Latest news with #ThreatIntelligence
Forbes
3 days ago
- Forbes
FBI Warning To 10 Million Android Users — Disconnect Your Devices Now
Discconnect now, FBI warns 10 million Android users. Update, July 26, 2025: This story, originally published on July 25, has been updated with a statement from the researchers which initially disclosed and disrupted the BadBox 2.0 operation that the FBI and Google are tackling head-on. In March, I reported that one of the largest botnets of its kind ever detected had impacted over a million Android devices. That massive attack was known as BadBox, but it has now been eclipsed by BadBox 2.0, with at least 10 million Android devices infected. Google has taken action to protect users as best it can, as well as launching legal action against the attackers, and the FBI has urged impacted users to disconnect their devices from the internet. Here's what you need to know. The FBI, Google And Others Warn Of Android BadBox 2.0 Attacks The FBI cybersecurity alert, I-060525-PSA, could not have been clearer: ongoing attacks are targeting everything from streaming devices, digital picture frames, third-party aftermarket automobile infotainment systems and other assorted home smart devices. The devices, all low-cost and uncertified, mostly originating in China, allow attackers to access your home network and beyond by, the FBI warned, 'configuring the product with malicious software prior to the user's purchase.' It has also been noted, however, that mandatory 'software updates' during the installation process can also install a malicious backdoor. Point Wild's Threat Intelligence Lat61 Team reverse-engineered the BadBox 2 infection chain and, as a result, uncovered new indicators of compromise that have been shared with global Computer Emergency Response Teams, as well as law enforcement. 'This Android-based malware is pre-installed in the firmware of low-cost IoT devices, smart TVs, TV boxes, tablets, before they even leave the factory,' Kiran Gaikwad from the LAT61 team said, 'It silently turns them into residential proxy nodes for criminal operations like click fraud, credential stuffing, and covert command and control (C2) routing.' Google, meanwhile, confirmed in a July 17 statement that it had 'filed a lawsuit in New York federal court against the botnet's perpetrators.' Google also said that it has 'updated Google Play Protect, Android's built-in malware and unwanted software protection, to automatically block BadBox-associated apps.' Human Security Behind Initial BadBox 2.0 Disclosure And Disruption Human Security, whose Satori Threat Intelligence and Research Team originally both disclosed and disrupted the BadBox 2.0 threat campaign, said at the time that researchers believed 'several threat actor groups participated in BadBox 2.0, each contributing to parts of the underlying infrastructure or the fraud modules that monetize the infected devices, including programmatic ad fraud, click fraud, proxyjacking, and creating and operating a botnet across 222 countries and territories.' If nothing else, that provides some context to the scale of this campaign. Now, Stu Solomon, the Human Security CEO, has issued the following statement: 'We applaud Google's decisive action against the cybercriminals behind the BadBox 2.0 botnet our team uncovered. This takedown marks a significant step forward in the ongoing battle to secure the internet from sophisticated fraud operations that hijack devices, steal money, and exploit consumers without their knowledge. Human's mission is to protect the integrity of the digital ecosystem by disrupting cybercrime at scale, and this effort exemplifies the power of collective defense. We're proud to have been deeply involved in this operation, working in close partnership with Google, TrendMicro, and the Shadowserver Foundation. Their collaboration has been invaluable in helping us expose and dismantle this threat.' FBI Recommendations And Mitigations — Disconnect Your Devices Now The FBI has recommended that Android users should be on the lookout for a number of potential clues that your Chinese-manufactured smart device could be infected with BadBox 2.0 malware. When it comes to mitigation, the advice is straightforward: users should 'consider disconnecting suspicious devices from their networks,' the FBI said.
