News Items

  • news

    Visible to the public Follow @SoS_VO_org on Twitter!

    Follow @SoS_VO_org on Twitter!

    The SoS-VO team is excited to announce that we recently updated the homepage of the website to link to the official Science of Security & Privacy twitter account where we will be making daily announcements about noteworthy news items, upcoming opportunities, and impending deadlines in the SoS community.

  • news

    Visible to the public Predictive Intelligence for Pandemic Prevention (PIPP) Webinars

    Predictive Intelligence for Pandemic Prevention (PIPP) Webinars

    February 16, 2021 11:00 AM to
    February 17, 2021 6:45 PM
    Virtual Workshop

    Save the Date

    February 25, 2021 11:00 AM to
    February 26, 2021 6:00 PM
    Virtual Workshop

    Save the Date

  • news

    Visible to the public NSF 21-044 Dear Colleague Letter: Computer and Information Science and Engineering Graduate Fellowships

    NSF 21-044

    Dear Colleague Letter: Computer and Information Science and Engineering Graduate Fellowships (CSGrad4US)

    February 2, 2021

    Dear Colleagues:

  • news

    Visible to the public Computing Community Consortium (CCC) report on Assured Autonomy released

    The Computing Community Consortium (CCC) released a report on assured autonomy, titled Assured Autonomy: Path Toward Living With Autonomous Systems We Can Trust. The report is the result of a year-long effort by the CCC and over 100 members of the research community, led by Ufuk Topcu (The University of Texas at Austin).

  • news

    Visible to the public 9th Annual Best Scientific Cybersecurity Paper Competition


  • news

    Visible to the public HoTSoS 2021: Works-in-Progress Co-Chairs

    Meet the HoTSoS 2021 Team:
    Works-in-Progress Co-Chairs

    Kurt Kelville (MIT) and Aron Laszka (University of Houston) are our Works-in-Progress Co-Chairs for the 2021 Symposium. Happy to have these two on the Program Committee Team!

    About the Chairs

  • news

    Visible to the public NSA and SoS Announce Winner of the 8th Paper Competition

    The National Security Agency and Science of Security annouced that "Spectre Attacks: Exploiting Speculative Execution" as the winner of its 8th Annual Best Cybersecurity Research Paper competition.

    Originally published at the 2019 IEEE Security & Privacy Symposium, the winning paper, in combination with Meltdown, another award-winning paper released earlier by the same researchers, launched a global effort to mitigate critical vulnerabilities in processors.

  • news

    Visible to the public Call for Participation: Canberra Artificial Intelligence Summer School

    Call for Participation

    Canberra Artificial Intelligence Summer School

    Virtual, December 4-7th, 2020



    [If interested in staying up-to-date, please join this Discord channel!]


  • news

    Visible to the public Take my word for it: Privacy and COVID alert apps can coexist


    Since the COVID-19 pandemic began, technologists across the country have rushed to develop digital apps for contact tracing and exposure notifications. New York, New Jersey, Pennsylvania, and Delaware have all recently announced the launch of such apps, announcements which generated excitement. But the advent of these tools has also created questions. Chief among them: Do these apps protect privacy?

  • news

    Visible to the public now supports DOI!

    The latest release of the has added Zenodo support for generating archives and including DOI information for content types such as files, news items, web pages, and wiki pages!

  • news

    Visible to the public Solicitation: NSF Secure and Trustworthy CyberSpace (SaTC) [Solicitation 21-500]

    Secure and Trustworthy Cyberspace (SaTC)

    NSF 21-500

    NSF 19-603

    National Science Foundation

    Directorate for Computer and Information Science and Engineering
         Division of Computer and Network Systems
         Division of Computing and Communication Foundations
         Division of Information and Intelligent Systems
         Office of Advanced Cyberinfrastructure

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public NSA-approved cybersecurity law and policy course now available online

    NSA-approved cybersecurity law and policy course now available online

    Cyber Scoop

    Shannon Vavra

    August 27th, 2019

    Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

  • news

    Visible to the public Verification Tool Competition

    ARCH brings together researchers and practitioners to establish a curated set of benchmarks for verification, testing and reachability, and evaluate them in a friendly competition. ARCH started in 2014 and has sustained a vibrant community since. Since 2017, ARCH has organized as a part of the workshop the International Competition on Verifying Continuous and Hybrid Systems (ARCH-COMP,, now in its 3rd iteration.

