Aggregator

Intigriti's Ed Parsons on How Regs Are Pushing Firms Toward Proactive Security
The NIS2 Directive has driven significant improvements in vulnerability management across Europe. Organizations are accelerating vulnerability discovery by engaging with crowdsourced security communities and ethical hackers, said Ed Parsons, chief operations officer at Intigriti.

Why the Fortinet Earnings Case Is a Cautionary Tale for the Cybersecurity Sector
Fortinet's stock unexpectedly plunged more than 20% in August. That same month, Gartner named Fortinet an industry leader in its Magic Quadrant for hybrid mesh firewalls. But the thing that sent Fortinet's stock into a nosedive was revenue forecasts that didn't pan out.

NAV Canada CISO Tom Bornais on Keeping IT and OT Systems Running
With threats targeting aviation infrastructure, NAV Canada CISO Tom Bornais explained how his team focuses on building resilience rather than chasing perfection. He outlined why internal alignment, incident simulation and supply chain security are critical to defending IT and OT systems.

Global Tech Debt Impedes Growth as AI, Cloud and Legacy Systems Collide
Technical debt is no longer just a developer's dilemma; it's a global business risk. As companies cling to legacy systems and monolithic code, modernization efforts stall. Rising costs, slower delivery and AI limitations highlight the urgent need for scalable, future-ready architectures.

A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025. The activity targeted diplomatic organizations in Hungary, Belgium, Italy, and the Netherlands, as well as government agencies in Serbia, Arctic Wolf said in a

FCC Chair Brendan Carr said the agency will look to eliminate a declaratory ruling made by his predecessor that aimed to give the government more power to force carriers to strengthen the security of their networks in the wake of the widespread hacks by China nation-state threat group Salt Typhoon last year.

The post FCC Chair Carr Looks to Eliminate Telecom Cybersecurity Ruling appeared first on Security Boulevard.

The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. [...]

Sophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution flaw, tracked as CVE-2025-59287, has become a prime target for attackers seeking to breach enterprise networks and extract valuable information without authentication requirements. […]

The post Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Несколько кликов — и насосы Канады сходят с ума.

The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month, said that it

A vulnerability has been found in IBM Jazz for Service Management up to 1.1.3.25 and classified as problematic. The affected element is an unknown function. The manipulation leads to sensitive cookie without secure attribute. This vulnerability is traded as CVE-2025-36249. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in IBM InfoSphere Information Server up to 11.7.1.6. Impacted is an unknown function. Executing manipulation can lead to execution with unnecessary privileges. This vulnerability appears as CVE-2025-33003. The attack requires local access. There is no available exploit. You should upgrade the affected component.

Every healthcare CEO and CTO is asking the same question in 2025 and for 2026, “Can I trust what my AI just told me?” Artificial...Read More

The post Explainable & Trustworthy AI in Healthcare Analytics: How Blockchain and XAI Are Powering 2026’s Next Wave appeared first on ISHIR | Custom Software Development Dallas Texas.

The post Explainable & Trustworthy AI in Healthcare Analytics: How Blockchain and XAI Are Powering 2026’s Next Wave appeared first on Security Boulevard.

Today my LinkedIn feed and Google News filter is showing me several stories that illustrate how we are failing to stop online scammers from stealing from our elderly.  It starts with the headlines.

CTVNews:  Ontario seniors GIVE AWAY MORE THAN $1 MILLION to scammers.
CTVNews: Ontario couple LOSES MORE THAN $1 MILLION DOLLARS to fraud.
Toronto Only: A couple ... LOST MORE THAN $1 MILLION 
Daily Mail:  Elderly couple transfer $1m to online scammers despite warning from bank

The tone of several of these stories, is victim shaming and leads with the wrong headline. They didn't "Give away" or "Lose" or "Transfer" these funds.  They were STOLEN FROM THEM.  

Illicit Call Centers: "Facebook Pop-Ups" 

One of the ways that we learn about how these scams play out is that we engage with scammers.  I'm not a professional scam baiter or anything close to it, but it is a useful research tool. When I read the story of the Ontario couple, I knew exactly the type of script that was being followed, because I experienced it last month.  Usually when I call an illicit call center on purpose, I am asked very quickly to give remote control of my computer to the scammers. But one day last month, the call followed a very different script than the primary ones to which I am accustomed.  It started with a Facebook advertisement.

