News Items

  • news

    Visible to the public HoTSoS 2022 Best Undergraduate Poster Award

    HOTSOS 2022 BEST UNDERGRADUATE POSTER AWARD

    Congratulations to Sanjana Cheerla at NCSU for winning the HoTSoS Best Undergraduate Poster Award for their poster Identifying Online Misbehavior.

    Check out the Announcement & Closing Remarks stream here!

  • news

    Visible to the public HoTSoS 2022 Best Poster Award

    HOTSOS 2022 BEST POSTER AWARD

    Congratulations to Samin Yaseer Mahmud & William Enck at NCSU for winning the HoTSoS Best Poster Award for their poster A Study of Security Weakness in Android Payment Service Provider SDKs

    Check out the Announcement & Closing Remarks stream here!

  • news

    Visible to the public Science of Security and Privacy 2022 Annual Report

    The Science of Security and Privacy 2022 Annual Report is now available.

    This report highlights the progress and accomplishments of the Science of Security and Privacy initiative.

  • news

    Visible to the public Paper on One-Way-Functions Wins NSA Paper Competition

    "On One-way Functions and Kolmogorov Complexity" wins the 9th Annual Best Scientific Cybersecurity Paper Competition. This paper was written by Yanyi Liu from Cornell University and Rafael Pass from Cornell Tech.

    An honorable mention award was given to "Retrofitting Fine Grain Isolation in the Firefox Renderer” written by Shravan Narayan, Craig Disselhoen, Tal Garfinkel, Nathan Froyd, Sorin Lerner, Eric Rahm, Hovav Shacham and Deian Stefan.

  • news

    Visible to the public NSF 21-122 Dear Colleague Letter: Enabling Secure and Trustworthy Cyberspace (SaTC) CISE-SBE Interdisciplinary Collaborations

    NSF 21-122

    Dear Colleague Letter: Enabling Secure and Trustworthy Cyberspace (SaTC) CISE-SBE Interdisciplinary Collaborations

    Proposals are due Dec 10, 2021, but an approval letter from a program officer is required before you can submit. Submitting in response to that DCL does *not* count against the limit of the number of proposals that can be submitted against the SaTC solicitation.


    September 27, 2021

    https://www.nsf.gov/pubs/2021/nsf21122/nsf21122.jsp

  • news

    Visible to the public Solicitation: NSF Secure and Trustworthy CyberSpace (SaTC) [Solicitation 22-517]

    Secure and Trustworthy Cyberspace (SaTC)

    PROGRAM SOLICITATION
    NSF 22-517

    REPLACES DOCUMENT(S):
    NSF 21-500

    National Science Foundation

    Directorate for Computer and Information Science and Engineering
         Division of Computer and Network Systems
         Division of Computing and Communication Foundations
         Division of Information and Intelligent Systems
         Office of Advanced Cyberinfrastructure

  • news

    Visible to the public HoTSoS 2022 Call for Papers! Deadline December 17th!

    HoTSoS 2022 Call for Papers! Deadline December 17th!

    The HoT Topics in the Science of Security (HoTSoS) Symposium is now soliciting submissions for the 2022 program. Following the success of the virtual HoTSoS Symposium in 2021, HoTSoS`22 will be a virtual event held the week of April 4th, 2022. In addition to research paper discussions and presentations, the symposium program will also include invited talks and panels.

    We are accepting submissions in the following three categories:

  • news

    Visible to the public Follow @SoS_VO_org on Twitter!

    Follow @SoS_VO_org on Twitter!

    The SoS-VO team is excited to announce that we recently updated the homepage of the website to link to the official Science of Security & Privacy twitter account where we will be making daily announcements about noteworthy news items, upcoming opportunities, and impending deadlines in the SoS community.

  • news

    Visible to the public Predictive Intelligence for Pandemic Prevention (PIPP) Webinars

    Predictive Intelligence for Pandemic Prevention (PIPP) Webinars


    February 16, 2021 11:00 AM to
    February 17, 2021 6:45 PM
    Virtual Workshop

    Save the Date

    February 25, 2021 11:00 AM to
    February 26, 2021 6:00 PM
    Virtual Workshop

    Save the Date

  • news

    Visible to the public HoTSoS 2021: Works-in-Progress Co-Chairs

    Meet the HoTSoS 2021 Team:
    Works-in-Progress Co-Chairs

    Kurt Kelville (MIT) and Aron Laszka (University of Houston) are our Works-in-Progress Co-Chairs for the 2021 Symposium. Happy to have these two on the Program Committee Team!

    About the Chairs

  • news

    Visible to the public Call for Participation: Canberra Artificial Intelligence Summer School

    Call for Participation

    Canberra Artificial Intelligence Summer School

    Virtual, December 4-7th, 2020

    FREE

    Website: http://canberraai.net/caiss2020/
    Discord: https://discord.com/invite/rcKuNm4

    [If interested in staying up-to-date, please join this Discord channel!]