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage:

  • news

    Visible to the public Secretary of Energy Rick Perry Announces $68.5 Million for Advanced Vehicle Technologies Research

    WASHINGTON, D.C. - Today, U.S. Secretary of Energy Rick Perry announced up to $68.5 million in available funding for early-stage research of advanced vehicle technologies that will enable more affordable mobility, strengthen domestic energy security, and enhance U.S. economic growth.

  • news

    Visible to the public 2018 NSF CPS Program Solicitation

    The 2018 Cyber-Physical Systems Program Solicitation has been released. The submission window for proposals is April 27, 2018 - May 8, 2018. Please see the full solicitation for additional details and the summary of program requirements:

  • news
  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing:

  • news

    Visible to the public U.S. Department of Transportation Launches Smart City Challenge to Create a City of the Future

    Smart City Challenge

  • news

    Visible to the public NEW 2016 NSF-USDA Solicitation: Innovations at the Nexus of Food, Energy, and Water Systems (INFEWS)

    Innovations at the Nexus of Food, Energy and Water Systems (INFEWS)

    Program Solicitation
    NSF 16-524

    National Science Foundation

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public "Cybersecurity in the Blue Economy"

    The oceans and seas cover over two-thirds of the Earth's surface. These waters are expected to add $3 trillion to the global economy over the next decade through the generation of electricity via marine renewable energy (MRE) devices, which could reduce the carbon footprint from energy production and support grid stability for remote coastal communities. In an effort to help protect these technologies from cybersecurity threats that could disrupt device functionality and connected systems. The first cybersecurity guidance report for MRE devices has been created by Pacific Northwest Laboratory (PNNL) on behalf of the US Department of Energy's (DOE) Water Power Technologies Office. This guidance aims to help MRE developers further explore the risks present in their designs and operations, as well as improve the security of devices, industrial control systems, energy delivery systems, and the maritime industry. In order to identify and analyze cybersecurity risks and threats, the PNNL team gathered data through a formal request for information to developers, a presentation to the DOE Marine Energy Council's stakeholder members, and one-on-one discussions. They reviewed cyber threats and vulnerabilities faced by IT and Operational Technology (OT) devices used in oscillating water columns, oscillating surge flaps, eave-point absorbers, and current turbines. Then they examined the supply chain risks for potential security issues that stem from firmware, hardware, and software used in IT and OT devices. Using these facts, the researchers created customized guidance for MRE developers and end-users. This article continues to discuss the creation of cybersecurity best practices guidance for marine energy devices.

    PNNL reports "Cybersecurity in the Blue Economy"

  • news

    Visible to the public "Over Half of Malware Delivered via Cloud Applications"

    According to a study from Netskope, over 60 percent of malicious payloads were sent via cloud-based apps in 2020. That is an increase from 48 percent of malware samples delivered via cloud applications in 2019. This discovery brings further attention to the fact that attackers are increasingly turning to the cloud to execute attacks. Cloud apps are attractive to attackers as they allow them to circumvent older email and web solutions. Organizations with about 500 to 2,000 employees are now using an average of 664 different cloud apps each month, half of which received a 'Poor' rating on the study's Cloud Confidence Index. This article continues to discuss the growth in the distribution of malware using cloud apps, the importance of improving the security of these apps, recent cloud app breaches, and how organizations could defend against the use of such apps.

    Security Intelligence reports "Over Half of Malware Delivered via Cloud Applications"

  • news

    Visible to the public "NSA Alerts About Four Critical Vulnerabilities in Microsoft Exchange Servers"

    The National Security Agency (NSA) issued alerts about four critical vulnerabilities found in 2013, 2016, and 2019 versions of the Microsoft Exchange Server. The exploitation of these vulnerabilities could allow attackers to perform remote code execution on targeted systems. Microsoft stated that there is no evidence of hackers actively exploiting the vulnerabilities. In addition, Microsoft released security patches to address the critical flaws. The four vulnerabilities reported by the NSA include an RPC endpoint mapper service elevation of privilege vulnerability, Windows NTFS denial-of-service vulnerability, Windows installer information disclosure vulnerability, and an Azure ms-rest-nodeauth library elevation of privilege vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) orders federal agencies to install the newly released Microsoft Exchange security updates. CISA has stressed that threat actors could reverse engineer the security patches to develop working exploits because of their severity and public disclosure. This article continues to discuss the four critical vulnerabilities discovered in Microsoft Exchange Servers, what the exploitation of these bugs could allow threat actors to do, Microsoft's release of security fixes for these vulnerabilities, and CISA's order to federal agencies to install the patches

