Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Latest News

AI Self-Replication: Scientists Warn of Critical “Red Line”

  Scientists have raised concerns after artificial intelligence (AI) crossed a major threshold — self-replication. A new study from research...

All the recent news you need to know

RBI Launches "bank.in" Domain to Combat Digital Banking Scam

 

The Reserve Bank of India (RBI) has made the "bank.in" domain exclusive to all authorised banking institutions in India in an effort to strengthen digital banking security and shield customers from online banking fraud. This effort aims to minimise the rising threat of digital banking fraud by establishing a secure and verified online presence for the banks across the nation.

Due to the surge in online banking transactions, fraudsters have taken advantage of vulnerabilities by impersonating actual banks via phishing attacks, phoney banking websites, and fraudulent email campaigns. The only registrar for this will be the Institute for Development and Research in Banking Technology (IDRBT).

It is expected that domain registration will get underway in April 2025. By implementing an exclusive bank.in domain strategy, the RBI lowers the risk of financial fraud by ensuring that users can quickly recognise and trust legitimate banking websites.

Importance of “bank.in” domain in banking security

The increased use of digital banking has transformed financial transactions in India, providing easy access to banking services. However, this digital transformation has resulted in an increase in cyber threats, with scammers creating fake banking portals to trick users into disclosing sensitive data such as login credentials, OTPs, and banking details. The RBI's special domain for banks called "bank.in" intends to: 

  • Enhance banking fraud prevention by eliminating fake sites that pose as authentic banking portals. 
  • Increase consumer trust and awareness by ensuring that all Indian banks use a single, verifiable domain structure.
  • Strengthen India's digital banking security by creating a centralised domain that is challenging for fraudsters to replicate.

The "bank.in" domain will be reserved solely for RBI-regulated banking institutions, guaranteeing that only reputable financial institutions can use this domain extension. Each bank's official website will be hosted under the bank.in domain, making it easy for consumers to check legitimacy. For example, a major bank like State Bank of India (SBI) may have an official URL such as sbi.bank.in, indicating that the website is trustworthy. 

To facilitate this transition, the RBI is working with financial institutions, cybersecurity professionals, and domain regulatory agencies to ensure a smooth transition to the new domain. Banks will be expected to phase out their current domains and redirect consumers to their new "bank.in" addresses, ensuring a smooth transition and avoiding confusion.

XE Group Rebrands Its Cybercrime Strategy by Targeting Supply Chains

 


Over the past decade, there has been a rise in the number of cyber threats targeting the country, including the XE Group, a hacker collective with Vietnamese connections. According to recent investigations, the group was responsible for exploiting two zero-day vulnerabilities in VeraCore's warehouse management platform, CVE-2025-25181 and CVE-2025-57968 known to be zero-day vulnerabilities. 

A suite of reverse shells and web shells that exploit these vulnerabilities were deployed by the adversaries, allowing them to gain remote access to targeted systems in covert ways. This development is an indication of the group's sophisticated cyber-attack techniques. Identified as CVE-2024-57968, the vulnerability is a critical upload validation vulnerability with a CVSS score of 9.9, affecting versions before 2024.4.2.1, and can allow adversaries to upload files into non-intended directories, which could result in unauthorized access to the files. 

Adventure VeraCore up to version 2025.1.0 is vulnerable to SQL injection flaw CVE-2025-25181, which could be exploited remotely to execute arbitrary SQL commands through the remote execution of SQL commands. In addition to the XE Group's past association with credit card fraud, their focus has now switched to targeted data theft, particularly within manufacturing and distribution organizations. 

Several recent attacks have been perpetrated by threat actors who exploited VeraCore security issues to install Web Shells, which allowed them to execute various malicious activities and remain persistent within compromised environments while they executed their malicious activities. The group's continued sophistication and adaptability in the cyber threat landscape is reflected in this recent report, which details a compromise of a Microsoft Internet Information Services (IIS) server where VeraCore's warehouse management system software is hosted, and it indicates the company's growing sophistication. 

