Philipp Beer, Marco Squarcina and Martina Lindorfer, researchers from the Security and Privacy Group at TU Wien Informatics in Austria, and Sebastian Roth from the University of Bayreuth in Germany, have revealed with their research into Tapjacking and the TapTrap threat. In developing TapTrap, the researchers have demonstrated how an app without any permissions at all can abuse screen animations to open another screen without the user knowing, turn it invisible, and get them to unknowingly click on a permission prompt. This method of executing a transparent action with an invisible malicious one underneath is new and dangerous. Whereas, ordinarily, when the screen changes in Android, you would expect to see an animation, maybe a sliding or fading effect at one screen changes to another, a TapTrap attack can make the new screen “fully transparent, keeping it hidden from you,” the researcher said. “Any taps you make during this animation go to the hidden screen,” they continued, “not the visible app.” The app could then get you to tap areas of the screen that “correspond to sensitive actions on the hidden screen,” the researchers explained, “allowing it to perform actions without your knowledge.” Actions like, for example, enabling the device administrator permission, which can let an app remotely wipe your phone.
Virtru’s cloud platform lets organizations securely share sensitive data by using an open-source file format TDF that connects files to a server which encrypts them and only decrypts them for permissioned users, requiring one-time codes for access
Virtru Inc., a startup that helps enterprises prevent unauthorized access to their data, commercializes an open-source file format known as TDF designed to let organizations to securely share sensitive data with one another. TDF works by connecting files to a server controlled by the company that created them. This server encrypts the files and only decrypts them for users who have permission to view them. Virtru sells a cloud platform that uses TDF to help companies encrypt files before they move outside the corporate network. Users can specify who may view the records and revoke access through a centralized interface. The platform also provides other cybersecurity controls. Workers may set an expiration date for shared files, watermark them and monitor how they’re accessed. The recipients of such files can only open them using a Virtru-operated cloud application that is activated with one-time codes. There’s a standalone file sharing service called Virtru Secure Share, as well as versions that integrate with Google Workspace and Microsoft 365. The latter tools can encrypt not only business files but also emails. Another Virtru product called Virtru Private Keystore helps enterprises manage the encryption keys and generates an audit trail that tracks how encryption keys are used. Another tool called Data Protection Gateway scans inbound emails, detects sensitive data such as credit card numbers and encrypts them.
Trustwave’s managed phishing protection service for Microsoft users service aims to address gaps in native email security product deployments by offering a more comprehensive solution
Trustwave has launched Managed Phishing for Microsoft, a service designed to improve phishing defenses for organizations using Microsoft Office 365 and Defender for Office. Phishing remains the most reported type of cybercrime globally, with attackers using advanced AI-powered tactics to bypass default email security measures. Trustwave has developed a managed cybersecurity solution to deliver continuous protection and user awareness for businesses. The service works alongside Microsoft’s built-in defenses, providing additional layers of risk reduction and email security management. Features include end-to-end technology management, multi-layered detection systems, regular simulated phishing exercises, and around-the-clock threat response. Trustwave’s technology management capabilities provide complete setup and administration of phishing-related policies and rules, minimizing the management burden for internal IT teams. The detection aspect uses AI-driven engines supported by Trustwave SpiderLabs threat research, reducing exposure to threats by over 99 per cent. The service also offers regular phishing simulations to strengthen employee vigilance, tailored to each organization’s unique environment. The Managed Phishing for Microsoft service aims to address gaps in native email security product deployments by offering a more comprehensive solution through a combination of technology, security expertise, and employee awareness. Regular phishing simulations are tailored to an organization’s specific business environment, creating ongoing awareness and a stronger culture of vigilance among employees.
Nacha’s Payments Innovation Alliance’s educational video on quantum computing urges for industry-wide collaboration and transitioning to quantum-resistant cryptographic methods to ensure secure and resilient payments ecosystem
Nacha’s Payments Innovation Alliance, a membership program that brings together diverse global stakeholders seeking to transform the payments industry, has released a new educational video, Protecting Payments in the Quantum Era: Prepare for Impact. Developed by the Alliance’s Quantum Payments Project Team, the video provides a foundational understanding of quantum computing and its implications for the payments ecosystem. As quantum technology advances, it poses both transformative opportunities and significant risks, particularly to the cryptographic systems that underpin today’s secure transactions. The video introduces viewers to the fundamentals of quantum computing, highlighting how it differs from classical computing in its ability to process complex calculations at unprecedented speeds. It also delves into the potential impact of quantum advancements on encryption and data security, emphasizing the vulnerabilities of current cryptographic systems. The video also underscores the urgency for financial institutions to begin transitioning to quantum-resistant cryptographic methods and calls for industry-wide collaboration to ensure a secure and resilient payments infrastructure that is prepared for the quantum era.