    CISO MAG reports "NSA Alerts About Four Critical Vulnerabilities in Microsoft Exchange Servers"

  • news

    Visible to the public Incentives for Utilities to monitor for hackers

    The National Security Council plan expected out next week will offer incentives rather than regulations to encourage utilities to install monitoring software to identify hackers and report the incidents to the government. This action comes after more than 25% of the country's 1500 utilities were infected with the SolarWinds software malware.

  • news

    Visible to the public "Global Attacker Dwell Time Drops to Just 24 Days"

    Researchers from FireEye conducted a new study where they analyzed targeted attack activity between October 1, 2019, and September 30, 2020. The researchers compiled their findings in a report called M-Trends 2021. The researchers found that 59% of organizations detected attackers within their environments over the period, a 12-percentage point increase on the previous year. The speed at which they did so also increased: dwell time for attackers inside corporate networks fell below a month for the first time in the report's history, with the median global figure now at 24 days. It's more than twice as fast as the previous year (56 days) and shows that detection and response are moving in the right direction. When the report was first published in 2011, it took firms 416 days to detect adversaries within their environments. In the Americas, dwell time dropped from 60 days in 2019 to just 17 days last year. The researchers stated that the major factor contributing to the increased proportion of incidents with dwell times of 30 days or fewer is the continued surge in the proportion of investigations that involved ransomware, which rose to 25% in 2020 from 14% in 2019.

    Infosecurity reports: "Global Attacker Dwell Time Drops to Just 24 Days"

  • news

    Visible to the public "DHS S&T Expands Pilot of Cybersecurity Tech for Emergency Communications Centers"

    The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has expanded pilot testing of a technology solution aimed at strengthening the cybersecurity of the nation's emergency communications infrastructure. SecuLore Solutions, a cybersecurity company based in Odenton, Maryland, received funding from DHS S&T for its research and development (R&D) of a cybersecurity defense solution in which predictive analytics and cyber data are applied to help detect and mitigate cyberattacks targeting legacy emergency communications systems as well as new Next Generation 911 (NG911) and Internet Protocol-based technologies. The company updated its existing cybersecurity solutions with a new capability that enables near-real-time behavioral threat analysis of traffic flowing to an Emergency Communications Center's (ECC) network and provides recommended steps for remediation based on the malware's behavior, type, or both. SecuLore is currently pilot testing its cybersecurity solution with the Emergency Services Department in Palm Beach County, Florida. Pilot testing of the solution will expand to five more ECCs across the US. The feedback and insights captured during these pilots will help SecuLore and DHS gain a better understanding of how other Emergency Services Departments would use and manage the cybersecurity technology. This article continues to discuss the expanded pilot testing of SecuLore Solutions' newly developed cybersecurity solution for ECCs to bolster the nation's emergency communications infrastructure, as well as the Cybersecurity and Infrastructure Security Agency's (CISA)'s role and S&T's cybersecurity mission.

    The US Department of Homeland Security reports "DHS S&T Expands Pilot of Cybersecurity Tech for Emergency Communications Centers"

  • news

    Visible to the public Science of Security and Privacy 2021 Annual Report

    The Science of Security and Privacy 2021 Annual Report is now available.

    Science of Security and Privacy 2021 Annual Report highlights the progress and accomplishments of this initiative.

  • news

    Visible to the public "Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input"

    Pwn2OW is a contest that allows white-hat cybersecurity professionals and teams to compete in the discovery of bugs in popular software and services. This year the winning team was Computest, and they discovered a vulnerability in Zoom. The team earned themselves $200,000 for their Zoom discovery. The Computest researchers demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction. The team was able to show how an attacker could open a calculator program of a machine running Zoom following its exploit. Zoom has not yet had time to patch the critical security issue, so the vulnerability's specific technical details are being kept under wraps. The attack works on both Windows and Mac versions of Zoom, but it has not yet been tested on iOS or Android. The browser version of the videoconferencing software is not impacted.