Upon further analysis of this incident, it was discovered that the initial breach occurred in January 2020 as a result of a zero-day vulnerability in SQL injection. It is speculated that As a result of this exploitation, The XE Group deployed customized web shells, which researchers have described as very versatile tools that are designed to maintain persistent access inside victim environments as well as run SQL queries regarding those environments.

As an example, in the case of the compromised IIS server, the attackers reactivated a web shell that was planted four years earlier, showing that they have retained a foothold in the infrastructure targeted by them for many years. Security vendors have been warning that the XE Group is actively targeting supply chains in the manufacturing and distribution sectors. Though the group has historically been associated with extensive credit card skimming operations, it has recently gained a reputation for exploiting zero-day vulnerabilities to do more damage. 

According to researchers, the group's continued ability to adapt and increase sophistication underscores the group's ability to remain agile and sophisticated over the years. The reactivation of an older web shell indicates the group's strategic focus on achieving long-term operational objectives by maintaining long-term access to compromised systems. 

To enhance the threat investigation process, the rules have been designed to be compatible with several SIEM (Security Information and Event Management) systems, Endpoint Detection and Response systems (EDR), and Data Lake solutions aligned with the MITRE ATT&CK framework. There is a variety of metadata that is accessible in each rule, including references to cyber threat intelligence, attack timelines, triage recommendations, and audit configurations, guaranteeing that security analysis has a structured approach. 

Additionally, SOC Prime's Uncoder AI (Artificial Intelligence) capabilities enable the quick development of custom IOC-based queries that will be seamlessly integrated with SIEM and EDR platforms, thus eliminating the need for security professionals to manually search for indicators of compromise (IOCs). Intezer's analysis of XE Group activity and SOC Prime's Uncoder AI were used to achieve this.

As an alternative to the corporate-only service offered previously by Uncoder AI, customers can now benefit from Uncoder AI's full suite of capabilities, which enhances accessibility for independent risk analysis performed by individual researchers. As a consequence of the XE Group's adoption of zero-day exploits as part of their attack strategy, it became increasingly clear that adversarial techniques are becoming more sophisticated and adaptable, making it necessary to enter into proactive defence measures as soon as possible.

SOC Prime Platform is a scalable tool designed to assist organizations in enhancing their security posture, countering evolving threats effectively, and mitigating risks associated with adding more attack surfaces in an increasingly complex cyber landscape by utilizing the tools provided by the platform. The XE Group has exploited two zero-day VeraCore vulnerabilities, CVE-2025-25181 and CVE-2025-50308, in recent attacks in an attempt to deploy one or more web shells on compromised systems. 

These two vulnerabilities are critical upload validation flaws (CVSS 9.9) and SQL injection flaws (CVSS 5.7), respectively. In a report published jointly by Solis and Intezer, the researchers reported that the group exploited one of these vulnerabilities as early as January 2020 and maintained persistent access to the victim's environment for several years afterwards. There was an attempt in 2024 by some threat actors to reactivate a previously deployed web shell, demonstrating their ability to avoid detection while maintaining long-term access to compromised systems as they remain undetected. 

XE Group's evolving tactics come as part of a broader trend that threats are exploring the software supply chain as a way to achieve their goals. Some notable precedents include the SolarWinds attack, breaches into Progress Software's MOVEit file transfer product, an Okta intrusion that affected all customers, and an Accellion breach that enabled ransomware to be deployed on an organization's network.

Two Russian Hackers Arrested for Large-Scale Ransomware Attacks

 



Authorities in the United States have charged two Russian nationals with carrying out widespread cyberattacks using Phobos ransomware. The suspects, Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39), were arrested in Thailand for allegedly orchestrating more than a thousand attacks worldwide.  

Cybercriminals Behind the Phobos Ransomware Attacks 

According to the U.S. Department of Justice (DoJ), both men were actively involved in cybercrime from 2019 to 2024. They were linked to two hacking groups known as "8Base" and "Affiliate 2803," which were responsible for spreading Phobos ransomware.  

Their method of attack involved infiltrating computer networks, stealing important files, and encrypting them using ransomware. Victims were then left with no access to their own data unless they paid a ransom. If payments were not made, the attackers allegedly threatened to leak sensitive information to the public or to the organizations’ clients and partners.  

