Anti-Islamic Defacements Force Train Stations Across the UK to Shut Down Wi-Fi Service

A word from our sponsor, Anchore

Anchore enables organizations to secure software supply chains and automate compliance to save time and reduce risk. Built for cloud-native applications and air-gapped environments, it allows organizations to generate SBOMs and fix vulnerabilities while maintaining continuous government and industry compliance.

Wi-Fi networks in at least nineteen train stations across the UK, including London Euston, Manchester Piccadilly, and Birmingham New Street, have been suspended due to a “cybersecurity incident."

Passengers accessing the Wi-Fi at Piccadilly station were directed to a webpage titled “We love you, Europe,” which contained Islamophobic messages and details of several terrorist attacks that have taken place in the UK and Europe.

A Network Rail spokesperson said: “We are currently dealing with a cybersecurity incident affecting the public Wi-Fi at Network Rail’s managed stations. This service is provided via a third party and has been suspended while an investigation is underway.”

A British Transport Police spokesperson said: ‘We are aware of a cyber-attack that affected some Network Rail Wi-Fi services, reported to us at around 5.03 pm today (25 September). We are working with Network Rail to investigate the incident.”

Telent, the company that provides Wi-Fi services for Network Rail, confirmed to the BBC that it was aware of the “security incident” and was “investigating with Network Rail and other stakeholders.” (Sammy Gecsoyler / The Guardian)

Related: Associated Press, BBC News, Manchester Evening News, Daily Express, The Sun, Metro, Daily Mail, The Mirror, STV News, RailTech, The Standard, Cyber Daily, IT Pro

Sources say hackers linked to the Chinese government in a campaign called Salt Typhoon have broken into a handful of US internet service providers in recent months in pursuit of sensitive information.

In Salt Typhoon, the actors linked to China burrowed into America’s broadband networks. In this type of intrusion, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack.

According to people familiar with the matter, investigators are investigating whether the intruders gained access to Cisco Systems routers, core network components that route much of the internet's traffic.

A Cisco spokeswoman said the company is investigating the matter. “At this time, there is no indication that Cisco routers are involved” in the Salt Typhoon activity, the spokeswoman said.

Microsoft is investigating the intrusion and what sensitive information may have been accessed, people familiar with the matter said. (Sarah Krouse, Robert McMillan, and Dustin Volz)

Related: The Register, PYMNTS.com, CRN, Dark Reading, Semafor, Slashdot, Dark Reading, Real Clear Defense

Top Indian insurer Star Health has sued Telegram and a self-styled hacker after Reuters reported that the hacker was using chatbots on the messaging app to leak policyholders' personal data and medical reports.

According to a copy of the order, Star has received a temporary injunction from a court in its home state of Tamil Nadu, ordering Telegram and the hacker to block any chatbots or websites in India that make the data available online.

Star has also sued U.S.-listed software firm Cloudflare, saying the leaked data on websites were hosted using its services."Confidential and personal data of ... customers and of the plaintiff's business activities in general has been hacked and leaked by using the platform (of Telegram)," the Madras High Court order dated Sept. 24 quoted Star as saying. (Munsif Vengattil / Reuters)

Related: Business Standard, The Economic Times, Channel News Asia

Please consider supporting Metacurity with an upgraded subscription.

According to a report by Ukraine's State Service of Special Communications and Information Protection (SSSCIP), Ukraine reported 85% fewer critical and high-severity cybersecurity incidents during the first half of 2024 compared to the previous period, even as the number of total incidents increased by 19% from the second half of 2023.

This shift marks a pivot in Russian threat actors’ tactics. In 2022, when Russia launched its invasion of Ukraine, it focused on damaging critical IT infrastructure, exfiltrating databases, and targeting media and commercial organizations with evident vulnerabilities.

Only three incidents were labeled as “critical " in the first half of 2024, compared to 31 incidents in the second half of last year and 27 incidents in H1 2023. Most incidents were registered as medium severity (1670), with this category increasing by 32%.

The number of attacks targeting the security and defense sector increased by more than twofold, from 111 in H2 2023 to 276 in H1 2024. Ukraine observed activity from eight cyber threat clusters, some of which may be linked to RosGvardia, the Russian Ministry of Internal Affairs, General Staff, and Special Communications Service.

Ukraine has observed a 90% increase in malware infection incidents, of which a significant portion are distributed through pirated software.

