Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

Coca-Cola says ransomware attack disrupts Fairlife operations, temporarily suspends U.S. dairy production

  The Coca-Cola Company has revealed that a ransomware attack targeting its Fairlife dairy business has temporarily disrupted production acr...

All the recent news you need to know

TRAI Seeks IT Act Powers to Act Against Spam-Tagging Apps Like Truecaller

 

The Telecom Regulatory Authority of India (TRAI) seeks new powers in the Information Technology (IT) Act to take action against call management apps, including Truecaller, Hiya, and Whoscall, for marking or blocking legitimate commercial calls as spam. The regulator has requested additional authority to act against call management apps for misidentifying or blocking approved commercial numbers. 

Sources said TRAI wanted to act against call management apps for misidentifying or blocking approved commercial numbers. Numbers in the 1400 and 1600 series have been designated for official promotional and customer service purposes. TRAI does not have the authority to prosecute such digital platforms because, unlike telecom licensees, who are bound by TRAI’s directions issued under the Telecom Regulation Act, they function as information intermediaries under the IT Act. 

However, authorities said TRAI had sought amendments to the IT Act to designate it as an “authorized agency” to notify such digital platforms of alleged violations of the IT Act, directing them to stop or take steps to bring their services within the bounds of the law. Authorities said the electronics and information technology ministry had approved the proposal in principle and that DoT would take up the needed legislative action with the ministry. However, authorities said TRAI did not seek to regulate call identifier apps but that the regulator felt that as information intermediaries, they should follow the laws and regulations administered by TRAI. 

Authorities felt that such apps’ labeling or blocking of numbers in the 1400 and 1600 series not only deprived authorized users of a reliable means of reaching out to them but also disrupted government-led outreach efforts, especially those using numbers in these series. Authorities said such interference disincentivized enterprises from using the 1400 and 1600 series of numbers and tempted them to use ordinary 10-digit mobile numbers for customer outreach. 

This defeats the purpose of having designated numbers since it becomes difficult for consumers to differentiate between legitimate and fraudulent callers, ultimately undermining consumer confidence and making it easier for spammers to masquerade as legitimate entities. Truecaller said in a statement reacting to the reports that it complied with the TRAI regulations about commercial numbers. 

The firm stated that it did not put spam labels over or block numbers in the 1400 and 1600 series despite being reported as spam on its app by many users. India seeks to balance consumer rights and obligations by regulating commercial communications while ensuring that legitimate communication avenues are not cut off for businesses that use spam calls to sell or inform the public.

UK Court Sentences Two Hackers to 5.5 Years for Transport for London Cyberattack That Caused £29 Million in Damages

 

Two hackers have been sentenced to five and a half years in prison each for carrying out the 2024 cyberattack on Transport for London (TfL), in what the UK's National Crime Agency (NCA) has described as the country's largest cybercrime prosecution to date.

Owen Flowers, 18, and Thalha Jubair, 20, received their sentences at Woolwich Crown Court on July 16, 2026. The duo had pleaded guilty on June 22, 2026, to an offence under Section 3ZA of the Computer Misuse Act 1990, acknowledging they acted recklessly and created a significant risk of serious harm to public welfare.

The cyberattack, which lasted from August 31 to September 3, 2024, severely disrupted TfL's operations. Around 148 systems were taken offline, forcing all 27,000 employees to report to offices in person to reset their passwords. Authorities estimate the attack resulted in approximately £29 million in financial losses and recovery costs.

Transport for London, which manages nearly 9 million passenger journeys daily, experienced widespread service disruptions. Dial-a-Ride services for vulnerable passengers became unavailable, digital payment systems were affected, concessionary travel card issuance was interrupted, Oyster photocard applications were suspended, and refunds faced significant delays.

The breach also exposed customer information, including names, email addresses, and, where stored, home addresses. Additionally, Oyster refund records containing bank account details and sort codes of approximately 5,000 customers may have been compromised.

According to prosecutors, messages exchanged between the defendants suggested they intended to erase their access before leaving the network. Investigators noted that a complete shutdown of TfL's systems could have caused economic losses of up to £56 billion. However, those damages were avoided after TfL proactively disconnected its own network to contain the intrusion.

Flowers was arrested on September 6, 2024, just days after the TfL breach ended. The NCA said officers found him actively targeting two U.S. healthcare organisations—SSM Health Care Corporation and Sutter Health—during the arrest.

Authorities recovered multiple digital devices, including laptops, desktop computers, hard drives, and USB storage devices. Evidence included screenshots showing access to TfL infrastructure and videos allegedly recorded by Flowers documenting Jubair's activity inside TfL systems. Investigators also uncovered Telegram conversations and an online collaboration platform used during the attacks.