    ZDNet reports: "Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input"

  • news

    Visible to the public "Microsoft Uses Machine Learning to Predict Attackers' Next Steps"

    Researchers at Microsoft have built a model that uses Machine Learning (ML) to attribute cyberattacks to specific groups based on Tactics, Techniques, and Procedures (TTPs) and to predict their next steps. The Microsoft researchers are discovering different ways to use ML to transform attackers' specific TTPs into behavior models that can be used for the automation of attack attribution and the prediction of specific actors' next attack steps. Microsoft recently published a research blog post discussing its use of data collected on threat actors via its endpoint and cloud security products to train a probabilistic ML model that can correlate TTPs, extracted from an ongoing cyberattack, with a specific group. The models can reverse the correlation in that the ML model can use what it has learned to predict the group's next steps once attack attribution is achieved. According to Tanmay Ganacharya, the partner director for security research at Microsoft, the use of this ML approach could significantly lessen the time to respond to active threats, improve attack attribution, and enhance the context of ongoing attacks. The company collected data from its Microsoft Defender anti-malware software to generate collections of TTPs, which its researchers then used to implement a Bayesian network model. In cybersecurity, this model is commonly associated with anti-spam engines because it is said to be better suited for handling challenges such as high dimensionality, missing data, interdependencies between TTPs, and more. This article continues to discuss the ML model built by Microsoft researchers to attribute attacks to specific groups and predict their next steps.

    Dark Reading reports "Microsoft Uses Machine Learning to Predict Attackers' Next Steps"

  • news

    Visible to the public "Over 90% of Organizations Hit by a Mobile Malware Attack in 2020"

    Researchers from Checkpoint conducted a new study where they polled 1800 customers of its Harmony Mobile device threat protection product. The researchers discovered that every global organization suffered at least one mobile malware attack in 2020. Of the near-total number that faced a mobile attack last year, 93% of incidents originated in a device network and were either phishing attempts (52%), C&C communication with malware already on the device (25%), or involved infected websites/URLs (23%). The study also revealed that nearly half (46%) of responding organizations had at least one employee download a malicious mobile application that threatened networks and data last year. Banking Trojans, mobile Remote Access Trojans (MRATs), premium diallers, clickers, and ad fraud were among the most common. Some 97% of organizations faced mobile threats originating in multiple vectors, including applications, networks, devices, and OS vulnerabilities. The researchers warned that mobile device management (MDM) is a potentially major new target for attackers.

    Infosecurity reports: "Over 90% of Organizations Hit by a Mobile Malware Attack in 2020"

  • news

    Visible to the public "Researchers Develop Method for Enhancing Resilience against Replay Attacks In Computer Systems"

    Complex, multi-tier systems' reliance on layered communications in the performance of tasks increases vulnerability as every point of contact could be a target for replay attacks. In replay attacks, the malicious actor uses information already in the system, which makes it difficult to detect them. The actor can gain access or cause a specific by stealing a permission string from one transmission and then using it on another agent or the agent who received the transmission initially. Malicious actors could also gain access or incite a certain action using a stolen account number. A team of researchers from the University of Calabria in Italy has developed the first predictive control scheme that can help distributed networks, consisting of multiple agents, identify replay attacks and protect against them. The researchers apply a receding horizon model to predict what a system will look like in the future, thus allowing the identification of unexpected events such as the resending of information. This article continues to discuss the complex structure of modern computer systems and how the researchers' predictive control scheme enhances the resilience of these systems against replay attacks.

    Continuity Central reports "Researchers Develop Method for Enhancing Resilience against Replay Attacks In Computer Systems"

  • news

    Visible to the public "National Supply Chain Integrity Month: Campaign to Raise Awareness of Supply Chain Threats and Mitigation"

    April is National Supply Chain Integrity Month. The National Counterintelligence and Security Center (NCSC) is partnering with government and industry partners throughout April for the 4th annual National Supply Chain Integrity Month to encourage organizations across the US to take action to bolster their supply chains against foreign adversaries and other risks. NCSC is working with the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), the National Association of State Procurement Officials (NASPO), the Department of Defense's Center for the Development of Security Excellence (CDSE), the National Association of Counties (NACo), the Federal Communications Commission (FCC), and others to increase awareness among organizations about threats facing US supply chains as well as to share information on how to mitigate risks. The recent software supply chain attacks on the US industry and government have brought further attention to the importance of improving our supply chains' resilience, security, and diversity. The exploitation of vulnerabilities in US supply chains by foreign adversaries present unique security threats. State-sponsored hackers have targeted software and Information Technology service supply chains to conduct espionage, steal intellectual property, and more. NCSC encourages organizations to consider diversifying supply chains, mitigating third-party risks, identifying and prioritizing essential assets, ensuring executive-level commitment, and strengthening partnerships in order to enhance the resilience of their supply chains. This article continues to discuss the goal of National Supply Chain Integrity Month, the exploitation of US supply chains by foreign adversaries, and what organizations should do to improve the resilience of their supply chains.