    Introduction

  • news

    Visible to the public Take my word for it: Privacy and COVID alert apps can coexist

    BY LORRIE CRANOR, OPINION CONTRIBUTOR -- 11/10/20 09:30 AM EST

    Since the COVID-19 pandemic began, technologists across the country have rushed to develop digital apps for contact tracing and exposure notifications. New York, New Jersey, Pennsylvania, and Delaware have all recently announced the launch of such apps, announcements which generated excitement. But the advent of these tools has also created questions. Chief among them: Do these apps protect privacy?

  • news

    Visible to the public CPS-VO.org now supports DOI!

    The latest release of the CPS-VO.org has added Zenodo support for generating archives and including DOI information for content types such as files, news items, web pages, and wiki pages!

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public NSA-approved cybersecurity law and policy course now available online

    NSA-approved cybersecurity law and policy course now available online

    Cyber Scoop

    Shannon Vavra

    August 27th, 2019

    Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency.

  • news

    Visible to the public Verification Tool Competition

    ARCH brings together researchers and practitioners to establish a curated set of benchmarks for verification, testing and reachability, and evaluate them in a friendly competition. ARCH started in 2014 and has sustained a vibrant community since. Since 2017, ARCH has organized as a part of the workshop the International Competition on Verifying Continuous and Hybrid Systems (ARCH-COMP, https://cps-vo.org/group/ARCH/), now in its 3rd iteration.

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage: https://cps-vo.org/group/sos/papercompetition/pastcompetitions

  • news

    Visible to the public Secretary of Energy Rick Perry Announces $68.5 Million for Advanced Vehicle Technologies Research

    WASHINGTON, D.C. - Today, U.S. Secretary of Energy Rick Perry announced up to $68.5 million in available funding for early-stage research of advanced vehicle technologies that will enable more affordable mobility, strengthen domestic energy security, and enhance U.S. economic growth.

  • news

    Visible to the public 2018 NSF CPS Program Solicitation

    The 2018 Cyber-Physical Systems Program Solicitation has been released. The submission window for proposals is April 27, 2018 - May 8, 2018. Please see the full solicitation for additional details and the summary of program requirements: https://cps-vo.org/node/45729

  • news
  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing: https://cps-vo.org/group/SoS/contact

  • news

    Visible to the public U.S. Department of Transportation Launches Smart City Challenge to Create a City of the Future

    Smart City Challenge

  • news

    Visible to the public NEW 2016 NSF-USDA Solicitation: Innovations at the Nexus of Food, Energy, and Water Systems (INFEWS)

    Innovations at the Nexus of Food, Energy and Water Systems (INFEWS)


    Program Solicitation
    NSF 16-524

    National Science Foundation

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public Sticky News Item

    This news item always appears at the top of the 'recent news' list because the 'pin to top of lists' box is checked under 'publishing options' below. News Items can also be set to show in the spotlight slideshow feature.

  • news

    Visible to the public "Watchdog Identifies Multiple Security Deficiencies at VA Medical Center in Louisiana"

    An audit performed by the Department of Veterans Affairs' Office of Inspector General (OIG) discovered several flaws in the IT systems used by the Alexandria VA Medical Center in Pineville, Louisiana, including uninstalled security patches and outdated operating systems, which could expose critical systems to unauthorized access, alteration, or destruction. OIG conducted the IT security assessment to find out whether Alexandria was in compliance with federal guidelines under the Federal Information Security Modernization Act (FISMA) of 2014, which requires federal agencies to implement information security programs. Alexandria, having more than 37,000 active patients, was chosen for an audit because it had not previously been assessed as part of the annual FISMA review. The audit identified weaknesses in three of Alexandria's four security control areas, including configuration management, security management, and access controls. The assessment found no flaws in the center's contingency planning controls. The most serious flaws were found in Alexandria's configuration management controls, which identify and manage security features for all hardware and software components of an information system. Inaccurate component inventories, a flawed vulnerability management process, devices lacking security patches, and outdated operating systems were among the issues. According to the audit, the lack of accurate inventories at Alexandria resulted in undetected and unaddressed critical and high-risk vulnerabilities. The inspection team compared on-site vulnerability scans to those performed remotely by the VA's Office of Information and Technology and discovered five critical vulnerabilities and three high-risk vulnerabilities that had not been detected. The assessment also discovered 33 vulnerabilities, including 17 critical flaws on 8 percent of the devices and 16 high-risk flaws on 29 percent of the devices that were not addressed within the VA's mandated remediation timeframe. This article continues to discuss findings from the IT security assessment of the Louisiana-based medical center.

    NextGov reports "Watchdog Identifies Multiple Security Deficiencies at VA Medical Center in Louisiana"

  • news

    Visible to the public "DeFi Exchange dYdX npm User Account Gets Hacked"

    Several npm packages used by the popular Decentralized Finance (DeFi) exchange dYdX appear to have been hacked, as they were discovered containing illegal code that would launch information stealers when installed on a system. Maciej Mensfeld, the creator of Diffend.io and a security researcher at the Mend software supply chain security firm, reported finding numerous corrupted npm packages that were secretly installing information stealers. The attacker appears to have gained control of a dYdX employee's npm account and used it to upload updated versions of credible packages. They have a predefined set of operations on the victim's computer that they want to perform before opening a channel for arbitrary code execution, stealing their environment variables and login information for multiple services. This article continues to discuss the compromise of npm packages used by DeFi exchange dYdX.

