Phil Lundrigan, a computer engineering professor at Brigham Young University (BYU), and a team of students have developed an in-between option that grants partial trust and enables consumers to connect basic Internet of Things (IoT) devices to their home network without the risk of compromising the network. Their solution enables communication between a Wi-Fi device, such as a sensor, that transmits small amounts of data, and a trusted Wi-Fi network without requiring the device to be connected to the network.

According to the 2024 IBM X-Force Threat Intelligence Index, phishing made up 30 percent of incidents last year, showing that it is still one of the top initial access vectors. Attackers often use phishing kits, which consist of a collection of tools, resources, and scripts packaged for easy deployment. IBM X-Force analyzed thousands of phishing kits and discovered trends, including which data these kits targeted and which brands were most exploited. This article continues to discuss key findings regarding phishing kits.

According to Veracode, public sector apps have more security debt than private sector apps. Security debt is defined as flaws that remain unfixed for more than a year. Fifty-nine percent of apps in the public sector have security debt. Veracode's study delved into public sector organizations in over 25 countries. Cybercriminals are targeting federal government systems with more damaging and disruptive methods. To address this, the federal government is implementing a number of cybersecurity measures, including reducing risk in government apps.

By dgoff

Artificial Intelligence (AI)-powered behavioral analysis leverages AI to learn and predict adversarial behavior patterns. It is becoming increasingly necessary and widespread; according to one source, 93% of Security Operations Centers currently use some form of AI to conduct behavioral analytics. 

Researchers at the University of Notre Dame are developing Artificial Intelligence (AI) tools to help consumers understand online exploitation. Increasing end users' digital literacy helps them better control their website interactions. A recent study allowed participants to experiment with online privacy settings without consequences. The researchers created "Privacy Sandbox," a Chrome browser plug-in that replaced participant data with personas generated by the Large Language Model (LLM) GPT-4 from OpenAI.

Dr. Samson Zhou, assistant professor at Texas A&M University's Department of Computer Science and Engineering, and Dr. David P. Woodruff, professor in the Computer Science Department at Carnegie Mellon University, are looking to bolster algorithms used by big data Artificial Intelligence (AI) models against attacks. Big data AI models are scalable algorithms designed to handle and analyze large amounts of data. Zhou and Woodruff are studying a type of big data model known as a streaming model.

Feras Batarseh, an associate professor in Virginia Tech's Department of Biological Systems Engineering, and his team of researchers work with the Commonwealth Cyber Initiative in the greater Washington, DC, metro area, as well as in Blacksburg, where they run the "AI & Cyber for Water & Ag lab." The lab is made up of physical pumping and tubing systems, together with soil and biological systems, and is integrated with computer monitoring. It supports the term "cyberbiosecurity," coined at Virginia Tech, which encompasses the fight against threats to the nation's water supply.

Cybercriminals are distributing a malware cocktail via cracked versions of Microsoft Office advertised on torrent websites. Malware delivered to users includes Remote Access Trojans (RATs), cryptocurrency miners, malware downloaders, proxy tools, and anti-virus software. The AhnLab Security Intelligence Center (ASEC) identified the campaign, warning against downloading pirated software. The researchers discovered that the attackers use a variety of lures, including Microsoft Office, Windows, and the Hangul Word Processor.

The National Institute of Standards and Technology (NIST) will receive outside help to get the National Vulnerability Database (NVD) back on track. In February, the organization informed the cybersecurity community to expect delays in the analysis of Common Vulnerabilities and Exposures (CVE) identifiers in the NVD, as it was forming a consortium to improve the program. In an April update, NIST blamed an increase in vulnerabilities and "change in interagency support" for the NVD's growing backlog of vulnerabilities that needed analysis.

"APT28," a Russian GRU-backed threat actor, has been targeting networks across Europe with "HeadLace" malware and credential harvesting websites. The Advanced Persistent Threat (APT) group uses Legitimate Internet Services (LIS) and Living Off-the-Land Binaries (LOLBins) to hide their operations in network traffic. This article continues to discuss APT28's targeting of Europe with HeadLace malware and credential harvesting.