The US Department of Justice (DoJ) recently announced charges against four Vietnamese individuals believed to be responsible for cyberattacks that caused over $71 million in losses to US companies.  The individuals, Nguyen Viet Quoc (aka Tien Nguyen), Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Van Truong (aka Chung Nguyen), and Nguyen Trang Xuyen, were members of the cybercrime group FIN9.

According to security researchers at Gigamon, organizations continue to struggle to detect breaches as they become more targeted and sophisticated, with more than 1 out of 3 organizations citing their existing security tools were unable to detect breaches when they occur.  During the study the researchers found that 65% of respondents believe that their existing solutions cannot effectively detect breaches. Many respondents (83%) believe that cloud complexity is increasing their cyber risk.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

A vulnerability dubbed "CosmicSting" that affects Adobe Commerce and Magento websites remains largely unpatched nine days after a security update was released, leaving millions of websites exposed to attacks. According to Sansec, about three of every four websites that use the impacted e-commerce platforms have not been patched against CosmicSting, putting them at risk of XML External Entity Injection (XXE) and Remote Code Execution (RCE). This article continues to discuss the potential exploitation and impact of the CosmicSting vulnerability.

Apple classified a recently patched Vision Pro vulnerability as a Denial-of-Service (DoS) issue, but it has been proven to be a much scarier bug. Apple recently announced the release of version 1.2 of visionOS, the operating system run by its Vision Pro Virtual Reality (VR) headset. The update fixes several vulnerabilities, but one appears to be the first flaw specific to this product and the "first ever spatial computing hack." The vulnerability stems from the processing of specially crafted web content and can cause a DoS condition.

Threat actors released nearly 400GB of data from the pathology provider Synnovis, including National Health Service (NHS) patient data. The ransomware group "Qilin" accessed the data in the June 2024 attack on the critical NHS supplier Synnovis. On June 20, the gang posted the information on its darknet site and Telegram channel. NHS numbers, patient names, and blood test descriptions were allegedly included. In addition, business account spreadsheets have been uploaded, detailing different arrangements. This article continues to discuss the leak of data stolen from Synnovis.

The US Department of Commerce has announced a US-wide ban on Kaspersky cybersecurity and antivirus software because of the national security risk posed by Kaspersky's ability to gather valuable US business information and US persons' sensitive data for malicious use by the Russian government. Beginning July 20, 2024, Kaspersky is not allowed to enter into any new agreements with US citizens involving its cybersecurity and antivirus products and services. This article continues to discuss the US ban on Kaspersky cybersecurity and antivirus software.

Since August 2023, "SneakyChef," a previously undocumented Chinese-speaking threat actor, has been linked to an espionage campaign targeting government entities in Asia and EMEA (Europe, Middle East, and Africa) with "SugarGh0st" malware. According to Cisco Talos researchers, SneakyChef uses scanned government documents, mostly from different countries' Ministries of Foreign Affairs or embassies, as lures. This article continues to discuss findings regarding SneakyChef's global espionage campaign.

Threat actors are using publicly available Proof-of-Concept (PoC) code in their initial attempts to exploit a recently patched SolarWinds Serv-U vulnerability, according to the threat intelligence company GreyNoise. The exploited flaw is a severe directory traversal vulnerability that enables attackers to read sensitive files on the host machine. This article continues to discuss findings regarding threat actors' exploitation of a recent path traversal vulnerability in SolarWinds Serv-U using public PoC code.

The US subsidiary of the Spain-based bank Santander is notifying over 12,000 employees that a third-party data breach compromised their personal information. According to the bank, the hackers accessed employee names, Social Security numbers, and bank account information. The incident is believed to be related to a data breach disclosed by the global banking group in mid-May, which was later revealed to be associated with the massive attack on improperly protected Snowflake customer accounts. This article continues to discuss the Santander data breach linked to the Snowflake attack.