Fingerprint’s platform can help identify all types of agentic-driven fraud by detecting residential proxies which are increasingly accessible and affordable, and commonly used by fraudsters looking to mask their IP addresses
Fingerprint announced new Smart Signals and platform enhancements that detect malicious bots and AI agents, distinguishing them from legitimate automated traffic: Bot/AI Agent Detection: Bot Detection Smart Signal can detect dozens of bot detection and browser automation software tools. It performs intelligent classification on each API request to determine whether a bot or agent is legitimate or malicious, with only verified beneficial bots and agents classified as trustworthy. Virtual Machine Detection Smart Signal further enhances AI agent and bot detection by identifying virtual machines, which are commonly used in automated fraud schemes. This capability provides an additional layer of protection against sophisticated attack vectors. Residential Proxy Detection addresses one of the most challenging aspects of modern fraud detection. Residential proxies are increasingly accessible and affordable, making them attractive tools for fraudsters looking to mask their IP addresses. Because agentic traffic can be routed through ISPs to real residential IP addresses—giving malicious agents high authenticity—the ability to detect residential proxies with confidence levels is crucial for identifying all types of agentic-driven fraud. Request Filtering: Fingerprint has gathered a list of known user agents used by AI companies for web scraping and model training, as well as AI assistants that help with scheduling and other repetitive tasks. The Request Filtering functionality allows customers to filter out these legitimate AI agents and bots from fingerprinting, helping optimize billing costs without compromising detection capabilities for AI-driven fraud.
US phone carriers are rolling out blocking of unauthorized number port outs and wireless account locking for combating SIM swap attacks
To combat SIM swap attacks of impersonation and deception tactics, known as social engineering attacks, three major phone carriers in the United States — AT&T, T-Mobile, and Verizon — have introduced security features that make it more difficult for malicious hackers to deceptively get a customer’s account changed, such as porting out their phone number. In July, AT&T introduced its free Wireless Account Lock security feature to help prevent SIM swaps. The feature allows AT&T customers to add extra account protection by toggling on a setting that prevents anyone from moving a SIM card or phone number to another device or account. The feature can be switched on via AT&T’s app or through its online account portal by anyone who manages the account, so make sure that account is protected with a unique password and multi-factor authentication. T-Mobile allows customers to prevent SIM swaps and block unauthorized number port outs for free through their T-Mobile online account. The primary account holder will have to log in to change to the setting, such as switching it on or off. Verizon has two security features called SIM Protection and Number Lock, which prevent SIM swaps and phone number transfers, respectively. Both of these features can be turned on via the Verizon app and through the online account portal by an account’s owner or manager. Verizon says that switching off the feature may result in a 15-minute delay before any transactions can be performed — another safeguard to allow the legitimate account holder to reverse any account changes.
Android 16’s Advanced Protection features seek to secure mobile devices on Chrome by auto-enabling HTTPS for secure connections, disabling the optimizing Javascript compilers inside V8 and isolating malicious sites from accessing data or code from another website
With Android 16, users can enable Advanced Protection to “activate Google’s strongest security for mobile devices.” There are three main Advanced Protection features in Chrome 137+ on Android 16, starting with “Always use secure connections” — or HTTPS — being enabled. Before connecting to an insecure (HTTP) site, Chrome asks for explicit permission before loading. This setting protects users from attackers reading confidential data and injecting malicious content into otherwise innocuous webpages. The next feature disables the “higher-level optimizing Javascript compilers inside V8.” V8 is Chrome’s high-performance Javascript and WebAssembly engine. The optimizing compilers in V8 make certain websites run faster, however they historically also have been a source of known exploitation of Chrome. Of all the patched security bugs in V8 with known exploitation, disabling the optimizers would have mitigated ~50%. This prevents a large category of exploits, but at the expense of “causing performance issues for some websites.” Finally, Advanced Protection enables Site Isolation wherein Chrome “isolates each website into its own rendering OS process” in memory. This isolation prevents a malicious website from accessing data or code from another website, even if that malicious website manages to exploit a vulnerability in Chrome’s renderer—a second bug to escape the renderer sandbox is required to access other sites.