Associated Press
21-07-2025
- Business
- Associated Press
watchTowr Unveils AI-Powered Preemptive Exposure Management Platform to Outpace Rise of Zero-Day Exploitation
SINGAPORE & LONDON & NEW YORK--(BUSINESS WIRE)--Jul 21, 2025-- watchTowr today announced a significant product evolution, unveiling a Preemptive Exposure Management solution that builds on its proven success in enabling organizations to stay ahead of in-the-wild exploitation of critical vulnerabilities. Built for Fortune 500 companies and critical infrastructure providers, the enhancement merges watchTowr's Proactive Threat Intelligence capabilities with its proven External Attack Surface Management technology into a unified, AI-powered platform that autonomously provides security teams with the speed, confidence and precision needed to move faster than attackers. In an alarming trend the industry continues to battle, the speed at which vulnerabilities are exploited continues to shrink, in some cases, within as little as four hours. In an increasingly high-speed threat environment, approaches driven by vulnerability management SLAs are no longer enabling organizations to remain secure. The watchTowr Platform addresses this by combining proprietary threat intelligence, real-time attacker telemetry, and automated red teaming to provide organizations with clear, rapid insights into how they could be breached—and what to do about it—before the inevitable occurs. 'By the time a vulnerability hits the headlines, attackers have already broken in, and in many cases, left backdoors behind,' said Benjamin Harris, co-founder and CEO of watchTowr. 'When threats move faster than your team can react, time becomes your most critical defense. That's exactly what the watchTowr Platform is designed to give you: time to react and fight back, before a breach occurs.' At the heart of this speed is an AI Execution Pipeline, a critical layer that autonomously translates what attackers are doing in the wild into actionable intelligence, determining whether and exactly how an organization's environment and systems are impacted. When adversaries shift tactics, autonomous tests are triggered instantaneously within the watchTowr Platform without manual input, giving organizations more time than ever to respond. watchTowr's Proactive Threat Intelligence provides proprietary and first-party insight into real-time attacker behavior, fueled by a number of distinct capabilities: These capabilities are fused with watchTowr's market-leading External Attack Surface Management technology: Together, watchTowr's Proactive Threat Intelligence and External Attack Surface Management capabilities, wrapped within its autonomous AI Execution Pipeline, help customers accurately predict the tactics and techniques likely to be used in future attacks, understand how attackers are targeting organizations today, and automatically and continuously determine whether they are currently affected or exposed within minutes, buying time in an ever aggressive race between attackers and defenders. The enhancements to the watchTowr Platform come on the heels of the appointment of Ryan Dewhurst to lead Proactive Threat Intelligence at the company. To take the first step in preemptively discovering exposure in your attack surface, visit View source version on CONTACT: Jason Vancura Marketbridge for watchTowr [email protected] KEYWORD: UNITED STATES SINGAPORE UNITED KINGDOM SOUTHEAST ASIA NORTH AMERICA ASIA PACIFIC EUROPE NEW YORK INDUSTRY KEYWORD: NETWORKS SECURITY TECHNOLOGY ARTIFICIAL INTELLIGENCE SOFTWARE SOURCE: watchTowr Copyright Business Wire 2025. PUB: 07/21/2025 06:00 AM/DISC: 07/21/2025 06:01 AM
Zawya
18-07-2025
- Business
- Zawya
Trend Micro Celebrates 20th Consecutive Recognition as a Leader in Gartner® Magic Quadrant™ Endpoint Protection Platforms
Threat intelligence and security capabilities continue to outpace threats HONG KONG SAR - Media OutReach Newswire - 18 July 2025 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, has announced that it has been recognized an unprecedented 20 consecutive times as a Leader in Endpoint Protection Platforms*. No other vendor has been named a Gartner Magic Quadrant Leader for so long in this category—which Trend believes illustrates the enduring strength of its strategic vision, customer focus, and commitment to innovation. To learn more about Trend's 20 th consecutive placement as a Leader, visit: Eva Chen, CEO at Trend:"Trend is proud to be recognized as a Leader for the 20th consecutive time. We believe our decades of expertise and intelligence are the key to leading the next era of security with our unmatched AI and proactive security capabilities." Trend achieved its milestone this year with Trend Vision One™ Endpoint Security, which is built on the foundations of product excellence laid over the past two decades. Trend has ranked amongst the three highest scoring vendors across all Use Cases in the Gartner companion 2025 Critical Capabilities for Endpoint Protection Platforms report. Mark Houpt, CISO at Databank: "Security used to be about locking the doors. Now it's about navigating the unknown. Trend helps us do that—not just with powerful endpoint protection, but through a platform where everything works together by design. That integration is how we find threats faster, respond smarter, with fewer blind spots and more confidence." Five core tenets drive Trend's expertise: Commitment to innovation: Trend believes that the only way