    HSToday reports "National Supply Chain Integrity Month: Campaign to Raise Awareness of Supply Chain Threats and Mitigation"

  • news

    Visible to the public "UK Firms Suffer Record Number of Cyber-Attacks in Q1"

    Researchers at Beaming discovered that there was no let up for UK businesses in the first three months of 2021, with commercial organizations suffering an 11% year-on-year increase in cyber-attacks during the period. The researchers found that UK firms were hit by over 172,000 attacks each on average during the first quarter, the equivalent of 1912 per day and one intrusion attempt every 45 seconds. This compares to 1725 attacks per day in the first quarter of 2020. Beaming claimed that Q1 2021 saw the highest level of malicious online activity seen at the start of a year since it began recording such data in 2016. Remotely controlled IoT applications and file-sharing services were the top targets for attackers attracting 175 and 100 attacks per day, respectively, between January and March. The most popular countries of origin for IP addresses used in attacks were China (14%), the US (11%), and India (6%).

    Infosecurity reports: "UK Firms Suffer Record Number of Cyber-Attacks in Q1"

  • news

    Visible to the public "Data from 500M LinkedIn Users Posted for Sale Online"

    In yet another incident of threat actors scraping data from public profiles and slinging it online for potential cybercriminal misuse, researchers have found that personal data from more than 500 million LinkedIn users have been posted for sale online. The personal data for sale includes LinkedIn IDs, full names, professional titles, email addresses, phone numbers, and personally identifiable information (PII). The LinkedIn incident comes on the heels of a substantial leak of personal data from more than 533 million Facebook users last weekend. The researchers stated that the leaked data contains no payment card details and no passwords, so it is less valuable to attackers and will not sell for much on the Dark Web. LinkedIn officials confirmed that the platform's data was included in the database and stated that it was not due to a breach of its system but instead was scraped from the LinkedIn site.

    Threatpost reports: "Data from 500M LinkedIn Users Posted for Sale Online"

  • news

    Visible to the public Beware of fake NFT Websites if Counterfeit Collectibles

    Non-fungible tokens known as NFTs, are now becoming the target of scammers. NFTs are a unique token that are associated with original collectible digital artwork or videos.

  • news

    Visible to the public "Cybercrime Group Lazarus Upgrades its Arsenal with Vyveva Malware"

    ESET researchers found a new backdoor that is being used by the Lazarus hacking group in attacks against freight and logistic organizations in South Africa. The malware dubbed Vyveva performs backdoor activities such as exfiltrating files, collecting information from an infected system, and executing arbitrary code through a remote connection to a command-and-control (C2) server. The backdoor malware also connects to its C2 server via the Tor network through the use of fake TLS connections. The researchers believe Vyveva has been active since 2018 even though it was first discovered in June 2020. This article continues to discuss the capabilities and components of Vyveva malware as well as the history and recent activities of the Lazarus hacking group.

    CISO MAG reports "Cybercrime Group Lazarus Upgrades its Arsenal with Vyveva Malware"

  • news

    Visible to the public "Fraudsters Use HTML Lego to Evade Detection in Phishing Attack"

    Researchers with Trustwave SpiderLabs have released a detailed analysis of a new phishing campaign aimed at Microsoft 365 users. The fraudsters behind the campaign employ "HTML Lego" to deliver a fake Microsoft login page. According to Trustwave, the phishing emails do not have an email body, but they do contain a malicious attachment that appears to be an Excel file with information about an investment. This attachment is really an HTML document with two sections of URL encoded text. The threat actors put different pieces of HTML together and hid them in JavaScript files to generate a fake login page. This article continues to discuss the use of HTML Lego in a new phishing campaign to avoid detection.