The prosecution established that Flowers had access to the remote infrastructure used to launch all three cyberattacks, while evidence connecting Jubair to the TfL breach was obtained through international law enforcement cooperation.

Flowers also admitted to two additional cybercrime offences linked to attacks on the U.S. healthcare organisations. Prosecutors stated that he threatened to lock down healthcare systems while acknowledging in online conversations that it "might kill some 90-year-old on life support." Authorities said his arrest prevented those attacks from progressing further.

The NCA identified both individuals as senior members of the cybercrime group Scattered Spider, also known as Octo Tempest, UNC3944, and 0ktapus. However, the Crown Prosecution Service (CPS) stated only that the defendants had claimed affiliation with a group investigators believe was responsible for hundreds of cyberattacks between 2022 and 2025. The FBI has linked the group to data extortion, SIM swapping, and social engineering campaigns.

While authorities have not disclosed the exact method used to compromise TfL's network, Google has recommended strengthening identity verification procedures during password resets, device enrolment, and MFA changes to defend against such attacks.

Paul Foster, head of the NCA's National Cyber Crime Unit, urged organisations to contact law enforcement as soon as they detect cyber incidents, noting that the successful prosecution would likely not have been possible without TfL's prompt reporting.

Following the sentencing, the City of London Police also renewed calls for the introduction of Cyber Crime Risk Orders, which would allow courts to impose restrictions on offenders' access to digital devices, online services, and technology based on the level of cyber risk they pose. Commander Ollie Shaw described the proposed measures as a "digital prison" for cyber offenders. The two convicted hackers were 17 and 18 years old when the offences were committed.

Deepfake Cyber Fraud Costs Capillary Technologies Over ₹32 Crore

 

Capillary Technologies’ recent deepfake-enabled cyber fraud incident highlights how rapidly evolving AI tools are transforming from business enablers into serious security threats for global enterprises. The Bengaluru-based SaaS company disclosed that an overseas step-down subsidiary lost around €3 million, or over ₹32 crore, after attackers used sophisticated AI-powered impersonation to divert funds to unauthorized bank accounts. This case, reported in regulatory filings and multiple business media outlets, is now being seen as one of the most significant deepfake-related corporate frauds involving an Indian technology firm. 

According to the company’s stock exchange disclosure, fraudsters combined deepfake voice cloning, forged signatures and social engineering to convincingly pose as key managerial personnel and approve high-value fund transfers. By mimicking senior executives and manipulating trust within internal workflows, they managed to circumvent standard verification controls at the affected overseas subsidiary. The transfers were executed just before the first weekend of July, giving criminals a narrow yet effective window to move money across multiple accounts before robust checks could kick in. 

Capillary Technologies has said that no customer data, employee data or core technology infrastructure were compromised in the attack, which was restricted to banking transactions. The company has already recovered about €0.45 million and worked with local authorities to trace and freeze additional suspicious accounts linked to the fraud. Importantly, the impacted subsidiary is covered under cyber and crime insurance, and the insurer has been informed as the firm assesses how much of the loss will ultimately be absorbed.

Operationally, Capillary has emphasized that its business continues without material disruption and that this incident does not alter its annual or long-term growth guidance. However, the episode lands at a time when investors are already wary about rising AI-related pressures on the company’s business model and recent profit softness, potentially adding another layer of risk perception. While the direct fraud targeted a specific overseas unit, it underlines how AI-driven threats can quickly become a boardroom and investor concern, beyond just a cybersecurity issue. 

For the broader ecosystem, the Capillary case is a cautionary illustration of how deepfake voice and identity spoofing can defeat traditional approval chains, especially in finance and treasury operations. Enterprises now need multi-factor verification for high-value transactions, routine out-of-band confirmations, and continuous employee training to resist social engineering built on AI-generated content. As deepfake tools become cheaper and more accessible, robust cyber insurance, AI-aware internal controls, and proactive regulatory reporting will be critical to limit financial and reputational damage when such attacks inevitably occur.

Bitdefender Uncovers Windows Bind Link Technique That Evades EDR Detection


 

Researchers at Bitdefender have discovered a new technique for hiding malware from Endpoint Detection and Response (EDR) solutions by utilizing bind links, a valid Windows feature. Despite Microsoft's classification of this issue as low severity due to the fact that administrator privileges are required, Bitdefender maintains that the attack technique poses a significant risk since attackers frequently obtain elevated access during actual intrusions. 

The Bind Link feature is a valid kernel-level functionality that can be used by components such as Windows Sandboxes, Microsoft Store apps, and Windows containers to redirect virtual paths to actual system locations. As Bitdefender reports, attackers can manipulate these links so that trusted Windows paths point to malicious files instead of legitimate ones, enabling malware to execute while appearing harmless to security applications.