“Hackers are increasingly targeting messenger accounts to facilitate the spread of malware and phishing campaigns, aiming to compromise as many users as possible. Among the victim’s contacts, there may be “high-value” targets whose messaging history is of particular interest to various intelligence agencies of the aggressor nation.” (Ernestas Naprys / Cybernews)

Related: CIP.gov.ua, SC Media, Ukrainska Pravda

Researchers at Bitdefender have discovered a new phishing campaign that capitalizes on excitement around the start of the League of Legends (LoL) World Championship this week to spread info-stealing malware.

The company said it spotted malicious social media ads promoting a free download of League of Legends, a popular PC-only game that is, in fact, already free of charge.

Clicking on the ad takes victims to a lookalike LoL download page, which uses typosquatting techniques to mimic the domain of the legitimate version.

“Once the user clicks the download link, they are directed to a Bitbucket repository that contains a malicious archive,” Bitdefender explained.

“The downloaded archive contains an executable along with a legitimate Windows file, user32.dll. The executable acts as a dropper for the Lumma Stealer, a dangerous piece of malware known for its extensive ability to harvest data from infected devices.” (Phil Muncaster / Infosecurity Magazine)

Related: Bitdefender

According to an email warning sent by Senate security officials to lawmakers’ offices, a senator’s office—which turned out to be the office of Senator Benjamin L. Cardin (D-MD), the chairman of the Foreign Relations Committee—received an email last Thursday that appeared to be from Dmytro Kuleba, until recently Ukraine’s foreign minister, requesting to connect over Zoom.

The person looked and sounded like Mr. Kuleba on the subsequent video call. But the senator grew suspicious when the figure posing as Mr. Kuleba started acting out of character, the Senate security officials wrote. The figure asked “politically charged questions in relation to the upcoming election” and demanded an opinion on sensitive foreign policy questions, such as whether the senator supported firing long-range missiles into Russian territory.

The senator ended the call and reported it to State Department authorities, who confirmed that the figure, who appeared to be Mr. Kuleba, was an impersonator.

Cardin acknowledged that “in recent days, a malign actor engaged in a deceptive attempt to have a conversation with me by posing as a known individual.” Mr. Cardin did not say the individual was Mr. Kuleba or make any reference to Ukraine. (Karoun Demirjian / New York Times)

Related: Punchbowl News, NBC News

Disney has officially launched its password and account-sharing crackdown, rolling out what it calls its “paid sharing program” to users in the US and many regions around the world this week.

The paid sharing program has a couple of options for users, per a blog post published Wednesday: People sharing an account with someone outside their household can add that person as an “Extra Member” for $6.99 per month for Disney+ Basic or $9.99 for Disney+ Premium, both discounts to the normal retail price. Only one Extra Member will be allowed per account, which is not available as part of the Disney Bundle.

Last year, Netflix began its password-sharing crackdown and quickly saw enormous success, with executives saying that account cancellations remained low. Warner Bros. Discovery’s Max has said it will also start cracking down on account sharers later this year. (Alex Weprin / The Hollywood Reporter)

Related: The Walt Disney Company, MakeUseOf, AV Club, Android Authority, PhoneArena, Neowin

Popular YouTuber and influencer Ranveer Allahbadia has fallen victim to a cyber attack that resulted in both of his YouTube channels being hacked and renamed Tesla, and all the videos on both channels deleted.

The hackers reportedly used a deceptive livestream featuring an AI-generated Elon Musk avatar, urging viewers to invest cryptocurrency for a false promise of doubling their returns. (The Times of India)

Related: NDTV, Hindustan Times, Deccan Herald, Business Today, Firstpost, Mashable India, Latestly

Scalable application security DefectDojo announced it had raised $7M in venture funding.

Iolar Ventures and Aspenwood Ventures led the round. (Duncan Riley / Silicon Angle)

Related: Business Wire, Pulse 2.0, FinSMEs, FinTech Global

Best Thing of the Day: Something Is Better Than Nothing

Over 100 tech giants, with the notable exceptions of Meta, Apple, Nvidia, and Mistral, made voluntary commitments to conduct trustworthy and safe development of artificial intelligence in the European Union.

Worst Thing of the Day:  Reality Is Just a Construct Anyway

José Hernández-Orallo at the Valencian Research Institute for Artificial Intelligence in Spain and his colleagues looked at three top LLM families, OpenAI’s GPT, Meta’s LLaMA, and BLOOM and found they more inclined to generate wrong answers than to admit ignorance, with a large chunk of users likely to believe the incorrect answers.

Bonus Worst Thing of the Day: Drug Dealing Timeshare Scammers

A retired couple from Ontario, Canada, Mr. & Mrs. Dimitru, lost over $50,000 in a timeshare scam. The FBI is warning that timeshare scams related to Mexico's Jalisco drug cartel are on the rise.

Closing Thought