Deepfake menace requires contextual and behavioral baselining- security systems must learn what normal communication patterns, linguistic fingerprints, and working hours look like for every user and flag deviations not just in metadata, but also in tone, semantics and emotional affect
Modern phishing attacks exploit trust. Our current security posture and tools aren’t built for that. Most phishing defenses rely on identifying suspicious patterns, such as malformed URLs, unusual IP addresses and inconsistent metadata. Deepfake-driven phishing skips all of that. Security awareness training is falling behind, too. Even newer solutions such as deepfake detection AI are only partially effective. What’s needed is a shift toward contextual and behavioral baselining. Security systems must learn what normal communication patterns, linguistic fingerprints, and working hours look like for every user and flag deviations not just in metadata, but also in tone, semantics and emotional affect. LLMs can be trained on internal communication logs to detect when an incoming message doesn’t quite match a sender’s established patterns. Static multifactor authentication must also evolve into a continuous process that encompasses biometrics, device location, behavioral rhythm and other factors that add friction to the impersonation process. Prevention and response strategies should proceed along several fronts. Adversarial testing — a technique for evaluating the robustness of AI models by intentionally trying to fool them with specially crafted inputs — needs to go mainstream. Red teams must start incorporating AI-driven phishing simulations into their playbooks. Security teams should build synthetic personas internally, testing how well their defenses hold up when bombarded by believable but fake executives. Think of it as chaos engineering for trust. Vendors must embed resilience into their tools. Collaboration platforms such as Zoom, Slack and Teams need native verification protocols, not just third-party integrations. Watermarking AI-generated content is one approach, though not foolproof. Real-time provenance verification — or tracking when, how, and by whom content was created — is a better long-term approach. Policies need more teeth. Regulatory bodies should require disclosure of synthetic media in corporate communications. Financial institutions should flag anomalous behavior with more rigor. Governments need to standardize definitions and response protocols for synthetic impersonation threats, especially when they cross borders.
The U.S. Secret Service expanding its crypto crime prevention efforts by focusing on jurisdictions where criminals exploit lack of oversight or residency-for-sale programs and offering free training workshops for law enforcement
The U.S. Secret Service is reportedly expanding its cryptocurrency crime prevention efforts, according to a report focusing on the agency’s Global Investigative Operations Center (GIOC), which specializes in digital financial crimes. In the last decade, sources told Bloomberg, the center has seized close to $400 million in digital assets. Most of those seized funds, the report added, are in a single cold-storage wallet, making the Secret Service — better known for guarding the president — one of the largest crypto custodians in the world. According to the report, the operation is overseen by Kali Smith, a lawyer who directs the Secret Service’s cryptocurrency strategy, and whose team has held training workshops for law enforcement in more than 60 countries. The agency focuses on jurisdictions where criminals take advantage of a lack of oversight or residency-for-sale programs, and offers the training for free. “Sometimes after just a weeklong training, they can be like, ‘Wow, we didn’t even realize that this is occurring in our country,’” said Smith. Fraud connected to digital currencies are now behind the bulk of U.S. internet-crime losses. Americans reported $9.3 billion in crypto-related scams last year, a 66% increase over the year before, per FBI data. To recover stolen funds, the report added, the Secret Service has turned to industry players such as Coinbase and Tether, with one of the biggest recoveries involved $225 million in Tether’s USDT stablecoin, tied to romance-investment scams.
Hackers are resorting to brand impersonation to steal information or install malware by delivering logos and names to victims through PDF attachments in emails and persuading them to call “adversary-controlled phone numbers”
Hackers are reportedly impersonating brands like PayPal and Apple to steal information and send malware, according to recent research by Cisco Talos on a surge of instances in which victims call the scammers on the phone, responding to a request regarding an urgent transaction. “Brand impersonation is a social engineering technique that exploits the popularity of well-known brands to persuade email recipients to disclose sensitive information,” the researchers wrote. In these phishing scams, “adversaries can deliver brand logos and names to victims using multiple types of payloads. One of the most common methods of delivering brand logos and names is through PDF payloads (or attachments).” Many of these emails persuade victims to call “adversary-controlled phone numbers,” employing another popular social engineering tactic: telephone-oriented attack delivery (TOAD), otherwise known as callback phishing. Victims are told to call a number in the PDF to settle an issue or confirm a transaction. Once they call, the attacker pretends to be a legitimate representative and tries to manipulate them into sharing confidential information or installing malware on their computer.