A threat actor, tracked as "TA547," is running a PowerShell script believed to have been developed with the help of an Artificial Intelligence (AI) system, such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's Copilot. In March, the adversary used the script in an email campaign to deliver the Rhadamanthys information stealer to organizations in Germany. Proofpoint researchers attributed the attack to TA547, who is suspected of being an Initial Access Broker (IAB). TA547 has been active since at least 2017, delivering malware to Windows and Android systems.

The growing popularity of Electric Vehicles (EVs) attracts not only gas-conscious consumers but also cybercriminals interested in using EV charging stations to conduct large-scale cyberattacks. Charging points, whether in a private garage or on a public parking lot, are online and running software that interacts with payment systems and the electric grid. They also store driver identities. Therefore, charging stations pose significant cybersecurity risks.

A critical vulnerability, dubbed "BatBadBut," in the Rust standard library could be used to target Windows systems and launch command injection attacks. A security engineer from Flatt Security discovered the flaw, which allows an attacker to perform command injection on Windows applications that indirectly rely on the 'CreateProcess' function when certain conditions are met. This article continues to discuss findings regarding the BatBadBut vulnerability.

Cybersecurity researchers at VU Amsterdam University have highlighted a new variation of the Spectre v2 attack that is aimed at Intel processors. When the Spectre and Meltdown CPU attacks were made public in 2018, Spectre v2 or Spectre BTI (Branch Target Injection) was considered the most dangerous variant. Even though CPU makers and others have been working on hardware and software defenses, researchers are still finding new ways to do these attacks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced a new release of its malware analysis system, "Malware Next-Gen." The system welcomes any organization to submit malware samples and other suspicious artifacts for analysis. Malware Next-Gen enables CISA to better support its partners by automating the analysis of newly identified malware and improving cyber defense efforts. Network defenders responding to cyber incidents and hunting threats need up-to-date, useful information about malware, like how it works and what it is meant to do.

The National Security Agency (NSA) has published guidance on improving data security and protecting access to data at rest and in transit. The recommendations in the Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity Throughout the Data Pillar" aim to ensure that only authorized individuals have access to data. The capabilities described in the CSI are integrated into a comprehensive Zero Trust (ZT) framework.

Researchers have found two new Microsoft SharePoint flaws, posing a significant threat to businesses. These vulnerabilities could enable attackers to bypass audit logs, avoid triggering downloads, and exfiltrate SharePoint data. SharePoint is widely used in government and business, with an estimated 250,000 organizations relying on it for document and intranet management. The platform is particularly popular among Fortune 500 companies.

Cyber threats to the energy sector have increased significantly as geopolitical tensions continue to drive state-sponsored cyber espionage. According to a report from Rockwell Automation on Operational Technology (OT) and Industrial Control System (ICS) cybersecurity incidents, the energy sector was targeted in 39 percent of all attacks, with about 60 percent attributed to state-affiliated groups.

Selections by dgoff

​Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.

Microsoft warns about a vulnerability that allows hackers to take complete control of Azure Kubernetes clusters. The vulnerability, tracked as CVE-2024-29990, enables unauthenticated hackers to steal credentials and affect resources outside the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). The Azure Kubernetes Service bug has a CVSS severity score of 9/10 and could be used to take control of confidential guests and containers beyond the network stack to which it is bound.