effective international cooperation is necessary for significantly reducing counterfeit products in the market.

****Consumer Education and Awareness****

Consumers play a key role in fighting counterfeit products. By learning how to spot authentic items and reporting any suspicions, you can help protect yourself and others from fraud.

****Identifying Authenticity Indicators****

To verify product authenticity, look for specific signs. Many brands use unique features that show a product is real. Here are key indicators:

*   Holograms: Genuine products often have holograms that change appearance when tilted.
*   Serial Numbers: Check if the product includes a unique serial number, usually found on the packaging or label.
*   Quality of Materials: Authentic items typically use high-quality materials. Look for sturdy packaging and clear print.
*   Official Websites: Compare the product with images on the brand’s official website to spot differences.

Pay attention to these details when shopping. Counterfeit products may not include these features or might display them poorly.

****Reporting Suspected Counterfeits****

If you suspect a product is counterfeit, take action. Reporting these findings helps combat fraud. Here are steps to follow:

1.  Contact the Brand: Reach out to the company directly. Most brands have a way to report counterfeit items.
2.  Use Online Reporting Tools: Many websites allow you to report suspicious products or sellers.
3.  Inform Local Authorities: If the counterfeit poses a risk, contact your local consumer protection agency.

Keep any receipts or photos as evidence. Your help is crucial in stopping counterfeiters and ensuring safer shopping experiences for everyone.

How Counterfeiters Use Technology to Fake Product Labels (and Strategies to Combat Fraud)

AI systems are becoming a huge part of our lives, but they are not perfect. Red teaming helps…

AI systems are becoming a huge part of our lives, but they are not perfect. Red teaming helps find weaknesses in AI systems, making them safer and more reliable. As these technologies grow, the need for thorough testing increases to prevent harmful outcomes and ensure they work as intended.

You may be surprised to learn that issues in AI can lead to serious problems, from biased decision-making to **data breaches**. By carefully evaluating these systems, you can help protect not only your interests but also the well-being of society.

With rapid advancements in AI, it’s clear that establishing strong safety measures is crucial. Red teaming offers a proactive approach to address challenges that could arise as these tools become more common in everyday use.

****Fundamentals of Red Teaming in AI****

Red teaming in AI is a critical process that helps **find vulnerabilities in artificial intelligence systems**. It involves testing these systems in various ways to ensure they are safe and reliable.

****Defining Red Teaming****

Red teaming refers to a method where teams simulate attacks on a system to identify its flaws. In AI, this means using different techniques to challenge the model’s performance and security.

The goal is to assess how the AI reacts under stress or when faced with adversarial scenarios. This testing helps you understand potential threats and areas for improvement. By conducting red teaming exercises, organizations can better prepare their AI systems against real-world risks.

****Historical Context and Evolution****

**Red teaming** began in military contexts to explore weaknesses in strategies and defences. Over time, this approach expanded to other fields, including cybersecurity.

In the late 1990s and early 2000s, businesses started using red teaming to evaluate risk in AI systems. As technology advanced, the need for red teaming became more pressing, especially with the rise of machine learning. Today, red teaming is essential for ensuring that AI systems operate safely and effectively in diverse environments.

****The Necessity to Challenge AI Systems****

Challenging AI systems is crucial for ensuring they behave as intended. By actively testing these systems, you can identify weaknesses and confirm that they function in a reliable manner.

****Exposing Vulnerabilities****

AI systems can have hidden flaws that may affect their performance. When you challenge these systems, you help uncover these issues before they can cause harm. This process involves:

*   Simulating Attacks: Create scenarios that mimic potential attacks. These tests show how the system reacts to threats.

*   Identifying Bias: Analyze the data to find any biases in decision-making. This helps make sure the output is fair and balanced.

Finding these vulnerabilities is essential for improving the system. If these flaws are not addressed, they could lead to serious problems when **AI is used in real-world situations**.

****Validating System Robustness****

It is important to confirm that an AI system can handle various challenges. By validating its robustness, you ensure the system remains stable under pressure. Key actions include:

*   Stress Testing: Expose the system to extreme conditions. This checks how it performs when faced with unusual circumstances.

*   Continuous Monitoring: Regularly assess the system after deployment. This helps you track performance over time.

This validation helps build trust in AI systems. When you know they can withstand challenges, you are more likely to use them confidently in critical applications.

****Preemptive Measures Against Adversarial Attacks****

It’s crucial to know **how adversarial attacks work** and to create strong defences before they happen. By understanding these techniques and developing effective strategies, you can better protect your AI systems.

****Understanding Adversarial Techniques****

Adversarial techniques involve subtle changes to input data that can mislead AI systems. These changes can be hard to spot but can cause significant errors in decision-making. For example, altering a single pixel in an image can lead an AI to misidentify an object.

You should be aware of different types of attacks such as:

*   Evasion Attacks: Modifying inputs to deceive the model during inference.

*   Poisoning Attacks: Injecting tainted data into the training set to corrupt the model.

Recognizing these techniques is the first step in forming a solid defence.

****Developing Proactive Defense Strategies****

To defend against adversarial attacks, you need proactive measures. Here are some effective strategies to consider:

*   Adversarial Training: Include adversarial examples in training data to improve model resilience.

*   Regular Testing: Continually test your model against known attacks to ensure its robustness.

*   Input Sanitization: Clean inputs before processing to remove any malicious alterations.

Implementing these strategies can help maintain the integrity of your AI systems. Regular updates and monitoring for new attack methods are also essential to stay ahead.

****Strategic Importance in Various Industries****

AI systems are increasingly influential across many sectors. Red teaming helps to identify and fix vulnerabilities, ensuring systems work safely and effectively for users.

