British Airways flight enroute to London returns to Bengaluru due to technical glitch
The flight, a Boeing 772, originally supposed to depart at 6.45 am, was delayed by an hour.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
3 minutes ago
- Techday NZ
Over 80,000 Microsoft Entra ID accounts hit by major takeover campaign
Proofpoint has identified an active account takeover campaign targeting Microsoft Entra ID users and exploiting the TeamFiltration penetration testing framework. The campaign, which Proofpoint has named UNK_SneakyStrike, has involved attackers gaining unauthorised access to native applications including Microsoft Teams, OneDrive, and Outlook. According to the company's research, since December 2024 this activity has impacted over 80,000 user accounts across hundreds of organisations, resulting in several instances of successful account takeover. Attack methods UNS_SneakyStrike deploys the TeamFiltration pentesting framework to carry out its attacks, leveraging the Microsoft Teams API and Amazon Web Services (AWS) servers in multiple geographical regions. The attackers execute user-enumeration and password-spraying attacks to identify and compromise target accounts. TeamFiltration, which was first released in January 2021, is a post-exploitation tool originally designed for legitimate penetration testing and risk evaluation of Microsoft 365 environments. The tool automates a variety of tactics, techniques, and procedures (TTPs) associated with account takeover campaigns, including account enumeration, password spraying, and data exfiltration. The attackers have exploited access to specific resources and applications with TeamFiltration's features for persistent access. These include "backdooring" via OneDrive, accomplished by uploading malicious files to a user's OneDrive and replacing desktop files with rogue versions, potentially containing malware or macros for ongoing access. Proofpoint noted, "TeamFiltration helps automate several tactics, techniques, and procedures (TTPs) used in modern ATO attack chains. As with many security tools that are originally created and released for legitimate uses, such as penetration testing and risk evaluation, TeamFiltration was also leveraged in malicious activity." Identifying the activity Proofpoint researchers analysed TeamFiltration's public GitHub documentation and configuration files to identify a rare user agent string — representing an outdated Teams client — being used during suspicious activity. This served as a key indicator for tracking unauthorised uses of the tool. They also observed attempts by attackers to access sign-in applications from devices incompatible with those services, suggesting the use of user agent spoofing as a means to disguise the source of the attacks. Another indicator was the pattern of attempted access to a defined list of Microsoft OAuth client applications. The applications are capable of obtaining special "family refresh tokens," allowing attackers to exchange them for access tokens to exploit various native Microsoft applications. Proofpoint found that TeamFiltration's most recent client ID list contained some inaccuracies, with incorrect mappings for 'Outlook' and 'OneNote'. Despite this, the tool's configuration closely aligned with a known family of client IDs published publicly by another cyber security research initiative. AWS infrastructure and behaviour TeamFiltration requires an AWS account to conduct its simulated attacks. Its password spraying function systematically rotates through different AWS Regions, and its enumeration features rely either on a disposable Microsoft 365 Business Basic account or, following recent updates, on a OneDrive-based method. Proofpoint stated, "TeamFiltration's enumeration function leverages the disposable account and the Microsoft Teams API to verify the existence of user accounts within a given Microsoft Entra ID environment before launching password spraying attempts. A recent update to the tool's code introduced a OneDrive-based enumeration method, enhancing its enumeration capabilities." Attacks attributed to TeamFiltration have been observed originating from AWS infrastructure and rotating across multiple AWS regions, with password spraying attempts systematically spread for wider impact and to hinder detection. Campaign analysis Proofpoint began tracking a distinct activity set, UNK_SneakyStrike, after differentiating malicious use of TeamFiltration from legitimate penetration testing activity. The main difference was that attackers operated in indiscriminate, high-volume bursts across many cloud tenants, while security assessments tend to be more targeted and controlled. Proofpoint threat researchers have recently uncovered an active account takeover (ATO) campaign, tracked as UNK_SneakyStrike, using the TeamFiltration pentesting framework to target Entra ID user accounts. Using a combination of unique characteristics, Proofpoint researchers were able to detect and track unauthorized activity attributed to TeamFiltration. According to Proofpoint findings, since December 2024 UNK_SneakyStrike activity has affected over 80,000 targeted user accounts across hundreds of organizations, resulting in several cases of successful account takeover. Attackers leverage Microsoft Teams API and Amazon Web Services (AWS) servers located in various geographical regions to launch user-enumeration and password-spraying attempts. Attackers exploited access to specific resources and native applications, such as Microsoft Teams, OneDrive, Outlook, and others. The volume of login attempts linked to TeamFiltration saw a marked increase starting in December 2024, peaking in January 2025. Over 80,000 user accounts across approximately 100 cloud tenants were targeted, with multiple cases of account takeover observed. Patterns and regional targeting UNK_SneakyStrike activities typically occur in concentrated bursts, focusing on numerous users within a single cloud environment, and then pausing for