    The Crypto Times reports "DeFi Exchange dYdX NPM User Account Gets Hacked"

  • news

    Visible to the public "Two Remote Code Execution Vulnerabilities Patched in WhatsApp"

    WhatsApp has recently patched two serious vulnerabilities that could be exploited for remote code execution. One of the flaws, tracked as CVE-2022-36934 and rated "critical," is an integer overflow issue that affects WhatsApp for Android prior to 2.22.16.12, Business for Android prior to 2.22.16.12, iOS prior to 2.22.16.12, and Business for iOS prior to 2.22.16.12. WhatsApp noted that an attacker can exploit the vulnerability for remote code execution during a video call. The second issue, a high-severity flaw tracked as CVE-2022-27492, is an integer underflow that can be exploited for remote code execution by sending a specially crafted video file to the targeted user. It has been patched in WhatsApp for Android and iOS with the release of versions 2.22.16.2 and 2.22.15.9, respectively. According to security researchers at Malwarebytes, CVE-2022-36934 impacts the Video Call Handler component, while CVE-2022-27492 affects the Video File Handler component. The vulnerabilities appear to have been discovered internally, and there is no indication that they have been exploited in the wild.

    SecurityWeek reports: "Two Remote Code Execution Vulnerabilities Patched in WhatsApp"

  • news

    Visible to the public "Why Paying The Ransom Is Still The Most Common Response To A Ransomware Attack?"

    According to researchers at Databarracks, this year, 44% of the organizations who experienced a ransomware assault paid the demanded ransom. Almost a quarter (22%) used ransomware decryption software, while 34% restored data from backups. The researchers stated that while organizations might believe that paying the ransom is the best choice, this strategy is faulty for several reasons. Firstly, once one pays the ransom, there is no assurance that the organization's data will be returned. Second, once criminals know an organization is an easy target, they frequently attack it again. Finally, it conveys the incorrect message. By paying, the organization assists the crooks by demonstrating that their strategies are effective. During the study, the researchers also found that an increasing proportion of organizations have a policy stating whether they would pay a ransom in the event of a ransomware attack. A policy was in place in 68% of organizations, up from 54% the year before. The researchers stated that people are becoming more aware of and prepared for ransomware assaults.

    Information Security Buzz reports: "Why Paying The Ransom Is Still The Most Common Response To A Ransomware Attack?"

  • news

    Visible to the public "EU Cyber Resilience Act Primarily Aimed At Beefing Defenses of 'Smart' Connected Devices"

    Smart devices and other connected devices, which have long been the weakest link in networks, may soon be forced to strengthen their defenses by the EU Cyber Resilience Act. The proposed legislation would apply to all products with "digital elements" in the European Union, requiring manufacturers to meet basic design standards as well as provide a means of updating and patching devices as vulnerabilities emerge. Manufacturers of connected devices would also be required to communicate key security features to customers and ensure that customers understand how to enable and maintain these features after the device is set up. The penalties proposed are similar to those in the General Data Protection Regulation (GDPR), with a maximum fine of 2.5 percent of global annual turnover. The EU Cyber Resilience Act defines connected devices as anything directly or indirectly connected to other devices or networks, casting a wide net intended to cover the entire smart device market. Some product categories are exempt from the proposed new rules, but only those that already have their own set of regulations. Some examples of exempted product categories are automobiles, aircraft, and medical devices. This article continues to discuss the proposed rules and potential impact of the EU Cyber Resilience Act.

    CPO Magazine reports "EU Cyber Resilience Act Primarily Aimed At Beefing Defenses of 'Smart' Connected Devices"

  • news

    Visible to the public "Researchers Disrupt Fraudulent Apps in Apple App Store and Google Play"

    Human Security Inc. researchers recently announced that they thwarted a sophisticated advertising fraud operation that distributed apps on both the Google Play Store and Apple App Store. The "Scylla" campaign involves using mobile applications that appear to be legitimate apps to trick users into downloading them. The apps contained hidden advertisements, which they rendered in places where the user could not see them and generated fake clicks. The apps also tracked real ad clicks in order to fake additional clicks later. Fake apps with malware or adware are not new, but the majority of them do not make it onto the main two app stores. The researchers discovered 80 Scylla-infected apps on Google Play Store and nine apps on the Apple App Store that had been downloaded more than 13 million times. The Human Security researchers collaborated with Google and Apple to ensure the apps linked to the Scylla operation were removed. The researchers also collaborated with advertising Software Development Kit (SDK) developers to lessen the impact of the operation on their processes and advertising partners. Although the Scylla apps have been removed from the main app stores, the campaign continues, with those behind it distributing infected apps through smaller, third-party app stores. These tactics, combined with the obfuscation techniques first seen in the Charybdis operation, demonstrate the threat actors' increased sophistication. This article continues to discuss the malicious Scylla campaign distributing apps on the Google Play Store and Apple App Store.