Legal Charges and Possible Consequences

The two men now face multiple serious charges, including:  

1. Fraud involving online transactions  

2. Hacking into protected systems  

3. Intentional damage to computer networks  

4. Extortion through cyber threats  

If found guilty, the penalties could be severe. Wire fraud charges alone could lead to a 20-year prison sentence, while hacking-related crimes carry additional penalties of up to 10 years.  

International Crackdown on Ransomware Operations

In a coordinated effort, Europol and other international agencies have shut down 27 servers used by the 8Base ransomware group. This action has significantly disrupted the cybercriminal network.  

Authorities also revealed that a previous arrest in Italy in 2023 helped law enforcement gather intelligence on Phobos ransomware operations. This intelligence allowed them to prevent over 400 potential cyberattacks and take down key infrastructure used by the hackers.  

What This Means for Cybersecurity

Phobos ransomware has been a major cyber threat since 2018, targeting businesses and organizations worldwide. While these arrests and crackdowns have weakened the group, it is uncertain whether this will fully eliminate their operations.  

This case highlights the growing efforts by global law enforcement agencies to combat cybercrime. Businesses and individuals are urged to remain cautious, implement strong security measures, and stay informed about evolving cyber threats.  


Cybercriminals Intensify Attacks on Password Managers

 

Cybercriminals are increasingly setting their sights on password managers as a way to infiltrate critical digital accounts.

According to Picus Security’s Red Report 2025, which analyzed over a million malware samples from the past year, a quarter (25%) of all malware now targets credentials stored in password managers. Researchers noted that this marks a threefold surge compared to the previous year.

“For the first time ever, stealing credentials from password stores is in the top 10 techniques listed in the MITRE ATT&CK Framework,” they said. “The report reveals that these top 10 techniques accounted for 9Beyond the growing frequency of attacks, hackers are also deploying more advanced techniques. 3% of all malicious actions in 2024.”

Advanced Hacking Techniques

Dr. Suleyman Ozarslan, co-founder and VP of Picus Labs, revealed that cybercriminals use sophisticated methods like memory scraping, registry harvesting, and breaching both local and cloud-based password stores to extract credentials.

To counter this rising threat, Ozarslan emphasized the importance of using password managers alongside multi-factor authentication (MFA). He also warned against password reuse, particularly for password.

Beyond the growing frequency of attacks, hackers are also deploying more advanced techniques. Picus Security highlighted that modern cybercriminals are now favoring long-term, multi-stage attacks that leverage a new generation of malware. These advanced infostealers are designed for stealth, persistence, and automation.

Researchers compared this evolution in cyber threats to “the perfect heist,” noting that most malware samples execute over a dozen malicious actions to bypass security defenses, escalate privileges, and exfiltrate data.

A password manager is a cybersecurity tool that securely stores, generates, and auto-fills strong passwords across websites and apps. By eliminating the need to remember multiple passwords, it strengthens security and reduces the risk of breaches. Experts consider it an essential component of cybersecurity best practices.

SMS Toll Scam Tricks Victims Into Activating Phishing Links

 

SMS phishing scams targeting tollway users have been spreading across the U.S., with fraudsters impersonating tolling agencies to steal personal information. These scams typically involve sending text messages claiming the recipient has an unpaid toll balance. Victims are then directed to a fake payment portal, where scammers attempt to steal financial details. 

One recent case involved Texas-based audience producer Gwen Howerton, who unknowingly fell for this scam after driving a rental car on the Dallas North Tollway. Not being familiar with the correct toll payment process, she believed the overdue payment notice she received was genuine and followed the provided instructions. Her case highlights how easily people can be deceived by these well-crafted phishing messages. 

A distinguishing feature of these scams is that the text message prompts users to perform a specific action before accessing the fraudulent link. In many cases, recipients are asked to reply with “Y” or copy the link into their web browser manually. This tactic is designed to bypass Apple’s iMessage security measures, which automatically disable links from unknown senders. 

