The US Cybersecurity and Infrastructure Security Agency (CISA) held the final round of the fifth annual President's Cup Cybersecurity Competition and announced the winners. The President's Cup is a national competition that honors the top federal cybersecurity talent. This year's winning team, known as "Artificially Intelligent," consisted of members from the Department of Defense (DOD), the US Army, and the US Air Force.

A new infostealer malware linked to "Redline" masquerades as a game cheat called "Cheat Lab," promising downloaders a free copy if they persuade their friends to install it. Redline can steal sensitive data from infected computers, such as passwords, cookies, autofill information, and cryptocurrency wallet information. The malware is popular among cybercriminals and is widely distributed around the world via various channels.

According to a new report from Onapsis and Flashpoint, malicious hackers are increasingly interested in compromising organizations' SAP applications and data. This interest is suspected to be fueled by SAP application migrations to the cloud, as well as adversaries' increased ability to target misconfigurations and missing security patches in both cloud and on-premises deployments. Ransomware attacks against SAP systems have increased 400 percent over the past few years. On hacker forums, talks about SAP flaws and exploits increased by 490 percent, while discu

A threat actor has been using a cluster of domains posing as legitimate IP scanner software sites to distribute malware through a Windows backdoor dubbed "MadMxShell." According to Zscaler ThreatLabz, the threat actor registered multiple look-alike domains using a typosquatting technique. Then they used Google Ads to push the fraudulent domains to the top of search engine results for specific search keywords, luring potential victims to these IP scanner websites.

An exploit of Palo Alto Networks' Extended Detection and Response (XDR) software could have enabled attackers to manipulate it as a malicious multitool. Shmuel Cohen, a security researcher at SafeBreach, explained how he reverse-engineered and cracked the company's Cortex product. He used it to deploy a reverse shell and ransomware.

The Akira ransomware gang has targeted over 250 organizations in the last year and continues to affect various businesses and critical infrastructure entities in North America, Europe, and Australia, according to recent warnings from the Federal Bureau of Investigation (FBI) and European law enforcement.

Telecommunications giant Frontier Communications recently informed the Securities and Exchange Commission (SEC) that certain systems were shut down following a cyberattack. The incident was identified on April 14, when a third party “gained unauthorized access to portions of its information technology environment.” According to Frontier, the attack was likely the work of a cybercrime group that gained access to various types of data, including personally identifiable information. The company has notified proper authorities, and an investigation into the incident is still ongoing.

Security researchers at CyberSN warn that the overall number of cybersecurity job postings in the US decreased by 22% from 2022 to 2023. The researchers said this decline is alarming and could impact national security, as some of these roles are essential for maintaining organizational and national cyber defenses. The most significant decline is in research roles, which saw a general 69% drop year-on-year between 2022 and 2023. According to the researchers this suggests a move away from proactive threat analysis and mitigation.

CyLab Security and Privacy Institute researchers will present ten papers and participate in one special interest group at the ACM Conference on Human Factors in Computing Systems (CHI 2024). One of the papers is titled "Interdisciplinary Approaches to Cybervulnerability Impact Assessment for Energy Critical Infrastructure." The researchers interviewed 18 experts in the field of energy critical infrastructure to compare what information they believe is necessary to assess the impact of computer vulnerabilities contained by energy operational technology.