In the top right corner of my Facebook homepage, I had two advertisements displayed: 

The goal of these advertisements is to make a less than wary Facebook user believe that they have unread messages that need to be attended to.  I actually wrote a longer piece for LinkedIn about this type of advertisement about six months ago.  See: "Dangerous Facebook Ads and Call Center Scams" on my LinkedIn page.  In this case, the "vendor" who is providing the Facebook Ads portion of this scam is almost certainly operating from Vietnam.  Crime is global.  Who knew?

Clicking the ad, in the incident that I experience on October 17, 2025, led to exactly the same next steps as the ones I reported on April 24, 2025.  

A fake "Facebook Suspended" page (hosted on web.core.windows[.]net)

Whether you choose "Accept" or "Ignore" on this page, the next thing that happens is that your browser goes "Full Screen" and begins to play an audio warning on loop while displaying this Warning Page: 

Mouse clicking is disabled while an audio warning tells us our Facebook account is going to be deleted if we don't call the indicated number immediately.  I know that I can "Alt-F4" out of this message, but many users would not know how to do so. 

According to our friends at URLScan.io, they have received reports of the "Facebook Suspended" intermediate page in the scam delivery using 933 different URLs, most recently, today.  After a huge spike from November 2024 to January 2025, there has been a constant trickle of these nearly every day since ... often using Microsoft Azure nodes. 

URLScan.io statistics on this page.

Checking the Meta Ad Library, it is easy to see that a new round of these ads launched on October 29, 2025 (two days ago): 

The new ads redirect through a slightly different intermediary page (I have an incoming call from a pretty girl) and then tell me that "Microsoft Care has temporarily disabled your Internet connection" and that I need to call or my "Facebook and Internet accounts will be permanently disabled."

new intermediary page new BSOD page as of 31OCT2025

Illicit Call Centers: Qualifying and "Recruiting" When I placed my call to the scammers on October 17th, I have to admit to being a bit inspired by "Scammer Payback" as I had recently written about his work in breaking up a $65 Million Crime Ring.  I wrote about it in my post "Indian Call Center Scammers Partner with Chinese Money Launderers" on this blog. Following Pierogi's lead, I answered the scammers questions as if I were a retiree.  (Don't let the grey beard fool you, I'm not!) 

The first thing the scammers had me do was to power off my computer. (I was playing an MP3 of their scam audio so they believed I was still on their "lock screen.") 

They asked me "Is this your own computer? or a work computer?"  I answered "Work computer? Heavens no!  I haven't worked in years!"  Then they asked me "Do you know what an IP address is?"  I answered "No, I've never heard of an IT address, but my grandson works in IT ... is this related to him?"  They gave me a very poor explanation of what an IP address is and then asked who my Internet carrier was.  I lied and told them a carrier that doesn't even offer services in my area. They "put me on a brief hold" during which I could hear people talking in Hindi to one another.  Then they came back and said "Yes, I see that your IP address is under investigation by (imaginary carrier)!" 

Then they asked me where I banked (I lied again) and whether I had an investment account (I lied again.) After putting me on another hold, they came back and said that my bank account was also under investigation.  After a few minutes, they came back and said (in a very grave voice) that unfortunately, I was under suspicion for distributing "child pornography" (an obsolete and inappropriate term for Child Sexual Abuse Materials). Unfortunately, they had no choice but to turn this matter over to the FBI.  Please hold as they were going to transfer me to the FBI Agent then.

As I denied having any involvement in CSAM materials, the FBI Agent very sternly yelled at me and asked me for my ZIP Code. 

Unfortunately I had a meeting to attend about then, so I disengaged, but I know the rest of that script.  The ZIP Code is so that they can look up the address of the nearest Bitcoin ATM from my house. 

This is the BEGINNING of what happened to "the Ontario Couple" (only of course they were speaking to a Royal Canadian Mounted Police Agent, rather than an FBI Agent.)

We have assisted in several of these cases -- twice involving the elderly relatives of my own students -- who were convinced over the course of many phone calls over many days -- that they needed to withdraw their cash from the bank, and in one case, put the cash in an overnight delivery box and ship it to a CVS store in the Chicago area.  Why would they do that?  Because the FBI, convinced of their innocence, had asked their permission to use their bank account for a "sting" against a Mexican Drug Cartel. The "FBI Agent" in one case made them take an imaginary oath, similar to the oath one would take when being sworn into military service, that as part of the FBI's Undercover Operation, they were not allowed to speak to anyone about their secret mission.  Doing so would result in them being arrested and charged with Obstruction of Justice. So when the bank says "Why are you withdrawing this money?" and they reply "Because I've decided to invest in Gold Bars" they are not "ignoring the warning of the bank" they are "following their orders as a sworn undercover agent assisting the FBI in breaking up a drug cartel!"  In the Ontario couple's case, the psychological oppression and manipulation continued for FIVE MONTHS as they had their money slowly stolen by a TransNational Organized Crime group who has perfected the art of manipulation.  And in that scenario, the Daily Mail and CTV want to broadcast that these fools gave their money away to criminals despite the bank's warning and they want YOU to believe that is what happened.   Shame on them! Illicit Call Centers: Crime-As-A-Service (via Facebook)