By replying, users unknowingly validate their phone numbers, confirming to scammers that the number is active. Even if they do not click the link, responding makes them targets for future scams and spam campaigns. Authorities urge the public to be cautious when receiving unexpected messages from unfamiliar numbers. If a text message contains a suspicious link, the best course of action is to ignore and delete it. Users should avoid replying or following any instructions within the message, as this could increase their risk of being targeted again. 

If there is any doubt about a toll payment, it is recommended to contact the toll agency directly using official contact details rather than those provided in the message. To combat these scams, individuals should report any fraudulent messages by forwarding them to 7726 (SPAM). The Federal Trade Commission (FTC) offers guidance on recognizing and responding to scam texts, while the FBI’s Internet Crime Complaint Center (IC3) has tracked the rise of these schemes. 

Last year, IC3 received over 2,000 complaints about toll payment scams and noted that the attacks were shifting from state to state. As SMS phishing scams continue to evolve, staying informed and cautious is crucial. 

By recognizing the warning signs and taking preventive measures, individuals can protect themselves from falling victim to these deceptive schemes.

Apple Patches Zero-Day Flaw allowing Third-Party Access to Locked Devices

 

Tech giant Apple fixed a vulnerability that "may have been leveraged in a highly sophisticated campaign against specific targeted individuals" in its iOS and iPadOS mobile operating system updates earlier this week.

According to the company's release notes for iOS 18.3.1 and iPadOS 18.3.1, the vulnerability made it possible to disable USB Restricted Mode "on a locked device." A security feature known as USB Restricted Mode was first introduced in 2018 and prevents an iPhone or iPad from sending data via a USB connection if the device hasn't been unlocked for seven days. 

In order to make it more challenging for law enforcement or criminals employing forensic tools to access data on those devices, Apple announced a new security feature last year which triggers devices to reboot if they are not unlocked for 72 hours. 

Based on the language used in its security update, Apple suggests that the attacks were most likely carried out with physical control of a person's device, implying that whoever exploited this vulnerability had to connect to the person's Apple devices using a forensics device such as Cellebrite or Graykey, two systems that allow law enforcement to unlock and access data stored on iPhones and other devices. Bill Marczak, a senior researcher at Citizen Lab, a University of Toronto group that studies cyberattacks on civil society, uncovered the flaw.

However, it remains unclear who was responsible for exploiting this vulnerability and against whom it was used. However, there have been reported instances in the past in which law enforcement agencies employed forensic tools, which often exploit zero-day flaws in devices such as the iPhone, to unlock them and access the data inside.

Amnesty International published a report in December 2024 detailing a string of assaults by Serbian authorities in which they utilised Cellebrite to unlock the phones of journalists and activists in the nation before infecting them with malware. According to security experts, the Cellebrite forensic tools were probably used "widely" on members of civil society, Amnesty stated.

Rising Robocall Cyber Threat and Essential Protection Strategies

 


A persistent cybersecurity concern has long been robocall scams. However, recent developments indicate that this type of attack is becoming increasingly sophisticated and dangerous as a result of these developments. In a recent incident, Telnyx, a provider of Voice over Internet Protocol (VoIP) services, was involved in a case that illustrates how cybercriminals are using methods to exploit VoIP services for fraudulent purposes to elude detection. 

There was an incident in which malicious actors used Telnyx's VoIP infrastructure to pretend to be the Federal Communications Commission (FCC), a trustworthy government agency. Through this deceptive scheme, they were able to give credibility to their deceptive scheme and manipulate unsuspecting victims in their schemes. As a result of this scam, cybercriminals who disguised themselves as members of the Federal Communications Commission's Fraud Prevention Team sent out robocalls to approximately 1,800 people. 

These calls not only reached ordinary citizens but also FCC staff, including their families, illustrating just how indiscriminate such attacks can be. To make their impersonation more credible, the perpetrators resort to artificial voice technology, designed to improve their credibility in the process of intimidating and coercing their targets into complying with their demands. As a result of this case, it is clear that cybercriminals are increasingly exploiting technologies such as VoIP services and artificial intelligence-driven voice replication as a way to perpetrate large-scale scams that can result in serious losses for companies.