    Dark Reading reports "Fraudsters Use HTML Lego to Evade Detection in Phishing Attack"

  • news

    Visible to the public "Scientists Harness Chaos to Protect Devices From Hackers"

    Researchers at Ohio State University have discovered how to use chaos to help create fingerprints for electronic devices that might be unique enough to thwart the most sophisticated hackers. The researchers believe these fingerprints are unique enough to require more than a lifetime of the universe to try all possible combinations. Daniel Gauthier, the senior author of the study and professor of physics at Ohio State University, has emphasized that chaos is significantly beneficial in the system developed by the team. They created new Physically Unclonable Functions (PUFs), which are built into computer chips. PUFs utilize the inherent, unique manufacturing variations in computer chips to produce digital fingerprints that can be used to authenticate and secure devices. According to Gauthier, secure ID cards could potentially be created using the new PUFs to track goods in a supply chain. They could also be used in the authentication of applications. The researchers used a web of randomly interconnected logic gates to develop a complex network in their PUFs. Logic gates create a new signal using two electronic signals. The researchers exploit the unreliable behavior created by the non-standard use of the gates to produce a form of deterministic chaos. This chaos magnifies the tiny manufacturing variations found on a computer chip. The amplification of these variations by chaos can change the secrets being produced on the chip, making it more difficult for hackers to figure them out. Chaos results in the production of an uncountably large number of secrets available on a chip. As part of the study, the researchers tested Machine Learning (ML) attacks against their PUF, and they all failed to hack it. This article continues to discuss the problem with current PUFs and the creation of new PUFs that use chaos to protect devices from hackers.

    Science Daily reports "Scientists Harness Chaos to Protect Devices From Hackers"

  • news

    Visible to the public "SAP Issues Advisory On the Exploit of Old Vulnerabilities to Target Enterprise Applications"

    SAP and Onapsis recently released a joint threat intelligence report to help SAP customers protect themselves against active cyber threats aimed at compromising organizations running unsecured SAP applications. The report highlights activities in which security flaws given a CVSS severity score of up to 10 are being weaponized by threat actors. An estimated 400,000 organizations are using SAP applications. According to both SAP and Onapsis, there were at least 1,500 SAP application-related attack attempts tracked between June 2020 and March 2021, with at least 300 having achieved success. Attackers are targeting enterprise resource planning (ERP), customer relationship management (CRM) software, supply chain management (SCM) systems, and more. SAP releases security patches for its products each month. However, customers are not fixing the critical vulnerabilities that are being exploited by cybercriminals worldwide. There are cases in which Internet-facing SAP applications riddled with bugs have remained unpatched for months or years. The report points out six actively exploited vulnerabilities that could lead to the creation of administrator accounts, full system hijacking, complete administrative control over the hub of an organization's SAP setup, lateral movement through a corporate network, information leaks, total control of SAP business processes, and other malicious activities. The window for patching SAP vulnerabilities is small, as some of these vulnerabilities have been observed being weaponized in less than 72 hours after their disclosure. This article continues to discuss the exploitation of critical vulnerabilities in SAP applications and the potential impact of these flaws on organizations.

    ZDNet reports "SAP Issues Advisory On the Exploit of Old Vulnerabilities to Target Enterprise Applications"

  • news

    Visible to the public "$38 Million Worth of Gift Cards Stolen And Sold on Dark Web"

    Researchers at a fraud intelligence firm called Gemini Avirsory found that a cybercriminal has sold almost 900,000 gift cards and over 300,000 payment cards on a top-tier cybercrime forum on the dark web. The total value of the cards was claimed to be around $38 million. According to the researchers, the stolen cards originated from a 2019 breach of an online discount gift card marketplace that has since gone offline. Since they're easy to redeem and tough to track, gift cards are an increasingly popular target for fraud. One of the researchers observed offers to sell the cards in bulk on the Russian-language forum in February 2021. While the actor behind the sale didn't reveal how they obtained the cards or what their origins were, they did disclose that the loot contained more than 3,000 brand-name gift cards from as many companies, including Airbnb, Amazon, Nike, Marriott, Walmart, and others. The threat actors set up an auction with the bidding starting at US$10,000 and a buy now price of double the initial bidding price. The database was sold within a few moments of being posted. A mere day after selling the gift cards, the same cybercriminal offered to sell 330,000 payment and debit cards on the same online hacking forum. According to the posting, the information included the victims' billing address and partial payment card data such as the card number, its expiration date, and the issuing bank's name. However, the Card Verification Value (CVV) and the cardholder's name were not included.