    SiliconANGLE reports "Researchers Disrupt Fraudulent Apps in Apple App Store and Google Play"

  • news

    Visible to the public "Ukraine Predicts "Massive" Russian Cyber Assault"

    According to the Ukrainian Ministry of Defense's Main Directorate of Intelligence, the Russian government is planning a major new cyberattack campaign on the critical infrastructure of Ukraine and its allies as winter approaches. It was noted that the energy industry would be a key target as the weather gets colder. If the intelligence is accurate, the campaign will echo the cripplingly destructive attacks of December 2015 and 2016 that the Kremlin launched against Ukrainian facilities, which left hundreds of thousands without power. It was stated that Ukrainian energy providers can expect more attacks using both destructive and wiper malware. Microsoft claimed in April that the country had already been on the receiving end of over 230 cyberattack campaigns, including 40 wiper attacks aimed at hundreds of targets. However, even the tech giant admitted that its intelligence probably only recorded a fraction of total offensive activity. The Ukrainian intelligence note also claimed that Russia is planning to intensify DDoS attacks on the critical infrastructure of Ukrainian allies, most notably Poland and the Baltic states. Microsoft said in June that it had recorded Russian attacks on 128 organizations in 42 countries allied to Ukraine since the start of the war.

    Infosecurity reports: "Ukraine Predicts "Massive" Russian Cyber Assault"

  • news

    Visible to the public "Cybercriminals Get Better at Bypassing Defenses"

    According to the latest Distributed Denial-of-Service (DDoS) Threat Intelligence Report from NETSCOUT, cybercriminals have become more adept at circumventing defenses with new DDoS attack vectors and methodologies. The report is based on attack information from over 190 countries, 550 industries, and 50,000 Autonomous System Numbers (ASNs). There were around six million DDoS attacks in the first half of 2022, with Transmission Control Protocol (TCP)-based flood attacks accounting for roughly 46 percent of all the attacks. Domain Name System (DNS) 'water-torture' attacks increased by 46 percent in 2022, primarily through User Datagram Protocol (UDP) query floods, while carpet-bombing attacks made a strong comeback near the end of the second quarter. Overall, DNS amplification attacks decreased by 31 percent compared to the same period last year. Malware botnets have also grown significantly, with 21,226 nodes tracked in the first quarter compared to 488,381 nodes in the second. As a result, there have been more direct-path, application-layer attacks. In the first half of 2022, attackers conducted more pre-attack reconnaissance, tested a new attack vector called TP240 PhoneHome, unleashed TCP flooding attacks, and expanded high-powered botnets to wreak havoc on network-connected resources. Furthermore, bad actors have openly embraced online aggression through high-profile DDoS attack campaigns linked to geopolitical unrest, with global ramifications. This article continues to discuss key findings from NETSCOUT's latest DDoS Threat Intelligence Report.

    BetaNews reports "Cybercriminals Get Better at Bypassing Defenses"

  • news

    Visible to the public "Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack"

    Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has recently confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company's systems. The breach occurred on June 8 and was discovered the same day. The company noted that 369 people were affected. An investigation assisted by a cybersecurity firm revealed that the attacker may have acquired information belonging to certain employees, including name, address, social security number, date of birth, direct deposit information, and ethnicity. The company said that impacted individuals were notified in July and offered 12 months of free identity protection and credit monitoring services. Elbit Systems of America provides defense, commercial aviation, homeland security, medical instrumentation, law enforcement, and sustainment and support solutions. The Black Basta ransomware gang announced hacking Elbit Systems of America in late June.

    SecurityWeek reports: "Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack"

  • news

    Visible to the public "Global Firms Deal with 51 Security Incidents Each Day"

    Security researchers at Trellix have found that security operations (SecOps) teams are struggling to respond to dozens of cybersecurity incidents every single day. The researchers polled 9000 security decision makers from organizations with 500+ employees across 15 markets to compile their latest study. The researchers noted that the average SecOps team has to manage 51 incidents per day, with 36% of respondents claiming they deal with 50 to 200 daily incidents. Around half (46%) agreed they are "inundated by a never-ending stream of cyberattacks." The researchers stated that part of the problem is the siloed nature of security, detection, and response systems. Some 60% of respondents argued that poorly integrated products mean teams can't work efficiently, while a third (34%) admitted they have blind spots. More than half (60%) of respondents admitted they can't keep pace with the rapid evolution of security threats. This could be having a significant impact on the bottom line. The researchers noted that the vast majority (84%) of security decision-makers estimated that their organization lost up to 10% of revenue from security breaches in the past year. Medium-size businesses ($50-$100m in revenue) lost an average of 8% in revenue, versus 5% for large companies with a turnover of $10bn-$25bn.