How do these types of crimes begin?  To understand, it is necessary to start taking apart the illicit call center Crime-as-a-Service model that operates via Facebook Groups.  We've been talking about these for nearly a decade now and they are more active now than ever before. 

Here's an example of a scammer boasting that he offers calls on a "Pay Per Call" model for a variety of fraud types.  Facebook, Blue Screen of Death, Amazon, and PayPal. His point in sharing the Call Duration is to indicate that his calls are "sticky." That is, they are likely to have a long enough conversation to "sink the hook."  Calls from 1308 seconds (21 minutes) to 4765 seconds (79 minutes!) are likely to have been believable enough that there is time to have taken the scam to a financially rewarding level. 

"Sounds" posted their advertisements in groups such as: 

• all about tech support
• Genuine Techsupport calls and blocking
• Tech support calls 
• PPC Expert for Tech Support 
• PPC Services for Tech Support
• Tech Support Genuine Calls Kolkata/Delhi
• Tech Support Calls Delhi/Noida/Chandigarh

Every piece of the criminal infrastructure needed to run these scams is available in this Crime-as-a-Service Facebook groups.  Whatever your Illicit Call Center needs, they can provide it. Toll Free Numbers? 

Fake invoices sent via PayPal? Cash Pickup services in USA and Canada?

Zelle accounts to use for money laundering?

And of course as we have already mentioned, the Chinese Money Laundering Organizations are now offering their services inside the Indian Call Center CaaS Facebook groups as well ... (+852 = Hong Kong)

"Kevin" is in the Facebook groups that are more dedicated to the money laundering side of these transnational organized crime operations.  Groups like: 

• Venmo,varo,paypal,zelle,cash 
• PayPal, Venmo And Cash App Verification - 11,400 members
• Paypal | Venmo | Zelle | G-Pay 24/7 Support - 2,100 members

That largest group has been "frozen by Admin" after we reported the popular "BuyAccounts" service that was offering to sell stolen bank accounts and advertiser accounts: 

"Norman Mike" was advertising an Indian telephone number despite attending the University of Johannesburg, living in London, and having an American flag as their cover image. 

https://www.facebook.com/norman.mike.7528/

I'll be sure to post an update on what happens when we suggest to Facebook that Norman Mike may be a fake account!

Illicit Call Centers:  STOP BLAMING THE VICTIM!  In this Crime-as-a-Service Infrastructure, criminals like the Vietnamese programmers who place the Facebook ads work with Indian "Lead Generators" who promise to send "Facebook Pay Per Call" telephone calls from potential victims to Illicit call centers in India and Pakistan, who use Pakistani-provided Toll Free Numbers to make connection, and then use Chinese Money Laundering Organizations to pick up their cash, could we agree that perhaps things are a bit more complicated than our average Ontario pensioner is able to tackle by themselves?  When the Illicit Call Center's scripts and practices qualify the victim as an elderly high wealth pensioner and they are "recruited by the FBI or RCMP" it is entirely insufficient for the bank to say "Sir, this may be a scam" and then boast to the media how they provided an adequate warning!

The post Transnational Organized Crime Gang Steals $1 Million from Ontario Couple appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, has been found in Nagios XI up to 2024R1.0. This issue affects some unknown processing of the file page-missing.php of the component Missing Page. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2024-13992. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is documented as CVE-2025-12547. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the component API Key creation UI. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-12546. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Google has announced enhanced artificial intelligence protections designed to combat the rising tide of mobile scams affecting billions of users worldwide. The company revealed that fraudsters stole over $400 billion globally in the past year using advanced AI-powered schemes, making mobile security more critical than ever. Android’s Advanced Defense Against Mobile Fraud Google’s Android platform […]

The post Google Launches New AI Security Features on Android to Block Mobile Scams appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ex-L3Harris exec sells U.S. cyber secrets, "Brash" Chromium flaw crashes browsers, and hacktivists tamper with Canadian industrial systems.

Submit #677172 / VDB-330807