Cybersecurity

Ukrzaliznytsia shifts to offline ticket sales after IT system failure

Ukraine’s state-owned railway company, Ukrzaliznytsia, has been hit by a large-scale cyberattack, affecting its online systems.

While train services remain operational without delays, the company has been working to restore its IT infrastructure. Passengers were advised to buy tickets offline on Monday as backups were recovered.

The cyberattack, described by Ukrzaliznytsia as ‘systemic, non-trivial and multi-level,’ was first reported on Sunday.

The railway has become a critical part of Ukraine’s transport network since the Russian invasion in 2022, with airspace closed and trains serving as the primary mode of domestic and international travel. Last year, it transported 20 million passengers and 148 million tonnes of freight.

Efforts to fully restore online systems are ongoing as authorities investigate the incident.

Cyberattacks targeting Ukraine’s infrastructure have increased since the start of the war, with railways playing a crucial role in both civilian and military logistics. Officials have not yet attributed responsibility for the attack.

For more information on these topics, visit diplomacy.edu.

Hackers use fake Semrush ads to steal Google accounts

Cybercriminals are using fake adverts for popular SEO platform Semrush to trick users into giving up access to their Google accounts, researchers have warned.

The malvertising campaign features ads that link to a bogus Semrush login page, which only allows users to sign in via Google, a tactic designed to steal high-value credentials.

According to Malwarebytes, Semrush accounts are often linked to critical Google services such as Analytics and Search Console.

These tools store confidential business insights, which threat actors could exploit for strategic and financial gain. The scammers may also access names, phone numbers, business details, and partial card information through compromised Semrush accounts.

By impersonating Semrush support, attackers could deceive users into revealing full card details under the pretence of payment or billing updates. However, this may open the door to wider fraud, such as redirecting funds from vendors or business partners.

With Semrush serving over 117,000 customers, including a significant share of Fortune 500 firms, the attack underscores the growing risks of malvertising on platforms like Google.

Security experts are urging businesses to tighten account access controls and remain cautious when engaging with search ads, even from seemingly reputable brands.

For more information on these topics, visit diplomacy.edu.

FuriosaAI rejects $800m acquisition offer from Meta

FuriosaAI, a South Korean startup specialising in AI chips, has reportedly turned down an $800 million acquisition offer from Meta.

Instead of selling, FuriosaAI plans to continue developing its AI chips. Disagreements over post-acquisition business strategy and organisational structure were reportedly the cause of the breakdown in negotiations, rather than issues over price.

Meta, which has been trying to reduce its reliance on Nvidia for chips specialised in training large language models (LLMs), unveiled its custom AI chips last year. The company also announced plans to invest up to $65 billion this year to support its AI initiatives.

FuriosaAI, founded in 2017 by June Paik, who previously worked at Samsung Electronics and AMD, has developed two AI chips—Warboy and Renegade (RNGD).

The startup is also in talks to raise approximately $48 million and is planning to launch the RNGD chips later this year, with LG AI Research already testing them for use in its AI infrastructure.

FuriosaAI’s decision to focus on expanding its chip production signals its confidence in competing with giants like Nvidia and AMD in the rapidly growing AI hardware market.

For more information on these topics, visit diplomacy.edu.

How scammers are using fake Google Maps listings to target customers

Google has removed 10,000 fake business listings from Google Maps and filed a lawsuit against a scam network accused of creating and selling fraudulent profiles.

The legal action was prompted by a complaint from a Texas locksmith who discovered someone had impersonated their business on the platform. That led Google to uncover a broader scheme involving fake listings for profit.

The company warns that scammers are using increasingly advanced methods to trick users. These fake listings may appear legitimate, leading customers to contact or visit them.

Victims are sometimes overcharged for services or misled into paying upfront for services that are never delivered. Scammers also use fake reviews and manipulated Q&As to make the listings seem trustworthy.

In 2023 alone, Google blocked or removed 12 million fake business profiles, an increase of one million from the previous year.

The company has also been cracking down on businesses using fake engagement tactics, including artificial reviews, to inflate their reputations falsely.

Internationally, Google has begun implementing stricter rules in response to growing regulatory pressure, including in the UK, where it restricts deceptive businesses engaged in review manipulation.

For more information on these topics, visit diplomacy.edu.

Downdetector shows sharp decline in Instagram outage reports

Reports of an Instagram outage in the US fell sharply on Thursday evening, indicating that service had been largely restored. According to outage tracking website Downdetector, incidents dropped from a peak of 19,431 to just 429 by 8:34 p.m. ET.

The cause of the disruption remains unclear, and Instagram owner Meta has not yet responded to requests for comment.

Downdetector compiles outage data from user reports, meaning the actual number of affected users may vary.

Many users in the United States had initially reported problems accessing the platform, but the rapid decline in complaints suggests that most issues have been resolved.

Instagram has experienced occasional service disruptions in the past, with similar outages affecting users worldwide.

For more information on these topics, visit diplomacy.edu.

US judge says Social Security unlawfully shared data with Musk’s aides

A federal judge has ruled that the Social Security Administration (SSA) likely violated privacy laws by granting Elon Musk’s Department of Government Efficiency (DOGE) unrestricted access to millions of Americans’ personal data.

The ruling halts further data sharing and requires DOGE to delete unlawfully accessed records. United States District Judge Ellen Lipton Hollander stated that while tackling fraud is important, government agencies must not ignore privacy laws to achieve their goals.

