News Items

  • news

    Visible to the public Science of Security BAA for Virtual Institutes

    The National Security Agency on March 1 released a Broad Agency Announcement (BAA), which calls for research project proposals. These research projects are for foundational cybersecurity research. Additional details on the requirements and interesting research questions can be found in the BAA document.

    The title of the BAA is Science of Security Virtual Institutes and the deadline to submit is April 14, 2023. The BAA number is MASMPO-23-001 or RFI-23-00212.

  • news

    Visible to the public HoTSoS 2023: Registration Open March 7th!

    HoTSoS 2023: Registration Open March 7th!

    The Hot Topics in the Science of Security (HoTSoS) Symposium is a research event centered on the Science of Security, which aims to address the fundamental problems of security in a principled manner. The tenth annual event will be virtually held April 3-5, 2023.

    Registration for HoTSoS is scheduled to open March 7th!

    Visit the HoTSoS 2023 home page for more information about the schedule of events and important deadlines.

  • news

    Visible to the public 11th Annual Best Scientific Cybersecurity Paper Competition Now Live!

    The eleventh NSA Competition for Best Scientific Cybersecurity Paper i

  • news

    Visible to the public Science of Security and Privacy Annual Reports Archive

    The reports highlight the progress and accomplishments of the Science of Security and Privacy initiative.

  • news

    Visible to the public HoTSoS 2022 Call for Papers! Deadline December 17th!

    HoTSoS 2022 Call for Papers! Deadline December 17th!

    The HoT Topics in the Science of Security (HoTSoS) Symposium is now soliciting submissions for the 2022 program. Following the success of the virtual HoTSoS Symposium in 2021, HoTSoS`22 will be a virtual event held the week of April 4th, 2022. In addition to research paper discussions and presentations, the symposium program will also include invited talks and panels.

    We are accepting submissions in the following three categories:

  • news

    Visible to the public Follow @SoS_VO_org on Twitter!

    Follow @SoS_VO_org on Twitter!

    The SoS-VO team is excited to announce that we recently updated the homepage of the website to link to the official Science of Security & Privacy twitter account where we will be making daily announcements about noteworthy news items, upcoming opportunities, and impending deadlines in the SoS community.

  • news

    Visible to the public HoTSoS 2021: Works-in-Progress Co-Chairs

    Meet the HoTSoS 2021 Team:
    Works-in-Progress Co-Chairs

    Kurt Kelville (MIT) and Aron Laszka (University of Houston) are our Works-in-Progress Co-Chairs for the 2021 Symposium. Happy to have these two on the Program Committee Team!

    About the Chairs

  • news

    Visible to the public Take my word for it: Privacy and COVID alert apps can coexist


    Since the COVID-19 pandemic began, technologists across the country have rushed to develop digital apps for contact tracing and exposure notifications. New York, New Jersey, Pennsylvania, and Delaware have all recently announced the launch of such apps, announcements which generated excitement. But the advent of these tools has also created questions. Chief among them: Do these apps protect privacy?

  • news

    Visible to the public NIST Releases Draft Security Feature Recommendations for IoT Devices

    NIST Releases Draft Security Feature Recommendations for IoT Devices

    "Core Baseline" guide offers practical advice for using everyday items that link to computer networks.

    August 01, 2019

  • news

    Visible to the public Game-theoretic Paper Wins Annual Paper Competition

    The winner of the 6th Annual Best Scientific Cybersecurity Paper Competition is How Shall We Play a Game? A Game-theoretical Model for Cyber-warfare Games by Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, and David Brumley. These researchers are from Carnegie Mellon University and University of California, Santa Barbara. This paper was originally accepted at 30th IEEE Computer Security Foundations Symposium (CSF '17).

    To learn more visit the competition homepage:

  • news
  • news

    Visible to the public NSA SoS Lablet Call for Proposals is Open

    The National Security Agency has distributed its BAA (really a request for proposals) for its next generation of SoS Lablets. These lablets include lablets on the 5 Hard Problem areas in Science of Security, on the Science of Privacy and dealing with Cyber Physical Systems. Proposals are due August 21. While the SoS team is not the point of contact for the contracting process, we can aid in directing:

  • news

    Visible to the public "Popular Fertility Apps Are Engaging in Widespread Misuse of Data"

    Katharine Kemp, senior lecturer in the Faculty of Law and Justice at the University of New South Wales (UNSW Sydney), conducted a new study that reveals major privacy flaws in fertility apps used by Australian consumers, highlighting the need for reform of the Privacy Act. Fertility apps help users track their periods, identify a fertile window, monitor pregnancy stages and symptoms, and more. Therefore, these apps collect sensitive data. In addition, many of them are designed to be used by children as young as 13. Kemp's report examined the privacy policies, messages, and settings of the top 12 fertility apps used by consumers in Australia, excluding apps requiring a connection with a wearable device. Kemp found that some of these apps have misleading privacy messages, a lack of choice in data usage, inadequate de-identification measures when data is shared with other organizations, and long data retention windows that expose users to unnecessary risk from potential data breaches. Some of the fertility apps do not allow users to choose whether or not their de-identified health data will be sold or transferred to other companies for research or other purposes. Or, the apps have consumers opt-in to these extra uses by default, placing the burden of opting out on the users themselves. Furthermore, not all of the data is properly de-identified. When supposedly de-identified Medicare records were published in 2016, researchers from the University of Melbourne demonstrated how a de-identified record can still be linked to a specific person using only a few data points. This article continues to discuss findings from the analysis of 12 popular fertility apps' privacy policies, messages, and settings.

    The University of New South Wales reports "Popular Fertility Apps Are Engaging in Widespread Misuse of Data"

  • news

    Visible to the public "What Do You Do if a Hacker Takes over Your Ship?"

    A joint team recently conducted a new cybersecurity course at the Norwegian University of Science and Technology (NTNU) in Alesund. NTNU's program for the maritime industry has offered a new course called "Maritime digital security." Participants explored existing digital threats and conducted an experimental cyberattack on a ship. The primary focus is on cyber risk management and building resilience. Where Information Technology (IT) and people intersect, digital vulnerability exists. According to Marie Haugli-Sandvik and Erlend Erstad, Ph.D. candidates in the Department of Ocean Operations and Civil Engineering at NTNU, security breaches can occur through the ship's systems, the port system, and the people who run or supervise these systems. They are examining how the maritime industry could be better prepared for cyberattacks. The maritime digital security course devised and led by the two Ph.D. candidates appears to be the first of its kind in Norway. Haugli-Sandvik surveyed 293 deck officers from 11 major Norwegian offshore shipowners. Eighty-three percent of respondents reported getting some cybersecurity training, while 15 percent said they had never received training. Two percent were unaware of their training status. Sixty-six percent of the surveyed deck officers were unsure or disagreed that they had sufficient training to handle a cyber incident on board. Such incidents can impact ship operations, as they could disrupt administrative systems for passenger lists, sailing licenses, and more. This article continues to discuss the development, purpose, and contributions of the NTNU course on maritime digital security.