It is necessary to maintain heightened awareness and facilitate enhanced security measures for the mitigation of the impact of such fraudulent activities to mitigate the risk that individuals and organizations are exposed to. The capability of convincingly impersonating trusted providers increases both individual and organizational risk. 

It is becoming increasingly common for cybercriminals to exploit Voice over Internet Protocol (VoIP) services because they are cost-effective, easy to deploy, and relatively anonymous. In the case at hand, fraudsters registered accounts using phoney identities and then used Telnyx's platform to carry out the fraudulent activity in question. 

In the absence of strict Know Your Customer (KYC) policies, these malicious actors were able to circumvent identity verification and make various deceptive calls to a high volume of consumers. The Federal Communications Commission (FCC) today issued a statement reaffirming that Telnyx complies with KYC regulations and has denied the FCC's allegations. However, the incident shows that underlying issues regarding insufficient security measures exist across the VoIP industry as a whole. 

Robocall scams are more than just financial fraud; they also pose very serious cybersecurity risks. If the victim of identity theft shares sensitive information unknowingly, it increases their chances of being the victim of identity theft as well. Moreover, cybercriminals are increasingly turning to artificial intelligence to create highly realistic voice impressions, which enhances their credibility as well. 

As a result of the targeting of staff at the Federal Communications Commission and their families, there are further concerns about how these scammers obtained their contact information, suggesting that data breaches may occur. As a result of inadequate security protocols among VoIP providers, digital communications have become increasingly distrustful, making large-scale fraud operations more likely. 

In light of this incident, it becomes even clearer how urgent it is to strengthen regulatory oversight and authentication measures, as well as work to mitigate the increasing risks associated with VoIP-enabled scams across the industry. In today's rapidly evolving world of cybersecurity, deepfake audio is one of the most significant threats. This is a method that utilizes artificial intelligence to generate highly realistic synthetic voices, so realistic that they can be mimicked to look and sound like real people. 

In the same way that traditional voice recognition systems, which are capable of bypassing this technology, there are significant risks associated with it. As deepfake technology becomes more sophisticated, organizations must implement advanced detection solutions to mitigate these threats effectively since these threats are becoming increasingly sophisticated. 

Machine learning algorithms are utilized by modern detection technologies that have been trained on an extensive dataset of both genuine and synthetic audio to detect subtle anomalies that may not be detected and detected by a human auditor. The solutions provide the ability to monitor deepfake audio generated by generative AI, computer-generated speech, and robocalls in real-time, allowing contact centres, help desks, interactive voice response systems (IVR) and intelligent virtual assistants (IVA) to function authentically. 

Featuring a high degree of accuracy, these high-precision protections operate seamlessly and invisibly, allowing for a risk-based approach that does not store personally identifiable information (PII). These solutions are also fully agnostic to language, dialect, and speech patterns, as they do not require prior registration and function in real time. Increasingly sophisticated robocall scams are being perpetrated, and consumers can take important steps to protect themselves from them.

It is very helpful to disable and block the call screen and blocking features of your smartphone, to register with the National Do Not Call Registry, and to use a third-party app to filter out scam calls, such as Hiya or Nomorobo. It is very important to recognize red flags, such as calls from government agencies that demand immediate action or payment, as they are red flags that need to be identified. It is important for consumers to never give out personal information without verifying the legitimacy of the caller. 

As a precaution against payment scams, reporting frauds to the Federal Communications Commission and Federal Trade Commission, and securing personal data by limiting online exposure, consumers may be less likely to fall victim to these frauds. During the Telnyx incident, it became evident that stricter enforcement of the Know Your Customer (KYC) regulations is urgently needed, as well as improved monitoring of VoIP traffic that is transmitted over the Internet. 

Although the Federal Communications Commission (FCC) has proposed a fine of $4.5 million as part of its effort to establish accountability, broader measures are needed; VoIP providers need to strengthen their process for verifying identity to prevent fraudulent accounts from being created. As part of the implementation of artificial intelligence-driven call authentication systems, scam calls can be detected and blocked in real-time, which is crucial. For a robust anti-robocall framework to be developed which enhances consumer security and protects consumers from fraudulent activities, government agencies and the telecom industry must work together effectively.