The case has drawn attention to the extent of DOGE’s access to sensitive government databases, including Numident, which contains detailed personal information on Social Security applicants.

The SSA’s leadership allowed DOGE staffers to review vast amounts of data in an effort to identify fraudulent payments. Critics, including advocacy groups and labour unions, argue that the process lacked proper oversight and risked compromising individuals’ privacy.

The ruling marks a major legal setback for DOGE, which has been expanding its influence across multiple federal agencies. The White House condemned the decision, calling it judicial overreach, while SSA officials indicated they would comply with the order.

The controversy highlights growing concerns over government data security and the limits of executive power in managing public records.

For more information on these topics, visit diplomacy.edu.

Australian police warn of Binance-themed crypto scam targeting users

Australian authorities have issued warnings about a sophisticated scam in which fraudsters impersonate Binance via SMS, tricking users into transferring their crypto assets.

The Australian Federal Police (AFP) revealed that scammers use sender ID spoofing to make fraudulent messages appear in the same thread as legitimate Binance communications.

Victims are falsely informed of a security breach and urged to move their funds to a ‘trust wallet,’ which is controlled by the scammers.

The AFP has identified at least 130 potential victims and launched a campaign to warn them. Cybercrime officials explained that once funds are transferred to the scammers’ wallets, they are swiftly moved across multiple accounts, making recovery difficult.

Similar scams have also targeted users of Coinbase and Gemini, exploiting pre-generated recovery phrases to seize control of wallets.

Binance Chief Security Officer Jimmy Su advised users to verify official communications through Binance’s security tools and website.

The Australian government is taking steps to combat these scams, planning to launch an SMS Sender ID Register in late 2025. The initiative will require telecom providers to verify brand-name messages, reducing the risk of spoofing.

Investment scams remain a significant issue in Australia, with AU$382 million ($269 million) lost in the past year, nearly half of which was crypto-related.

Authorities continue to urge caution, warning users to be sceptical of unsolicited messages and requests for seed phrases or urgent transfers.

For more information on these topics, visit diplomacy.edu

Cyberattack exploits a flaw in ZoneAlarm’s vsdatant.sys driver

A sophisticated cyberattack has targeted vulnerabilities in the vsdatant.sys driver, a component of Checkpoint’s ZoneAlarm antivirus software, allowing attackers to bypass critical Windows security features.

The driver, released in 2016, has been exploited in a Bring Your Own Vulnerable Driver (BYOVD) attack, enabling attackers to elevate privileges and access sensitive data.

The vsdatant.sys driver operates with high kernel-level privileges, containing long-known vulnerabilities that allow attackers to exploit crafted Interrupt Request Packets (IRPs).

These flaws, affecting versions of the driver prior to 7.0.362, allow for arbitrary code execution by improperly validating arguments passed to system function handlers.

BYOVD attacks have become increasingly common, with attackers leveraging legitimate but vulnerable drivers to bypass security measures undetected.

In this case, attackers were able to disable Windows’ Memory Integrity feature, which is designed to protect critical system processes.

By exploiting flaws in vsdatant.sys, the attackers gained full access to the compromised system, enabling them to steal sensitive information.

To mitigate the risk of such attacks, security experts recommend implementing driver blocklisting, enabling Memory Integrity, and ensuring that all security products are kept up to date.

Users are urged to update their ZoneAlarm installations to the latest version to avoid exposure to these vulnerabilities.

For more information on these topics, visit diplomacy.edu.

Data centre surge exposes vulnerabilities in the US grid

A recent incident in Data Center Alley, a region outside Washington DC housing over 200 data centres, exposed a new vulnerability in the US power grid.

Last summer, 60 data centres unexpectedly disconnected from the grid and switched to on-site generators, causing a surge in excess electricity. However, this triggered the need for grid operators to scale back power output to avoid cascading outages.

The disconnection event, caused by a failed surge protector, forced regulators to address the growing risk of power imbalances due to the rapid expansion of data centres, especially those involved in AI and crypto mining.

As these centres consume increasing amounts of energy, grid operators face new challenges in maintaining stability.

Federal regulators like the North American Electric Reliability Corporation (NERC) are now studying the impact of such events and the risks posed by unannounced data centre disconnections.

The power consumption of data centres has tripled over the last decade and is projected to continue rising, prompting calls for updated reliability standards.

Industry stakeholders, including major tech companies, have expressed concerns about the potential costs and risks of requiring data centres to remain connected during voltage fluctuations.

With the growing presence of large data users, grid operators face a tough balancing act to ensure power stability while accommodating the demands of the data centre industry.

For more information on these topics, visit diplomacy.edu.

Microsoft invests $2.2 billion in Malaysian cloud expansion

Microsoft is set to launch its first cloud region in Malaysia, featuring three data centres in the greater Kuala Lumpur area.

The centres, known as Malaysia West, will begin operations by mid-year, marking a significant step in the company’s $2.2 billion investment in the country.

However, this move is part of Microsoft’s broader plan to expand its cloud and AI services in Southeast Asia. Microsoft estimates the investment will generate $10.9 billion in revenue and create over 37,000 jobs in Malaysia over the next four years.

Laurence Si, managing director of Microsoft Malaysia, stated that the company’s operations in Malaysia remain on track despite concerns over US export controls on semiconductor chips.

Microsoft remains confident in its relationships with stakeholders and its ability to meet its investment commitments.

Local businesses are expected to benefit from enhanced cloud and AI capabilities, with the country aiming to become a leading hub for technological innovation in the region.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.