    SCIENMAG reports "What Do You Do if a Hacker Takes over Your Ship?"

  • news

    Visible to the public "CISA: Election Security Still under Threat at Cyber and Physical Level"

    Threats posed by foreign and domestic actors will continue to be a concern ahead of the 2024 presidential election, prompting federal cyber leadership to emphasize the need to bolster election security at both the local and national levels. During a recent panel hosted by the University of California, Los Angeles, Kim Wyman, the senior advisor for election security at the Cybersecurity and Infrastructure Security Agency (CISA), highlighted that there is a growing number of foreign state-sponsored threat actors determined to target US election infrastructure and voters through cyber activity and malign foreign influence operations. Wyman stated that in the wake of the 2016 presidential election, the security of US digital election infrastructure has made significant progress in enhancing the resilience of voting systems. However, she added that while law enforcement and regulatory bodies had "no evidence" of deleted or lost votes in the 2022 election, state-sponsored threats were recorded. State-sponsored threat actors demonstrated activity that warrants continued vigilance, indicating that adversaries remain attracted to US elections as opportunities for meddling and influence. In preparation for future elections, Wyman suggested basic cybersecurity measures, such as implementing multifactor authentication (MFA), updating software, improving physical security, practicing incident response plans, and educating the public on voter security. This article continues to discuss elections remaining vulnerable to cyber and physical attacks.

    GCN reports "CISA: Election Security Still under Threat at Cyber and Physical Level"

  • news

    Visible to the public "Report: Wartime Hacktivism Is Spilling over into the Financial Services Industry"

    According to a new report by the Financial Services Information Sharing and Analysis Center (FS-ISAC), Russia's war with Ukraine caused a rise in politically motivated hacktivism that continues to this day, significantly impacting the cyber threat landscape for financial services. FS-ISAC's annual global intelligence threat report revealed that the cyber threats faced by the financial industry have worsened because of the war, as both sides consist of hacktivist groups who have conducted Distributed Denial-of-Service (DDoS) attacks, website takeovers, and other activities, with many targeting financial institutions in countries whose governments are at odds with Moscow and Vladimir Putin. Many of these attacks are considered relatively low-impact. However, they still show how the Internet has helped turn today's geopolitical conflicts into an activity for hackers with strong political preferences worldwide. The report emphasized that financial organizations in countries that Russia considers hostile have been singled out for attacks and named as targets on Telegram and other hacktivist forums. Although the attacks have not yet caused significant damage, they should be noted for their potential to temporarily disrupt companies and governments, as well as draw media attention. This article continues to discuss wartime hacktivism impacting the financial services industry.

    SC Magazine reports "Report: Wartime Hacktivism Is Spilling over into the Financial Services Industry"

  • news

    Visible to the public "High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian"

    Security researchers at Cisco's Talos threat intelligence and research unit recently disclosed the details of two high-severity vulnerabilities discovered last year in WellinTech's KingHistorian industrial data historian software. China-based industrial automation software company WellinTech designed KingHistorian for collecting and processing a "massive amount" of industrial control system (ICS) data. The researchers discovered that the historian is impacted by two flaws. One of them tracked as CVE-2022-45124, can allow an attacker who can intercept an authentication packet to obtain the username and password of the legitimate user who logged in to the system. The second issue, CVE-2022-43663, can be exploited by sending a specially crafted network packet that triggers a buffer overflow. The researchers noted that it is unclear if the flaw can be exploited for arbitrary code execution or only to crash the process. The vendor was informed about the security holes in December 2022 and released patches earlier this month.

    SecurityWeek reports: "High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian"

  • news

    Visible to the public "Securing Edge-Enabled Cyber-Physical Systems"

    Through edge computing, computation and data storage are brought closer together, reducing the amount of data sent to and from the cloud. Although edge computing reduces some security risks by keeping data near its source, it also adds new security threats. Assistant professor of computer science and engineering in the McKelvey School of Engineering at Washington University in St. Louis, Ning Zhang, won a three-year award from Intel to support work in ensuring the availability of the Intel Trusted Edge Platform (TEP). Zhang contributes his knowledge in system security and national defense to the development of novel theories and technologies for protecting the TEP ecosystem, including servers, networks, software, and algorithms. Zhang's focus is on edge-enabled Cyber-Physical Systems (CPSs), such as self-driving cars, implantable medical devices, and robots, which are especially vulnerable to security threats because of their continuous interaction with the physical world. Zhang and his team are working on designing customized defenses to guarantee real-time system availability, even when the system is under attack, ensuring the security of these systems. This article continues to discuss the project aimed at improving the security of edge-enabled CPSs.

    Washington University in St. Louis reports "Securing Edge-Enabled Cyber-Physical Systems"

  • news

    Visible to the public "The Move to Memory-Safe Programming"

    In November 2022, the National Security Agency (NSA) suggested using memory-safe programming languages to protect against software-memory safety problems. The "Future of Memory Safety" report published earlier this year by Consumer Reports advocated memory-safe languages. Azalea Raad, a senior lecturer in the Department of Computing at Imperial College London, emphasizes that the prevalence of security issues, of which memory safety vulnerabilities are one of the primary causes, is one of the main reasons why memory-safe languages are gaining popularity at this time. Memory safety is a factor of programming languages that prohibits memory-access vulnerabilities such as out-of-bounds reads and writes and use-after-free bugs. For example, in an application that manages a list of to-do items, an out-of-bounds read could mean accessing the nonexistent sixth item in a list of five. A use-after-free bug could involve accessing an item on a to-do list that has already been deleted. These flaws could lead to unauthorized access to confidential data, data corruption, or even the execution of unauthorized code. Raad explains that an out-of-bounds read may result in reading from adjacent blocks in memory potentially containing sensitive data. Similarly, an out-of-bounds write can lead to the hijacking of the program's control flow and the execution of privileged or malicious code by overwriting sensitive information in memory. With memory-safe programming languages, these errors are discovered during compile time or runtime. Errors are flagged at compile time so they can be corrected. When detected at runtime, they cause crashes rather than enabling unchecked access to memory, thus limiting possible damage and preventing security vulnerabilities. This article continues to discuss the shift to memory-safe programming languages.