    Infosecurity reports: "Global Firms Deal with 51 Security Incidents Each Day"

  • news

    Visible to the public "Fake Sites Siphon Millions of Dollars in 3-Year Scam"

    A subscription service scam has amassed millions of dollars in credit card charges by creating fake sites, staffing them with live customer support, and paying for "services" with stolen credit card accounts. ReasonLabs, an endpoint security firm, recently released an advisory stating that a Russian-speaking cybercrime group has created hundreds of fraudulent websites since 2019, most likely using third-party proxies, as well as dozens of business sites that serve as both a generic name for credit card charges and a hub for customer support calls. The fraudsters were able to keep chargeback requests low enough to avoid being shut down and continue profiting from the scam by using recurring charges small enough to escape many customers' notice. While the individual components of the scheme are not novel, the scheme as a whole managed to avoid credit card companies' fraud detection and generate millions of dollars in revenue. The three-year scam illustrates the resurgence of credit card fraud, particularly among businesses dealing with a hybrid workforce. According to a recent KPMG study, two-thirds of businesses experienced fraud in the previous year. Meanwhile, security experts have warned that third-party scripts on websites, which are part of the software supply chain, could be used to steal credentials and credit card information. In the latest credit card scam, cybercriminals created the right mix of components to avoid anti-fraud defenses and go unnoticed by consumers who do not always check their credit card bills. The campaign is still active, but ReasonLabs has notified the companies affected by the fraud in order to assist in shutting down the cybercriminal enterprise. This article continues to discuss the Russian crime syndicate stealing millions of dollars from credit card companies using fake sites across hundreds of domains.

    Dark Reading reports "Fake Sites Siphon Millions of Dollars in 3-Year Scam"

  • news

    Visible to the public  "Hackers Use PowerPoint Files for 'Mouseover' Malware Delivery"

    Hackers suspected of working for Russia have begun to employ a new code execution technique involving the use of mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script. The attack does not require a malicious macro for the code to execute and download the payload. According to a report from the threat intelligence firm Cluster25, APT28, also known as Fancy Bear, used the new technique to deliver the Graphite malware. The goal of Graphite malware is to allow the attacker to load other malware into system memory. It was discovered in January by Trellix researchers who named it specifically because it employs the Microsoft Graph API to use OneDrive as a command-and-control (C2) server. The threat actor entices victims with a PowerPoint (PPT) file purportedly linked to the Organization for Economic Co-operation and Development (OECD), an intergovernmental organization dedicated to promoting global economic progress and trade. There are two slides in the PPT file, each with instructions in English and French for using the Interpretation option in the Zoom video-conferencing app. The PPT file contains a hyperlink that triggers the execution of a malicious PowerShell script via the SyncAppvPublishingServer utility. This article continues to discuss the hackers' use of PPT files to spread malware.

    Bleeping Computer reports "Hackers Use PowerPoint Files for 'Mouseover' Malware Delivery"

  • news

    Visible to the public "North Korea's Lazarus Hackers Targeting macOS Users Interested in Crypto Jobs"

    The Lazarus Group has continued deploying malware targeting Apple's macOS operating system via unsolicited job opportunities. Researchers at SentinelOne have observed the latest variant of the campaign, which includes decoy documents advertising positions for the Singapore-based cryptocurrency exchange firm "Crypto.com." The latest discovery builds on previous findings from the Slovak cybersecurity firm ESET in August, when it investigated a similar fraudulent job posting for the Coinbase cryptocurrency exchange platform. These fake job advertisements are the latest in a series of attacks known as "Operation In(ter)ception," which is part of a larger campaign called Operation Dream Job. Although the malware's exact distribution vector is unknown, it is suspected that potential targets are established through direct messages on the business networking site LinkedIn. The intrusions begin with the deployment of a Mach-O binary, a dropper that launches the decoy PDF document containing the job listings at Crypto.com while deleting the Terminal's saved state in the background. The downloader, which is similar to the safarifontagent library used in the Coinbase attack chain, then acts as a conduit for a bare-bones second stage bundle. The primary goal of the second stage is to extract and execute the binary from the third stage. The final payload delivered to the compromised machine is unknown because the command-and-control (C2) server hosting the malware is currently unavailable. This article continues to discuss the Lazarus Group targeting macOS users interested in cryptocurrency job positions.