to remain an EPP Leader for 20 consecutive reports is to continuously anticipate what's coming next. Trend has introduced deepfake detection, adaptive behavioral protection and more to ensure that customers can stay proactive. Together, these efforts help them to minimize response times and optimize cyber resilience. Unified approach: Endpoint protection should not exist in a vacuum. Trend's approach delivers these capabilities in a single, centralized platform, alongside CREM, attack path prediction, compliance, generative AI protection, XDR and more. This eliminates security gaps, reduces cost and complexity, and empowers security teams to see more, respond faster, and work more productively. Consistent performance: Trend's industry expertise is built on outstanding products, designed for some of the world's most demanding and highly regulated environments. Trend Micro ranked highest in Core Endpoint Protection, Workspace Security Platform, and Architecturally Constrained Environments Use Cases in the 2025 Critical Capabilities for Endpoint Protection Platforms. Global reach: No two customers, or regions, are the same. Different organizations may have different regulatory, threat landscape, and operational challenges. With Trend, they benefit from the scale, innovation and threat intelligence of a global leader, but with the localized expertise of a partner with a presence in North America, Europe, Asia and Australia. Customers want technology partners they can trust. Trend has been helping global organizations to navigate their unique business and cybersecurity challenges for over 30 years. * Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Deepak Mishra, Franz Hinner, 14 July 2025 # # # GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Hashtag: #trendmicro #trendvisionone #visionone #cybersecurity #Gartner #GartnerEPP #EPP The issuer is solely responsible for the content of this announcement. About Trend Micro Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. Trend Micro
Malay Mail
18-07-2025
- Business
- Malay Mail
Trend Micro Celebrates 20th Consecutive Recognition as a Leader in Gartner® Magic Quadrant™ Endpoint Protection Platforms
Threat intelligence and security capabilities continue to outpace threats # # # HONG KONG SAR - Media OutReach Newswire - 18 July 2025 – Trend Micro Incorporated TSE: 4704 ), a global cybersecurity leader, has announced that it has been recognized an unprecedented 20 consecutive times as a Leader in Endpoint Protection Platforms*. No other vendor has been named a Gartner Magic Quadrant Leader for so long in this category—which Trend believes illustrates the enduring strength of its strategic vision, customer focus, and commitment to innovation."Trend is proud to be recognized as a Leader for the 20th consecutive time. We believe our decades of expertise and intelligence are the key to leading the next era of security with our unmatched AI and proactive security capabilities."Trend achieved its milestone this year with Trend Vision One™ Endpoint Security, which is built on the foundations of product excellence laid over the past two has ranked amongst the three highest scoring vendors across all Use Cases in the Gartner companion 2025 Critical Capabilities for Endpoint Protection Platforms report."Security used to be about locking the doors. Now it's about navigating the unknown. Trend helps us do that—not just with powerful endpoint protection, but through a platform where everything works together by design. That integration is how we find threats faster, respond smarter, with fewer blind spots and more confidence."Five core tenets drive Trend's expertise:Trend believes that the only way to remain an EPP Leader for 20 consecutive reports is to continuously anticipate what's coming next. Trend has introduced deepfake detection, adaptive behavioral protection and more to ensure that customers can stay proactive. Together, these efforts help them to minimize response times and optimize cyber protection should not exist in a vacuum. Trend's approach delivers these capabilities in a single, centralized platform, alongside CREM, attack path prediction, compliance, generative AI protection, XDR and more. This eliminates security gaps, reduces cost and complexity, and empowers security teams to see more, respond faster, and work more industry expertise is built on outstanding products, designed for some of the world's most demanding and highly regulated environments. Trend Micro ranked highest in Core Endpoint Protection, Workspace Security Platform, and Architecturally Constrained Environments Use Cases in the 2025 Critical Capabilities for Endpoint Protection two customers, or regions, are the organizations may have different regulatory, threat landscape, and operational challenges. With Trend, they benefit from the scale, innovation and threat intelligence of a global leader, but with the localized expertise of a partner with a presence in North America, Europe, Asia and want technology partners they can trust. Trend has been helping global organizations to navigate their unique business and cybersecurity challenges for over 30 Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Deepak Mishra, Franz Hinner, 14 July 2025Hashtag: #trendmicro #trendvisionone #visionone #cybersecurity #Gartner #GartnerEPP #EPP The issuer is solely responsible for the content of this announcement. About Trend Micro Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world.