    IEEE Spectrum reports "The Move to Memory-Safe Programming"

  • news

    Visible to the public "Just 1% of Dot-Org Domains Are Fully DMARC Protected"

    According to security researchers at EasyDMARC, only 1.2% of nearly 10 million .org domains in circulation have fully implemented DMARC to mitigate the risk of phishing. The researchers reviewed over 9.9 million verified .org email domains and found that just 376,497 (3.8%) had implemented the Domain-based Message Authentication, Reporting, and Conformance (DMARC) security standard. The researchers noted that DMARC helps to prevent phishing by automatically flagging and blocking any incoming emails thought to be spoofed. For it to be effective, organizations must set their systems to a "reject" policy which means any suspect emails are automatically blocked before they hit the recipient's inbox. A "quarantine" policy will allow the messages through but ensure they are directed to the spam folder, while "p=none" will let suspect emails straight through. Unfortunately, the researchers noted that of the small 3.8% of global .org domains with DMARC deployed, 171,486 (45.6%) had been incorrectly configured, so the organization lacked visibility into received or blocked emails. Additionally, of those with DMARC, over half (58%) had no policy, while 15% had selected a quarantine option. The researchers stated that the top 100 .org domains by traffic fared a little better: three-quarters had DMARC, and around a quarter (27%) of these had set their policy to p=reject. With .org primarily used by non-profits, the findings are a concern for the sector.

    Infosecurity reports: "Just 1% of Dot-Org Domains Are Fully DMARC Protected"

  • news

    Visible to the public "Zoom Paid Out $3.9 Million in Bug Bounties in 2022"

    Video communications giant Zoom recently announced that in 2022 it paid out $3.9 million to security researchers who reported vulnerabilities as part of its bug bounty program. Zoom launched a private bug bounty program on HackerOne in 2019 and has paid over $7 million in bounty rewards to date. In 2021, the company paid roughly $1.8 million in bug bounty rewards. The company noted that moving forward, they are working on implementing a new vulnerability impact scoring system that it will use alongside the Common Vulnerability Scoring System (CVSS) to score reports. The new Vulnerability Impact Scoring System (VISS) will rank vulnerability reports based on 13 different aspects of their impact on Zoom's infrastructure and technology, as well as on customer data security. Zoom stated that with the implementation of VISS, Bug Bounty can focus more on measuring responsibly demonstrated impact rather than the theoretical possibility of exploitation. The company has not mentioned how many vulnerabilities were reported last year and how many of these led to the release of a patch. However, Zoom issued CVE identifiers for tens of critical and high severity flaws across its product portfolio.

    SecurityWeek reports: "Zoom Paid Out $3.9 Million in Bug Bounties in 2022"

  • news

    Visible to the public "Ransomware 'Likely' to Target Transportation OT Systems, Warns EU Cyber Agency"

    According to a new report from the European Union Agency for Cybersecurity (ENISA), ransomware attacks are the most pressing cyber threat faced by the transportation sector. This is the first time the agency has analyzed threats to the aviation, maritime, railway, and road sectors. ENISA emphasizes that while most ransomware attacks have so far targeted Information Technology (IT) systems such as databases, ransomware groups are likely to target and disrupt Operational Technology (OT) systems in the near future, potentially causing victims even greater harm. OT systems commonly monitor or control mechanical operations, making them important to the safety of airports, ports, rail traffic, and other parts of the transportation industry. ENISA stated that it has not received "reliable information" on a cyberattack harming the safety of transportation, but that the risk of cyberattacks on OT systems is increasing as a result of digital transformation's integration of traditionally segmented IT and OT systems. In addition, the organization stated that the supposed urgency of the transportation sector "to pay ransom to avoid any critical business and social impact" could be encouraging further attacks. While the bulk of transportation sector attacks in 2022 were motivated by financial gain, the maritime industry proved to be of particular interest to state-sponsored groups. This article continues to discuss key points made by ENISA's report on the transport threat landscape.

    The Record reports "Ransomware 'Likely' to Target Transportation OT Systems, Warns EU Cyber Agency"

  • news

    Visible to the public "ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques"

    The North Korean Advanced Persistent Threat (APT) group called ScarCruft downloads additional malware using weaponized Microsoft Compiled HTML Help (CHM) files. According to different reports from AhnLab Security Emergency Response Center (ASEC), SEKOIA.IO, and Zscaler, the discoveries demonstrate the group's ongoing efforts to polish and retool its techniques to evade detection. Researchers at Zscaler commented that the ScarCruft group is continuously enhancing its tactics, techniques, and procedures (TTPs) while experimenting with new file formats and approaches to avoid security companies. ScarCruft, also known as APT37, Reaper, RedEyes, and Ricochet Chollima, has targeted multiple South Korean entities for espionage purposes with a heightened operational tempo since the start of 2023. It has been in operation since at least 2012. This article continues to discuss new findings regarding the North Korean APT group ScarCruft.

    THN reports "ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques"

  • news

    Visible to the public "Hackers Use New PowerMagic and CommonMagic Malware to Steal Data"

    Researchers have discovered attacks by a sophisticated threat actor involving a previously unknown malicious framework called CommonMagic and a new backdoor called PowerMagic. Since at least September 2021, both pieces of malware have been used in ongoing espionage operations against organizations in the administrative, agriculture, and transportation sectors. According to researchers, the hackers are interested in gathering data from victims in Donetsk, Lugansk, and Crimea. Once within the victim network, the CommonMagic espionage campaign's perpetrators can use different plugins to steal documents and files from USB devices. The malware can also take screenshots using the Windows Graphics Device Interface (GDI) Application Programming Interface (API) every three seconds. The researchers suspect spear phishing or a similar technique was used to deliver a URL referring to a ZIP archive containing a malicious LNK file. This article continues to discuss CommonMagic and PowerMagic.