    We Live Security reports: "$38 Million Worth of Gift Cards Stolen And Sold on Dark Web"

  • news

    Visible to the public "Hackers Are Exploiting Discord and Slack Links to Serve Up Malware"

    Collaboration platforms such as Discord and Slack have increased in use to help maintain ties during the COVID-19 pandemic. As these platforms have increasingly become an integral part of our lives, threat actors have been using them to deliver malware to unsuspecting victims. Cisco's security division Talos recently shared new research that shows how collaboration tools like Slack and Discord have become powerful mechanisms for cybercriminals over the course of the pandemic. Research has found that these platforms are being used to distribute malware in the form of trustworthy-looking links. Hackers have used Discord to control their malicious code on infected machines remotely and to steal data. According to Cisco's researchers, all of the techniques they found do not use an apparent hackable vulnerability in Slack or Discord. A victim also does not need Slack or Discord to be installed on their machine for the discovered techniques to work. The researchers' methods take advantage of less studied features offered by these collaboration platforms, as well as their ubiquity and the trust that users put in them. This article continues to discuss the different ways in which cybercriminals are using Discord and Slack to deliver and control malware, the collaboration platforms' response to Cisco's findings, and how organizations can prevent malware distribution via these platforms.

    Wired reports "Hackers Are Exploiting Discord and Slack Links to Serve Up Malware"

  • news

    Visible to the public "Armed Conflict Draws Closer as State-Backed Cyber-Attacks Intensify"

    A senior lecturer in criminology from the University of Surrey, Mike McGuire, has found in a new study that there has been a 100% increase in "significant" state-backed attacks between 2017 and 2020, and an average of over 10 publicly attributed attacks per month in 2020 alone. Although the most significant number (50%) featured surveillance tools, a worrying 14% were focused on damage or destruction, while more than 40% had a physical and digital component. Most (64%) of the experts McGuire consulted during his research claimed the escalation in tensions last year were "worrying" or "very worrying." McGuire suggests that factors such as increased weaponization and the readiness of governments to define network attacks as "acts of war" are moving the world into a "dangerous stage" and closer to what he dubs "advanced cyber-conflict" than at any time since the digital age began. The research also revealed how the lines between nation-state and cybercrime attacks are increasingly blurring. Mcguire claimed that 10-15% of dark web vendor sales now go to "atypical" purchasers, including state actors looking to stockpile zero-day exploits. In addition, half (50%) of nation-state attacks now feature low-grade tools bought from the cybercrime underground, while just 20% involve custom malware and exploits built in-house. A majority (58%) of experts consulted for the report claimed it is becoming more common for governments to recruit cyber-criminals to carry out attacks, and (65%) said some nation-states launch attacks to generate revenue.

    Infosecurity reports: "Armed Conflict Draws Closer as State-Backed Cyber-Attacks Intensify"

  • news

    Visible to the public "DoD Launches New Security Vulnerability Pilot"

    The US Department of Defense (DoD) launched a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base (DIB) contractor networks and improve digital hygiene. According to HackerOne, any information submitted under the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) will be used for the mitigation or remediation of vulnerabilities present in DoD contractor information systems, networks, or applications. However, the information provided under the program will not be used for offensive tools or capabilities. Security researchers are invited to identify weaknesses in DoD contractor networks and provide details about the vulnerability, covering the product, version, configuration of the software in which the vulnerability exists, how to reproduce the issue, how to mitigate or remediate the vulnerability, and more. Every disclosure will be investigated thoroughly, and appropriate steps will be taken to mitigate and remediate all vulnerabilities identified and properly reported by participating security researchers. Since the launch of the DIB-VDP, 124 reports of vulnerabilities have been received, and 27 researchers have been thanked for their discoveries. This article continues to discuss the purpose, actions, and current progress of the DIB-VDP.