periods of four to five days. The apparent strategy varies by organisation size: all users within smaller tenant environments are targeted, but only specific user subsets are selected among larger tenants. The primary sources for malicious login activity were traced to AWS infrastructure in three regions: the United States (42% of IP addresses), Ireland (11%), and Great Britain (8%). Tool risks and future outlook Proofpoint noted that penetration testing tools such as TeamFiltration are intended to benefit defensive security operations, but acknowledged their potential for malicious use. "While tools such as TeamFiltration are designed to assist cyber security practitioners in testing and improving defense solutions, they can easily be weaponized by threat actors to compromise user accounts, exfiltrate sensitive data, and establish persistent footholds." The company expects such advanced tools to become more common among attackers. "Proofpoint anticipates that threat actors will increasingly adopt advanced intrusion tools and platforms, such as TeamFiltration, as they pivot away from less effective intrusion methods." Proofpoint has provided security indicators, including a list of observed IP addresses and user agent strings, to aid organisations in detecting potential unauthorised access related to this campaign. The company recommends correlating these indicators with additional context and behavioural analytics for accurate detections.
Techday NZ
4 minutes ago
- Techday NZ
Ciena report highlights rising wave service demand & cable growth
Ciena has published a report analysing growing demand for wave services as artificial intelligence (AI), data centre interconnect (DCI), and cloud technologies continue to reshape global network requirements. The report details significant developments in the connectivity sector, highlighting how the expansion of hyperscale data centres and managed optical fibre networks (MOFN) is driving change in high-speed network infrastructure. Forecasts indicate that 39 new hyperscaler data centres are expected to be operational by the end of 2025. Growth in wave services The report identifies wave services as fundamental to meeting the evolving needs of data centre interconnection, with underlying demand increasingly shaped by developments in AI and cloud technology. These trends have resulted in heightened requirements for high-capacity, low-latency, and diversified network paths. "As cloud providers scale data centre networks to address AI performance requirements, wave services must also evolve in terms of capacity, coverage, latency, and route diversity," said Mark Bieberich, Vice President of Portfolio Marketing, Ciena. "Demand for wave services is growing steadily worldwide, as data centre network expansion requires increasingly high-capacity interconnection among various types of network operators and end users." Research from Vertical Systems Group, cited in the report, reveals that the total wave services circuits market in the United States grew by nearly eight percent in 2024, with a projection of continued steady growth through 2029. This growth is particularly noticeable in cloud on-ramps, evidenced by the 41% share taken by metro geographical scope and the prevalence of retail customers at 58% of the market. In terms of capacity, the report forecasts a substantial increase in 400G circuits between 2024 and 2029, while 100G circuit deployments are also projected to rise steadily. Conversely, growth in 10G circuits is expected to be more modest. Wave services, which leverage Dense Wavelength Division Multiplexing (DWDM) technology, offer significant data-transmission capacity via optical fibre. The backbone of data centre connectivity, these services are currently dominated by 100G and 400G connections, although many existing 10G circuits are being upgraded in response to rising performance demands. Submarine cable milestones The report also underscores an exceptional year for the submarine cable sector, noting that a record-breaking 161,100 kilometres of submarine cable are set to become ready for service (RFS) in 2025. This figure surpasses the previous high of 121,000 kilometres, which was reached in 2001, marking a new phase of global network infrastructure development. "With infrastructure expanding rapidly and resource constraints increasingly shaping growth, anticipating demand has never been more important," Bieberich added. "Network operators providing wave services can seize this moment by proactively routing new submarine cables to emerging data centres and innovating to address these challenges. Differentiation through greater route diversity, low-latency connectivity, and compelling managed services is key to staying ahead." Expansion in submarine cable routes is synchronised with the needs of emerging and established data centre locations, supporting the transfer of substantial data volumes across continents. With managed services and increasing route diversity playing growing roles, operators are repositioning their offerings in line with infrastructure trends and technological advancements. Industry analysis and outlook The findings from Ciena's report are based on a detailed assessment of current connectivity trends. The report presents a comprehensive look at how the evolution of data centre architecture and demand for AI processing are influencing every layer of the network service landscape. Key considerations include the drive for lower latency, regulatory requirements around data sovereignty, and the need to expand high-speed services to new regions and user groups. By providing forecasts through 2029, the report intends to help stakeholders in the telecommunications, cloud, and data centre industries plan and strategise effectively to maintain competitive positioning as network capacity demands accelerate. The analysis highlights not just technological drivers, but the operational and market considerations that are shaping wave services growth globally.