    Bleeping Computer reports "Hackers Use New PowerMagic and CommonMagic Malware to Steal Data"

  • news

    Visible to the public "Custom 'Naplistener' Malware a Nightmare for Network-Based Detection"

    A group tracked by Elastic Security Labs as REF2924 is using new data-stealing malware, a C#-written HTTP listener named Naplistener, in attacks against victims in southern and southeast Asia. According to Elastic's senior security research engineer Remco Sprooten, network-based detection and prevention technologies are the main method for securing environments in that part of the world. However, Naplistener and other new malware used by the group appear "designed to evade network-based forms of detection," according to Jake King, head of engineering at Elastic Security. On January 20, researchers detected Naplistener in the form of a new executable that was built and installed as a Windows Service on a victim network. Threat actors created the executable Wmdtc.exe with a naming convention similar to that of the official binary used by the Microsoft Distributed Transaction Coordinator service. This article continues to discuss researchers' findings and observations regarding Naplistener.

    Dark Reading reports "Custom 'Naplistener' Malware a Nightmare for Network-Based Detection"

  • news

    Visible to the public "Voice Deepfakes Are Calling – Here's What They Are and How to Avoid Getting Scammed"

    Security researchers have observed that advances in deep learning algorithms, audio editing, and synthetic voice generation are making it increasingly feasible to replicate a person's voice convincingly. In addition, Artificial Intelligence (AI)-driven chatbots such as ChatGPT are beginning to create realistic scripts with adaptive real-time responses. Combining these technologies with voice generation transforms a deepfake from a static recording into a lifelike avatar capable of carrying on a convincing phone conversation. Researchers behind the DeFake Project of the Rochester Institute of Technology, the University of Mississippi, Michigan State University, and more are working to detect video and audio deepfakes as well as reduce the damage they inflict. Voice phishing (vishing) scams are the most common voice deepfakes encountered in the workplace and at home. For example, in 2019, criminals scammed an energy company out of $243,000 by imitating the voice of its parent company's boss to instruct an employee to transfer funds to a supplier. In 2022, people were conned out of an estimated $11 million by simulated voices. This article continues to discuss security researchers' concerns regarding voice deepfakes and how people can avoid getting scammed by them.

    The Conversation reports "Voice Deepfakes Are Calling - Here's What They Are and How to Avoid Getting Scammed"

  • news

    Visible to the public "Only 15 Percent of Companies Are Ready for Cyber Threats"

    According to Cisco's first-ever Cybersecurity Readiness Index, only 15 percent of companies worldwide are at the 'Mature' level of readiness required to be resilient against today's advanced cybersecurity threats. Over half (55 percent) of companies fall into the Beginner (8 percent) or Formative (47 percent) cybersecurity readiness phases, indicating that they perform below average. Additionally, 82 percent of the 6,700 cybersecurity leaders surveyed worldwide expect a cybersecurity incident to impact their organization during the next 12 to 24 months. Sixty percent of respondents revealed they had experienced a cybersecurity incident in the last year, and 41 percent of those affected estimate the incident cost them at least $500,000. Fifty-three percent of the organizations classed as Mature are 'Very Confident' in their ability to deal with risks. In contrast, only 30 percent of organizations in the Beginner stage and 34 percent of those in the Formative stage share this sentiment. Although 86 percent of respondents plan to increase their security budgets by at least 10 percent over the next 12 months, the report emphasizes the need to establish a baseline so that organizations can build on their strengths and prioritize the areas where they require more maturity and improved resilience. This article continues to discuss key findings from Cisco's Cybersecurity Readiness Index.

    BetaNews reports "Only 15 Percent of Companies Are Ready for Cyber Threats"

  • news

    Visible to the public "Security Researchers Double-Down on the Need to Patch VMware ESXi Servers"

    Security teams are urged to double-down on their efforts to patch the two-year-old VMware ESXi server vulnerability that impacted thousands of VMware customers. According to a blog post published by AT&T Cybersecurity on March 20, companies that have not installed the patch are at risk of falling victim to ransomware. The ESXiArgs ransomware campaign hit around 3,200 VMware ESXi servers worldwide, according to a Censys search. The most affected country was France, followed by the US, Germany, and Canada. BlueVoyant's director of external cyber assessments, Lorri Janssen-Anessi, advised security teams to install VMware ESXi updates promptly. If companies are unable to update, they should configure their system to minimize risks, including disabling the port targeted by ransomware. In addition, all organizations using the impacted VMware software should conduct thorough system scans to detect any indicators of compromise. This article continues to discuss the need for security teams to double-down on patching VMware ESXi servers.

    SC Media reports "Security Researchers Double-Down on the Need to Patch VMware ESXi Servers"

  • news

    Visible to the public "ESF Partners, NSA, and CISA Release Identity and Access Management Recommended Best Practices for Administrators"

    As part of the Enduring Security Framework (ESF), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released the "Recommended Best Practices Guide for Administrators" to provide system administrators with actionable recommendations for protecting their systems from Identity and Access Management (IAM) threats. IAM ensures that users can only access data if they possess the proper credentials. Colonial Pipeline, an oil pipeline system, experienced a major ransomware attack in 2021, that affected the oil/gas distribution system. Many individuals are aware of the attack, but many are unaware that the attack was caused by a leaked password, an inactive Virtual Private Network (VPN) account, and a lack of multifactor authentication (MFA), which can be summed up as inadequate IAM. The paper provides best practices and mitigations to counter threats to IAM related to identity governance, environmental hardening, identity federation, MFA, and IAM auditing and monitoring. This article continues to discuss the release and purpose of the IAM paper.

    NSA reports "ESF Partners, NSA, and CISA Release Identity and Access Management Recommended Best Practices for Administrators"

  • news

    Visible to the public "Lionsgate Streaming Platform with 37M Subscribers Leaks User Data"

    According to research conducted by Cybernews, the entertainment industry giant Lionsgate leaked users' IP addresses and details about the content they have viewed on its movie-streaming platform. Researchers discovered that the movie-streaming platform Lionsgate Play had exposed user data via an open ElasticSearch instance. They found 20GB of unsecured server logs containing nearly 30 million entries, the oldest of which was from May 2022. The logs exposed subscribers' IP addresses together with information on their devices, operating system, and web browser. Logs also revealed the platform's usage data, which is commonly used for analytics and performance tracking. URLs found in logs contained the titles and IDs of the content that users watched, as well as their search queries. Researchers also discovered unidentified hashes with logged HTTP GET requests, records of client requests usually used to get data from a web server. Malicious actors can use the combination of IP addresses and device information to launch targeted attacks on users and deliver malicious payloads to their devices. This article continues to discuss the leak of user data by the video-streaming platform Lionsgate Play.