The issue affects Windows 10 RS4 and later versions, including Windows 11, meaning that most modern enterprise Windows systems may be vulnerable if attackers gain local administrator privileges. As a result, Bitdefender reports that this technique is particularly relevant as ransomware groups often seek elevated permissions before deploying malicious software or disabling security controls, making it particularly effective. 

Several attack methods were identified by researchers that abuse bind links. The first, file-binding, redirects trusted Dynamic Link Libraries (DLLs) paths to malicious DLLs, thus allowing attackers to bypass security mechanisms such as the Antimalware Scan Interface (AMSI). Second, process-binding tricks EDR solutions into inspecting trusted executables while a malicious file is actually being executed. 

By using Windows silos to create isolated filesystem views, silo-binding is the most advanced technique. Using this technique, malware is permitted to run within the silo while external security tools will only view clean, legitimate files. By disguising Invoke-Mimikatz as a trusted Windows system process, Bitdefender successfully bypassed an EDR solution by demonstrating the technique in practice. 

In addition to bypassing built-in Windows security measures such as AppLocker, Windows Firewall, and Sysmon, researchers observed that bind-link abuse was an effective post-compromise evasion technique. A legitimate Windows capability is exploited by bind-link abuse, unlike traditional "EDR killer" techniques which often rely upon vulnerable drivers. 

Instead of creating a permanent file on disk, the malicious redirection occurs only in memory via the Windows' bindflt.sys minifilter driver. Although Microsoft acknowledged these findings, they rated the issue as low severity since it requires local administrator privileges to exploit it. A ransomware group and advanced threat actor routinely obtain elevated privileges after compromising a computer system, according to Bitdefender, who disagreed with that assessment. 

Using bind-link abuse is similar to the increasingly common Bring Your Own Vulnerable Driver (BYOVD) approach, as attackers are able to evade endpoint protection similarly, but utilizing legitimate Windows functionality rather than vulnerable drivers for evasion. To detect path manipulation, endpoint security products should repeatedly verify the underlying file during execution to detect path manipulation. 

In addition, Bitdefender recommended that security vendors refrain from solely using trusted file paths when validating processes. Moreover, the researchers noted that Windows 24H2 offers protection against certain bind-link scenarios, although they described the safeguard as only a partial one. The findings of Bitdefender have been shared with Microsoft and the company has recommended strengthening monitoring of administrator-level activity and kernel-level filesystem changes. 

In spite of the low severity of the issue, researchers report that attackers are increasingly utilizing legitimate Windows features rather than exploiting software vulnerabilities, resulting in a new challenge to endpoint security. Bitdefender's findings illustrate the importance of stronger endpoint security beyond trustable file paths as attackers continue to exploit legitimate Windows features to evade detection. To protect against evolving post-compromise threats, organizations should closely monitor privileged activity and employ advanced detection techniques.

Dutch Authorities Arrest Multiple Suspects in Global Investment Fraud Investigation


 

Dutch authorities have arrested multiple suspects as part of an international investigation into an alleged investment fraud network that investigators believe defrauded victims worldwide through fake online investment schemes, with the operation at one point generating more than €100 million in monthly proceeds.

According to the Dutch Police, the criminal organization is suspected of operating an extensive network of approximately 20 call centers staffed by more than 700 individuals who allegedly posed as professional financial advisers. Investigators said the operation targeted victims across multiple countries, with teams assigned to specific regions and responsibilities to maximize the effectiveness of the fraudulent campaigns.

The investigation's primary suspect, a 46-year-old dual Israeli-Polish national, was arrested in Poland on May 26 before being extradited to the Netherlands, where he has been placed in pre-trial detention. Dutch authorities allege that he played a central technical role in building and maintaining the infrastructure that enabled the organization to conduct its activities while making it more difficult for law enforcement agencies to identify those involved.

Police also noted that publicly available information indicates the suspect had previously faced prosecution in connection with cyberattacks targeting several foreign government organizations. Authorities now believe he occupied an indispensable position within the investment fraud network.

The investigation expanded further between July 7 and July 10, when law enforcement officers arrested several Dutch and Belgian nationals in Cyprus, Greece, and Belgium for their suspected involvement in the scheme. Officials said the investigation remains active and additional arrests are possible as authorities continue to identify other members of the organization.

Investigators describe the alleged operation as a highly organized criminal enterprise that functioned similarly to a legitimate international business. Multiple call centers reportedly operated under centralized coordination while individual teams focused on victims in different countries. Employees allegedly used false identities, pseudonyms, and technical measures designed to conceal both their real identities and their physical locations during communications with potential victims.

According to investigators, the fraud relied heavily on long-term social engineering rather than immediate financial deception. Victims were first approached by individuals presenting themselves as experienced investment advisers who gradually established trust through repeated conversations. Once that trust had been developed, victims were encouraged to invest relatively small amounts through professional-looking online investment platforms that appeared to display genuine market activity and growing returns.