Forbes
08-06-2025
- Forbes
Do Not Answer These Calls — Google Issues New Smartphone Warning
Beware the UNC6040 smartphone threat. Update, June 8, 2025: This story, originally published on June 6, has been updated with further warnings from the FBI regarding dangerous phone calls, as well as additional information from the Google Threat Intelligence Group report potentially linking the UNC6040 threat campaign to an infamous cybercrime collective known as The Com. Google's Threat Intelligence Group has issued a new warning about a dangerous cyberattack group known only as UNC6040, which is succeeding in stealing data, including your credentials, by getting victims to answer a call on their smartphone. There are no vulnerabilities to exploit, unless you include yourself: these attackers 'abuse end-user trust,' a Google spokesperson said, adding that the UNC6040 campaign 'began months ago and remains active.' Here's what you need to know and do. TL;DR: Don't answer that call, and if you do, don't act upon it. If you still need me to warn you about the growing threat from AI-powered cyberattacks, particularly those involving calls to your smartphone — regardless of whether it's an Android or iPhone — then you really haven't been paying attention. It's this lack of attention, on the broadest global cross-industry scale, that has left attackers emboldened and allowed the 'vishing' threat to evolve and become ever-increasingly more dangerous. If you won't listen to me, perhaps you'll take notice of the cybersecurity and hacking experts who form the Google Threat Intelligence Group. A June 4 posting by GTIG, which has a motto of providing visibility and context on the threats that matter most, has detailed how it's been tracking a threat group known only as UNC6040. This group is financially motivated and very dangerous indeed. 'UNC6040's operators impersonate IT support via phone,' the GTIG report stated, 'tricking employees into installing modified (not authorized by Salesforce) Salesforce connected apps, often Data Loader variants.' The payload? Access to sensitive data and onward lateral movement to other cloud services beyond the original intrusion for the UNC67040 hackers. Google's threat intelligence analysts have designated UNC6040 as opportunistic attackers, and the broad spectrum of that opportunity has been seen across hospitality, retail and education in the U.S. and Europe. One thought is that the original attackers are working in conjunction with a second group that acts to monetize the infiltrated networks and stolen data, as the extortion itself often doesn't start for some months following the initial intrusion itself. The Google Threat Intelligence Group report has linked the activity of the UNC640 attack group, specifically through shared infrastructure characteristics, with a cybercrime collective known as The Com. The highly respected investigative cybersecurity journalist, Brian Krebs, has described The Com as being a 'distributed cybercriminal social network that facilitates instant collaboration.' This social network exists within Telegram and Discord servers that are home to any number of financially motivated cybercrime actors. Although it is generally agreed that The Com is something of a boasting platform, where criminal hackers go to boost their exploit kudos while also devaluing the cybercrime activities of others, its own value as a resource for threat actors looking to find collaborative opportunities with like-minded individuals should not be underestimated. 'We've also observed overlapping tactics, techniques, and procedures,' Google's TIG researchers said with regard to The Com and UNC6040, 'including social engineering via IT support, the targeting of Okta credentials, and an initial focus on English-speaking users at multinational companies.' However, the GTIG report admits that it is also quite possible these overlaps are simply a matter of associated threat actors who all boast within the same online criminal communities, rather than being evidence of 'a direct operational relationship' between them. The Federal Bureau of Investigation has now also joined the chorus of security experts and agencies warning the public about the dangers of answering smartphone calls and messages from specific threat groups and campaigns. Public cybersecurity advisory I-051525-PSA has warned that the FBI has observed a threat campaign, ongoing since April 2025, that uses malicious text and voice messages impersonating senior U.S. officials, including those in federal and state government roles, to gain access to personal information and ultimately valuable online accounts. As with the latest Google Threat Intelligence Group warning, these attacks are based around the fishing tactic of using AI-generated voice messages along with carefully crafted text messages, known as smishing, as a method of engendering trust and, as the FBI described it, establishing rapport with the victim. 'Traditionally, malicious actors have leveraged smishing, vishing, and spear phishing to transition to a secondary messaging platform,' the FBI warned, 'where the actor may present malware or introduce hyperlinks that direct intended targets to an actor-controlled site that steals log-in information, like usernames and passwords.' The latest warnings regarding this scam call campaign have appeared on social media platforms such as X, formerly known as Twitter, from the likes of the FBI Cleveland and FBI Nashville, as well as on law enforcement websites, including the New York State Police. The message remains the same: the FBI won't call you demanding money or access to online accounts, and the New York State Police won't call you demanding sensitive information or threatening you with arrest over the phone. 'Malicious actors are more frequently exploiting AI-generated audio to impersonate well-known, public figures or personal relations to increase the believability of their schemes,' the FBI advisory warned. The FBI has recommended that all smartphone users, whether they iPhone or Android devices, must seek to verify the true identity of the caller or sender of a text message before responding in any way. 'Research the originating number, organization, and/or person purporting to contact you,' the FBI said, 'then independently identify a phone number for the person and call to verify their authenticity.' To mitigate the UNC6040 attack risk, GITG said that organisations should consider the following steps: And, of course, as Google has advised in previous scam warnings, don't answer those phone calls from unknown sources. If you do, and it's someone claiming to be an IT support person, follow the FBI advice to hang up and use the established methods within your organization to contact them for verification.