    Cybernews reports "Lionsgate Streaming Platform with 37M Subscribers Leaks User Data"

  • news

    Visible to the public "Google Flags Apps Made by Popular Chinese E-Commerce Giant as Malware"

    Google has identified multiple apps developed by a Chinese e-commerce giant as malware, informing users who have installed them and suspending the company's official app. Several Chinese security researchers have recently accused Pinduoduo, a rising e-commerce powerhouse with around 800 million active users, of creating Android apps containing malware designed to monitor users. Google has effectively configured Google Play Protect, its Android security mechanism, to prevent users from installing these malicious apps. Google is also warning those who have already installed the apps, urging them to uninstall them. According to an anonymous security researcher, their analysis also revealed that the apps exploited multiple zero-day flaws to hack users. This article continues to discuss Google flagging several apps made by the Chinese e-commerce giant Pinduoduo.

    TechCrunch reports "Google Flags Apps Made by Popular Chinese E-Commerce Giant as Malware"

  • news

    Visible to the public "Associates in Dermatology Responds to Data Breach"

    Associates in Dermatology (AID), a healthcare provider with offices in New Albany and Clarksville, is notifying community members of a data breach issue. Recently the provider announced in a news release that Virtual Private Network (VPN) Solutions faced a ransomware issue that could potentially affect patients of the dermatology clinic. The company provides electronic health record management software for the provider. The data breach occurred around October 31, 2021, leading to a forensic investigation. The investigation concluded in January of this year. VPN "identified files pertaining to AID that potentially contained sensitive information." The company said that on March 10, 2023, AID determined that the compromised files may have also contained personally identifiable information. AID is working to identify all the specific individuals and the type of data that was impacted by VPN's breach in order to provide sufficient notice. AID has no reason to believe that any individual's information has been misused as a result of this event. AID said that compromised data may include patients' names, addresses, Social Security numbers, dates of birth, medical conditions, treatments, diagnoses, test results, health insurance policy numbers, subscriber identification numbers, and health plan beneficiary numbers. The data that VPN identified as compromised varied with each individual.

    Yahoo News reports: "Associates in Dermatology Responds to Data Breach"

  • news

    Visible to the public "Google Pixel Vulnerability Allows Recovery of Cropped Screenshots"

    Reverse engineers Simon Aarons and David Buchanan have discovered a vulnerability lurking in Google's Pixel phones for five years that allows for the recovery of an original, unedited screenshot from the cropped version of the image. Referred to as aCropalypse and tracked as CVE-2023-21036, the issue resides in Markup, the image-editing application on Pixel devices. Markup fails to properly truncate edited images, making the cropped data recoverable. The reverse engineers stated that the bug has existed since 2018 and that it was the result of a code change that Markup did not adhere to. Specifically, when switching from Android 9 to Android 10, the parseMode() function was modified to overwrite a file with a truncated one if the argument "wt" was passed to it. Previously, the argument "w" was needed for the same operation. The engineers noted that because Markup's behavior was not changed and it continued to use the argument "w," while it did crop the image, it did not tell the OS to overwrite the original with the smaller version, resulting in the truncated data being left at the end of the file instead. The engineers explained that the end result is that the image file is opened without the O_TRUNC flag so that when the cropped image is written, the original image is not truncated. If the new image file is smaller, the end of the original is left behind. The researchers also point out that the change from "w" to "wt" was only documented in 2021, when a bug report was submitted. Google addressed the vulnerability with the March 2023 security update for Pixel devices, which patches more than 120 bugs, aside from the issues resolved with the March 2023 Android update.

    SecurityWeek reports: "Google Pixel Vulnerability Allows Recovery of Cropped Screenshots"

  • news

    Visible to the public "Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant"

    Security researchers at Mandiant have analyzed the zero-day vulnerabilities disclosed in 2022 and found that over a dozen of them were used in attacks believed to have been carried out by cyberespionage groups. The researchers noted that the cybersecurity community cannot reach an agreement on the definition of a zero-day vulnerability. Some define as zero-day as any vulnerability whose details are made public before a patch is released, while others only assign a zero-day classification to flaws that were actually exploited in attacks before a fix was made available. The researchers stated that only vulnerabilities that were exploited in the wild before a patch was released were included in their zero-day analysis. According to the researchers, 55 zero-day vulnerabilities came to light last year. While this is a significant drop from the 81 discovered in 2021, it's still more than in any other previous year. The researchers noted that many of the zero-days found last year were not publicly attributed to a known threat actor. Of the ones that were attributed, 13 were linked to cyberespionage groups, including seven believed to have been exploited by Chinese state-sponsored groups. Chinese hackers targeted vulnerabilities such as CVE-2022-30190 (the Windows flaw known as Follina), CVE-2022-42475, and CVE-2022-41328 (Fortinet product vulnerabilities). The researchers stated that two of the zero-days attributed to state-sponsored threat actors were linked to North Korea, and two were tied to Russia. Three vulnerabilities were exploited by commercial spyware vendors such as Candiru and Variston. One flaw was seen being exploited by both China and Russia and spyware vendors as well. The researchers stated that four of the zero-days spotted in 2022 were likely exploited by financially motivated threat actors, including CVE-2022-29499 (by Lorenz ransomware), and CVE-2022-41091 and CVE-2022-44698 (by Magniber ransomware). Of the 55 zero-days that emerged in 2022, 18 impacted Microsoft products, 10 impacted Google products, and 9 were found in Apple products. Other affected vendors included Fortinet, Mozilla, Sophos, Trend Micro, Zimbra, Adobe, Atlassian, Cisco, Mitel, SolarWinds, Zoho, QNAP, and Citrix. As for product types, 19 flaws impacted desktop operating systems, followed by browsers (11), security, IT, and network management products (10), and mobile operating systems (6).

    SecurityWeek reports: "Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant"

  • news

    Visible to the public "Detecting Manipulations in Microchips"

    In addition to manipulating software, attackers can also tamper with hardware. Therefore, a team from Ruhr University Bochum (RUB), Germany, and the Max Planck Institute for Security and Privacy (MPI-SP) is developing techniques to detect such tampering. They are exploring detection methods for hardware Trojans. Electronic chips are embedded in many objects, and they are often designed by companies that do not operate their own production facilities. Instead, the construction plans are sent to highly specialized chip factories to be made. The designs of the chips may be modified in the factories just before production, compromising their security. In extreme instances, such hardware Trojans could enable an attacker to instantly disable parts of the telecommunications infrastructure at the touch of a button. Using an algorithm, the researchers compared construction plans for chips to electron microscope images of actual chips and looked for differences. There were deviations in 37 out of 40 cases. The researchers made all images of the chips available online for free, together with the design data and the analysis algorithms, so that other research teams could use the data to conduct more studies. This article continues to discuss the study on hardware Trojan detection.