    THN reports "North Korea's Lazarus Hackers Targeting macOS Users Interested in Crypto Jobs"

  • news

    Visible to the public "New Erbium Password-Stealing Malware Circulates as Game Cracks And Cheats"

    The new Erbium information-stealing malware is being distributed as fake video game cracks and cheats to steal users' login information and cryptocurrency wallets. Erbium is a new Malware-as-a-Service (MaaS) platform that provides customers with access to new data-stealing malware. It is gaining popularity among cybercriminals due to its broad capabilities, responsive customer service, and low cost. Erbium was discovered earlier this month by Cluster25 researchers, but a new paper from Cyfirma provides more information on how the password-stealing Trojan spreads. Erbium has been advertised on Russian-speaking forums since July 2022, but it is unclear whether it will be used in the wild. As its popularity grew in late August, the price of Erbium increased from $9 per week to $100 per month or $1000 for a full-year license. Erbium aims to disrupt the malware market that threat actors often use because it is roughly one-third the price of RedLine Stealer, the industry's "de facto" option. Erbium will steal data saved in web browsers, such as passwords, cookies, credit card information, and autofill data. The malware also attempts to steal data from several bitcoin wallets added as browser extensions. Cold desktop wallets that have been hijacked include Exodus, Atomic, Armory, Bitecoin-Core, Bytecoin, Dash-Core, Electrum, Electron, Coinomi, Ethereum, Litecoin-Core, Monero-Core, and more. This article continues to discuss the new Erbium password-stealing malware.

    CyberIntelMag reports "New Erbium Password-Stealing Malware Circulates as Game Cracks And Cheats"

  • news

    Visible to the public "University of Alabama's Low-Cost Solution Could Help Spot Hacked GPS in Self-Driving Cars"

    Transportation researchers at the University of Alabama (UA) have developed a low-cost system to overcome one of those challenges faced by self-driving vehicles, which is GPS hacking. Such hacking can send a self-driving vehicle to the wrong destination. A self-driving vehicle can use already installed sensors to detect traveling the wrong route when passengers are unaware of the change, preventing an attempt to spoof the Global Positioning System (GPS) signal to the vehicle. According to Dr. Mizanur Rahman, assistant professor of civil, construction, and environmental engineering and affiliate researcher with the Alabama Transportation Institute, relying on software code and in-vehicle sensors that are already part of the self-driving system would be more affordable for consumer and commercial vehicles to deny the hacked directions used to steer cargo or people away from their intended destination. He says that the sensors that guide the vehicles are the same ones that can detect a fake GPS signal. If the vehicle is misguided and has incorrect information, this can detect it and get it back on track. While commercially available vehicles have some level of automation, none have reached full autonomy. Automakers are developing cybersecurity software to protect vehicle computers from remote hacking, but GPS signal spoofing is not the same. A spoofed GPS signal arrives from outside the vehicle, leaving the internal computer system alone to navigate a new route based on false information. Instead of programming the vehicle to computationally analyze and validate the signal, the UA team developed an algorithm that uses built-in in-vehicle sensors capable of detecting acceleration, speed, and direction to validate that the car's path aligns with the intended travel directions. This article continues to discuss the UA researchers' solution for combatting GPS hacking.

    Alabama NewsCenter reports "University of Alabama's Low-Cost Solution Could Help Spot Hacked GPS in Self-Driving Cars"

  • news

    Visible to the public "More Security for Decentralized Blockchain"

    The European Research Council (ERC) is funding a project at the Technical University of Darmstadt to improve decentralized blockchain technologies. Sebastian Faust's "CRYPTOLAYER - Cryptography for Second Layer Blockchain Protocols" project has been awarded a prestigious ERC Consolidator Grant for a five-year period. This will strengthen TU Darmstadt's cryptography and IT security research efforts. The goal of the CRYPTOLAYER project is to make decentralized blockchain technologies usable for various applications. These technologies offer a new way to perform computations without relying on a centralized platform provider. They can, for example, process payment transactions in a distributed way using many computers. Although this approach provides a high level of security, it has many drawbacks for widespread use. Blockchain computation is currently expensive and publicly visible. In addition, applications cannot communicate with the outside world. This is where TU Darmstadt's research comes in, as a second protocol layer will run on top of the blockchain with the help of the CRYPTOLAYER project. This article continues to discuss the support and goal behind TU Darmstadt's CRYPTOLAYER project.

    TU Darmstadt reports "More Security for Decentralized Blockchain"

  • news

    Visible to the public  "Reversible Transactions Could Mitigate Crypto Theft — Researchers"

    Researchers at Stanford University have developed a prototype for "reversible transactions" on Ethereum, proposing it as a possible solution to reduce the impact of cryptocurrency theft. Stanford University blockchain researcher Kaili Wang shared an overview of the Ethereum-based reversible token concept, noting that it is not yet a finished concept but rather a proposal to provoke discussion and even better solutions from the blockchain community in light of recent major hack thefts. The ecosystem would be much safer if there were a way to reverse those thefts under such conditions. With the proposed method, reversals are permitted only if approved by a decentralized quorum of judges. The proposed prototype was developed by Stanford blockchain researchers Wang, Dan Boneh, and Qinchen Wang, and it outlines "opt-in token standards that are siblings to ERC-20 and ERC-721," called ERC-20R and ERC-721R. However, Wang clarified that the prototype was not intended to replace ERC-20 tokens or make Ethereum reversible but rather to provide a short time window post-transaction for thefts to be contested and possibly restored. If someone's funds are stolen, they can submit a freeze request to a governance contract under the proposed token standards. This will be followed by a decentralized court of judges voting within a day or two at most to approve or reject the request. Both parties to the transaction would also be able to provide evidence to the judges, giving them enough information to make a fair decision. This article continues to discuss the researchers' proposed "opt-in" token standard that would allow victims to report theft to a governance contract, with algorithms assisting in the identification and freezing of ill-gotten gains.

