In today’s cybersecurity news…
Hackers hijacked Google’s Gemini AI with a poisoned calendar invite to take over a smart home
Wired has a new report on security researchers who are demonstrating indirect prompt injection attacks by hiding prompts for Gemini in Google Calendar items. At Black Hat, they reported how these prompts could cause Gemini to do things like raise your smart blinds or start a Zoom call every time you tell Gemini “thanks.” The researchers informed Google of the methods in February, and Google has since deployed mitigations. (Wired)
Nvidia rejects US demand for backdoors in AI chips
Nvidia is rejecting some U.S. lawmakers’ calls to add backdoors or kill switches to its AI chips, saying the measures would create security vulnerabilities. Chief Security Officer David Reber Jr. said in a blog post that hardware-level controls without user consent “violate the fundamental principles of cybersecurity.” The comments follow proposed U.S. legislation that would mandate tracking and remote-disabling features in AI chips. (The Verge)
Google says hackers stole its customers’ data by breaching its Salesforce database
Google says hackers linked to the ShinyHunters group breached one of its Salesforce databases containing small business contact info. While only basic and largely public data was taken, the attackers used voice phishing to gain access and may be preparing a leak site. The breach is the latest in a string of Salesforce-related incidents, following attacks on Cisco, Qantas, and Pandora.(TechCrunch)
Pandora confirms third-party data breach, warns of phishing attempts
Speaking of Pandora, the jewelry maker with no relation to the music platform Pandora, confirmed a third-party data breach exposed customer names and email addresses, but said no sensitive data like passwords or payment info was accessed. The company says it hasn’t seen signs of the data being leaked but is warning customers to watch for phishing attempts. (Dark Reading)
Huge thanks to our sponsor, ThreatLocker
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
Microsoft researchers bullish on AI security agent even though it let 74% of malware slip through
Microsoft unveiled Project Ire, an AI-powered reverse engineering tool that uses LLMs to analyze unknown software and determine if it’s malicious. In testing, it accurately flagged 89% of the malware it detected — but only caught 26% of all malicious files. Microsoft says the system is still a prototype and plans to integrate it into Defender as a binary analyzer. Experts say the low detection rate and false positives show AI can’t fully replace traditional methods, but will be crucial as attackers increasingly use AI themselves.(The Register)
Phishers abuse Microsoft 365 to spoof internal users
Attackers are exploiting Microsoft 365’s “Direct Send” to spoof internal emails and bypass security filters, tricking users with phishing messages that appear legitimate. The method avoids authentication checks and has hit over 70 U.S. organizations, mostly in finance, healthcare, and manufacturing. Experts recommend disabling Direct Send, enforcing DMARC, and using email header stamping to block these attacks. (Dark Reading)
Fake VPN and spam blocker apps tied to VexTrio used in ad fraud, subscription scams
A cybercrime group tied to VexTrio has been distributing fake VPN, spam blocker, and utility apps via Apple’s App Store and Google Play, masking them as legitimate tools. These apps trick users into pricey subscriptions, bombard them with ads, and harvest personal data. Behind the scenes, VexTrio runs a massive ad fraud operation using a network of fake companies, traffic distribution systems, and cloaking tools to steer victims to scam sites. The group’s operations span dozens of countries and involve over 100 shell companies. (The Hacker News)
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Akira ransomware operators are using a legitimate Intel driver (rwdrv.sys, from ThrottleStop) in a Bring Your Own Vulnerable Driver (BYOVD) attack to disable Microsoft Defender. Once loaded, it installs a malicious driver (hlpdrv.sys) that modifies Defender settings via the registry to disable protections. This tactic has been observed in multiple incidents since mid-July. Akira has also been linked to SonicWall SSLVPN exploits and uses SEO poisoning and fake software installers to spread Bumblebee malware, establish persistence, and deploy ransomware across networks. Security researchers recommend close monitoring and using official download sources. (Bleeping Computer)