****Finance and Banking Security****

In finance, AI is used for fraud detection, risk assessment, and algorithmic trading. With increasing cyber threats, it’s crucial to protect sensitive information.

Red teaming in this industry involves testing systems against attacks. This helps to uncover weaknesses that could lead to data breaches or fraud.

Key points to consider include:

*   Risk Management: They assess market risks quickly.

*   Fraud Detection: AI systems analyze transactions 24/7.

*   Compliance: Ensure systems meet regulations to avoid penalties.

By using red teaming, banks can strengthen their defences and improve customer trust.

****Healthcare Data Protection****

In healthcare, **AI aids in patient diagnosis**, treatment planning, and data management. Patient data is sensitive, making it a prime target for attacks.

Red teaming is vital for identifying vulnerabilities in systems that store or process personal health information.

Key areas of focus include:

*   Patient Privacy: Protect patient records from unauthorized access.

*   System Reliability: Maintain uptime for critical healthcare applications.

*   Data Integrity: Ensure that the information used for treatment is accurate.

Enhancing security through red teaming helps build a safer environment for patients and providers.

****Autonomous Vehicle Safety****

In the automotive industry, AI drives innovations in self-driving technology. While this can increase safety, it also raises new risks.

Red teaming is essential to test autonomous systems against potential failures or attacks.

Key considerations include:

*   User Confidence: Users must feel secure while using these systems.

*   Response to Threats: Evaluate how vehicles handle unexpected situations.

*   Sensor Reliability: Test how well systems respond to environmental changes.

Implementing red teaming ensures safer autonomous vehicles, which benefits manufacturers and consumers alike.

****Ethical and Responsible AI Deployment****

AI systems have significant impacts on society. Ensuring that these technologies are used ethically requires a focus on transparency and fairness.

****Ensuring Transparency****

Transparency in AI means that the processes behind decisions are clear. Users need to understand how AI works and the data it uses. This helps build trust and allows for better scrutiny.

You should encourage organizations to share information about their AI models. This includes how they train their systems and what data they use.

*   Providing user access to explanations can improve trust.

*   Clear documentation helps users see the decision-making process.

When people know how decisions are made, they can provide better feedback, leading to improvements in AI systems.

****Promoting Fairness and Equity****

Fairness in AI ensures that systems do not favour one group over another. This is crucial in areas like hiring, lending, and healthcare, where biases can hurt individuals.

You should support practices that promote equal treatment for all people. This includes:

*   Regular audits to check for bias.

*   Involving diverse teams in AI development.

By ensuring a balanced approach, you can help create AI systems that serve everyone equally. Fairness leads to better outcomes and fewer social issues. It also fosters a more inclusive environment, which benefits society as a whole.

Top/Featured Image by T Hansen from Pixabay

Why AI Systems Need Red Teaming Now More Than Ever

Oracle denies breach claims as hacker alleges access to 6 million cloud records. CloudSEK reports a potential zero-day exploit affecting 140,000 tenants.

A recent investigation by CloudSEK’s XVigil platform has uncovered a cyberattack targeting Oracle Cloud, resulting in the exfiltration of six million records and potentially affecting over 140,000 tenants. Reportedly, a threat actor, identified as ‘rose87168,’ perpetrated this attack that involved the theft of sensitive data, including JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys, which are now being sold on Breach Forums and other dark web forums.

The attacker, active since January 2025, claims to have compromised a subdomain login.us2.oraclecloud.com, which has since been taken down. This subdomain was found to be hosting Oracle Fusion Middleware 11G, as evidenced by a Wayback Machine capture from February 17, 2025. They are demanding ransom payments from affected tenants for the removal of their data and have even offered incentives for assistance in decrypting the stolen SSO and LDAP passwords.

CloudSEK’s analysis indicates that the threat actor may have compromised a vulnerable version of Oracle Cloud servers, potentially leveraging an older flaw, CVE-2021-35587, which affects Oracle Fusion Middleware (OpenSSO Agent) with the following identified as the impacted versions:

*   11.1.2.3.0
*   12.2.1.3.0
*   12.2.1.4.0

This CVE, added to the CISA KEV catalogue in December 2022, allows unauthenticated attackers to compromise Oracle Access Manager, potentially leading to a complete takeover. This aligns with the type of data exfiltrated and shared by the attacker. Its exploitation could allow attackers to gain initial access to the environment and then move laterally within the Oracle Cloud environment to access other systems and data. Further investigation revealed that the Oracle Fusion Middleware server was last updated around September 27, 2014, indicating outdated software.

“Due to lack of patch management practices and/or insecure coding, the vulnerability in Oracle Fusion Middleware was exploited by the threat actor. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager,” CloudSEK researchers noted in the blog post shared exclusively with Hackread.com.

However, Oracle has issued a statement denying any breach of its cloud infrastructure. “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data,” Oracle stated in response to the reports. This directly contradicts CloudSEK’s findings and the attacker’s claims.

Nonetheless, if it occurred the breach’s impact could be substantial as the exposure of a whopping six million records raises the risk of unauthorized access and corporate espionage. The exfiltration of JKS files is most concerning as these contain cryptographic keys, which could be used to decrypt sensitive data or gain access to other systems within the affected organizations. Moreover, the compromise of encrypted SSO and LDAP passwords could lead to further breaches across Oracle Cloud environments. The use of a zero-day vulnerability also raises concerns about the overall security of Oracle Cloud.

CloudSEK recommends immediate credential rotation, thorough incident response and forensics, continuous threat intelligence monitoring, and engagement with Oracle Security for verification and mitigation. They also advise strengthening access controls to prevent future incidents.

Tag

#mac