    Security Magazine reports "DoD Launches New Security Vulnerability Pilot"

  • news

    Visible to the public "The Superpowered SOC: How AI Can Drive Agencies to the Next Level of Cyber Defense"

    Cybersecurity incidents faced by federal agencies are continuing to increase in volume, complexity, and impact. The massive SolarWinds hack that impacted the Departments of Treasury, Justice, Commerce, and others further indicates the growing sophistication and success of threat actors. Although investments in diverse cloud and Internet of Things (IoT) environments are intended to improve productivity at federal agencies, the expanding complexity and scale of their digital infrastructures are creating additional challenges for Security Operations Center (SOC) teams. The constant emergence of advanced threats is also making it increasingly difficult for understaffed and overworked SOC teams to be efficient and effective. Triaging alerts and responding to incidents have also become more challenging for SOC teams due to the overwhelming generation of alerts. The integration of self-learning Artificial Intelligence (AI) solutions into existing government technologies will help elevate the performance level of human security team members. Self-learning AI and automation will help security professionals better sort through the noise and focus on dangerous incidents. AI can bring SOC teams to the next level of cyber defense as the technology can enable full-range detection, accurate threat management, and more. This article continues to discuss the challenges faced by government cybersecurity teams and how self-learning AI can help SOC teams improve their effectiveness and efficiency.

    GCN reports "The Superpowered SOC: How AI Can Drive Agencies to the Next Level of Cyber Defense"

  • news

    Visible to the public "Office Depot Configuration Error Exposes One Million Records"

    Security researchers at Website Planet discovered a misconfigured Elasticsearch server belonging to a popular office supplies store chain on March 3rd. The misconfigured Elasticsearch server was leaking nearly one million records, including customers' personal information. The researchers were quickly able to trace it back to Office Depot Europe, which operates across the region with bricks-and-mortar stores and online under the Office Depot and Viking brands. Among the 974,000 unencrypted records found in the database were customer names, phone numbers, home addresses, office addresses, @members.ebay addresses, marketplace logs, order histories, and hashed passwords. The researchers warned that cyber-criminals could have used such data to perform convincing phishing attacks. Alongside the customer information in the database was data on middleware, IP addresses, ports, pathways, and storage systems used by the organization, which could have been exploited to target the Office Depot corporate network. Although Office Depot Europe secured the database within hours of notification, the researchers stated that it may have been exposed for up to 10 days.

    Infosecurity reports: "Office Depot Configuration Error Exposes One Million Records"

  • news

    Visible to the public "Vulnerabilities in ICS-Specific Backup Solution Open Industrial Facilities to Attack"

    Claroty researchers discovered vulnerabilities in Rockwell Automation's FactoryTalk AssetCentre software, a backup solution specifically for Industrial Control Systems (ICS). All of the vulnerabilities have been given a maximum CVSS v3 base score of 10. According to the researchers, an attacker can take over a facility's entire Operational Technology (OT) network and execute commands on server agents and automation devices like a Programmable Logic Controller (PLC) by chaining some of the vulnerabilities together. Three of the discovered flaws are described as deserialization vulnerabilities that can allow unauthenticated attackers to remotely execute arbitrary code in FactoryTalk AssetCentre. One flaw could enable an unauthenticated local attacker to gain complete access to the software's main server and agent machines, as well as remotely execute code. Another three flaws are SQL injection vulnerabilities. All of the discovered flaws impact FactoryTalk AssetCentre v10 and earlier versions. This article continues to discuss the vulnerabilities found in Rockwell Automation's FactoryTalk AssetCentre that leave industrial facilities open to attacks and the importance of ICS-specific backup solutions.

    Help Net Security reports "Vulnerabilities in ICS-Specific Backup Solution Open Industrial Facilities to Attack"

  • news

    Visible to the public "Wormable Netflix Malware Spreads Via WhatsApp Messages"

    Security researchers at Check Point discovered new malware disguised as a Netflix application, designed to spread worm-like via victims' WhatsApp messages. The malware is contained in an application on the Google Play Store called 'FlixOnline.' The application was designed to attract Android users by promising unlimited entertainment from anywhere in the world, using the Netflix logo to add legitimacy. Once a victim installs the application, the malware will change permissions on their device to enable automatic responses to new WhatsApp notifications. Then it will send an automated reply to every message that user receives, encouraging them to visit a fake Netflix site designed to phish for log-ins and credit card details. The WhatsApp message itself promises the recipient two months of Netflix Premium free of charge if the victim clicks on the malicious link. So far, the FlixOnline app had only been downloaded around 500 times before Google removed it after being notified by Check Point. Unfortunately, the researchers claim that the malware is likely to return in another guise. The researchers warn users to be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups.

    Infosecurity reports: "Wormable Netflix Malware Spreads Via WhatsApp Messages"