    Ruhr University Bochum reports "Detecting Manipulations in Microchips"

  • news

    Visible to the public "What Do CEOs Really Think about Cyber Risk? First-Of-Its-Kind Study Reveals All"

    Through 37 in-depth interviews with global CEOs, a team of researchers from the University of Oxford and ISTARI revealed the emotions and challenges associated with effectively managing cyber risk. They have shared the findings of their joint CEO Report on Cyber Resilience, which applies a top-management perspective to cybersecurity risks and emphasizes CEOs' critical role in establishing cyber resilience. It presents insights from one-hour face-to-face interviews with American, Asian, and European CEOs whose companies' average annual revenue is $12 billion, with an average of 40,000 employees. Nine CEOs had led their organization through a severe cyberattack. Under anonymity, the CEOs discussed their feelings, frustrations, and regrets regarding cyber threats and security. The CEOs admitted that they are formally accountable for cybersecurity to regulators, shareholders, and their boards. However, most (72 percent) reported being uncomfortable about making cybersecurity-related decisions, often prompting them to delegate responsibility for and understanding of cybersecurity to their technology teams, which can compromise resilience. All interviewed CEOs stated that they feel accountable for cybersecurity, but a parallel ISTARI survey of CISOs revealed that two European (50 percent) and nearly a third of US (30 percent) CISOs did not believe that their CEOs feel accountable. According to the research, this perception gap is partially due to the notion of accountability. CEOs should view themselves as co-responsible with their CISO for cyber resilience, rather than as solely responsible. This article continues to discuss findings from interviews with global CEOs regarding what they think about cyber risk as well as the mindsets CEOs need to lead cyber-resilient businesses.

    The University of Oxford reports "What Do CEOs Really Think about Cyber Risk? First-Of-Its-Kind Study Reveals All"

  • news

    Visible to the public "NCSC Launches Two New Tools for Small Businesses"

    The UK's leading cybersecurity agency has recently launched two new services designed to help small businesses to enhance their cyber risk management more effectively. The National Cyber Security Agency (NCSC) announced a Cyber Action Plan, a questionnaire for small organizations and individuals/families, which delivers a free personalized security to-do list depending on the answers it receives. The GCHQ-run agency's second new service is Check Your Cyber Security. Accessible via the action plan, it can be used by non-technical employees to find and fix a small range of security issues in their organization. The NCSC noted that a handful of simple online checks are run to identify common vulnerabilities in public-facing IT systems, including web browsers, IP addresses, websites, and email inboxes. The idea is for the NCSC to help less well-resourced organizations get the security basics right to deter opportunistic cybercriminals. The new services are certainly needed. According to a government report last year, nearly two-fifths (38%) of small businesses in the UK suffered a "cyber incident" over the previous 12 months.

    Infosecurity reports: "NCSC Launches Two New Tools for Small Businesses"

  • news

    Visible to the public "Hackers Target .NET Developers with Malicious NuGet Packages"

    Threat actors are delivering cryptocurrency stealers to .NET developers via the NuGet repository and impersonating multiple legitimate packages through typosquatting. According to JFrog security researchers Natan Nehorai and Brian Moussalli, who identified this ongoing campaign, three of the malicious NuGet packages have been downloaded more than 150,000 times in a month. It is possible that a large number of .NET developers had their systems compromised, but the massive number of downloads could indicate that the attackers were attempting to legitimize their malicious NuGet packages. When creating their NuGet repository profiles, the threat actors used typosquatting to mimic Microsoft software developers working on the NuGet .NET package manager. The malware installed on compromised systems can be used to steal cryptocurrency by exfiltrating the victims' cryptocurrency wallets using Discord webhooks, extracting and executing malicious code from Electron archives, and auto-updating by querying the command-and-control (C2) server under the control of the attacker. This article continues to discuss threat actors targeting and infecting .NET developers with cryptocurrency stealers through the NuGet repository and impersonating legitimate packages via typosquatting.

    Bleeping Computer reports "Hackers Target .NET Developers with Malicious NuGet Packages"

  • news

    Visible to the public "Ferrari Data Breach: Client Data Exposed"

    The Italian luxury sports car maker Ferrari has experienced a data breach and stated that a threat actor recently contacted it with a ransom demand about some client contact information, but it will not pay the ransom. Although there is a ransom demand, ransomware deployment on the company's systems is not mentioned. The client message addressed to possibly affected clients and signed by Ferrari CEO Benedetto Vigna claims that the breach has had no effect on the company's operational functions. Unidentified attackers have gained access to a limited number of systems within the company's Information Technology (IT) environment, and certain client information, including names, addresses, email addresses, and telephone numbers, has been compromised, according to Vigna. This article continues to discuss the Ferrari data breach.

    Help Net Security reports "Ferrari Data Breach: Client Data Exposed"

  • news

    Visible to the public "New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers"

    As part of a new campaign, poorly managed Linux SSH servers are being targeted with several forms of malware called ShellBot. AhnLab Security Emergency Response Center (ASEC) explained that ShellBot, also known as PerlBot, is a Distributed Denial-of-Service (DDoS) bot malware written in Perl that uses the Internet Relay Chat (IRC) protocol to connect with the command-and-control (C2) server. ShellBot is installed on servers with weak passwords after threat actors use scanner malware to detect systems with SSH port 22 open. Using a list of known SSH credentials, a dictionary attack is initiated to breach the server and install the payload, after which the IRC protocol is used to communicate with a remote server. This includes the ability to receive commands that enable ShellBot to execute DDoS attacks and exfiltrate gathered data. ASEC reported identifying three different ShellBot variants. This article continues to discuss the new ShellBot DDoS malware variants targeting Linux SSH servers.