Techday NZ
4 minutes ago
- Techday NZ
Red Canary deploys AI agents to slash security investigation times
Red Canary has announced the introduction of a suite of AI agents designed to perform tier 2 security investigations at the pace and calibre of experienced analysts. These AI agents have already conducted over 2.5 million investigations, reportedly reducing the average investigation time by 90%. The agents are trained on a decade's worth of operational data and provide contextual gathering, alert enrichment, and recommended actions for identified threats, with a stated aim to lessen alert noise and assist security teams in managing evolving threats without increased complexity or risk. Reducing manual security tasks The AI agents are described as specialists across every phase of detection, investigation, and response. They cover roles including security operations centre (SOC) analyst, detection engineering, threat intelligence, and user analysis, automating many procedures traditionally undertaken by security experts. For organisations, this means the agents automate both Tier 1 and Tier 2 analyst tasks in various environments such as cloud, identity, Security Information and Event Management (SIEM), and endpoint systems. According to Red Canary, this leads to faster root cause analysis and remediation of security incidents. In addition, a threat intelligence agent compares threats against known profiles, identifying new trends and aiding intelligence operations. Impact and efficiency Red Canary states that, by automating analyst-level workflows, customers have reduced investigation times from over 20 minutes to under three minutes on average, with the company citing a 99.6% customer-validated true positive rate. The system is built to be enterprise-grade, with training on 10 years of real-world data and with continuous oversight by security operators to ensure consistency and reliability. "Several years ago, we introduced automation to replace repetitive Tier 1 work," said Brian Beyer, CEO and Co-founder of Red Canary. "Now, by combining the best of agentic AI with AI agents that are equipped with years of frontline experience, we're taking the next leap—accelerating Tier 2 investigations with the speed of automation and the judgment of experienced security analysts. This shift allows every Red Canary detection engineer to focus on Tier 3-level analysis, delivering deeper insights and stronger outcomes for our customers." Practical use cases Red Canary offered specific examples to illustrate the value of the AI agents. In one scenario, a user behaviour analysis agent flagged an anomalous Salesforce login, missed by other tools. A reputation analysis agent added context by identifying the login as originating from a high-risk IP address. Red Canary's team validated the threat and quickly alerted the customer, allowing for immediate password reset and containment within minutes. Another example involved a compromised account detected through alert enrichment and user behaviour analysis. These agents identified a suspicious application and proxy activity from an unfamiliar ISP and geography. A Red Canary detection engineer confirmed that a user's access token had been compromised and notified the customer's security operations team for swift response. Scope of agent capabilities The suite currently includes agents specialised for specific systems, including Microsoft Defender for Endpoint, Crowdstrike Falcon Identity Protection, AWS Guardduty, and Microsoft Sentinel. These agents are designed to deliver consistent procedures for their respective environments. The response and remediation agent offers concrete steps for both addressing current incidents and hardening systems to reduce future risk, while the user baselining and analysis agent highlights deviations in user activity by comparing real-time behaviour to historical patterns. Red Canary underscores that its agents are not fully autonomous decision-makers; instead, their outputs are subject to the oversight of experienced detection engineers, aiming to balance automation, reliability, and human judgement. This development represents an ongoing trend in the security sector towards applying artificial intelligence to reduce manual workloads, lower incident response times, and support strained security teams. According to Red Canary, its focus remains on reducing noise, accelerating triage, and providing expert analysis for each threat faced by its clients.