    Cointelegraph reports "Reversible Transactions Could Mitigate Crypto Theft -- Researchers"

  • news

    Visible to the public "GAO Finds OT and IT Cybersecurity Gaps at Nuclear Security Agency"

    According to a new Government Accountability Office (GAO) study, the National Nuclear Security Administration (NNSA) and its contractors have not fully implemented foundational cybersecurity risk practices in their traditional IT environment. Current US nuclear weapons were developed during the Cold War, when computer capabilities were in their infancy and cyber vulnerabilities were not taken into account. The weapons currently in the US' nuclear stockpile contain very little digital technology. However, the NNSA will continue to maintain and modernize the stockpile over the next two decades. In doing so, the NNSA intends to increasingly integrate digital systems into nuclear weapons, automate manufacturing processes and equipment, and rely on advanced computer processing capabilities to assess and predict the performance of the weapons. Malicious actors can hack, corrupt, or subvert digital systems like these. They can also be affected by equipment failures, software coding errors, or employee errors. Federal laws and policies have suggested key practices for setting up a cybersecurity management program, including identifying and assigning cybersecurity roles and responsibilities for risk management, designating controls that are available for information systems or programs to inherit, and more. The GAO discovered that the NNSA and its contractors had not completely implemented these risk management practices in their traditional IT, Operational Technology (OT), and nuclear weapons IT environments. This article continues to discuss key findings, points, and suggestions in GAO's report on nuclear weapons cybersecurity.

    HSToday reports "GAO Finds OT and IT Cybersecurity Gaps at Nuclear Security Agency"

  • news

    Visible to the public "90% Of Orgs Believe Cybersecurity Risk Isn't Being Addressed"

    According to Foundry's 2022 Security Priorities Study, about 90 percent of security leaders believe their organization is failing to address cybersecurity risks. Those surveyed faced these pitfalls due to various issues, including convincing the severity of the risks to all or parts of their organization and believing their organization is not investing enough resources into addressing cybersecurity risks. Budgets remain a critical contributing factor to a company's cybersecurity efforts. The security budget for small businesses has increased to $16 million, up from $11 million last year and $5.5 million in 2020. Enterprises are seeing consistent security budgets, with $122 million this year and $123 million in 2021. Nearly a quarter of organizations have cyber insurance on their radar, with only 23 percent not interested. In order to address cybercriminals' increasing innovation and the various cybercrime-as-a-service models that are emerging, security executives are researching and testing new security technologies to add to their technology stack. Security Orchestration, Automation, and Response (SOAR), zero-trust technologies, Secure-Access Service Edge (SASE), deception technologies, and ransomware brokers are among the top technologies being actively researched. This article continues to discuss key findings and points shared in Foundry's 2022 Security Priorities Study.

    VB reports "90% Of Orgs Believe Cybersecurity Risk Isn't Being Addressed"

  • news

    Visible to the public "Hackers Use NullMixer and SEO to Spread Malware More Efficiently"

    Security researchers at Kaspersky have spotted a new series of campaigns focusing on the malware tool they named NullMixer. According to the researchers, NullMixer spreads malware via malicious websites that can be easily found via popular search engines, including Google. These websites are often related to crack, keygen, and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper. The researchers noted that when users attempt to download software from one of these sites, they are redirected several times and eventually land on a page containing download instructions alongside an archived password-protected malware acting as the desired software tool. When a user extracts and executes NullMixer, the malicious software drops several malware files to the compromised machine. These malware families may include backdoors, bankers, credential stealers, and so on. The researchers stated that the following families are among those dropped by NullMixer: SmokeLoader/Smoke, LgoogLoader, Disbuk, RedLine, Fabookie, and ColdStealer. The security researchers noted that in 2022 alone, they had blocked attempts to infect more than 47,778 victims worldwide, mainly across Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey, and the United States. The researchers stated that currently, they are unable to attribute NullMixer to any specific group or threat actor.

    Infosecurity reports: "Hackers Use NullMixer and SEO to Spread Malware More Efficiently"

  • news

    Visible to the public "Legacy Technology Undermines Ransomware Response"

    According to a new Censuswide survey commissioned by Cohesity, nearly half of respondents rely on outdated, legacy backup and recovery infrastructure to manage and protect their data. Of the respondents, 46 percent rely on primary backup and recovery infrastructure built in or before 2010. More than 60 percent are concerned about their IT and security teams' ability to mobilize quickly in the event of an attack. Brian Spanswick, chief information security officer at Cohesity, calls on IT and security teams to raise the alarm if their organization continues to use antiquated technology to manage and secure their most critical digital asset, which is their data. Cybercriminals are actively targeting outdated infrastructure because they know it was not designed for today's dispersed, multi-cloud environments, nor was it designed to help businesses protect and recover quickly from sophisticated cyberattacks. Although the world has changed, businesses continue to rely on legacy technology. In the UK, 38 percent of the respondents say they store data on-premises, 39 percent use public cloud storage, 50 percent use a private cloud, and 41 percent have adopted a hybrid model. Some respondents revealed that they use multiple options. This article continues to discuss key findings from Cohesity's report on the evolution of data protection strategies.