    THN reports "New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers"

  • news

    Visible to the public "Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet"

    Former Mirai hackers have launched a new botnet, HinataBot, which can wreak significantly more damage but requires far fewer resources to operate. Mirai is one of the most notorious botnets in the world. It has been around since the mid-2010s, using Internet of Things (IoT) devices such as routers and cameras to carry out Distributed Denial-of-Service (DDoS) attacks by bombarding targets with large volumes of traffic. Some of its most significant attacks were against the French technology company OVH, the government of Liberia, and DNS provider Dyn, an attack that affected numerous websites, including Twitter, Reddit, GitHub, and CNN. According to a report published on March 16 by Akamai researchers, HinataBot has only been in development since mid-January. However, initial tests indicate that it is orders of magnitude more powerful than its predecessor, exceeding 3 Tbit/s traffic flows despite this. This article continues to discuss researchers' findings regarding HinataBot and why hackers are choosing Golang.

    Dark Reading reports "Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet"

  • news

    Visible to the public "GPS Is Critical to Modern Life. It's Also Vulnerable, and This Researcher Is Out to Fix That."

    The Global Positioning System (GPS) is inexpensive and easy to use because a device only needs to receive and interpret signals, not transmit, respond, or authenticate them. However, what makes GPS valuable also makes it so vulnerable, says Aanjhan Ranganathan, a professor at the Khoury College of Computer Sciences. Ranganathan received the National Science Foundation (NSF) Career Award for his research on GPS. Ranganathan explained that GPS is especially vulnerable to attacks due to its reliance on unsecured signals transmitted from satellites 20,000 kilometers above. By the time the signals reach the ground, they are already weak. $20 worth of equipment can render GPS devices incapable of receiving any signal. Alternatively, $100 worth of equipment can transmit signals that appear to originate from GPS satellites. This is known as "spoofing," in which a malicious actor fakes the source of a signal. Ranganathan tricked a drone into thinking it was somewhere it was not by spoofing the signals it was receiving. As he manipulated the GPS inputs, the drone drifted laterally to keep "standing still." The controller displayed no movement since the drone believed it was maintaining its position. Ranganathan successfully co-opted the drone without hacking it, bypassing its security protocols. The effects of spoofing are subtle and extensive. A malicious state could interfere with airplanes attempting to land, delaying flights. A cyber terrorist could steal military drones by making them land behind enemy lines. Due to the reliance of current timekeeping on GPS, a determined hacker could cost a bank billions of dollars by manipulating the timing of stock trades. This article continues to discuss the vulnerability of GPS to attacks and Ranganathan's research aimed at addressing this vulnerability.

    Northeastern University reports "GPS Is Critical to Modern Life. It's Also Vulnerable, and This Researcher Is Out to Fix That."

  • news

    Visible to the public "Pro-Russia Hackers Are Increasingly Targeting Hospitals, Researchers Warn"

    Since November 2022, cybersecurity researchers have observed the pro-Russia hacking group known as Killnet launching a growing number of Distributed Denial-of-Service (DDoS) attacks against healthcare organizations. Killnet launched in February 2022 following Russia's invasion of Ukraine and has spent most of the past year executing DDoS attacks against governments and companies worldwide. Although the attacks are primarily a nuisance, rendering websites inaccessible for roughly an hour in most cases, they have prompted much concern within the US government, especially when they target critical infrastructure such as airports and hospitals. In recent months, the Killnet group has prioritized healthcare organizations' websites, starting a campaign targeting hospitals in over 25 states. The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) reported that less than half of these DDoS attacks effectively took the websites offline. Amir Dahan and Syed Pasha of the Microsoft Azure Network Security Team recently presented an analysis of DDoS attacks against healthcare organizations. The analysis revealed that from November 18, 2022, to February 17, 2023, they monitored every attack, noting a rise from 10 to 20 per day in November to 40 to 60 per day in February. This article continues to discuss the pro-Russia hacking group Killnet increasingly targeting hospitals.

    The Record reports "Pro-Russia Hackers Are Increasingly Targeting Hospitals, Researchers Warn"

  • news

    Visible to the public "Play Ransomware Gang Hit Dutch Shipping Firm Royal Dirkzwager"

    The Play ransomware group has targeted Royal Dirkzwager, a Dutch company specializing in optimizing shipping processes and managing maritime and logistic information flows. The ransomware group added the company to its Tor data leak site and announced that it stole personal data, employee IDs, passports, contracts, and other information. The group posted a 5 GB archive as evidence of the attack, threatening to leak the entire dump if the company does not pay the demanded ransom. Royal Dirkzwager CEO Joan Blaas stated that the ransomware attack had no effect on the company's operations but confirmed that the malicious actors stole critical information from the organization's infrastructure. The company informed the Dutch Data Protection Authority and said it is negotiating with the ransomware gang. Since July 2022, the Play ransomware gang has been active, targeting the City of Oakland, the Cloud services company Rackspace, and more. Cybercrime groups consider the shipping industry a lucrative target. In January, around 1,000 vessels were affected by a ransomware attack on DNV, one of the largest maritime software providers. This article continues to discuss the Play ransomware attack against the Dutch maritime logistics company Royal Dirkzwager and the targeting of the shipping industry by cybercriminals.

    Security Affairs reports "Play Ransomware Gang Hit Dutch Shipping Firm Royal Dirkzwager"

  • news

    Visible to the public "NSA Hires Record Number of People with Disabilities, Undertakes Accommodation Initiatives"

    In 2022, the National Security Agency (NSA) made more progress in creating and maintaining a diverse workforce critical to achieving its foreign signals intelligence and cybersecurity missions. In 2022, a record 15.6 percent of new hires self-identified as a person with a disability. Recently, the People with Disabilities Employee Resource Group (PWD ERG) worked with the Cybersecurity Directorate (CSD) to conduct a panel discussion on methods to increase accessibility in order to retain the finest and brightest employees to support the NSA's goal. A representative from the Office of Physical Security stated that in recent years, medical devices have become increasingly intelligent, posing a security challenge that the team is working to solve. They are actively collaborating with medical device users, the PWD ERG, the Research Directorate, and technical subject matter experts from across the NSA to identify and implement new mitigations while providing the greatest possible accommodation for affiliates relying on such devices. This article continues to discuss the NSA hiring a record number of people with disabilities to help fulfill foreign signals intelligence and cybersecurity missions.