Authorities said these platforms did not reflect legitimate investments. Instead, the displayed profits were fabricated to create the impression of successful trading and encourage victims to continue depositing larger sums. Many of the payments were made using cryptocurrency, making it incredibly more difficult to recover stolen funds after they had been transferred. While victims believed their portfolios were increasing in value, investigators said the money was instead diverted directly to the criminal organization.

Dutch investigators have linked at least 550 fraud reports and approximately €25 million in reported losses in the Netherlands to the organization. Belgian authorities have also connected around 200 complaints to the same network. Police believe these figures represent only a fraction of the total impact, estimating that the operation may have claimed tens of thousands of victims globally, with many individuals losing more than €10,000 each.

Authorities believe the organization has been active since at least 2021 and employed sophisticated operational security practices to avoid detection. Investigators said members routinely relied on pseudonyms, concealed calling locations, and other technical methods to obscure their identities while communicating with victims.

The investigation ultimately progressed after authorities traced digital evidence, including IP addresses, financial transaction routes, and other forensic artifacts that helped identify critical infrastructure associated with the operation. The examination of technical equipment provided investigators with additional insight into how the organization functioned and helped establish the locations of several suspects.

Dutch Police said the investigation was conducted in cooperation with international law enforcement partners, while commercial service providers also assisted in disrupting elements of the group's digital infrastructure. Authorities emphasized that efforts to identify additional suspects and victims remain ongoing.

Police have also warned the public to remain cautious of so-called recovery services that claim they can retrieve money lost to investment scams. Investigators noted that, in some cases, such offers are themselves fraudulent attempts to exploit victims a second time by demanding additional payments under the false promise of recovering stolen funds.

Govt: Kudankulam Data Breach Did Not Impact Nuclear Security, No Immediate Review Planned

 

The Centre has attempted to reassure the public that the data breach incident involving electronic files of the Kudankulam Nuclear Power Plant (KKNPP) has no implication on the nation’s nuclear security or reactor operations. Union Minister of State for Atomic Energy Jitendra Singh stated that the breach did not affect any sensitive nuclear facility or infrastructure. 

Singh stated during an interaction with reporters on the sidelines of the press conference on July 16 that there was no need for an immediate security review since the breach did not concern nuclear activities or reactors. Nuclear Power Corporation of India Limited (NPCIL), which manages the Kudankulam plant, claimed that the data breach incident did not disclose any sensitive information about reactors. 

“In the given scenario, the data breach is related to the Engineering, Procurement and Construction (EPC) contract for the Common Services–Balance of Plant (BoP) package for Units 3 and 4 under Implementation Agreement 7 (IA-7),” the NPCIL stated. It added that the EPC contract is signed with Reliance Infrastructure via a public tender process in 2018 for Kudankulam NPP. “The balance of plant involves many elements such as auxiliary systems, services, and infrastructure like cooling towers, which are comparable to those in conventional thermal power stations,” NPCIL noted.

It added that the BoP does not contain any nuclear power plant equipment or components or safety and security features. “In this context, NPCIL is not contemplating any First Information Report (FIR) as the cyber-attack was on the data of Reliance Infrastructure,” an NPCIL spokesperson said. They added that the information shared with Reliance Infrastructure during the tendering procedure included indicative drawings and technical specifications on the common services balance of plant, typically provided to all bidders. “This information did not include any sensitive nuclear safety information,” the spokesperson added. 

NPCIL stated that Reliance Infrastructure develops engineering drawings using the technical specifications and drawings provided by NPCIL in coordination with original equipment manufacturers (OEMs) for the approval process. The breach of data came after Reuters reported that ransomware group World Leaks exfiltrated more than 19,000 files from servers hosting Kudankulam Nuclear Power Plant, covering the 2016 fiscal year through mid-2025. 

According to the report, the documents contain details on control, cooling, and ventilation systems, suppliers, inspections conducted by Indian and Russian personnel, meeting records, and insurance data. The breach was attributed to a server managed by data centre infrastructure provider Yotta, hosted by third-party Reliance Group, which was responsible for the EPC contract for the Kudankulam NPP, admitting that the attack resulted in a partial data breach. 

Tamil Nadu-based Kudankulam Nuclear Power Plant currently operates two 1,000 MW VVER reactors and is set to commission four more reactors under the Russian technical collaboration agreement. The project aims to make Kudankulam one of India’s largest nuclear power parks with a total capacity of 6,000 MW. The data breach incident does not appear to affect the nuclear security or safety of the nation, as the government and NPCIL continue to emphasize. 

The breach did, however, raise concerns about the safety of digital assets and data security in various contracts, including those of critical infrastructure like Kudankulam NPP.

Featured