    BetaNews reports "Legacy Technology Undermines Ransomware Response"

  • news

    Visible to the public "Breached American Airlines Email Accounts Abused for Phishing"

    American Airlines recently discovered it was breached after receiving reports of employee email accounts being used in phishing attacks. Last week, the airline started informing some of its customers that their personal data was likely compromised in a data breach identified in early July. During an investigation, it was found that unknown threat actors compromised the email accounts of multiple American Airlines employees, which allowed them to access customer data in those accounts. According to the company, the attackers might have also used the compromised accounts to access files stored on an employee SharePoint site. American Airlines also noted that the attackers accessed the compromised mailboxes using the IMAP protocol, which could have allowed them to sync the contents of those mailboxes to another device. The airline told US authorities that the breach had impacted roughly 1,700 customers and employees. The company noted that the number of documents that contained personal information was small, and it would have taken the unauthorized actor significant time and resources to locate the personal information in the mailboxes.

    SecurityWeek reports: "Breached American Airlines Email Accounts Abused for Phishing"

  • news

    Visible to the public "US Duo Plead Guilty to $30m Forex Fraud Scheme"

    Two US men have recently pleaded guilty to defrauding online investors out of tens of millions of dollars in a foreign exchange (forex) scheme dating back a decade. Patrick Gallagher, 44, of Middleborough, Massachusetts, and Michael Dion, 49, of Orlando, Florida, were behind the scam. According to the Department of Justice (DoJ), they created a fake company, Global Forex Management, and lured investors with promises of significant returns based on previous trading results that they had fabricated. Investors were told their funds would be traded via a partner company, IB Capital, which was actually run by a co-conspirator. The DoJ noted that in May 2012, Gallagher and Dion executed their scheme by intentionally creating losing trades for the investors and effectively stole $30m from their victims. After fabricating the massive trading loss, Gallagher and Dion routed the stolen money through shell companies they had set up worldwide. The duo also worked with co-conspirators in the Netherlands to steal the funds. The DoJ noted that investment fraud is one of the highest earners for cybercriminals. Last year it made them nearly $1.5bn off the back of 20,561 reports to the FBI.

    Infosecurity reports: "US Duo Plead Guilty to $30m Forex Fraud Scheme"

  • news

    Visible to the public "Phishing Attacks Skyrocketing, Over 1 million Observed"

    Security researchers at APWG in the second quarter of 2022 observed 1,097,811 total phishing attacks, the worst quarter for phishing that APWG has ever observed. The total for June was 381,717 attacks or phishing sites. The researchers noted that the number of reported phishing attacks has quadrupled since early 2020 when APWG observed between 68,000 and 94,000 attacks per month. In the first quarter of 2022, OpSec Security found that phishing attacks against the financial sector, including banks, remained the largest, accounting for 27.6 percent of all phishing attacks. Attacks against webmail and software-as-a-service (SAAS) providers remained prevalent as well, while attacks against retail/eCommerce sites fell from 17.3 percent to 14.6 percent after the holiday shopping season. The researchers noted that phishing against social media websites rose to 15.3 percent of all attacks. Phishing against cryptocurrency targets, such as cryptocurrency exchanges and wallet providers, was 6.5 percent of the total, which made them more prevalent than attacks against online games, government sites, and telecom services combined.

    Help Net Security reports: "Phishing Attacks Skyrocketing, Over 1 million Observed"

  • news

    Visible to the public "Hackers Deploy Malicious OAuth Apps to Compromise Email Servers, Spread Spam"

    Security researchers at Microsoft have found that threat actors are deploying OAuth applications on compromised cloud tenants and then using them to control Exchange servers and spread spam. The researchers, during an investigation, found that the threat actors launched credential-stuffing attacks (which use lists of compromised user credentials) against high-risk, unsecured administrator accounts that didn't have multi-factor authentication (MFA) enabled to gain initial access. The researchers noted that the unauthorized access to the cloud tenant enabled the actor to create a malicious OAuth application that added a malicious inbound connector in the email server. The threat actor then reportedly used the malicious inbound connector to send spam emails that looked like they originated from the targets' genuine domain. The researchers stated that the spam emails were sent as part of a deceptive sweepstakes scheme meant to trick recipients into signing up for recurring paid subscriptions. The researchers noted that in the past few years, they have observed that more and more threat actors, including nation-state actors, have been using OAuth applications for different malicious purposes, including command-and-control (C2) communication, backdoors, phishing, redirections, and so on.

    Infosecurity reports: "Hackers Deploy Malicious OAuth Apps to Compromise Email Servers, Spread Spam"