    NSA reports "NSA Hires Record Number of People with Disabilities, Undertakes Accommodation Initiatives"

  • news

    Visible to the public "Watch Out: Tax Crooks Are Phishing for Your W-2 Form"

    January through April is tax season in the US, during which businesses and employees fill in W-2 forms for the Internal Revenue Service (IRS). Threat actors try to steal the W-2 forms, which legitimate employees use. According to the IRS' Information Sharing and Analysis Center (ISAC), the number of reports of suspicious activity related to tax refunds quadrupled to eight million in 2022 compared to 2021. Kevin Kirkwood, the deputy CISO at LogRhythm and a cybersecurity expert, emphasizes that malicious actors exploit tax season to launch spear-phishing attacks with a single target in mind: the W-2 form. Kirkwood explains that stealing W-2 forms can be profitable since cybercriminals can use them to file fake tax returns and receive reimbursement for payments they never made. Criminals often impersonate a company's chief executive or other trustworthy employees in these attacks. The article continues to discuss what a tax-season phishing campaign looks like, as well as what businesses and employees should look out for to avoid falling victim to such attacks.

    Cybernews reports "Watch Out: Tax Crooks Are Phishing for Your W-2 Form"

  • news

    Visible to the public "Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes"

    Cryptocurrency ATM manufacturer General Bytes recently disclosed a security incident that resulted in the theft of millions of dollars worth of funds. The company said that the attackers exploited a vulnerability in the master service interface that Bitcoin ATMs use to upload videos, which allowed them to upload a JavaScript script and execute it with user privileges. The company noted that the attacker scanned the Digital Ocean cloud hosting IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean. The code execution provided the attackers with access to the database and access to API keys for accessing funds in hot wallets and exchanges. The attackers were then able to transfer funds from hot wallets, steal account usernames and password hashes, and disable two-factor authentication. The company noted that the attackers gained the "ability to access terminal event logs and scan for any instance where customers scanned private key at the ATM," information that was logged by older versions of ATM software. The crypto ATM maker released a CAS security fix and urged customers to consider all user passwords and API keys to exchanges and hot wallets as being compromised and to change them. While General Bytes did not share information on the number of impacted ATM operators and users, transaction logs show that the attackers stole roughly $1.5 million in Bitcoin (around 56 BTC) from roughly 15 operators. Funds were stolen in dozens of other cryptocurrencies as well. The company said that, despite several security audits conducted since 2021, the vulnerability exploited in this attack was not identified prior to the incident.

    SecurityWeek reports: "Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes"

  • news

    Visible to the public "Scam Robocalls Forecast to Cost $58bn This Year"

    According to security researchers at Juniper Research, the cost of fraudulent robocalls to victims will increase 9% from 2022 to reach $58bn globally this year. The researchers noted that auto-dialing software that delivers pre-recorded messages is widely available and used by both legitimate marketers and scammers. The researchers warned that fraudsters will continue to outwit attempts to mitigate their efforts, driving robocall scam losses to $70bn globally by 2027. The researchers stated that efforts to combat these scams include STIR/SHAKEN, a US industry initiative designed to tackle the caller ID spoofing used by many scammers to hide their true identities. North America is the region most impacted by fraudulent robocalls, set to account for over half of all losses in 2023. The researchers noted that STIR/SHAKEN has done some good, reducing growth in robocall fraud-related losses in North America by an estimated 85% between 2022 and 2023. The researchers are forecasting a decline in losses in the region for the first time by 2025 and urged stakeholders outside North America to adopt their own version of the framework and initiatives to stop call forwarding and other typical fraudulent call tactics. The researchers added that brand authentication technology could play a key role over the coming years in tackling robocall fraud by enabling users to definitively verify the authenticity of a brand on their smartphone screen before picking up.

    Infosecurity reports: "Scam Robocalls Forecast to Cost $58bn This Year"

  • news

    Visible to the public "Is Your Cybersecurity Strategy Falling Victim to These 6 Common Pitfalls?"

    Research conducted by the National Institute of Standards and Technology (NIST) reveals misconceptions that can impact security professionals as well as offers potential solutions. A recent report by NIST computer scientist Julie Haney highlights a pervasive problem in computer security, which is that many security professionals harbor misconceptions about non-technical users of Information Technology (IT) that can increase the risk of cybersecurity breaches. These problems include inefficient communication with such users and insufficient incorporation of user feedback regarding the usability of security systems. According to Haney, cybersecurity specialists are knowledgeable, devoted people who offer a major service in cyber threat defense. However, while having the best of intentions, their community's reliance on technology to solve security problems may prevent them from appropriately considering the human factor, which plays a significant part in achieving effective, usable security. The human element encompasses the individual and social factors influencing security adoption, including perceptions of security tools. A security tool or strategy may be effective in theory, but the risk level can rise if users perceive it as an obstacle and attempt to evade it. Eighty-two percent of breaches in 2021 involved human error, and 53 percent of US government cyber incidents in 2020 resulted from employees violating acceptable usage policies or falling victim to email attacks. Haney's new paper, "Users Are Not Stupid: Six Cyber Security Pitfalls Overturned," aims to help the security and user communities work together in reducing cyber threats. This article continues to discuss the six pitfalls that threaten security professionals, along with potential solutions.

    NIST reports "Is Your Cybersecurity Strategy Falling Victim to These 6 Common Pitfalls?"

  • news

    Visible to the public "New York Man Arrested for Running BreachForums Cybercrime Website"

    A New York man accused of running the popular cybercrime forum BreachForums has recently been arrested and charged. He is believed to be Pompompurin, an individual whose online moniker was mentioned in several high-profile hacking stories in the past years. The suspect is 21-year-old Conor Brian Fitzpatrick of Peekskill, New York. According to court documents filed last week, he was arrested on March 15 on conspiracy to commit access device fraud (i.e., hacking) charges. A testimony from an FBI agent revealed that when he was arrested, Fitzpatrick admitted to using the Pompompurin moniker online and being the owner and administrator of BreachForums. BreachForums, also known as Breached, was launched in 2022, just as the RaidForums cybercrime marketplace was taken down as part of a global law enforcement operation. Pompompurin created BreachForums as an alternative to RaidForums. BreachForums was hosted on the surface web, with much of the information on the site being accessible to anyone. The website is currently inaccessible. Before it went offline, one of the forum's other administrators posted a message saying that he had the access necessary to protect the site's infrastructure and users. He claimed that he had restricted Pompompurin's account to prevent unauthorized administrator actions and that he had been keeping an eye out for any suspicious activity. Many BreachForums users expressed concerns that their information may have been obtained by law enforcement. Before it was taken offline, the forum had over 330,000 members, 47,000 threads, and nearly one million posts. BreachForums was used in the past months to announce several high-profile cyberattacks, including the recent DC Health Link breach, which involved the sensitive personal data of members of the US House and Senate getting compromised.

    SecurityWeek reports: "New York Man Arrested for Running BreachForums Cybercrime Website"